碼上快樂

相關內容    簡體    繁體

用wget實現cookie欺騙

本文轉載自   查看原文   2015-11-29 17:19   3620  
用wget實現cookie欺騙

1. 分析登錄界面的html代碼
頁面在 http://bbs.linuxeden.com/
<form. id="loginform" method="post" name="login" action="logging.php?action=login&amp;loginsubmit=true">
      <input type="hidden" name="formhash" value="45fab143" />
      <input type="hidden" name="cookietime" value="2592000" />
      <input type="hidden" name="loginfield" value="username" />
      <input type="text" id="username" name="username" size="15" maxlength="40" tabindex="1" value="用戶名" nclick="this.value = ''" />
      <input type="password" id="password" name="password" size="10" tabindex="2" nkeypress="if((event.keyCode ? event.keyCode : event.charCode) == 13) $('loginform').submit()" />
      <button name="userlogin" type="submit" value="true">登錄</button>
</form>

2. 獲得cookie
$ wget --post-data="username=c-aries&password=密碼不告訴你" --save-cookies=cookie --keep-session-cookies "http://bbs.linuxeden.com/logging.php?action=login&loginsubmit=true"
 
3. 驗證登錄成功
$ grep "c-aries" logging.php\?action\=login\&loginsubmit\=true | iconv -f gbk -t utf-8
                                                            <cite><a class="dropmenu" id="viewpro" nmouseover="showMenu(this.id)">c-aries</a></cite>
                                             <p>歡迎您回來,c-aries。現在將轉入登錄前頁面。 <script. type="text/javascript" src="http://blog.linuxeden.com/api/uc.php?time=1256145729&code=3e38P7X9b27U9nQJww7e1ElcCyAzq4hDonc6EPuvh2YJuYqoWzUfFgDz1JYzQ9ukp%2FUmDCutMldepLzKZx0kAk%2B9oRW0kUFZpYYXEuBKU8ViTxTOFFxPRDzlvjwMEoY9y7%2F7GGWoD5%2BgRQWUSCJlprX8OT1V8bIJMj6%2Bk4avBbE5bQ" reload="1"></script><script. type="text/javascript" src="http://www.linuxeden.com/api/uc.php?time=1256145729&code=d10c1TJ78cXAgwCG%2FqxNcOx0jQ6D28pJVZAK1TWlg%2F6rA5u7q1umj7qJBcRFsBMJm0G2%2BKKvHdywyln3st%2BF0fdk%2BZkm5CvJMO96PM2qgj0hUmEWLyh36QuK4N6pXIAMPrA7t7zA%2Bga8nY9%2Fm3h%2BbGxu2fLBwU5Y1pfquaL%2Bugp9qQ" reload="1"></script><script. type="text/javascript" src="http://www.linuxeden.com/shop262/api/uc.php?time=1256145729&code=189bKZ7YjDwgJbwzrsVeoP1%2FS0xJffhnsISJhfSgRAv2x%2BSDXawMqosAbmKgloQQLeqSXlDLxYPQGnn%2F%2BlRjb1xEGQsPzxSL0suJGgKx1aFODwOGIsuskusFlXcGL5zTeQSXLU7vEAwyl2MREmEhfaKVbVWQebSCDywBo%2Fq9042clQ" reload="1"></script> <script>setTimeout("window.location.href ='index.php';", 3000);</script></p>
$

4. 用cookie進行帳戶登錄后的爬蟲
$ wget -r -x --load-cookies=cookie --keep-session-cookies "http://bbs.linuxeden.com/forum-89-1.html"

后記:
這個方法是在wget的郵件列表發現的

 

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 BUGKU-cookie欺騙 bugku題目“cookie欺騙” 通過COOKIE欺騙登錄網站后台 通過COOKIE欺騙登錄網站后台 用python實現ARP欺騙 實現ARP欺騙 用Kali實現arp欺騙 CTFHub-WEB-Cookie欺騙、認證、偽造 IDF-CTF-cookie欺騙 writeup HackRF實現GPS欺騙教程
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM