使用CSP实时获取,另一个页面的报错信息
跨域攻击JS脚本192.168.18.181
alert(1)
192.168.18.141,被攻击页面
<?php
header("Content-Security-Policy:script-src 'self' ; report-uri http://192.168.18.141/sefa15/csp/csptake.php"); //发送错误报到指定url
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<input type="button" value="点">
</body>
<script src="http://192.168.18.181/safe15/csp/cs.js"></script>
</html>
192.168.18.141,接受错误报告处
<?php
$json_data = file_get_contents('php://input'); //使用伪协议取值
// echo $json_data;
$data=json_decode($json_data,true); //json转关联数组
// print_r($data);
date_default_timezone_set("Asia/Shanghai");
$time=date('Y-m-d H:i:s');
$blocked_uri=$data['csp-report']['blocked-uri'];
$document_uri=$data['csp-report']['document-uri'];
$original_policy=$data['csp-report']['original-policy'];
// echo $time,$blocked_uri,$document_uri,$document_uri,$original_policy;
include "../blog/dp.php";
$sql="insert into url(block,document,original,time) values('$blocked_uri','$document_uri','$original_policy','$time')"; //写入mysql表
$num=mysql_dml($sql);
if ($num!=1){
die;
}
?>
mysql准备的表
create table url(
id int(10) primary key auto_increment, #主键,自增长
block varchar(50),
document varchar(255),
original varchar(255),
time varchar(255)
)character set=utf8mb4;
192.168.18.141发送mysql数据的php
<?php
include "../blog/dp.php";
$sql="select * from url ;";
$num= dql_datail($sql);
echo json_encode($num);
?>
192.168.18.141实时显示页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<script src="../base/jquery-3.4.1.min.js"></script>
<body>
<table id="datas" border="1">
<tr id="th">
<td>id</td>
<td>block</td>
<td>document</td>
<td>original</td>
<td>time</td>
</tr>
</table>
</body>
<script>
function take() {
$.get('cspread.php',(data)=>{ //遍历获取值
// alert(data)
var dat=eval(data)
// alert(dat)
$('#th').nextAll().remove(); //移除id为th下面所有东西
dat.forEach(da => {
var con=`<tr>
<td>${da['id']}</td>
<td>${da['block']}</td>
<td>${da['document']}</td>
<td>${da['original']}</td>
<td>${da['time']}</td>
</tr>`
$('#datas').append(con); //添加按照指定内容
});
})}
setInterval(take,1000) //每隔一秒执行
</script>
</html>