ͥåȥڥꥹ - SE̼η -

ͥåȥڥꥹȤλкȤǤͥåȥڥꥹȻι
̡ʤΥġ⡢μʤɤξǺܤޤкߥʡԤäƤޤ ͥåȥڥꥹ
кʤ麸κǤܤ֥ͥڡץ꡼ʵɾҡˤǡ
ͥåȥڥꥹȻ˹ʤȡͥåȥ˴ؤμ䵻ѤǤʤɲϤʸϤȤˤĤޤ
ˡλ˹ʤǤȤ뤳ȤǤޤ

ƥꡧ10.ץꥱءL5L7 > 10.1 HTTP(Web)

HTTPȤ
HTTPHyperText Transfer ProtocolˤȤ,󥿡ͥåȤδܤȤʤץȥǤYahoo!ʤɤWebȤϡHTTPȤץȥ뤬Ѥޤ
WebHTTPȹͤФΤǤURLϤȤˡhttp://ǻϤ뤳Ȥ顢ʤ߿ȤǤ礦

HTTPHyperTextˤΰ̣Ǥ̾Υƥʸꤹsuper)ǤʤȤӤ̤ƤȤ̣ΥϥѡHyperˤǤ
ŪˤHTML(Hyper Text Markup LanguageˤȤWebФΥƥĤϺޤΤ˥󥯤ưʤɤ⵭ܤǤΤǡϥѡʸǤȤⴶޤ

HTTPSȤ
httpsHTTP over SSL/TLSˤȤϡΥե륹ڥ̤ꡢHTTPSSLTLSȤȤǡŹ沽ư̿ԤȤǤ
ǶǤGooglehttpsˤŹ沽̿ˤʤޤ
饤Х󥭥󥰻Ȥȡhttps://ǻϤޤURLɽ졢СʬпˤʤäꤷޤޤγǧǤޤ
ʲϻɩUFJԤΥ饤Х󥭥󥰤ΥȤ򳫤̤Ǥ
UFJ

HTTPΥإåξΰĤǤ
LBProxyФˤơΥեɤˡ³ʥ饤ȡˤIPɥ쥹ɵ뤳ȤǤޤ
ɵ뤫꼡ʤΤǡȤProxyФsquidǤСforwarded_for onꤷޤ
 
ϡH24SC孵4ˤˤơLBεǽȤơ֤ޤHTTPإåեɤȤX-Forwarded-ForإåեɤɲòǽǤ뤬ߤѤƤʤפȤޤ

X-Forwarded-For˴ؤ꤬٤Ƥޤ
LB˸¤餺ProxyФǤ⤽Ǥ뤬IPɥ쥹Ѵ礬롣ȤСProxyФ̿ǤСIPɥ쥹Proxyˤʤꡢºݤ̿üIPɥ쥹ʬʤLBLBˤƿʬˡIPɥ쥹LBˤƤޤȡФˤϤ٤LB̿˸롣
ǡHTTPإåեɤˡX-Forwarded-ForȤơIPɥ쥹Ѵ򤹤üIPɥ쥹򥻥åȤΤǤ롣
ǤϡH28SC壱䣳ˤ򸫤Ƥߤޤ礦ȤȤ¿ʥץäΤǤ狼ˤΤǻˤѹƤޤ

ȤΥͥåȥϡץФͳFW饤󥿡ͥåȤ˥ޤFW̿ǤPCǤʤ
ǡץǤϡHTTPإåȤ[d]إåեɤɲä褦ꤷFWǤϡ[d]إåեɤ˽Ϥ褦ꤷ

(1)ʸβˤĤơFWΥǤPCǤʤͳ30ǽҤ٤衣
(2)ʸ[d]Ŭڤʻ衣
(1)IPɥ쥹ץIPɥ쥹ȤʤΤ(2)X-Forwarded-For

ɴʹϰ츫ǡפǤޤϤäƤߤޤ礦
sef5

Ǥ⡢ФʤƻäƤޤ
ˤʤޤVMwareʤɤDzۥФΩƤƤ⤤ΤǤWindows8OSɸൡǽǺޤ礦ϥФäƤIIS饤üˤäƤޤ
ȤƤñWebФޤ

IISΥ󥹥ȡ
 ȥѥ֥ͥץȵǽסWindowsεǽͭޤ̵פIISʥ󥿡ͥå ե᡼ ӥˤ򥤥󥹥ȡ롣
iis
ƵưСWebӥʤɤѤǤ롣

ȹ
ˤˡĢǡ֤ˤϡפϤե̾index.htmlȤƤߤ褦
HTMLΥեޥåȤǽ񤯤٤ʤǤϤǤ褷Ȥޤ
ĥҤtxtǤϤʤhtmlˤޤ礦եϡC:\inetpub\wwwrootޤΥեWebФΥեǤ
memo
WebФ˥Ƥߤ褦
֥饦ȤäơʬIPɥ쥹httpǥƤߤޤ礦
http://192.168.1.100/index.html
web
ʤΤ褦ɽޤȤƤñǤ͡
Ȥ⡢㤦ѥ󤫤äƤߤޤ礦

