perl anyevent socket监控web日志server
发布时间:2020-12-16 00:00:59 所属栏目:大数据 来源:网络整理
导读:上篇已经讲过client端的CODE 这部分code主要用来接收client端发送来的日志,从数据库中读取reglar然后去匹配. 如果出现匹配则判断为XSS攻击. server端的SOCKET接收用了coro相关的模块. 配置文件仿照前一篇博客读取即可. #!/usr/bin/perluse warnings;use stri
上篇已经讲过client端的CODE
这部分code主要用来接收client端发送来的日志,从数据库中读取reglar然后去匹配.
如果出现匹配则判断为XSS攻击.
server端的SOCKET接收用了coro相关的模块.
配置文件仿照前一篇博客读取即可.
#!/usr/bin/perl use warnings; use strict; use AnyEvent; use AnyEvent::DBI::MySQL; use Config::Tiny; use FindBin; use utf8; use Coro; use Coro::Socket; use Coro::Handle; use lib "$FindBin::Bin/../module"; my $server_config_file = "$FindBin::Bin/../etc/config.ini"; my $config = Config::Tiny->new; my $server_config = $config->read($server_config_file); my $server_log_info = $server_config->{'server_config_info'}; my $username = $server_log_info->{'username'}; my $password = $server_log_info->{'password'}; my $port = $server_log_info->{'server_port'}; my $host = $server_log_info->{'host'}; my $database = $server_log_info->{'database'}; my $server_ip = $server_log_info->{'server_ip'}; $|++; print "Start listening Port:$port","n"; my $s = Coro::Socket->new( LocalAddr => $server_ip,# 创建一个侦听socket LocalPort => $port,Listen => 5,Proto => 'tcp' ) or die $@; my @coro; while (1) { my ( $fh,$peername ) = $s->accept; next unless $peername; &doit($fh); } sub doit { my $dbh = AnyEvent::DBI::MySQL->connect( "dbi:mysql:database=$database","$username","$password" ); my $fh = shift; push @coro,async { $fh->autoflush(1); while ( my $line = $fh->readline() ) { log_regex_do( $line,$dbh ) } $fh->close; } } sub log_regex_do { my ( $log,$dbh,$cv ) = @_; my ( $log_type,$url,$source,$local,$date,$option,$offer,$user ) = $log =~ /t:(.*)|me:(.*)|so:(.*)|lo:(.*)|date:(.*)|opt:(.*)|of:(.*)|u:(.*)$/; my $log_class = type_result( $log_type,$cv ); if ( defined bool( $local,$user,$dbh ) ) { my ($log_result) = log_result( $url,$dbh ); if ($log_result) { get_result_db( $log_type,$log_result,$dbh ); } } } sub type_result { my ( $method,$dbh ) = @_; my $cvs = AnyEvent->condvar; my $type; $dbh->do("set names utf8"); $dbh->selectall_hashref( "select * from w3a_log_monitor_type",'id',sub { my ($ary_ref) = @_; for my $id ( keys %$ary_ref ) { $type = $ary_ref->{$id}->{'id'} if ( $method eq $ary_ref->{$id}->{'log_type_name'} ); } $cvs->send; } ); $cvs->recv; return $type; } sub bool { my ( $local,$dbh ) = @_; my $cv = AnyEvent->condvar; my $count; # $dbh->do("set names utf8"); $dbh->selectcol_arrayref( "select * from w3a_log_monitor where task_name='$user' and task_url='$local'",sub { my ($ref_ary) = @_; $count = @$ref_ary; $cv->send; } ); $cv->recv; return $count; } sub get_result_db { my ( $type,$method_id,$method_url,$method_source,$method_user,$method_date,$method_option,$method_offer,$dbh ) = @_; my $cv = AnyEvent->condvar; my $sth = $dbh->prepare( " insert into w3a_log_monitor_attack ( method_name,method_url,attack_source,attack_user,attack_date,attack_option,attack_offer,log_type )values(?,?,?) " ); $sth->bind_param( 1,$method_id ); $sth->bind_param( 2,$method_url ); $sth->bind_param( 3,$method_source ); $sth->bind_param( 4,$method_user ); $sth->bind_param( 5,$method_date ); $sth->bind_param( 6,$method_option ); $sth->bind_param( 7,$method_offer ); $sth->bind_param( 8,$type ); $sth->execute( sub { my ($rv) = @_; $cv->send; } ); $cv->recv; } sub log_result { my ( $method,$dbh ) = @_; my $cv = AnyEvent->condvar; my $sum_dbh = $dbh; my @target_id; $dbh->do("set names utf8"); $dbh->selectall_hashref( "select * from w3a_log_method",sub { my ($ary_ref) = @_; for my $id ( keys %$ary_ref ) { $cv->begin; my $switch = $ary_ref->{$id}->{'method_switch'}; unless ( $switch == 0 ) { if ( $method =~ /$ary_ref->{$id}->{'method_regex'}/i ) { print "Match regular is: ",$ary_ref->{$id}->{'method_regex'},"n"; push @target_id,$ary_ref->{$id}->{'id'}; } } $cv->end; } } ); $cv->recv; attack_update( $_,$dbh ) for @target_id; return @target_id; } sub attack_update { my ( $id,$dbh ) = @_; my $cv = AnyEvent->condvar; $dbh->selectcol_arrayref( "select attack_sum from w3a_log_method where id='$id' ",sub { my ($ref_ary) = @_; my $sum = $ref_ary->[0] + 1; $dbh->do( "update w3a_log_method set attack_sum='$sum' where id='$id'"); $cv->send; } ); $cv->recv; } ? ? 使用方法如下: 1.服务端监控 2.客户端监控 3.进行XSS模拟 ? 4.查看服务端状态 XSS之前的数据库查询状态 ? XSS之后的数据库查询状态 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |