Make a Web honeypot scanner from scratch (0)_luozhonghua2000's blog-CSDN blog
What are the characteristics of a honeypot?
According to our description above, it can now be understood that the function of a honeypot is to trap hackers.
To trap hackers is to use the jsonp hijacking technology to do it.
The jsonp hijacking technology needs to use jsonp to request many other social networking site pages across domains to obtain relevant information of the attacker.
Therefore, the honeypot is characterized by sending many abnormal cross-domain requests, and the requests are some commonly used social networking sites, such as bilibili, baidu, huya, youku, etc. So the identification method is to capture packets to see if there are many cross-domain
requests , Here you can directly use burp to capture packets.
As shown above, many other social networking site APIs are requested, which is a very prominent feature. The honeypot itself uses the source tracing technology of jsnp hijacking. When entering this webpage, it starts to trace the source of the attacker.
If you are not familiar with jsonp hijacking attacks, you can read this article, which is very detailed:
https://www.cnblogs.com/happystudyhuan/p/11583384.html
How to find a honey end from a large number of assets based on characteristics
This is a very The actual problem is that if you use the above burp to capture packets one by one and then view them one by one, you can actually do it, but it is very slow when you are working on the attack team project. If you still use this primitive method, it will definitely not work.