Atitit. Crack intercept Bypass website mobile SMS Verification Code Way V2 Attilax Summary

Source: Internet
Author: User

Atitit. Crack intercept Bypass website mobile SMS Verification Code Way V2 Attilax Summary






1. Verification Code of past life 1
1.1. First generation verification Code image Verification Code 1
1.2. Second-generation Verification code user operation, such as request drag 2
1.3. Third-generation verification code phone verification Code SMS Verification Code 2
2. Principle of SMS Verification code 2
3. Common methods of cracking 2
3.1. Vulnerability Bypass Method 2
3.2. Mobile phone Software forwarding Method 2
3.3. Mobile API Method 3
3.4. The default universal password Method Test maintenance Universal Verification Code 3
3.5. Web Server SMS Interception 3
3.6. Configuration File Method 3
3.7. Front-end source interception 3
3.8. Cookie Interception 3
3.9. Session Intercept 3
3.10. Upstream interface Method 3
3.11. Decryption method and Rainbow table 3
3.12. Random number Cracking Method 3
3.13. Smart Custom Phone 4
3.14. Custom chip method, burn number Method 4
3.15. Routing Interception 4
3.16. Big Data hack Method 4
3.17. Base Station device interception method, SMS blocker: 4
3.18. Application-Side SMS Server 4
3.19. The same city SMS center server 4
3.20. Optical fiber Interception 4
4. Reference 4




1. Verification Code of past life
1.1. First generation verification code image verification Code
Now this verification code and the crack of the image, the security is very low.
1.2. Second generation verification code user operation, such as request to drag and so on
This type of verification code is pretty much cracked.
1.3. The third generation verification code mobile phone Verification code SMS Verification Code
The crack of SMS verification code is booming. is not so 100% mature reliable.


2. The principle of SMS Verification code
The site generally uses a pseudo-random number generator, generate a pseudo-random number, and then into the session or cookie, or file, or database and other places, and then transferred to the SMS server, the SMS server first connected to the nearest base station, and then the content into the base station, The base station transfers the content to the same city SMS Service center server, then if is the mobile phone number of the remote place, then transmits the verification code through the fiber optic cable or the long-distance cable line cable, the SMS Service center server, the Message Center server locates the user nearest base station, transmits the information to the base station, the base station forwards to the user mobile phone


The user's cell phone is constantly polled, keeping in touch with the base station. Once you receive a text message from the nearest base station method, you can enter the application. The application will pass the verification code back to the server via the router, and the server can compare it with the saved verification code.


If the verification code inside the mobile app is verified, then the verification code callback will first preach the nearest base station, then the base station verification code back to preach the local city's SMS Service center server. Then through the cable and other wired communication to the client's SMS server, the SMS server received the text message, forwarded to the application server.


3. Common methods of cracking
3.1. Vulnerability Bypass method
Need to scan Web site or software vulnerability, can use.


3.2. Mobile phone Software forwarding method
Need to install SMS Auto-forwarding on mobile phone


3.3. Mobile API method
The disadvantage of this method is the need for mobile phones, mobile phones have a PC-connected API interface, originally for the convenience of testing and maintenance, no need to install any software. This interface allows you to get all the text messages you receive from your phone.


3.4. The default universal password Method Test maintenance Universal Verification Code
In order to facilitate testing and maintenance, there will generally be a universal verification code, our goal is to find this universal verification code.
Note that the universal verification code may change after a period of time


3.5. Web Server SMS Interception


3.6. Configuration file Method
Some programs will put sensitive information such as the universal password in the configuration file, scan to find the configuration file can get sensitive information


3.7. Front-end source interception
Like the picture Verification Code era, some programs will be the verification code negligence or security awareness is not enough to put the front-end source code convenient check. Which leads us to bypass the CAPTCHA mechanism


3.8.Cookie Intercept
3.9.Session Intercept
3.10. Upstream interface method
Enter the verification code when the phone, fill in your own special device number or API interface number


3.11. Decryption method and Rainbow watch
Suitable for those encrypted authentication codes that are transmitted to the client at the same time:
3.12. Random number Cracking method
The SMS verification code issued by the website is derived from random numbers, and they are pseudo-random numbers, which means they can be cracked.
3.13. Smart Custom Phone
3.14. Custom chip method, burn number method






3.15. Routing interception
Direct Route interception on website with SMS interface
3.16. Big Data Cracking method
Need a multi-level crack, quickly break down. Requires a strong machine performance cut service end Unlimited


3.17. Base Station device interception method, SMS blocker:
The effect is super good. Almost 100%, the only problem is to find the location of the SMS sending end. Or the location of the mobile phone.


No need to phone next to
3.18. Application-Side SMS Server
3.19. The same city SMS center server
3.20. Optical fiber interception
4. Reference


Atitit. hack intercept bypass website mobile SMS verification Code automatic acquisition of mobile phone message attilax Summary-attilax column-Blog channel-CSDN.NET.htm






Author:: Nickname: Old Wow's paw claw of Eagle idol iconoclast Image-smasher
King of Bird Catcher king of Kings devout pious religious defender Defender of the Faith. Caracalla red cloak Caracalla Red cloak
Abbreviation:: Emir attilax Akbar Emile Atiraca
Full name:: Emir attilax Akbar bin Mahmud bin Attila bin Solomon bin Adam Al Rapanui Emile Atilax Akbaben Maham Solomon Ben Adam Arrapano Iraq
Common name: Etila (Ayron), Email:[email protected]




Title: Head of Uke headquarters, founder of Global Grid project,
Uke, Minister of Religious and Cultural Integration Affairs, Vice-Chairman of the Uke Reformation Commission
, the chief grand Chief of the Uke tribe,
Uke system and chairman of the major conference committee, Uke Security Department Chief Brigade, Uke System Inspection Committee vice President,
CTO of Dairy Technology, chief CTO of Uke
Uke Polynesia District chain head, Kerr Glenn Islands district chain head, Line Is. district chain head, uke Tonga Kingdom regional head. Bouvet and South Georgia and South Sandwich Is. regional chain head
Uke, chairman of the Association of Software Standardization Uke, vice President of lifelong Education School
Uke, vice president of the Association of Database and Storage standardization, editor of Uke Publishing house
Founder of Uke Hospital


Reprint please indicate source: Attilax's column? http://www.cnblogs.com/attilax/
--atiend

Atitit. Crack intercept Bypass website mobile SMS Verification Code Way V2 Attilax Summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.