One morning, during the break, I casually went to the Internet to find a few songs to listen to, and then I was inexplicably poisoned. Later I checked the browsing records and found that I was using URL spoofing.
Looking back, we can also use it on our e-commerce website.
In general, we test few security tests. Some of our friends have not learned hacking technology, SQL injection, and vulnerability scanning,
So in the future, I will send out some security testing documents. knowing the Principles makes it much easier to master. targeted tests will help you discover more bugs. O (partition _ partition) o...
Today, let's take a look at (URL spoofing )))))
My name is URL, that is, "Uniform Resource Locators", which means a uniform resource locator. The URL in the address bar is an expression of my URL. Basically, all the friends who visit the website will use me, so my role is very great. Maybe many of my friends don't know, but I am very deceiving. In particular, a group of people who claim to be hackers really like me to cheat you. If you don't pay attention, let me take you into the webpage where Trojans are implanted. So today, I want to boldly expose myself to the short, so that you can see me clearly. Never be cheated by hackers.
Lie: the common pattern of URL Spoofing
There are many ways to trick people into using my URLs, such as initiating a tempting website name or dropping out of a bag of easily mixed letters and numbers for bank phishing, there are also full-blown Unicode codes such as "% 30% 50. However, the most common trick to cheat me is the following two:
1. @ sign filter username resolution
The @ flag is the separator between the user name of the e-mail address and the host, but it is also applicable in my URL and has the same functions. HTTP (Hypertext Transfer Protocol) specifies that the complete URL format is "http: // name: password @ IP address or host name". The "IP address or host name" is required. @ Indicates "Name: Password" in front of it, indicating "User name: Password", which is optional. That is to say, in my URL, the URL that really plays a parsing role starts after the @ sign, which is the spoofing principle.
For example, if a QQ friend sends you an address "http://www.sohu.com/@www.trojan.com.cn/huigezi_server.exe”" for a free download of the latest blockbuster, do you dare to go to it? Indeed, it looks like "login (the password here is blank), because there is a @ sign next to it. The URL of the actual link is "www.trojan.com.cn/huigezi_server.exe" (for better understanding, I have fabricated a trojan website with the" gray pigeon "server under it). Trojans will be planted if you click it. The sent URL address is equivalent to "http: // response. Even if you do not have this user name, it does not affect the browser's URL resolution. If you don't believe it, you can simply enter an address like "http: // abcdefg @ http://www.sohu.com/shenzhen" in the address bar and try again.
2. IP address in decimal format
A common IP address consists of four bytes, which are generally expressed as "XXX. XXX" (X represents a decimal number), for example, "61.135.132.12 ". Because Pure Digital IP addresses are too abstract and hard to remember, Domain Name Service DNS is used to match them. In the address bar of your browser, enter. However, if you try "http: // 1032291340" again, the results will certainly surprise many people, because they still open the Sohu website!
Why is a decimal number "1032291340" equivalent to an IP address "61.135.132.12? As a matter of fact, I have already hinted at it. The four-point decimal IP Address "61.135.132.12" represents a group of 32-bit binary numbers. If they are combined and converted into a decimal number, the answer is 1032291340. The conversion method is very simple, that is, the number system is expanded by right: 12 × 2560 + 132 × 2561 + 135 × 2562 + 61 × 2563 = 12 + 33792 + 8847360 + 1023410176 = 1032291340 (the base is 256, that is, 28 ).
After understanding this, let's look back at "www.trojan.com.cn/huigezi_server.exe.pdf" in the preceding example ". If such a letter domain name will expose a fox tail, convert the corresponding IP address (for example, "61.135.132.13") into a decimal number and the result is 1032291341, combined with the @ sign to filter the user's resolution, the deception goes to another level-http://www.sohu.com/@1032291341. At this time, how many people will suspect that this URL is not Sohu?
Prevention: Check source code to prevent URL Spoofing
I still have a lot to do with URL spoofing (typically self-defeating), but you can still prevent it. In fact, to deal with these malicious web pages that use my URLs to spoof people, you only need one simple trick to work, that is, to view the source code of the web page. Of course, this requires the ability to read Web code.
Suppose someone sends you a URL -- http: // www ........ If you do not know whether it is URL spoofing, you only need to enter "view-source: http: // www ........ Com "and press Enter. The system will call notepad to open the source code of the webpage. The next step is to search for it (you can use the "Edit> Search" menu) whether it is like format or whether there is <IFRAME src = "ww ........ Htm "name = "...... "Width =" 0 "Height =" 0 "frameborder =" 0 ">. If yes, access is denied.
Re: http://bbs.51testing.com/viewthread.php? Tid = 124063 & Highlight = % 2B % B0 % A2 % C6 % DF