2021-2-2 《白帽子讲Web安全》笔记-3.XSS-Payload进阶
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><a style="color: black;">返回目录</a></p>摘自《白帽子讲Web安全》2-2-1.构造GET和POST请求(验证码防范)2-2-2.XSS钓鱼2-2-3.识别用户浏览器:UserAgent2-2-4.识别用户安装的软件:ActiveX,navigator.plugins,chrome://协议2-2-5.CSS History:style的visited属性2-2-6.获取用户真实本地IP<span style="color: black;">位置</span>:AttackAPI攻击框架<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">以下<span style="color: black;">办法</span><span style="color: black;">能够</span>使得XSS窃取的Cookie失去<span style="color: black;">道理</span></p>网站在Set-Cookie时给关键Cookie<span style="color: black;">移植</span>HttpOnly标识网站把Cookie和客户端IP绑定<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">例:IIS给Cookie设置HttpOnly属性,<span style="color: black;">能够</span><span style="color: black;">经过</span>修改web.config配置文件,添加如下代码:</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<httpCookies httpOnlyCookies="true" />
</system.web>
</configuration></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">攻击者除了Cookie劫持,还会有其他攻击<span style="color: black;">办法</span></p>
<h2 style="color: black; text-align: left; margin-bottom: 10px;">2-2-1.构造GET和POST请求</h2>构造GET请求<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">经过</span><span style="color: black;">插进</span>一张<span style="color: black;">照片</span>发起一个GET请求,诱使作者点击,删除指定的<span style="color: black;">外链论坛:www.fok120.com</span>博客<span style="color: black;">文案</span></p>
<div style="color: black; text-align: left; margin-bottom: 10px;">var img=document.createElement("img");
img.src="http://blog.sohu.com/manage/entry.do?m=delete&id=156713012";
document.body.appendChild(img);</div>构造POST请求<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">豆瓣网站接收Post请求,正常<span style="color: black;">状况</span>下,浏览器发送包如下</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic3.zhimg.com/80/v2-a951f5a5611ba9a4ffce9065712dde06_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">攻击者有2种<span style="color: black;">办法</span>模拟Post请求。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">办法</span>1:构造form表单</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">XSS Paylod如下,在代码中构造form表单,并自动提交豆瓣</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic3.zhimg.com/80/v2-1d8b794229f63a55cf9a868103cb89b2_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">办法</span>2:<span style="color: black;">经过</span>XMLHttpRequest发送Post请求</p>
你的见解真是独到,让我受益匪浅。 你的努力一定会被看见,相信自己,加油。 我深受你的启发,你的话语是我前进的动力。
页:
[1]