Security
关注
分享
扫一扫
Gloveing
http://www.fucku.com/
展开
-
你们以为运营商只是HTTP插点广告而已么?
自不待言,你懂得: 1.http://zone.wooyun.org/content/2507#0-douban-1-3625-8281435cf7fd5566f1df466eda875057 2.http://security.tencent.com/index.php/blog/msg/10 3.警惕QQ链路层劫持盗取QQ帐号新手法原创 2014-06-04 12:57:09 · 785 阅读 · 0 评论 -
JS HOOK
点击打开链接转载 2014-06-17 14:56:35 · 2466 阅读 · 0 评论 -
sslstrip+ettercap 对HTTPS/SSL进行攻击
一、安装ettercap要安装ettercap,需要先安装:1.libnet-1.1.2.1.tar.gz2.libpcap-1.0.0.tar.gz3.ettercap-NG-0.7.3.tar.gz4.更新gtk2: yum install curl-devel gtk2-devel boost-devel (不然报错Package requirements (gtk+-2原创 2013-03-22 16:00:14 · 6686 阅读 · 5 评论 -
MySQL防止SQL注入
SQL注入实例:$unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')");当的内容原创 2014-07-16 21:17:17 · 17459 阅读 · 0 评论 -
HTTP hijack
Hijacking HTTP traffic on your home subnet using ARP and iptableshttps://blogs.oracle.com/ksplice/entry/hijacking_http_traffic_on_your原创 2014-06-04 13:02:18 · 929 阅读 · 0 评论 -
通过修改cookie进行非授权操作
1.登陆机制:if(isset($_COOKIE["LoginState"]) && $_COOKIE["LoginState"]=='on'){ $state = 0; $_SESSION["login"] = "YES"; setcookie("LoginState", "on" ,time()+3600*3); //过期时间为3小时 echo "已经成功登陆!";}原创 2012-12-10 10:53:34 · 1183 阅读 · 0 评论 -
Fun With Ettercap
1.https://baoz.net/fun-with-ettercap-filters/ 2.http://www.linuxexpert.ro/Security/sniff-ssl-passwords-with-ettercap.html 3.http://www.tech-juice.org/2011/06/20/man-in-the-middle-attacks-with-ette原创 2014-06-04 12:55:54 · 687 阅读 · 0 评论 -
Hash碰撞导致的denial of service
详见:Hash碰撞导致的denial of service(一) Hash碰撞导致的denial of service(二) 利用:邪恶的JAVA HASH DOS攻击 Java构建HashCode相同字符串算法:http://ldbjakyo.iteye.com/blog/1340153原创 2014-06-04 13:04:51 · 774 阅读 · 0 评论 -
URL Hijack!
URL Hacking - 前端猥琐流:http://drops.wooyun.org/tips/750原创 2014-06-04 12:52:58 · 918 阅读 · 0 评论 -
Use Wireshark To Decrypt SSL
1.http://support.citrix.com/article/CTX135121 2.http://www.backtrack-linux.org/forums/forum.php?s=7c1db433453d171daee8a92642bd62f8 3.http://wiki.wireshark.org/SSL原创 2014-06-04 12:56:16 · 771 阅读 · 0 评论 -
小米-后台通信分析
=======================================================使用的是标准的XMPP协议进行通信原创 2014-07-31 11:32:53 · 933 阅读 · 0 评论