There are many reason to find the origin IP address of a web server. For example, to bypass cloud based DDoS protection services, to locate all the load balance servers and etc. There are a lot of methods in the net to do so as long as the cloud based serivce is misconfigured.
The most stupid way to find the origin IP address of a web server is by scanning all IP addresses in that city or service provider. It is a time consuming method and is very low efficiency. However, it is the most possible way to find the origin IP address.
In 2013, Ms Allison Nixon of Integralis gave a speech at BlackHat USA 2013 conference to introduce this method. She prepared a perl script for the PoC, namely NoCloudAllowed. The talk is at the following video.
Since her site has been down for years, the perl script is no longer available now. Her idea is presented in Python way again by Samiux in 2015 and it is modified recently (2019). It is an open source project namely Chameleon.
Chameleon simpified the idea of Allison's. It only search for a string to see if the front page in that IP address is containing or not. Chameleon scans 170,000 IP addresses in about 45 minutes with less computer resources.
However, if the site is not pointed to the root directory of the server or the site is not allowed to be accessed by IP address url, Chameleon cannot find it out. The most headache thing is that you need to guess what the origin IP address is situated in what IP range.
Reference
BlackHat 2013 - Denying Service to DDoS Protection Services
Chameleon 变色龙 - Website IP Address Seeker
That's all! See you.
Open Source is a great idea and it has changed the world!
Open Source forever ....
While you do not know attack, how can you know about defense? (未知攻,焉知防?)
Do BAD things .... for the RIGHT reasons -- OWASP ZAP
It is easier to port a shell than a shell script. -- Larry Wall
Most of you are familiar with the virtues of a programmer. There are three, of course: laziness, impatience, and hubris. -- Larry Wall
为天地立心, 为生民立命, 为往圣继绝学, 为万世开太平。 -- 王炜
Sunday, September 15, 2019
Friday, September 06, 2019
Monday, September 02, 2019
Subscribe to:
Posts (Atom)