: This article mainly introduces cross-origin Ajax issues. if you are interested in the PHP Tutorial, you can refer to it. Ajax can only Access (submit forms, etc.) files in the same domain as asp and php files on the server. this is because the http header returned by the server usually does not contain the Access-Control-Allow-Origin field. Therefore, in the process of penetration, to allow the inserted JS to access our own server, you need to add this field to the http header. When using ettercap, add the following to the filter:
If (ip. proto = TCP & tcp. src = 80 ){
If (search (DATA. data, "Content-Type ")){
# Msg ("access control ");
Replace ("Content-Type", "Access-Control-Allow-Origin: * \ r \ nContent-Type ");
}
}
Access-Control-Allow-Origin: * indicates that cross-Origin requests from all webpages can be accepted.
Or Access-Control-Allow-Origin: www.baidu.com
The above section introduces the cross-origin issue of Ajax, including related content, and hopes to help those who are interested in the PHP Tutorial.