Let's look at a piece of code to see how the cookie was created:
<HTML>
<HEAD>
<title>set a cookie based on A form</title>
<script language= "java Script" type= "Text/java script" >
<!--Hide SCRIPT from OL Der Browsers
ExpireDate = new Date
Expiredate.setmonth (Expiredate.getmonth () +6)
UserName = ""
if (documents. Cookie!= "") {
UserName = documents. Cookie.split ("=") [1]
}
Function se Tcookie () {
UserName = document.myform.nameField.value
documents. Cookies = "Username=" +username+ "expires=" + Expiredate.togmtstring ()
}
//end hiding script-->
</SCRIPT>
</HEAD>
<body bgcolor= "White" >
<form name= "MyForm" >
</form>
</BODY>
This is a simple script for creating cookies.
1,<script language= "java Script" type= "Text/java script" >
The script starts with a tag that tells the browser that the following will be Java script.
2,<!--Hide script from older browsers
To prevent the browser from recognizing the script, it ignores the browser by mistaking it for an HTML annotation.
3,expiredate = new Date
Gets the current date and is stored in the variable expiredate.
4,expiredate.setmonth (Expiredate.getmonth () +6)
Gets the current month value, which is set to the expiredate of the month, after adding 6. This means that this cookie is valid for 6 months.
5,if (documents. Cookies!= "")
If the value of document is not empty, it is equivalent to checking if a cookie is already on the user's hard disk.
6,username = Documents Cookie.split ("=") [1]
The split ("=") function is used here to cookie[0 the cookie record by dividing it into an array, the cookie's name is "Cookie[1", and the value is a. Therefore, the value returned by the documents of cookie.split ("=") [1] is the value of this cookie. Assign the value to the variable username in this sentence.
7,function Setcookie ()
Set a function named Setcookie.
8,documents. Cookies = "Username=" +username+ "; expires=" + expiredate.togmtstring ()
This sentence is to write a set of cookies to the user's hard disk. Expiredate.togmtstring () Converts the value in ExpireDate to a text string so that it can be written to a cookie.
9,
When the page is loaded, write the value of the username to the text box (if any).
10,onblur= "Setcookie ()"
Onblur calls the function Setcookie when the user leaves the text box.
Combined with the above annotation, read the code to believe that it is not a problem! Since we can build cookies, then reading is not difficult, please look down!
second, read and display cookies
In general, the cookie author does not want the cookie to be displayed, of course! But that's why we want to read it!~~~:D
<HTML>
<HEAD>
<title>cookie check</title>
</HEAD>
<body bgcolor= "White" >
<H2>
<script language= "java Script" type= "Text/java script" >
<!--Hide script from older browsers
if (documents. cookie = = "") {
document.write ("There are no cookies here")
}
else {
Thiscookie = Documents Cookie.split (";")
For (i=0 i<thiscookie.length; i++) {
document.write ("Cookie name is '" +thiscookie.split ("=") [0])
document.write ("', and the value is '" +thiscookie.split ("=") [1]+ "' <BR>")
}
}
End Hiding script-->
</SCRIPT>
</H2>
</BODY>
</HTML>
The above is a script that reads the name and value of the cookie. The statements explained above are not much discussed here, and see what the new syntax is:
1,thiscookie = Documents Cookie.split (";") [Note: Not the split ("=") that occurred in the previous article.
Split (";") can produce an array of results, in this sentence, by documents. Cookie.split (";") To get the value of the cookie and assign the array a ribbon variable: Thiscookie.
2,for (i=0; i<thiscookie.length; i++)
Set the calculator variable I to a value of 0, and if its value is less than thiscookie.length (the number of values in Thiscookie), add the value of I to 1.
3,document.write ("Cookie name is '" +thiscookie.split ("=") [0])
In this sentence thiscookie.split ("=") [0] is more difficult to understand, in the above script, Thiscookie has been assigned the value of an array, then Thiscookie is the first value in the exponential group, which is the first I cookie, and by the above known split (" = ") [0] refers to the name of the cookie.
So thiscookie.split ("=") [0] is the cookie in the cookie in the first name!
4,document.write ("', and the value is '" +thiscookie.split ("=") [1]
Very similar to 3, that is, the value of cookies in the first cookie.
By this we are already familiar with how to create cookies and its read. These are also the main techniques that cookie spoofing needs!
Third, the implementation of cookie spoofing
To do cookie spoofing, it is important to understand the stored value in the target cookie and try to change it. From the above learning we know that, based on the format of cookies, in general, only the values in Cookie.split ("=") [0] and cookie.split ("=") [1] are useful to us. That is to say, only by changing the values of these two places or places can we achieve our goal.
In practice, another problem has to be solved first. Because of the limitations of the browser's internal cookie mechanism, each cookie can only be accessed by its original server! But we can not run to other people's servers to operate it! Here's a little trick.
In the above we mentioned the format of the cookie, the last two items are its URL path and domain name respectively. It is not difficult to think that the server's identification of cookies depends on this!
In peacetime, we want to browse a site, the input URL is its domain name, need to go through the Domain name Management system DNS will be converted to IP address after the connection. There is a gap in it. If you can tamper with DNS, the IP address of the target domain to the other site, we can illegally access the target site cookies!
It's not hard to do that, of course, I'm not trying to manipulate DNS, and that's not going to happen. Under the installation directory under Win9, there is a file for Hosts.sam, which is opened as text and will see this format:
127.0.0.1 Lockhost #注释
Using it, we can realize the localization of domain name resolution! And its priority is higher than the dns! in the network
Specific use, just the IP and domain name in accordance with the above format added, and save as hosts can! (Note: This file does not have a redundant name, not the Hosts.sam file itself!)
As a result, cookies are required to cheat so that knowledge is available. Here's a "fake" example that shows how to get into combat. (Inconvenient to give the real address, lest cause the crime!~~~:P)
Suppose the target site is www.xxx.com
Www.self.com is your own site. (a file that can be used to store spoofed targets to read and modify each other's cookies.)
First ping the IP address of the www.self.com:
Ping www.self.com
Reply from 12.34.56.78:bytes=32 time=20ms ttl=244
Then modify the Hosts.sam file as follows:
12.34.56.78 www.xxx.com
and save it as a hosts.
Pass the page used to read the cookie to www.self.com (as shown in the script in two).
At this time connected to the www.xxx.com. As we have been to the hosts have moved hands and feet, then came not www.xxx.com, but www.self.com
Www.xxx.com a local cookie can be read out!~~:D
Then modify one of the scripts to write the data to this cookie in the same way. After the modification, delete the Hosts file, and then re-enter the www.xxx.com, this time has been completed, you can enjoy your hack achievements of the!~~~:)
PostScript
Cookie spoofing is an early, and difficult to use hack gimmick, in addition to Java Script can control, ASP, etc. can also be used to the settings. Therefore, this statement may not be able to be compared to all sites. But the technology is true, no doubt!
Add: In Win2000, the hosts file is different from the Win98 and needs to be created in C:\winnt\system32\drivers\etc folder!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
