Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CloudFront自选IP完全手册 #22

Open
dalaolala opened this issue Nov 4, 2020 · 3 comments
Open

CloudFront自选IP完全手册 #22

dalaolala opened this issue Nov 4, 2020 · 3 comments

Comments

@dalaolala
Copy link
Owner

dalaolala commented Nov 4, 2020
edited
Loading

avatar
一、原理介绍
AWS提供CloudFront的CDN服务是不支持自选IP的,由于CloudFront边缘节点只提供东南亚导致速度十分捉鸡,甚至不如cloudflare提供的免费服务好用。
但某大佬意外发现可以通过类似于Cloudflare方式将备用域名Cname到cloudfrontCDN服务器的方式实现自选IP,且AWS在国内部署了不少的边缘节点(未开放),这就提供了一个可能,即通过自选IP的方式将域名DNS解析到AWS国内边缘节点,实现国内棉被CDN。

在实现这一操作中,面临以下几个问题:

1.如何找到AWS在国内的边缘节点
2.如何进行CDN侧的自选IP设置
3.如何实现自动push优选后的IP到DNS上

二、扫描AWS国内边缘节点
如果发送一个request到AWS边缘节点的https端口,返回的headers信息中,server会显示为CloudFront,而大部分都会是nginx或其他web服务器,可以以此作为区分。
avatar

1.扫描开放443端口的IP段
Cloudfront在国内的边缘节点肯定部署在IDC机房,但目前国内IDC机房所在的IP段与家宽基本混为一起,所以无法直接找到国内的IDC机房IP段,只能盲扫全国IP,好在Zmap扫描速度很快,我们要做的就是扫描IP段内所有开放了443端口的IP。
可以通过以下命令安装Zmap并扫描IP

  sudo apt-get install bison ed gawk gcc libc6-dev make
  sudo apt install zmap
  zmap -w iplist.txt -p 443 -B 30M -o ip-new.txt

2.扫描AWSCloudFront边缘节点
可以构造一个python脚本,使用脚本进行扫描,脚本从github抄的,核心代码很简单

#!/usr/bin/env python

#
coding = utf - 8# python2.7 only
import threading
import requests
import Queue
import sys
import re
import numpy as np#
def bThread(iplist):
    threadl = []
queue = Queue.Queue()
for host in iplist:
    queue.put(host)
for x in xrange(0, int(SETTHREAD)):
    threadl.append(tThread(queue))
for t in threadl:
    t.start()
for t in threadl:
    t.join()# create thread
class tThread(threading.Thread):
    def __init__(self, queue):
    threading.Thread.__init__(self)
self.queue = queue
def run(self):
    while not self.queue.empty():
    host = self.queue.get()
try:
checkServer(host)
except:
    continue
def checkServer(host):
    header = {
        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36'
    }
aimurl = "http://" + host + ":443"
response = requests.get(url = aimurl, headers = header, timeout = 10)
serverText = response.headers['server']
if len(serverText) > 0:
    print "-" * 50 + "\n" + aimurl + "\nServer: " + serverText
if(serverText == "CloudFront"):
    if mutex.acquire(3):
    with open("result.txt", "a+") as file:
    file.write(host + "\n")
file.close()
mutex.release()
if __name__ == '__main__':
    print '\n############# Cloud Front Scan ################'
print ' Author hostloc.com'
print '################################################\n'
global SETTHREAD
global mutex
mutex = threading.Lock()
try:
SETTHREAD = sys.argv[2]
filepath = sys.argv[1]
with open(filepath, "r") as f:
    iplist = f.read().splitlines()# iplist = ip_range(sys.argv[1].split(
        '-')[0], sys.argv[1].split('-')[1])
print '\n[Note] Will scan ' + str(len(iplist)) + " host...\n"
bThread(iplist)
except KeyboardInterrupt:
    print 'Keyboard Interrupt!'
sys.exit()

使用示例: python cfscan.py 443-ip.txt 200
其中 cfscan.py 为 脚本名、 443-ip.txt为包含了IP的txt文件 200为线程数(卡顿调小)

avatar
最后结果会输出为当前目录下的 result.txt文件,结果即为可以使用的自选IP.
@dalaolala dalaolala changed the title AWSCloudFront自选IP完全手册 CloudFront自选IP完全手册 Nov 4, 2020
@dalaolala
Copy link
Owner Author

https://www.kx521.com/post/39.html
安装zmap

@lxmicode
Copy link

443-ip.txt为包含了IP的txt文件,这个文件是要IP一个个列出来还是能用IP段

@z836454898
Copy link

你的代码好多有关缩进的语法错误啊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lxmicode @dalaolala @z836454898