The full name of CDN is Content Delivery Network, that is, content distribution network . CDN is an intelligent virtual network built on the basis of the existing network. Relying on the edge servers deployed in various places, through the load balancing, content distribution, scheduling and other functional modules of the central platform, users can obtain the required content nearby and reduce network congestion. Improve user access response speed and hit rate. However, during the security testing process, if the target has a CDN service, it will affect the subsequent security testing process.
How to judge whether there is a CDN service on the website
Ping command online ping multiple locations Ping server, website speed test- Webmaster Tools
It can be seen that there are multiple IP addresses responding, there is a CDN
nslookup [target website domain name]
You can see that it resolves to multiple IP addresses
Common CDN bypass techniques
1. Subdomain lookup
It can be seen that the analysis of baidu.com and www.baidu.com is different
2. mail service
3. Foreign Address Request
Some sites do not have CDN services in some foreign places due to service targets in China or cost reasons. If you use a foreign server to request the site domain name, you will access the real address of the site. A global ping scanning tool is used here, the lower the popularity of the country, the better the effect.
IPIPtools: Global CDN service provider query_Professional and accurate IP library service provider_IPIP
4. legacy files
Some sites will use some files to test the site at the beginning of construction, such as "phpinfo()" files, which may contain real IP addresses. You can use the Google search engine to search for the keyword "site:xxx.com inurl:phpinfo.php" to search for legacy files on the site.
5. Scan the whole network
fuckcdn (https://gitee.com/mengqingyu100/fuckcdn/repository/blazearchive/master.zip)
6. Specific search engine ( Zhong Kui's Eye FOFA Cyberspace Mapping System Satan )
Search for a specific file ------> The icon file of the site, that is, the icon of the website, can be found by generally viewing the source code of the web page, and the format is roughly "http://www.xx.com/favicon.ico". The syntax of searching website icons in shodan is: http.favicon.hash:hash value, hash is an unknown random number, we can use shodan syntax to check the hash value of a website that has been included in shodan to further obtain all A website with an icon.
shadan : http.favicon.hash:[hash value] (requires membership)
fofa : icom_hash= "[hash value]" (requires membership)
Python calculates hsah value code
import mmh3
import requests
response = requests.get('https://www.csdn.net/favicon.ico')
favicon = response.content
hash = mmh3.hash(favicon)
print('http.favicon.hash:' + str(hash))
7. Domain Name Resolution History
Before the site uses the CDN service, its real IP address may be recorded by the DNS server. At this time, we can find the real IP of the target through the DNS history record.
DNSdb: https://dnsdb.io/zh-cn/