Hacker cainiao tutorials familiar with cookie file Spoofing

First, several basic concepts

Cookie spoofing means that, in a system that only performs Cookies verification on users, users can log on to the system by modifying the Cookies.

So what is Cookies? Here I will give you a professional explanation. Cookies are text files stored in the browser directory that record your access to a specific site, the cookie can only be read back by the site that created the cookie. It consists of about 255 characters and only occupies 4 kb of hard disk space. When a user is browsing a website, it is stored in the Random Access Memory RAM of the user machine. After exiting the browser, it is stored in the user's hard disk. Most of the information stored in Cookies is common. For example, when you browse a site, this file records the key information and the address of the accessed site. However, many websites use Cookies to store private data, such as registration passwords, user names, and credit card numbers.

Ii. Principle Analysis

Let's take a look at how 6 kbbs is made. In login. asp, We can find row 113--124, as shown below:

If login = false then tl = "login failure" mes = mes & "· return and enter" else Response. cookies (prefix) ("lgname") = lgname session (prefix "lgname") = lgname Response. cookies (prefix) ("lgpwd") = lgpwd Response. cookies (prefix) ("lgtype") = lgtype Response. cookies (prefix) ("lgcook") = cook if cook> 0 then Response. cookies (prefix ). expires = date + cook end if

I want to change the meaning of this passage, that is, if you fail to log on, it will show that you failed to log on and guide you back to the previous page. Otherwise, it will be written into Cookies, if your Cookies exist, your expiration time is the expiration time of your Cookies-that is, the time when you save Cookies.

What do you think of here? Right. If I log on to the system as long as it only requires Cookies, if the information in my Cookies is administrator, will I become administrator? Smart, then let's look at how we do it.

1 2 Next Page

[Content navigation]
Page 1: Analysis of Several Basic Concepts and Principles	Page 1: Cookie spoofing instances and digress