You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@ehsandeep
Sorry, I found during my research on nuclei scanning defense that its traffic characteristics are very obvious and easy to identify and intercept. I wonder if there are any further measures to improve this issue, such as confusion? Do not use fixed headers?
sample
http/exposures/backups/zip-backup-files.yaml
GET /web.tar.bz2 HTTP/1.1
host: 127.0.0.1:8080
user-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36
connection: close
accept: */*
accept-language: en
accept-encoding: gzip
http/exposures/configs/zend-config-file.yaml
GET /radio/application/configs/application.ini HTTP/1.1
host: 127.0.0.1:8080
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F
connection: close
accept: */*
accept-language: en
accept-encoding: gzip
http/exposures/backups/zip-backup-files.yaml
GET /webapps.7z HTTP/1.1
host: 127.0.0.1:8080
user-agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
connection: close
accept: */*
accept-language: en
accept-encoding: gzip
http/exposures/backups/zip-backup-files.yaml
GET /web.z HTTP/1.1
host: 127.0.0.1:8080
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F
connection: close
accept: */*
accept-language: en
accept-encoding: gzip
And then you realize that the user agent is random, which is exactly what we expected
But by default
connection
accept
accept-language
accept-encoding
Their order and values are the same, making it easy to identify and intercept them
And there has been no introduction of AI technology yet
The text was updated successfully, but these errors were encountered:
@ehsandeep
There are some suggestions, such as "/web. z" and "/radio/application/configurations/application. ini", to use some random encoding to ensure its dynamism
1. Randomly select characters for% xx forced encoding
/web.%7A
2. Randomly add some useless parameters, such as? xxx=random
/web.z?xx=3424
3. Randomly add # hash, for example: # abcxxx348
/web.z?xx=3424#abc3233
/web.z#abcsdfsfsf
4、Randomly add some useless headers
k1:3232ww3
x3:3988
This may become interference for AI recognition scanning and attacks
Of course, I know that with such encoding, it is not difficult to identify attacks (scans), indeed
At present, I haven't thought of any better way,
Perhaps we can try to infiltrate all scanning traffic into HTTP Smuggling, which can alleviate attack identification, WAF identification, and interception
@ehsandeep
Sorry, I found during my research on nuclei scanning defense that its traffic characteristics are very obvious and easy to identify and intercept. I wonder if there are any further measures to improve this issue, such as confusion? Do not use fixed headers?
sample
And then you realize that the user agent is random, which is exactly what we expected
But by default
connection
accept
accept-language
accept-encoding
Their order and values are the same, making it easy to identify and intercept them
And there has been no introduction of AI technology yet
The text was updated successfully, but these errors were encountered: