网安引领时代,弥天点亮未来
2.HVV期间研判工作量非常的大,靠一个人分析很累,可能还有有遗漏分析错的,最近研究并且整理了一下,如何使用chatgpt进行辅助高效的进行数据包的研判。
3.下面使用案例数据包进行分析
①.第一个数据包,使用chatgpt进行辅助分析。
GET /logs/downloadMainLog?fname=../../../../../../../../../../../../etc/passwd HTTP/1.1
Host: www.baidu.com
Connection: keep-alive
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="21", " Not;A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
cmd: ipconfig
Cookie: PSTM=1680435279; BAIDUID=7011213797A0990A946D472433D8B549:FG=1; BIDUPSID=C240FC3C6C5A31FEB5AB03A5CEA11C1E; BD_UPN=12314753; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; H_PS_PSSID=36542_38470_38353_38439_38402_38468_38289_38486_37929_38356_26350_38417_37881; ab_sr=1.0.1_ZjllMTFjMTIwNjZiN2RiYzFmNTA2ODYyNDE2NThiOTg0MjI3MTk5Y2U1N2Q5YzdhNTlkOTZmMjRiNzc0ZDIzZjEyMzczZWRmMDA1MDhiMDZkYWNmZWNmYWFlOTg5MmFlZWIwN2UxMmM5NTYzZjA2YzZjYzIxZDFmYTcwNTAzNzMyMzNkYzFkYTI1NjUwMTI5ZTg1OWIzZjdlMWNiNGQ5NA==; H_PS_645EC=7f4fqCtJdsDigOeJA4v3VguAd2INoCvUzgafQrxaMND2%2Be42i4S7GV%2BUmyY; BA_HECTOR=a0250h2k200l240k2la48g5f1i2nbfj1n; BAIDUID_BFESS=7011213797A0990A946D472433D8B549:FG=1; delPer=0; BD_CK_SAM=1; PSINO=2; ZFY=zBBKG9SZZxWvmoJEI4o2fGjEg5ZDlDFe:Au314cU4qco:C; shifen[1528619_91638]=1680584180; BCLID=10324143353912386416; BCLID_BFESS=10324143353912386416; BDSFRCVID=qwDOJexroG0GK4nf21EItKqrPVqXC3oTDYrEOwXPsp3LGJLVcbUsEG0Ptoe2drPMbyXiogKK0mOTHv-F_2uxOjjg8UtVJeC6EG0Ptf8g0M5; BDSFRCVID_BFESS=qwDOJexroG0GK4nf21EItKqrPVqXC3oTDYrEOwXPsp3LGJLVcbUsEG0Ptoe2drPMbyXiogKK0mOTHv-F_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF=JnCtoKI-fIK3H48k-4QEbbQH-UnLq-tDW2OZ04n-ah02spkmh4DKDfL-5-RDbqOp-Gbmob7m3UTKsq76Wh35K5tTQP6rLtJaQ674KKJxbn7qhRb40McD2qkthUJiB5OLBan7Lj6IXKohJh7FM4tW3J0ZyxomtfQxtNRJ0DnjtpChbC-ljj-BD6v0eU5eetjK2CntsJOOaCkKffJOy4oWK441D-JitP6htJ645tbc-4omS4jyLTbo3M04K4o9-hvT-54e2p3FBUQjHx5RQft20b0ebH5bbqOuKj5vBR7jWhk2Dq72ybDVQlRX5q79atTMfNTJ-qcH0KQpsIJM5-DWbT8IjHCJJ6LefRuO_Cvt-5rDHJTg5DTjhPrMKUvmWMT-MTryKKJTWKb_eC_lQfoMyn_X0bjDXUteaanRh4oNB-3iV-OxDUvnyxAZ-U5PbMQxtNRJWbK-5Pom8JowW-robUPUDMc9LUvqHmcdot5yBbc8eIna5hjkbfJBQttjQn3hfIkj2CKLJIDhhII4e5_35n-Wql632-6MKC_X3b7Ef-tWfq7_bJ7KhUbQQP4J2tKHtmT4Lpvh-fJ4qfnJDPnxQhFXQq7q0P7AWRcAMMn1QJODStOHQT3m5-48DxOHQUraMGb0Wb3cWKJV8UbS5CcPBTD02-nBat-OQ6npaJ5nJq5nhMJmb67JDMr0eG8Dt6t8tJ-tVbobHJoHjJbGq4bohjPL5PO9BtQO-DOxop3cJnrthCjHyJOvKJDr3lQv35JyQgnkQq5vbMnmqPtRXMJkXhKS-Roe0x-jLTny0Coe-fJYH4TyMtnJyUnQhtnnBnKL3