SSL泄露源IP(教程与防护)

通常来说我们使用CDN隐藏源IP了,正常ping将无法查看源IP地址

但因某些模板可能存在的一些漏洞,当我们访问https://ip将会显示服务器首目录SSL证书,通过浏览器安全判断SSL证书域名的源IP地址

因本文章目的是为了防护泄露源IP,不在于查他人网站源IP,所以本文章教程只教学简易部分。更多查源IP自行研究,无需私聊我。

一,常规查源IP方式(历史解析查询)

推荐:http://viewdns.info/

推荐:SecurityTrails: Data Security, Threat Hunting, and Attack Surface Management Solutions for Security Teams

推荐:ViewDNS.info – Your trusted source for domain and IP intelligence!

推荐:Censys Search

部分数据高达几年内网站用过的IP、机房信息等,非常可怕。(自行研究不做教程)

不推荐国内解析查询

图片[1]-SSL泄露源IP(教程与防护)-清风论坛

利用海外解析数据记录查询历史IP
https://(IP)

图片[2]-SSL泄露源IP(教程与防护)-清风论坛

证书将显示:安全证书来自,后面对应的就是改域名使用
点击继续访问即可核验是否为该源IP

其他方式请自行研究,不做讨论。

一,防护也很简单

在宝塔面板添加站点IP乱填

上传假SSL证书即可(可上传以下证书):

KEY:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUsQQJiVQdkQqC
pByVs7wYV7yj+E+2X6uR15fW6wuT5qaNsHUxATp/0DswGtFRKUd1xU0nuFKyZhfo
UuAp6jUmgfDdhnODxQLa989XThJDJ1wGoxadJovi2HmkUfl4oGFWhxqXFKemEVxe
Z9kr3IAJQjaVO8tJ/+ajkWVgpCLrsrZKbtD9Q38CYLgWjqlWTo8R+wTY4ANtAln5
mjYB4L/yo05nzSxUquFZDvaJ+oqNzVq7kRnZNwBExUvUm87YsI/2VhGLb6IJkQEw
ZsG8GvHAUijJy5TpQVeWwT+vBJTtWoqRU2XrTmBdKGG4/IYEm6AW2Yd+RBAXzRZr
2MCVGoF7AgMBAAECggEAAh3UK0ogDv6YqwMku61Ns7T6eME+/dLG5iJ4mC1qRems
15/IEsREh5gUDAmq8pKla5EakEjKczcGiYvQP5UykTRdfWmEmxeUodwxxoMi4GMz
DGfcEOqcyBWdDvBij1Dn7GYCHZBu41KskiNDaycnE7CCfYqvnl1lt1P6PR4fsNZn
nye/DpvGpBdnOzg5WDgPUn6JTTwPUWyVb9gPxFrW6qPIi+z+JGfJ0rLbp+hxtXLu
eh8DoaW8GK+RmRvKjZYWNHOlHl+2Jt7UZxyvSXfA+r0ZUlKRPN6Rqv3gLI7cRZtD
lFdWDFYjaZ00HTUjS7A3KkOLWz1Pv+ZZoQ6Zb68WXQKBgQDyyGjCDF2NTsCIj0We
1KbTvlRexIpKw54utCzGWQqxgYnFF+Tpnj6BVztR5ZO++rs8qkErQSyvjhzROxbQ
+OYh6x9UGuGBQvoQEFxa4YG8uwWB1CutIBAwkDJoBmaX/LvuCixgsc7Z/jUBeaeZ
FfuFBIZVPLX2oaEO7/U30dfoHQKBgQDgRTts8gKynt6Jss8iBAPlgNkrgFZKGmpO
0wDbHebDeag3Ug0AaefeiksY3BpFG1trkrjm8QCq9oLyDs0GOyG4euJh1xL98EVy
0PmxcQ4jfYQbcXLOKjmDDUeIIV/WazVF3d73vsHEGLTOt1lwPSDqZ69lPW7U4X3t
aqiGfhlMdwKBgQCsET2tyfXD4Ly0DFbbavuRtqM1RzZ8JohFsYzKRvE9PQHXnkev
C2hhYuG3+W3tPObW6BOoBFkXUzE5WReio8T25R0fDq4kXsO7/tx1zL2WdTZB/Y22
9bKDuK8A6whrT8QhwTQSk/J2raQDl6Ug6mOIstxCLPUKByOO4qJ5HVBYQQKBgEuC
w/lwmrvthdwzGk7Hr1Asy/I7qdIVhsm3fchJDxOt+Jd3xuzmu61QPuzF3wp5pZRY
uGz5pFHr4jcCCMIaUsY8idCLi9d4eMmp1wiJmksUzdA3qIIF8YtQg08wfYZCXpOB
mrsrvS37a5VWYoTJ8DU8Z+/ceV6v9ahkiw2Nk5MNAoGBAOQqCL3zuoMvcKrQneZ/
2bhcdS2uZVo4EWjDHvlS+0Lv+FdF7raynNph1Yj4mErSdSvwopQEyW+GIShO03X1
evB4KTkSt1cJe1lvZPbFl4oSeyNfhlmp83OjKuS64Oh1NhBGTKvkDv+isrL3+V9M
IfLcuXlrD+ipDy720GIkfZYC
-----END PRIVATE KEY-----

证书:


-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISBeTLk2TehxsukNbkfeOM9A9fMA0GCSqGSIb3DQEBCwUA
MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
EwNSMTEwHhcNMjUwNTA2MTUwNDIwWhcNMjUwODA0MTUwNDE5WjAYMRYwFAYDVQQD
Ew13d3cuY25taWRjLmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
1LEECYlUHZEKgqQclbO8GFe8o/hPtl+rkdeX1usLk+amjbB1MQE6f9A7MBrRUSlH
dcVNJ7hSsmYX6FLgKeo1JoHw3YZzg8UC2vfPV04SQydcBqMWnSaL4th5pFH5eKBh
VocalxSnphFcXmfZK9yACUI2lTvLSf/mo5FlYKQi67K2Sm7Q/UN/AmC4Fo6pVk6P
EfsE2OADbQJZ+Zo2AeC/8qNOZ80sVKrhWQ72ifqKjc1au5EZ2TcARMVL1JvO2LCP
9lYRi2+iCZEBMGbBvBrxwFIoycuU6UFXlsE/rwSU7VqKkVNl605gXShhuPyGBJug
FtmHfkQQF80Wa9jAlRqBewIDAQABo4ICTDCCAkgwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBRxkILtFrw4Iqp5Wv9HCBo4W9NqDjAfBgNVHSMEGDAWgBTFz0ak6vTDwHps
lcQtsF6SLybjuTBXBggrBgEFBQcBAQRLMEkwIgYIKwYBBQUHMAGGFmh0dHA6Ly9y
MTEuby5sZW5jci5vcmcwIwYIKwYBBQUHMAKGF2h0dHA6Ly9yMTEuaS5sZW5jci5v
cmcvMCMGA1UdEQQcMBqCCWNubWlkYy5jboINd3d3LmNubWlkYy5jbjATBgNVHSAE
DDAKMAgGBmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vcjExLmMubGVu
Y3Iub3JnLzk2LmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ABLxTjS9U3JM
hAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABlqZV6RgAAAQDAEcwRQIgNMwm5mPo
Hf7tw9uu9FyAOIqyYz10Kc9jHKUjwRJZVIQCIQCk3WcBqeqR7i+kVzB7xyO2h5BA
sUKDvsOIZJaUfIk5twB2AO08S9boBsKkogBX28sk4jgB31Ev7cSGxXAPIN23Pj/g
AAABlqZV6RQAAAQDAEcwRQIgGSJuN9oio+IlqXk4VGJ3QBqnLiZuqz42XnSWG1d9
qf4CIQCHulU6PnbfYzGtabA2hBMxwHY2FFwi83aEQG/5mLMmAjANBgkqhkiG9w0B
AQsFAAOCAQEAdTcwty4ox8CW6d7Kx28yCovgZAamXOsVJXyzJ7su6GJjyQVVULsy
B6ZFGH3fdHoo7z0Ui6WBZDzAAhXovkazLFUhXU1fLLRS+x9v/MLqdQxs98oaC5YF
XFRpYEyfYzk2s2cBPgWChxWrjOGrfxFkIi9d7RETaKEHZWgc7dvFluzzLDCBd2CA
AKmB1iMFVUc9TLM87pNpBqpvfK8tJwKVNcdUEVbldUAQ1QTLnGojbVKyYo5FyRxo
