xss-attack took place in our webapp hosted in Azure. How to find the IP address of the attacker Machine?

106 views Asked by At

Our webapp had a XSS attack today and i work in the monitoring team. My client want to confirm the IP address of the attacker. How to find the IP address of the attacker machine.

1

There are 1 answers

1
Marek Puchalski On BEST ANSWER

Look for the access logs. Something like the apache access logs. Once you have identified the request, take the corresponding IP address.

Bear in mind and check following:

  1. That the IP address is external and not e.g. of your load balancer.
  2. If the IP belongs to your load balancer, check the logs on your log balancer or check the X-Forwarded-For header value.
  3. Most probably the IP address will not help at all, because if the attacker was not stupid, he used TOR or proxy himself to hide his real IP address. All you will get will be the exit TOR node IP address or proxy address.