anti-honeypot
anti-honeypot copied to clipboard
cnrstar
一款可以检测WEB蜜罐并阻断请求的Chrome插件
报错
最新代码  
106.38.112.125 -- script https://api.m.jd.com/api?appid=pc_home_page&functionId=getBaseUserInfo&loginType=3&jsonp=jsonp2 3p 11:00:07 106.38.112.125 -- script https://home.51cto.com/index.php?s=/Index/getLoginStatus2015/reback/http%253A%252F%252Fwww.51cto.com%252F 3p 11:00:07 106.38.112.125 -- script https://api.m.jd.com/client.action?functionId=getBabelProductPaged&body=%7b%22%73%65%63%6f%6e%64%54%61%62%49%64%22%3a%22%30%30%31%35%35%35%35%34%37%30%38%39%33%5f%30%33%37%32%36%36%30%30%5f%22%2c%22%74%79%70%65%22%3a%22%30%22%2c%22%70%61%67%65%4e%75%6d%22%3a%22%31%22%2c%22%6d%69%74%65%6d%41%64%64%72%49%64%22%3a%22%22%2c%22%67%65%6f%22%3a%7b%22%6c%6e%67%22%3a%22%22%2c%22%6c%61%74%22%3a%22%22%7d%2c%22%61%64%64%72%65%73%73%49%64%22%3a%22%22%2c%22%70%6f%73%4c%6e%67%22%3a%22%22%2c%22%70%6f%73%4c%61%74%22%3a%22%22%2c%22%66%6f%63%75%73%22%3a%22%22%2c%22%69%6e%6e%65%72%41%6e%63%68%6f%72%22%3a%22%22%7d&screen=2799*1208&client=wh5&clientVersion=1.0.0&sid=&uuid=&area=&_=1585823068850&callback=jsonp1 3p 11:00:07 106.38.112.125 -- frame https://hd.huya.com/web/anchor_recruit/index.html?id=42566%26callback=eval(name)%23&anchorsrc=0 3p 11:00:07 106.38.112.125 -- frame https://m.iask.sina.com.cn/cas/logins?domain=iask.sina.com.cn&businessSys=iask&channel=null&popup=show&clsId=undefined&fid=%22%3E%3Cscript%3Eeval(name)%3C/script%3E 3p 11:00:07...
1. 在右上角图标上给提示,点击后弹出来拦截了啥请求链接,发现有用后直接去提交src好了 2. 加入jsonp漏洞自动挖掘功能,设定关键词(比如自己的ID),然后url里包含callback且返回包里有这个id,就右上角爆出来发现jsonp漏洞。 3. **来个会画界面的小伙伴呀**,我不会,写个js都是业余的。
