More Related Content
Similar to Nginx warhead (20)
More from Sergey Belov (6)
Nginx warhead
- 2. •
Pentester in Digital Security / ERPScan;
•
Writer (habrahabr.ru, “Xakep”);
•
CTF Player;
•
Bug bounty member (Google, Yandex);
•
bugscollector.com creator.
- 7. Step 1
location / {
proxy_pass
http://vuln.com;
proxy_set_header X-Real-IP $remote_addr;
}
}
- 11. NGinx – tool for MitM/phishing?
+ Identical design
+ Fully functional working
+ Logging all data (POST/GET)
+ Add custom JS/HTML
- Another domain (DNS poising / router
hacking, malware, evil apn config e.t.c.)