https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/index.htmlKong API网关管理面打点与Admin API利用技术 Kong API网关管理面打点与Admin API利用技术 Kong Gateway 是典型的 API 网关控制平面。它的风险不只是“有一个反向代理节点”，而在 … Apache APISIX API网关管理面打点与Admin API利用技术 Apache APISIX API网关管理面打点与Admin API利用技术 Apache APISIX 是典型的云原生 API 网关控制平面。它的价值不只是“ … Traefik API网关管理面打点与Dashboard、API利用技术 Traefik API网关管理面打点与Dashboard、API利用技术 Traefik 的风险不只是“一个反向代理入口”，而在于它天然位于服务发现、入口暴露 … Envoy API网关管理面打点与Admin Interface利用技术 Envoy API网关管理面打点与Admin Interface利用技术 Envoy 的高价值不在“它是一个代理”，而在于它同时占据： Tyk API网关管理面打点与Gateway、Dashboard API利用技术 Tyk API网关管理面打点与Gateway、Dashboard API利用技术 Tyk 的管理面价值很高，因为它不是单一后台，而是至少分成三层控制接口： Istio 服务网格控制面打点与istiod Debug接口利用技术 Istio 服务网格控制面打点与istiod Debug接口利用技术 Istio 在渗透测试中的价值，不只是“网格流量经过它”，而是它的控制面 istiod 同 … Emissary-ingress API网关管理面打点与Diag诊断接口利用技术 Emissary-ingress API网关管理面打点与Diag诊断接口利用技术 Emissary-ingress 在渗透测试里很有代表性，因为它把“调试能力” … Kuma 服务网格控制面打点与HTTP API、GUI利用技术 Kuma 服务网格控制面打点与HTTP API、GUI利用技术 Kuma 的控制面打点价值很高，因为它既有完整的 HTTP API，又有同端口 GUI，并且控制 … Gloo Gateway API网关控制面打点与xDS、Proxy调试接口利用技术 Gloo Gateway API网关控制面打点与xDS、Proxy调试接口利用技术 Gloo Gateway 的高价值，不在于“它也是个 Envoy 网关”，而 … Linkerd 服务网格控制面打点与Viz、Tap、Admin接口利用技术 Linkerd 服务网格控制面打点与Viz、Tap、Admin接口利用技术 Linkerd 和 Istio/Kuma 的管理面风格不太一样。它的危险点通常不在“ … HAProxy Stats Page / Admin Interface / Request Smuggling / CVE 漏洞链利用技术 0x00 攻击面总览 HAProxy 是高性能 TCP/HTTP 负载均衡/反向代理，暴露多个攻击面： 组件 默认端口 协议 攻击面 HTTP 前端 …Hugozh-CNSun, 21 Jun 2026 20:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Kong_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 09:52:48 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Kong_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Kong API网关相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Apache_APISIX_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 11:09:50 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Apache_APISIX_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Apache APISIX API网关相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Traefik_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EDashboard_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 11:28:20 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Traefik_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EDashboard_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕Traefik API网关相关攻击面与利用路径，分析打点识别、接口枚举、风险链条、日志痕迹与防守处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Envoy_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_Interface%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 17:10:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Envoy_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EAdmin_Interface%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Envoy Admin Interface、server_info、clusters、listeners、config_dump 与可变更接口，分析公开管理面导致的配置泄露、流量画像恢复、控制面影响与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Tyk_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EGateway_Dashboard_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 18:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Tyk_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EGateway_Dashboard_API%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Tyk Gateway API、Dashboard API 与 Dashboard Admin API，分析共享密钥、用户访问令牌与 admin-auth 暴露后的接口枚举、配置接管、凭据生成与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Istio_%E6%9C%8D%E5%8A%A1%E7%BD%91%E6%A0%BC%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8Eistiod_Debug%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 18:40:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Istio_%E6%9C%8D%E5%8A%A1%E7%BD%91%E6%A0%BC%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8Eistiod_Debug%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Istio 控制面 istiod 的 debug、xDS、webhook 与监控接口，分析服务注册、代理同步、配置导出、跨命名空间数据泄露与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Emissary_ingress_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EDiag%E8%AF%8A%E6%96%AD%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 19:20:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Emissary_ingress_API%E7%BD%91%E5%85%B3%E7%AE%A1%E7%90%86%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EDiag%E8%AF%8A%E6%96%AD%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Emissary-ingress/Ambassador 的 diag、健康检查、内部 admin/diag 端口与默认 Mapping，分析诊断接口暴露后的配置画像恢复、网关行为推断、历史风险链与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Kuma_%E6%9C%8D%E5%8A%A1%E7%BD%91%E6%A0%BC%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EHTTP_API_GUI%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 20:10:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Kuma_%E6%9C%8D%E5%8A%A1%E7%BD%91%E6%A0%BC%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EHTTP_API_GUI%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Kuma 控制面的 HTTP API、GUI、Inspect API、Dataplane Token 与策略对象，分析服务网格资源枚举、代理配置恢复、凭据滥用与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Gloo_Gateway_API%E7%BD%91%E5%85%B3%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8ExDS_Proxy%E8%B0%83%E8%AF%95%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 20:50:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Gloo_Gateway_API%E7%BD%91%E5%85%B3%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8ExDS_Proxy%E8%B0%83%E8%AF%95%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Gloo Gateway 的 Settings、VirtualService、Upstream、Proxy、xDS snapshot 与 gateway-proxy 调试接口，分析控制面配置恢复、路由图白盒化、调试口暴露与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Linkerd_%E6%9C%8D%E5%8A%A1%E7%BD%91%E6%A0%BC%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EViz_Tap_Admin%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlTue, 16 Jun 2026 21:20:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/Linkerd_%E6%9C%8D%E5%8A%A1%E7%BD%91%E6%A0%BC%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%89%93%E7%82%B9%E4%B8%8EViz_Tap_Admin%E6%8E%A5%E5%8F%A3%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.html围绕 Linkerd 控制面的 viz、tap、metrics-api、destination、identity 与 admin-http 端口，分析服务发现、流量观测、pprof 调试接口暴露与蓝队处置思路。https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/HAProxy_Stats_Page_Admin_Interface_Request_Smuggling_CVE_%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlSun, 21 Jun 2026 20:00:00 +0800https://x7peeps.com/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/04-%E6%B8%97%E9%80%8F%E6%94%BB%E5%87%BB/1-API%E7%BD%91%E5%85%B3%E4%B8%8E%E4%BB%A3%E7%90%86/HAProxy_Stats_Page_Admin_Interface_Request_Smuggling_CVE_%E6%BC%8F%E6%B4%9E%E9%93%BE%E5%88%A9%E7%94%A8%E6%8A%80%E6%9C%AF/index.htmlHAProxy 负载均衡/反向代理渗透测试：Stats Page 信息泄露、Runtime API 管理面接管、HTTP 请求走私、CVE-2023-25690 / CVE-2021-4034 漏洞利用链路与蓝队检测方案