Now there are many community networks to browse for users, all use cookie technology to avoid multiple input passwords (like the9
And VR), so as long as the server is submitted to the user's cookie to rewrite the purpose of the deception service program.
Cookie spoofing principle
According to the browser's convention, only cookies from the same domain can read and write, and the cookie is just a browser,
There is no impact on the Agreement, so there are many ways to perform cookie deception:
1. Skip the browser, rewrite the communication data directly
2, modify the browser, let the browser can read or read free domain name cookies from the local
3, use the signature script, let the browser can read or write any domain name cookie from the local area (security issues)
4, deceive the browser, let the browser get a false domain name
among them:
Method 1, 2 requires more professional programming knowledge, and is not suitable for ordinary users.
There are two ways to implement the method 3:
1. Use the signature script directly, no signature verification, but a very serious security issue, because everyone must go online
If you do your hard drive file ...
2. After signing the script, use the signature script, but requires a dedicated digital signature tool, and the ordinary users are not
suitable.
Method 4 looks like it is the most suitable, the domain name deception is simple, nor does it need tools (of course if your machine
It is better to have a web server). Here I take the9 as an example, based on this method, elaborate cookie deceived
Process (the bugs of any server mentioned below have been improved, so this article has no safety on the9.
influences):
Note: The cookie we discussed is that cookies that will not leave the trace in the hard drive's cookie file, that is, that is only
The cookie generated by the browser survival period (session), if the browser is turned off (the session is over) then this cookie
Deleted!
Cookie deceive
THE9 will return 3 cookies while logging in (this can be seen when the browser's warning cookie option is opened):
CGL_Random: Login Identification
CGL_Loginname (login name): identification mark
CGL_AreAid (community number): The community number you live
Just fill the CGL_LoginName into the correct login name, then modify the CGL_Random, you can reach the deception service.
The purpose of the order.
The string of the general deception of the PHP program is:
1 '' L''1 '' = '1
Fill this in cgl_random, the service program is deceived!
Because the service program is unlikely to check the Cookie (The9 is now improved), then fill in this string
, You can successfully deceive each other procedures, and achieve breakthrough purposes!
The current problem is how to return this browser to the cookie to THE9? Take a look at the9 domain name: http://www.the9.com/, and the browser's cookie warning has told us this 3
A cookie will return to the server with .The9.com this domain name of this domain, oh? I just have a web server on my machine, then
Hand!
First, a HTML setting cookie is called cookie.htm, then put this cookie into the web directory, which is not
OK, because my machine's domain name is not set, then set the name of the Host, but if set in the network settings
, The machine wants to start, or think about something else!
Then we should edit the hosts file, this file should be in a Windows directory, you may not find it, but
If you find the hosts.sam file, then remove the extensions behind it, it is the file we want!
Edit the HOSTS file, fill in the following line:
127.0.0.1 www0.the9.com
Explain that 127.0.0.1 is the LO address of this machine, you can use the web address, and www0.the9.com is our spoofing
The domain name of life.
Then enter http://www0.the9.com/cookie.htm in the browser, see, page out, set the cookie.
!
Take a look at http; // www.the9.com/main.htm, look!
But not all netizens have their own web server! then what should we do?
In fact, if you have a personal homepage, you can also achieve the purpose of cookie deception, such as a server of a personal page.
The IP address is 1.2.3.4, first upload the cookie.htm file, edit the hosts file:
1.2.3.4 www0.the9.com
Then visit http://www0.the9.com/***/cookie.htm, where *** is the address directory of your personal page.
For me, I made a tool on my homepage, now open, http://home.etang.com/fsl/9the/, everyone
Do you know what to do? Oh, but you are not used, you have to edit your Hosts like this:
Etang's IP www.the9.com
The9's IP www0.the9.com
Why has to be this way? I will tell everyone.
Continue the9 cookie discussion, there are 2 cookies:
CGL_MAINSHOWINFO (personal information)
CGL_SHOWINFO_CHANGED (I don't know)
Since the second cookie doesn't know what is, it will discuss the first one.
The first cookie stores you in the name, title, resident community, street, whether there is work, star, door
No., etc. (Currently I only know this, the rest of the information doesn't know its meaning, the specific format will give you to the analysis),
But Chinese Escape has passed, if you are not Netscpae but IE, you can't use UNESCAPE to know its information.
Because IE uses Unicode to use Unicode without using ASCII, if the9 THE9 also supports Unicode! :),
But other websites are noticed, you can grasp these THE9 resident information through CGI's form to achieve data sharing! Haha ... If you really want to do this, only use the signature script, you can't let others edit Hosts (not
Pay attention to copyright! )?
IE Cookie Vulnerability:
If you use IE, due to the vulnerability of IE itself, you can also read it if you don't have to edit hosts.
Cookies of the domain name, you can use the following methods to spoof IE (specific to www.cookiecentral.com)
:
Suppose your homepage file is http://a.com/cookie.htm,
Use the following URL: http: //a.com/cookie.htm?.the9.com
If the direct input is not in the browser address bar, make a script, set the value of the location to this!
This address should be such: http://a.com/cookie.htm?.the9.com
Since IE's bug, mistakenly put the domain name in front of it is .The9.com!
Hosts file explanation
The HOSTS file can actually see a native DNS system, which can be responsible for explaining the domain name into an IP address, its priority
The right is higher than the DNS server, and its specific implementation is part of the TCP / IP protocol.
If there is such a line:
202.109.110.3 www.the9.com
So when entering www.the9.com, the network protocol first checks the HOSTS file to find the match, if you can't find it again
NS check, so that you visit www.the9.com is actually access 202.109.110.3, not usually 202.109.110.2
.
Note: Due to the role of the cache, if you have a browser editing HOSTS, the content in Hosts may not take effect on the spot.
You can restart your browser or wait for a while!
About Referr's spoof (this although it is not a cookie deception, it is lazy to write one,
)
Referer is an HTTP header, its role is to sign where the user is referenced, in the9, the service program is fully utilized
I have this point, if you are manually entering the URL, then Referr will not set any value, what is the service program returns "
Speculative words!
Since we have a domain name deception in front of the browser, then Referer is also deceived, but the service program is Referer.
It is a whole host name check, so the domain name of www0.the9.com deceives the server, so I have to use www.the9.com.
Deceptive, then you have to set up a domain name to facilitate our access to THE9, but also let cookie return to this true THE9, then
Use www0.the9.com! (This is the editor of hosts when you know when you visit my homepage tool?)
If you use this method, then you can't click on the T9 connection, and you can use the address in the tool.
Visit, as for the benefits of doing this, everyone is looking for it, I don't want to tell, too tired!
About NetVampire:
Do you know this download tool? So have you used it 3.3? Great! Because it can let everyone change the downloaded Referer, and it can inherit the browser's cookie, return the cookie to the server (not COO)
KIE can't change, if you can change, this tool is too ................)
postscript
It's better to say this about cookie and refrer, using cookie deceived before this week, the9 portal is
Open (of course, there seems to be universal passwords), but the9 is improved, I can't guarantee other community networks.
Improved, of course, this article is just exploring technology, no legal responsibility