H8HL4nv2JcJbM5m3x6qLTKkQN3T-PKO5bRu_CcJ-J8XhIt6DToP; H_BDCLCKID_SF_BFESS=JnCtoKI-fIK3H48k-4QEbbQH-UnLq-tDW2OZ04n-ah02spkmh4DKDfL-5-RDbqOp-Gbmob7m3UTKsq76Wh35K5tTQP6rLtJaQ674KKJxbn7qhRb40McD2qkthUJiB5OLBan7Lj6IXKohJh7FM4tW3J0ZyxomtfQxtNRJ0DnjtpChbC-ljj-BD6v0eU5eetjK2CntsJOOaCkKffJOy4oWK441D-JitP6htJ645tbc-4omS4jyLTbo3M04K4o9-hvT-54e2p3FBUQjHx5RQft20b0ebH5bbqOuKj5vBR7jWhk2Dq72ybDVQlRX5q79atTMfNTJ-qcH0KQpsIJM5-DWbT8IjHCJJ6LefRuO_Cvt-5rDHJTg5DTjhPrMKUvmWMT-MTryKKJTWKb_eC_lQfoMyn_X0bjDXUteaanRh4oNB-3iV-OxDUvnyxAZ-U5PbMQxtNRJWbK-5Pom8JowW-robUPUDMc9LUvqHmcdot5yBbc8eIna5hjkbfJBQttjQn3hfIkj2CKLJIDhhII4e5_35n-Wql632-6MKC_X3b7Ef-tWfq7_bJ7KhUbQQP4J2tKHtmT4Lpvh-fJ4qfnJDPnxQhFXQq7q0P7AWRcAMMn1QJODStOHQT3m5-48DxOHQUraMGb0Wb3cWKJV8UbS5CcPBTD02-nBat-OQ6npaJ5nJq5nhMJmb67JDMr0eG8Dt6t8tJ-tVbobHJoHjJbGq4bohjPL5PO9BtQO-DOxop3cJnrthCjHyJOvKJDr3lQv35JyQgnkQq5vbMnmqPtRXMJkXhKS-Roe0x-jLTny0Coe-fJYH4TyMtnJyUnQhtnnBnKL3H8HL4nv2JcJbM5m3x6qLTKkQN3T-PKO5bRu_CcJ-J8XhIt6DToP; COOKIE_SESSION=38_0_2_4_0_5_0_0_1_3_1_1_0_0_0_0_0_0_1680584179%7C4%230_0_1680584179%7C1; BD_HOME=1
②.第二个数据包,把fname和cmd参数进行base64编码,再使用chatgpt进行辅助分析。
GET /logs/downloadMainLog?fname=Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== HTTP/1.1
Host: www.baidu.com
Connection: keep-alive
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="21", " Not;A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
cmd: aXBjb25maWc=
Cookie: PSTM=1680435279; BAIDUID=7011213797A0990A946D472433D8B549:FG=1; BIDUPSID=C240FC3C6C5A31FEB5AB03A5CEA11C1E; BD_UPN=12314753; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; H_PS_PSSID=36542_38470_38353_38439_38402_38468_38289_38486_37929_38356_26350_38417_37881; ab_sr=1.0.1_ZjllMTFjMTIwNjZiN2RiYzFmNTA2ODYyNDE2NThiOTg0MjI3MTk5Y2U1N2Q5YzdhNTlkOTZmMjRiNzc0ZDIzZjEyMzczZWRmMDA1MDhiMDZkYWNmZWNmYWFlOTg5MmFlZWIwN2UxMmM5NTYzZjA2YzZjYzIxZDFmYTcwNTAzNzMyMzNkYzFkYTI1NjUwMTI5ZTg1OWIzZjdlMWNiNGQ5NA==; H_PS_645EC=7f4fqCtJdsDigOeJA4v3VguAd2INoCvUzgafQrxaMND2%2Be42i4S7GV%2BUmyY; BA_HECTOR=a0250h2k200l240k2la48g5f1i2nbfj1n; BAIDUID_BFESS=7011213797A0990A946D472433D8B549:FG=1; delPer=0; BD_CK_SAM=1; PSINO=2; ZFY=zBBKG9SZZxWvmoJEI4o2fGjEg5ZDlDFe:Au314cU4qco:C; shifen[1528619_91638]=1680584180; BCLID=10324143353912386416; BCLID_BFESS=10324143353912386416; BDSFRCVID=qwDOJexroG0GK4nf21EItKqrPVqXC3oTDYrEOwXPsp3LGJLVcbUsEG0Ptoe2drPMbyXiogKK0mOTHv-F_2uxOjjg8UtVJeC6EG0Ptf8g0M5; BDSFRCVID_BFESS=qwDOJexroG0GK4nf21EItKqrPVqXC3oTDYrEOwXPsp3LGJLVcbUsEG0Ptoe2drPMbyXiogKK0mOTHv-F_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF=JnCtoKI-fIK3H48k-4QEbbQH-UnLq-tDW2OZ04n-ah02spkmh4DKDfL-5-RDbqOp-Gbmob7m3UTKsq76Wh35K5tTQP6rLtJaQ674KKJxbn7qhRb40McD2qkthUJiB5OLBan7Lj6IXKohJh7FM4tW3J0ZyxomtfQxtNRJ0DnjtpChbC-ljj-BD6v0eU5eetjK2CntsJOOaCkKffJOy4oWK441D-JitP6htJ645tbc-4omS4jyLTbo3M04K4o9-hvT-54e2p3FBUQjHx5RQft20b0ebH5bbqOuKj5vBR7jWhk2Dq72ybDVQlRX5q79atTMfNTJ-qcH0KQpsIJM5-DWbT8IjHCJJ6LefRuO_Cvt-5rDHJTg5DTjhPrMKUvmWMT-MTryKKJTWKb_eC_lQfoMyn_X0bjDXUteaanRh4oNB-3iV-OxDUvnyxAZ-U5PbMQxtNRJWbK-5Pom8JowW-robUPUDMc9LUvqHmcdot5yBbc8eIna5hjkbfJBQttjQn3hfIkj2CKLJIDhhII4e5_35n-Wql632-6MKC_X3b7Ef-tWfq7_bJ7KhUbQQP4J2tKHtmT4Lpvh-fJ4qfnJDPnxQhFXQq7q0P7AWRcAMMn1QJODStOHQT3m5-48DxOHQUraMGb0Wb3cWKJV8UbS5CcPBTD02-nBat-OQ6npaJ5nJq5nhMJmb67JDMr0eG8Dt6t8tJ-tVbobHJoHjJbGq4bohjPL5PO9BtQO-DOxop3cJnrthCjHyJOvKJDr3lQv35JyQgnkQq5vbMnmqPtRXMJkXhKS-Roe0x-jLTny0Coe-fJYH4TyMtnJyUnQhtnnBnKL3H8HL4nv2JcJbM5m3x6qLTKkQN3T-PKO5bRu_CcJ-J8XhIt6DToP; H_BDCLCKID_SF_BFESS=JnCtoKI-fIK3H48k-4QEbbQH-UnLq-tDW2OZ04n-ah02spkmh4DKDfL-5-RDbqOp-Gbmob7m3UTKsq76Wh35K5tTQP6rLtJaQ674KKJxbn7qhRb40McD2qkthUJiB5OLBan7Lj6IXKohJh7FM4tW3J0ZyxomtfQxtNRJ0DnjtpChbC-ljj-BD6v0eU5eetjK2CntsJOOaCkKffJOy4oWK441D-JitP6htJ645tbc-4omS4jyLTbo3M04K4o9-hvT-54e2p3FBUQjHx5RQft20b0ebH5bbqOuKj5vBR7jWhk2Dq72ybDVQlRX5q79atTMfNTJ-qcH0KQpsIJM5-DWbT8IjHCJJ6LefRuO_Cvt-5rDHJTg5DTjhPrMKUvmWMT-MTryKKJTWKb_eC_lQfoMyn_X0bjDXUteaanRh4oNB-3iV-OxDUvnyxAZ-U5PbMQxtNRJWbK-5Pom8JowW-robUPUDMc9LUvqHmcdot5yBbc8eIna5hjkbfJBQttjQn3hfIkj2CKLJIDhhII4e5_35n-Wql632-6MKC_X3b7Ef-tWfq7_bJ7KhUbQQP4J2tKHtmT4Lpvh-fJ4qfnJDPnxQhFXQq7q0P7AWRcAMMn1QJODStOHQT3m5-48DxOHQUraMGb0Wb3cWKJV8UbS5CcPBTD02-nBat-OQ6npaJ5nJq5nhMJmb67JDMr0eG8Dt6t8tJ-tVbobHJoHjJbGq4bohjPL5PO9BtQO-DOxop3cJnrthCjHyJOvKJDr3lQv35JyQgnkQq5vbMnmqPtRXMJkXhKS-Roe0x-jLTny0Coe-fJYH4TyMtnJyUnQhtnnBnKL3H8HL4nv2JcJbM5m3x6qLTKkQN3T-PKO5bRu_CcJ-J8XhIt6DToP; COOKIE_SESSION=38_0_2_4_0_5_0_0_1_3_1_1_0_0_0_0_0_0_1680584179%7C4%230_0_1680584179%7C1; BD_HOME=1
③.第三个数据包,增加绕过了参数,测试chatgpt能否检测到绕过行为。
POST /cgi-bin/network_test.php HTTP/1.1
Host: x.x.x.x
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 44
host=%0acat${IFS}/etc/hosts%0a&command=ping
4.虽然chatgpt有的时候研判结果有点智障,目前只能辅助研判人员,但是未来变聪明了,HVV只会研判看包机器人迟早下岗回家继承家业。
5.
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...