Text/figure tsunami Tian Ming (Ansty) [Li Haiming, South China Agricultural University] recently, various community organizations in the school conducted a lot of voting activities and used online voting, some of my friends called me and asked me to help them brush their tickets, so I had this article. Now the activity is complete, and the voting system of some organizations is also open for us to download. Here I will give a free demonstration, as shown in 1. Figure 1 Let's analyze the voting process of this system. Select the supported candidates on the homepage, and submit them. After successful voting, the voting result page is displayed. This system only verifies the validity of voting, that is, Cookie verification. It is very easy to bypass such verification, that is, the Cookie is cleared after each vote, you can continue to vote. However, if you are a hacker, you must learn to write your own tools to facilitate yourself. To deal with this voting system that only verifies cookies, it is very easy to write the ticket flushing machine. The core code is only a few lines in the partition. Public void vote (String url, int sum ){
// Round-robin Sum for ticket Flushing
For (int I = 0; I <sum; I ++ ){
Try {
Vote = new URL (url); // create a new URL Connection
Vote. openConnection (); // open the connection
Vote. getContent (); // connect to the corresponding URL and obtain data
} Catch (Exception e ){
E. printStackTrace ();
}
JbProcess. setText ("ticket flushing Progress No." + (I + 1) + "times ");
}
}
We first use the URL class to specify a connection, then obtain the URL Connection, and then call the getContent method to connect to obtain data. Only by using the getContent method can this URL be accessed. Because the above Code does not use cookies, we do not record cookies during each vote, so the voting system cannot judge cookies, loop through this code N times to achieve the effect of N votes. We use the URL class to create a URL object that specifies the ticket address. This class has a wealth of constructor methods. Here we only use"URL(String spec)
Create a URL object based on the String representation. "This constructor is used because we have a complete voting address.
The vote. openConnect () method also has another homogeneous method, namely openConnect (Proxy String). Do you see any Proxy in it? If we have an IP proxy file, we can use the proxy to vote, so as to bypass some voting systems to filter repeated IP address voting.
As shown in interface 2 of the ticket swiping machine I wrote, let's take a look at the specific operations below, because this is just a simple ticket swiping machine, so we need to manually get the ticket address before the ticket swiping.
Figure 2
To obtain the complete URL address submitted by parameters, we need to use WSockExpert to capture the packet and then extract the address. First, select the candidate for the vote on the voting homepage. Select 1. Select our browser in WSockExpert. I use FireFox, so I will select it under the FireFox process and click "open", as shown in 3, now you can click the submit button in the browser to view the successful voting result. The captured package is valid.
Figure 3
Now back to WSockExpert, you can see a pile of data. We focus on the POST or GET data. Here is:
POST /source/pointsubmit.asp HTTP/1.1
menberid=149&x=81&y=32
Here, POST is the page for receiving parameters, and the next line is the parameters. From this we can construct the voting address "http://www.xxx.com/source/pointsubmit.asp?
menberid=149&x=81&y=32
. The test address here is "http: // localhost: 81/source/pointsubmit. asp?
menberid=149&x=81&y=32
". Run the ticket swiping machine, copy the above address, and test the ticket with one hundred votes, as shown in Figure 4. Pay attention to the change in the number of votes on the first and second sides of the ticket. Haha, it succeeded.
Figure 4
This article is just a simple ticket swiping machine implementation. It does not involve any powerful and complex functions. I am currently researching algorithms and making new breakthroughs for more complex voting verification, it will be shared with you again.