前言
踩了一天坑,最后搞定了这个渗透扫面的问题,很恼火,相信大家第一次遇到这问题也和我一样,懵。这个都是后端问题。百度的文章一把又一把,好使的文章一丢丢,不知道是我菜还是其它博主高明,简单写写剩下的自己脑部了?只想说@#@#@#@#¥!#@!@¥%@#(博主您们辛苦了)废话不多说,开始正文。。。`。
一、背景简介
项目介绍:前端VUE、后端SpringBoot、部署环境Ubuntu、nginx部署
渗透工具:Acunetix、burp suite professional
二、渗透问题
- Clickjacking:CSP frame-ancestors missing
- Clickjacking:X-Frame-Options header missing
- Cookies with missing,inconsistent or contradictory properties(verified)
- Sensitive pages could be cached
三、解决方案
nginx配置方案
http中是全局,本文选择加到渗透的项目location 中,add_header 内容全是干货。
server {
listen 8080;
server_name fangwen.yuming.com;
location / {
root /usr/local/share/html;
index index.html index.htm;
}
location /aa/ {
#Clickjacking:CSP frame-ancestors missing
#----------------------------------------------------------------------------
add_header Content-Security-Policy "default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:;";
#----------------------------------------------------------------------------
#Clickjacking:X-Frame-Options header missing
#----------------------------------------------------------------------------
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
add_header X-Frame-Options "SAMEORIGIN";
#----------------------------------------------------------------------------
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
add_header Strict-Transport-Security "max-age=172800; includeSubDomains";
#Sensitive pages could be cached
#----------------------------------------------------------------------------
add_header Cache-Control "private, no-cashe";
#------------------------------------------------------------------------
proxy_pass http://fangwen.yuming.com:21008/;
#Cookies with missing,inconsistent or contradictory properties(verified)
#------------------------------------------------------------------------
proxy_cookie_path / "/; httponly; secure; SameSite=None";
#------------------------------------------------------------------------
}
location /bb/ {
proxy_pass http://fangwen.yuming.com:21008/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
java代码增强
代码增强解决问题X-Frame-Options header missing&Cookies with missing
package com.abc.filter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.ResponseCookie;
import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.time.Duration;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Locale;
@WebFilter(urlPatterns = "/*", filterName = "MyFilter")
public class MyFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
private String mode = "SAMEORIGIN";
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
ResponseCookie cookieNew = null;
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
String uri = request.getRequestURI();
String ip = request.getRemoteAddr();
System.out.println("uri=" + uri);
filterChain.doFilter(request, response);
Cookie[] cookies = request.getCookies();
if (cookies != null) {
Cookie cookie = cookies[0];
if (cookie != null) {
//cookie有值用真实的
String value = cookie.getValue();
cookieNew = ResponseCookie.from("JSESSIONID", value) // key & value
.httpOnly(true) // 禁止js读取
.secure(false) // 在http下也传输
.domain("www.baidu.com")// 域名
.path("/") // path
.maxAge(Duration.ofHours(1)) // 1个小时候过期
.sameSite("Lax")
.build();
response.setHeader(HttpHeaders.SET_COOKIE, cookieNew.toString());
}
}else {
//cookie没值自定义
cookieNew = ResponseCookie.from("JSESSIONID", "123112423433") // key & value
.httpOnly(true) // 禁止js读取
.secure(false) // 在http下也传输
.domain("www.baidu.com")// 域名
.path("/") // path
.maxAge(Duration.ofHours(1)) // 1个小时候过期
.sameSite("Lax")
.build();
response.setHeader(HttpHeaders.SET_COOKIE, cookieNew.toString());
}
response.addHeader("X-FRAME-OPTIONS",mode);
}
@Override
public void destroy() {
}
}
总结
提示:本人兼职运维,本职后端研发。项目进度问题,已先解决问题优先为原则,有兴趣的可临行百度了解。这里不做无用解释,处理方案真实有效。