sUjfpKbleE1hlicsDVGSIIauu1tR1XrbeD5h/5NzZLSRmUg3ZKChbZ9fs4mTLx+/
LyQMYT48Ytc8So1HH5isEHioBRVHO7inTw==
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDEMMAoGA1UEAxMDUjExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuoe8XBsAOcvKCs3UZxD5ATylTqVhyybKUvsVAbe5KPUoHu0nsyQYOWcJ
DAjs4DqwO3cOvfPlOVRBDE6uQdaZdN5R2+97/1i9qLcT9t4x1fJyyXJqC4N0lZxG
AGQUmfOx2SLZzaiSqhwmej/+71gFewiVgdtxD4774zEJuwm+UE1fj5F2PVqdnoPy
6cRms+EGZkNIGIBloDcYmpuEMpexsr3E+BUAnSeI++JjF5ZsmydnS8TbKF5pwnnw
SVzgJFDhxLyhBax7QG0AtMJBP6dYuC/FXJuluwme8f7rsIU5/agK70XEeOtlKsLP
Xzze41xNG/cLJyuqC0J3U095ah2H2QIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB
hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUxc9GpOr0w8B6bJXELbBeki8m47kwHwYDVR0jBBgwFoAU
ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG
A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN
AQELBQADggIBAE7iiV0KAxyQOND1H/lxXPjDj7I3iHpvsCUf7b632IYGjukJhM1y
v4Hz/MrPU0jtvfZpQtSlET41yBOykh0FX+ou1Nj4ScOt9ZmWnO8m2OG0JAtIIE38
01S0qcYhyOE2G/93ZCkXufBL713qzXnQv5C/viOykNpKqUgxdKlEC+Hi9i2DcaR1
e9KUwQUZRhy5j/PEdEglKg3l9dtD4tuTm7kZtB8v32oOjzHTYw+7KdzdZiw/sBtn
UfhBPORNuay4pJxmY/WrhSMdzFO2q3Gu3MUBcdo27goYKjL9CTF8j/Zz55yctUoV
aneCWs/ajUX+HypkBTA+c8LGDLnWO2NKq0YD/pnARkAnYGPfUDoHR9gVSp/qRx+Z
WghiDLZsMwhN1zjtSC0uBWiugF3vTNzYIEFfaPG7Ws3jDrAMMYebQ95JQ+HIBD/R
PBuHRTBpqKlyDnkSHDHYPiNX3adPoPAcgdF3H2/W0rmoswMWgTlLn1Wu0mrks7/q
pdWfS6PJ1jty80r2VKsM/Dj3YIDfbjXKdaFU5C+8bhfJGqU3taKauuz0wHVGT3eo
6FlWkWYtbt4pgdamlwVeZEW+LM7qZEJEsMNPrfC03APKmZsJgpWCDWOKZvkZcvjV
uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA
-----END CERTIFICATE-----
图片[3]-SSL泄露源IP(教程与防护)-清风论坛

宝塔默认站点选择刚刚上传假证书的地址即可

© 版权声明
THE END
喜欢就支持一下吧
点赞11 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容