Cross-site scripting attacks have always been one of the most common tools on the Web, typically hijacking a user's session and getting a private key. How to hijack this conversation?
First, Sniffer (the software used here is the Sniffer,java version of that)
Sniffer listening session is not to protect, and kof Rillarf illusion of the universe, as long as the hit, it must be fatal.
Above, is a set of listening data, of course, here is listening to my local data. You can actually listen to the local area network or even the data on the WAN.
Gets a set of 16 values. You can get its value in the following code:
Copy Code code as follows:
String bytestr = "";
string[] ByteArray = bytestr. Split (")";
Byte[] B = new Byte[bytearray.length];
for (int i = 0; i < bytearray.length; i++) {
B[i] = Convert.tobyte (Bytearray[i], 16);
}
String msg = Encoding.UTF8.GetString (b);
Console.WriteLine (msg);
Console.read ();
The BYTESTR variable will be placed in the 16 string. In addition, the code used here is Utf-8, the actual application should match the code of the website. The experiment was done in the blog park. The blog login status cookie is named ". Dottextcookie ".
In Firefox, exit the blog login, then switch to the Firebug console and type document.cookie= ' with the command line. dottextcookie=****** ', and then refresh the page, see what? You are now logged in! In fact, in the session hijacking, usually take the value of the login cookie, regardless of whether it is encrypted, can be hijacked.
Ii. cross-domain scripting attacks
To implement a Cross-domain scripting attack, there are generally two elements that need to be used in addition to exploiting a browser vulnerability or ARP spoofing. The primary factor is that the attacked site needs to be able to customize the HTML code (in addition to exploiting vulnerabilities, generally to support script). Use Document.cookie on the client to get the value of the cookie and then analyze it to find the key value pair that you want. You can complete the attack. This is not discussed here about how to save information across domains.
For example, you have the following code:
Copy Code code as follows:
HttpCookie cookies = new HttpCookie ("MMMM", "VVVVVVVVVVVV");
RESPONSE.COOKIES.ADD (cookie);
Implementation of the cookie write. In the page under this domain, I have permission to set a page containing the script, you can achieve the attack.
Copy Code code as follows:
<script>
document.write (Document.cookie);
</script>
The above code is a simple output, and if I send the intercepted document.cookie to where I can save the data, I can get a lot of useful information. This completes a Cross-domain scripting attack.
Iii. Other methods of attack
Other attack methods as long as you can get this cookie, whether you are using Flash or other methods.
Iv. that can be prevented and cannot be prevented
Just introduced to the sniffer method is not to be prevented, that how to prevent the script attack it? Users can be prevented from using the script, many sites do so, if you have to use, you need to make special settings for cookies. In dotnet, you can handle this:
Copy Code code as follows:
HttpCookie cookies = new HttpCookie ("MMMM", "VVVVVVVVVVVV");
Cookie. HttpOnly = true;
RESPONSE.COOKIES.ADD (cookie);
This makes it impossible for the client to access the cookie for the key-value pair, so that other people cannot get critical data, even if they can intercept the session with script.
