Mobile phones and the network has long been inseparable, through the network, you can send information directly to the phone, but now there is no
Free to send text messages to the website, if you want to send SMS through the website to the mobile phone, you must register the user, confirm before you can
send a message, just like that, oh, send a message is a dime, oh, I do not have so much money. hehe
is not very puzzled ah, hehe
All right, let me tell you a few words.
First analysis of the internet can send mobile phone text message website structure. In particular, how do they confirm that the user has registered successfully?
Generally, there are the following steps:
1, the user approves the website to propose the service agreement
2, the user enters the registration page, fills in own mobile phone number
3, the server accepts the user to submit the mobile phone number, and sends the confirmation password to the user fills in the handset
4, users to mobile phone numbers and mobile phone access to the password to log on to the site to use the site to provide the fee services
Take Sina as an example:
Login to the Sina SMS registration page, fill in the number in the mobile phone number, and then click Register
At this time, the server receives the user to send the request, the user registers the password to send to the mobile phone number by the message the way
By now, the discerning eye should be able to see something.
Oh!
Yes, if we can successfully forge a piece of information and send it to the server, send the registration password through the server
to the corresponding cell phone number, if we send 2 times, the phone should receive 2 messages, if we send 10 times, the phone
Nature should be received 10 times if we send 100 times 、、、
Oh
Validating ideas
Move out of the sniffer, of course, I prefer iris, the following is intercepted packets, decode after the display
Click picture to enlarge
There are two lines we need to be aware of:
One is
post/cgi-bin/sms/register.cgi http/1.1
One is
mobile=13801590786&lang=1&%d7%a2%b2%e1.x=29&%d7%a2%b2%e1.y=6http/1.1
OK
(Oh, of course, this is not my phone)
Analyze:
/CGI-BIN/SMS/REGISTER.CGI is used to register the program
mobile= Mobile phone Number
Lang=1 said the mobile phone is a Chinese machine, Lang=0 said the mobile phone is an English machine (oh, look at the HTML code inside there)
%D7%A2%B2%E1 is a Unicode encoding, meaning "register"
Try to implement:
First use get try directly, no post, just fill in mobile parameters
Return to a mess after you enter
Oh , I will not paste, the basic meaning is not successful
Try again!
Connect to the server
Sash 肎 et, no post, but add Lang language parameters after the mobile argument
Oh, it's a success.
Oh , look at the title inside the know has been successful
Oh
Okay, here's the program.
Oh, I am not a programmer, so I do not put the code out
However, at present, the attack program to look at, oh, basically every website services are available
And the results are pretty good.
It should be noted that when the same number is submitted multiple times, the speed is not fast, in addition, because the attack method is risky
Oh, because the server will have a record, so, in writing, pay attention to add a proxy on it.
All right, let's talk so much.