ѾΥХ˰ʲεܤ롣
2) Web
WWW ϥ󥿡ͥåȾ󶡤ϥѥƥȤΥƥǤꡤWeb Фȥ饤ȡʥ֥饦ˤѤƥ뤳ȡWeb ڡHTMLXML ʤɤΥޡå׸ǵҤ졤ϥѥ󥯤Ǵñ̤Υڡ򻲾ȤǤ뤳Ȥ䡤Web ץꥱλȤߡħǽ򤹤롣

Ѹ HTTPCGIcookieURL

4) 󥸥
Web δĶѤɽŪʸ󥸥λȤߡħ򤹤롣

Ѹ ʸǥ쥯ȥ귿ܥåȷ
webϡ֥פȤ̣Ǥ롣
WWWWorld Wide Webˤĥᤰ餵줿Τ褦ʥͥåȥǤ롣WWWϻȤߤ䳵ǰɽΤǤ롣WWWФWWW饤ȡʼ˥֥饦ˡURLѤ뤳ȤǡHTMLȤ줷եޥåȤˤƴñ˾ȯȱǤ褦ˤȤߤǤ롣

HTTP̿ѥåȥץ㤷ƤߤȡʲΤ褦ή줬狼롣
1)ClientServerGET /index.html HTTP/1.1 1.1HTTPΥС󡣵С1.0
2)ClientServerHTTP/1.1 200 Document follows 200(OK)
3)ClientServerHTMLǡ
2


3way-handshake̵ΤǤ
䡣衣̩ˤϡ嵭1)3)ˤ⡢TCP/IPΥСإåɤ֤롣
X)ClientServer3way-handshake SYN
X)ClientServer3way-handshake SYN,ACK
X)ClientServer3way-handshake ACK
1)ClientServerGET /index.html HTTP/1.1
2)ClientServerHTTP/1.1 200 Document follows
X)ClientServerACK
3)ClientServerHTMLǡ

PCʥ֥饦ˡhttpꥯȡWeb
http쥹ݥ󥹡


H25SC孶1ˤ˥ꥯȤȥ쥹ݥ󥹤ζ㤬ΤǷǺܤ롣
Ƥ餦ʬ뤬ꥯȤGETʤɤǾ˹Ԥ
쥹ݥ󥹤ϡ200OKפʤɤΡHTTPΥơɤϤޤ롣

ꥯ1
GET /javarhino/ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, application/-shockwave-flash., */*
Accept-Language: ja
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;Windows NT 5.1; SVl)
Host: D.D.D.D
Connection: Keep-Alive

쥹ݥ1

HTTP/1.1 200 OK
Content-Type: text/html
Connection: Keep-Alive
Server: Apache
Content-Length: 12e
<html><head></head><body><appletarchiveR"exploit.jar"
code="exploit.class" width="1" height="1"></applet></body></html>


RFCǵꤵƤ롣

̣

100
200ェλ200OKェλ
300ɲäν׵ᤵ
400饤¦顼401Unauthorizedǧڤ˼ԡˡ
404Not Foundʻꤵ줿ڡ̵
500¦顼503Service UnavailableʥӥԲġ

CGIΥץȤ顼ˤʤʤ

H25SC孶1ˤ򸫤Ƥߤ褦
IPɥ쥹C.C.C.CФơͤPCϼΣΥꥯȤƤ
http://C.C.C.C/config.binؤGETꥯȡ92612:28
http://C.C.C.C/gate.phpؤPOSTꥯȡ92612:28ʹߡ5ʬ
嵭URL,ڤIPɥ쥹C.C.C.C80֥ݡȤ֥饦ǥԤƤߤȤФϲƯƤʤ褦Ǥä

