Source: network security technology blog
ARP sniffing is becoming more and more popular nowadays. Although it is a very old method, it is also very effective. Next we will explain how to encrypt the website's local JS
For example, transmission encryption of a Forum Program
(For tangled Wordpress, replace <with <if you want to copy and paste the code)
Is the JS encryption method.
Var pwmd5log = new Array ();
Function pwmd5 (){
Numargs = pwmd5.arguments. length;
For (var I = 0; I <numargs; I ++ ){
If (! Pwmd5log [pwmd5.arguments [I] | $ (pwmd5.arguments [I]). value. length! = 32 ){
Pwmd5log [pwmd5.arguments [I] = $ (pwmd5.arguments [I]). value = hex_md5 ($ (pwmd5.arguments [I]). value );
}
}
}
Just like this, it's JS encryption.
How can we encrypt data before transmission?
<Form method = "post" name = "login" id = "loginform" class = "s_clear" onsubmit = "pwmd5 ('password3 '); pwdclear = 1; "action =" log. php ">
<Option value = "username"> User Name </option>
<Option value = "uid"> UID </option>
<Option value = "email"> Email </option>
</Select>
<Input type = "text" name = "username" autocomplete = "off" size = "36" class = "txt" tabindex = "1" value = ""/>
</Div>
<P class = "selectinput loginpsw">
<Label for = "password3"> password: </label>
<Input type = "password" id = "password3" name = "password" size = "36" class = "txt" tabindex = "1"/>
</P>
</Div>
<P class = "fsubmit s_clear">
<Button class = "submit" type = "submit" name = "loginsubmit" value = "true" tabindex = "1"> log on
</P>
</Form>
This is the transmission encryption method of a well-known Forum program in China. It encrypts password3 and transmits it. In this way, MD5 is used for sniffing. Of course, it can also be more BT to get a lot of MD5 encryption, but must match the database
That is to say, after encrypted transmission, it must match the ciphertext in the database
Below is a demonstration
<Form method = "post" name = "login" id = "loginform" class = "s_clear" onsubmit = "pwmd5 ('password3 '); pwdclear = 1; "action =" log. php ">
User name:
<Input type = "text" name = "username" autocomplete = "off" size = "36" class = "txt" tabindex = "1" value = ""/>
</Div>
<P class = "selectinput loginpsw">
<Label for = "password3"> password:
<Input type = "password" id = "password3" name = "password" size = "36" class = "txt" tabindex = "1"/>
</P>
</Div>
<P class = "fsubmit s_clear">
<Button class = "submit" type = "submit" name = "loginsubmit" value = "true" tabindex = "1"> log on
</P>
</Form>
<Script>
Var pwmd5log = new Array ();
Function pwmd5 (){
Numargs = pwmd5.arguments. length;
For (var I = 0; I <numargs; I ++ ){
If (! Pwmd5log [pwmd5.arguments [I] | $ (pwmd5.arguments [I]). value. length! = 32 ){
Pwmd5log [pwmd5.arguments [I] = $ (pwmd5.arguments [I]). value = hex_md5 ($ (pwmd5.arguments [I]). value );
}
}
}
</Script>
However, this method is to prevent the gentleman from defending against the villain. If you have the conditions to operate the server, we suggest you take a look at two articles.
1. http://www.bkjia.com/Article/201107/97251.html
2. http://www.bkjia.com/Article/201107/97252.html