23ˡ7ΡΡaϤŬڤʿ衣ޤޣβˤĤơ֥饦ǥԤݤκǤŬڤʥ쥹ݥ󥹤ӡ衣


204 No Content
404 Not Found
503 Service Unavailable
쥹ݥ󥹤ʤ
ͥåȥڥꥹȤܻؤSEäȡ

빽¤ޤ͡




͡ϡǤ롣
ФƯƤʤȤȤϡå֤ȤǤʤ
ѼԤˤϡ֤ΥڡɽǤޤפȡ饤ȤΥ֥饦ɽ뤳Ȥˤʤ롣

ǤϡHTTPȤäơWebФΥƥĤΥåץɤ乹ǽˤץȥH21NW 12)סHTTPĥץȥȤä,оΥեλȤ,ڤӥСԤפȤ롣

WebФɽŪʥեȤǤIISApacheˤϡWebDAVεǽȤ߹ޤƤ롣
1

äFTPǤǤޤ͡
虜虜HTTPǤåȤϤޤ
ΤFTPǤǤ롣Ǥ⡢WebDAV򹥤ͤ빽¿
ĤϡFWHTTP϶Ƥ뤬FTPĤƤˤȤ롣
ޤ֥饦١ƤǤơɥåɥåפȤ롣ͭեΤ褦ʻȤǤΤǡǤϤޤ

HTTP1.1RFC2616ǵ졢Web뤿GETǼĤؤν񤭹ߤΤPOSTʤɡ8ĤΥ᥽åɤ롣
᥽åɤϡOPTIONSסGETסHEADסPOSTסPUTסDELETEסTRACEסCONNECTפ롣

GETϼʸּ̤פ顢WebФ顢ƥĤޤWebͤޤդWebФΤPUTȤ̤POSTȤΤꡢƤޤ
ǤϡPOSTȤϲǤ礦
Webץꥱ줿ϡMETHOD="GET"뤤POSTʤɤεܤ򤵤줿Ȥ⤢Ǥ礦GETǤPOSTǤ⡢ɤǤ뤳ȤϤۤƱǤ
1

ǤϤʤ2ĤΤǤ
HTTPΤΥСHTTP/0.9ˤˤϡGETʤäȤΤȤǤ͡äGETǽʬǤϡ
ϡGETǤʸ¤ʤɤ꤬ޤ
POSTϤɤΤǤ
ʤΤǡǼĤ˥ǡ񤭹ʤɤνˤϡGETǤϤʤPOST褯Ȥޤ

㤤ȤƤ褯ä򤵤Τ2ĤǤ礦
ˡ
GETURL˰򵭺ܤޤ
㤨Сhttp://xxx.seeeko.com/index.asp?id=aaa
POSTURL˰򵭺ܤHTTPΥǡ˵ܤޤʤΤURLϰʲΤ褦ˤʤ롣
http://xxx.seeeko.com/index.asp

ʲ˾ܤ񤤤ΤǡͤˤƤۤ
http://sc.seeeko.com/archives/4789459.html

å夵뤫
GETαϥå夵졢POSTαϥå夵ޤ󡣥åȤΤʾˤʤޤΤǡǥåȤޤ

¿˽ʸǤʬ䤹ͤƤ餦ȡʲˤʤޤ
GETϥǡ롣WEBα
POSTϥǡ롣ʷǼĤؤν񤭹ߤʤɡ

餤ȤơH21NW210򤤤Ƥߤޤ礦
 10HTTPGET᥽åɤPOST᥽åɤ˴ؤ뵭ҤΤŬڤʤΤϤɤ줫

GETμɬܤǤ뤬POSTϥץǤ롣
GETϥФؤPOSTϥФαǤ롣
POSTαϥå夵뤬GETϥå夵ʤ
POSTϥФCGIưǤ뤬GETϵưǤʤ
Ǥ롣ɬܤGETHEADΤߡƥ꤫顢WebФǤTRACE᥽åɤ̵ˤޤϡhttpd.confǹԤޤɬܤΥ᥽åɤǤ̵Τǡ̵ˤǤޤ
ϡGETPOST⥵ФؤѤ
ϵ
ɤⵯưǤ롣

H21NW12Ǥϡץ³뤿Υ᥽åɤǤCONNECT᥽åɤ줿
Web᡼ѤHTTPSǤϡPC[]᥽åɤѤƥץФ³ꤷSSLåASPФȤδ֤dzΩ롣


ʲΤƤϤޤ衣
ʣäˡϿʸΤ褦ʽפʽ¹ԤڡˤϡΡaϥ᥽åɤǥ褦ˤhiddenѥ᥿̩ʥڡȡˤ褦ˡΥڡư롣¹ԥڡǤϡͤԤ⤷Ρaϥ᥽åɤˡΡbϥ᥽åɤǥȡ̩URLղä뤳ȤˤʤΤǡǤѤ򤱤٤Ǥ롣ޤHTMLե<form>Ѥ硤᥽å°λάȡΡaϥ᥽åɤȲᤵΤǡŬڤ˻ꤹɬפ롣
(H23AP91
Ȥ

ۤɤβ򸫤Ƥȡñ˲򤱤뤫⤷ޤ
ޤ᥽åɤϤĤޤŪˤϤ2ĤФƥкȤޤ礦

aPOST
bGET

ޡåסMarkup Language˸Ȥ
HTMLHyperText Markup LanguageˤXMLeXtensible Markup Languageˤϡɤޡå׸Ǥ
ޡå׸˴ؤơH25ǯIP69ˤǤϡ֥ޡå׸ǤϡɽʤɤŪˡʸϤƤǤʤʸ¤쥤ȾʸΥեȵڤӥʤɤꤹ뵭ҤľळȤǤפȤޤ
HTMLޡå׸ɽǤ<font>ʤɤΥȤȤǡʸ礭ʤɤꤹ뤳ȤǤޤ

HTMLXMLΰ㤤
WebΥڡѤHTMLXMLΰ㤤ˤĤƤǤeXtensibleϳĥǽȤ̣Ǥ顢XMLHTMLγĥǤȥ᡼Ƥ館ФǤ礦
XML˴ؤơѾ󵻽ѼԻΥХǤϡHTML εǽ˲äơȼ˥뤳ȤǤ뵡ǽ˥󥿡ͥåȤ𤷤ǡ򴹤ѤƤפȽҤ٤Ƥޤ
ޤH23AP71ˤǤϡ֥󥿡ͥåȤѤȴּˤ,ǡ򤽤Τޤ޵ɼ,ʸѴꤹ뤳ȤưפˤǤפȤޤXMLȤȡEXCELʤɤؤѴưפ˹ԤΤǤ͡

ơξԤΰ㤤ϲǤ礦βH24IPˤ򸫤ʤǧ򤷤ޤ礦
67HTML˴ؤ뵭ҤȤơŬڤʤΤϤɤ줫
ȤäWebڡ¤쥤ȤǤޡå׸Ǥ롣
֥饦ưƤ򵭽Ҥ륹ץȸǤ롣
֥饦WebФȤδ֤ǹԤ̿ΥץȥǤ롣
ѼԤȼΥƥǡΰ̣乽¤򵭽ҤǤޡå׸Ǥ롣
襢HTMLǡHTMLϡ֥ȤäWebڡ¤쥤ȤǤޡå׸פǤ
襨XMLǡXMLϡѼԤȼΥƥǡΰ̣乽¤򵭽ҤǤޡå׸פǤ
ʤߤˡ襤JavaScriptǤ

H19AD
45 HTMLˤϥѥƥȤħȤ,ŬڤʤΤϤɤ줫
ʸ򰷤ΤǡեؤΥ󥯤ϤǤʤ
󥯤ϳع¤ʤΤǡ̤ΥƥȤ˰ưϰٺǾ̤γؤޤʤФʤʤ
󥯤ξĤΤǡƥȴ֤ͳ˹ԤǤ롣
󥯤򥯥å뤳Ȥˤäơꤵ줿ƥȤ˰ưǤ롣
ۥ 

H19AD
22 HTMLXMLħӤҤΤ,ŬڤʤΤϤɤ줫
HTMLǤ°ͤ򤹤٤Ű(")ϰŰ(')ǰϤɬפ뤬XMLǤϤɬפϤʤ
HTMLǤϥ桼ȼǤǤ뤬XMLǤϸͤǷ줿ǤͭǤ롣
HTMLǤǤˤäƤϽλάǤ뤬XMLǤϳϥȽλƤϤफǤηǵҤɬפ롣
HTMLǤ̾ʸȾʸ̤뤬XMLǤ϶̤ʤ
ۥ 

(H24FE
8XMLħȤơǤŬڤʤΤϤɤ줫
XMLǤϡHTMLˡWebڡɽǽθŪȤǽɲäƤ롣
XMLǤϡͥåȥ𤷤󥷥ƥ֤Υǡ򴹤ưפˤ뤿ˡǤդΥ뤳ȤǤ롣
XMLѤ뤳ȤǤ륹ϡHTMLƱΤǤ롣
XMLϡSGML˳ȯ줿HTMLȤϰۤʤꡤȼλͤȤƳȯ줿
ۥ

H23AP
71 󥿡ͥåȤѤȴּˤ,ǡ򤽤Τޤ޵ɼꡤʸѴꤹ뤳ȤưפˤǤޡդϤɤ줫
HTML SGML UML XML

ϥXMLǤ
XMLϡʸˤ褦ʳĥι⤤ޡåסʥޡդ˸Ǥ



ݥ󥵡ɥ

ΥڡΥȥåץ