{"id":478998,"date":"2023-08-09T10:01:33","date_gmt":"2023-08-09T10:01:33","guid":{"rendered":""},"modified":"2023-09-05T11:17:57","modified_gmt":"2023-09-05T11:17:57","slug":"sidejacking","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/sidejacking\/","title":{"rendered":"\u4fa7\u52ab\u6301"},"content":{"rendered":"

\u5173\u4e8e Sidejacking \u7684\u7b80\u8981\u4fe1\u606f<\/p>\n

\u4fa7\u52ab\u6301\uff0c\u4e5f\u79f0\u4e3a\u4f1a\u8bdd\u52ab\u6301\u6216\u4f1a\u8bdd\u4fa7\u52ab\u6301\uff0c\u662f\u6307\u63a5\u7ba1\u7528\u6237\u7684 Web \u4f1a\u8bdd\u4ee5\u83b7\u53d6\u5bf9\u53d7\u4fdd\u62a4 Web \u8d44\u6e90\u7684\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u6743\u9650\u7684\u6076\u610f\u884c\u4e3a\u3002\u653b\u51fb\u8005\u62e6\u622a\u6216\u201c\u52ab\u6301\u201d\u4f1a\u8bdd\u5bc6\u94a5\u6216\u4ee4\u724c\uff0c\u4f7f\u4ed6\u4eec\u80fd\u591f\u5192\u5145\u53d7\u5bb3\u8005\u5e76\u4ee3\u8868\u4ed6\u4eec\u6267\u884c\u64cd\u4f5c\u3002<\/p>\n

Sidejacking \u7684\u8d77\u6e90\u548c\u9996\u6b21\u63d0\u53ca<\/h2>\n

\u4fa7\u52ab\u6301\u7684\u8d77\u6e90\u53ef\u4ee5\u8ffd\u6eaf\u5230\u4e92\u8054\u7f51\u53d1\u5c55\u7684\u65e9\u671f\uff0c\u90a3\u65f6\u7684\u5b89\u5168\u63aa\u65bd\u8fd8\u6ca1\u6709\u4eca\u5929\u8fd9\u4e48\u4e25\u683c\u3002\u4fa7\u52ab\u6301\u7684\u9996\u6b21\u8bb0\u5f55\u51fa\u73b0\u5728 2007 \u5e74\uff0c\u5f53\u65f6\u4e00\u4f4d\u540d\u53eb\u7f57\u4f2f\u7279\u00b7\u683c\u96f7\u5384\u59c6 (Robert Graham) \u7684\u8ba1\u7b97\u673a\u5b89\u5168\u4e13\u5bb6\u5728\u9ed1\u5e3d\u5927\u4f1a\u4e0a\u6f14\u793a\u4e86\u8fd9\u9879\u6280\u672f\u3002\u4ed6\u7684\u6f14\u8bb2\u5f15\u8d77\u4e86\u4eba\u4eec\u7684\u5173\u6ce8\uff0c\u5e76\u4fc3\u4f7f\u4eba\u4eec\u52a0\u5f3a\u4e86\u5bf9\u6b64\u7c7b\u7f51\u7edc\u653b\u51fb\u7684\u5ba1\u67e5\u548c\u9884\u9632\u63aa\u65bd\u7684\u5236\u5b9a\u3002<\/p>\n

\u5173\u4e8e Sidejacking \u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u5c55\u5f00 Sidejacking \u4e3b\u9898<\/h2>\n

\u4fa7\u52ab\u6301\u653b\u51fb\u7684\u76ee\u6807\u662f\u7528\u6237\u7684\u4f1a\u8bdd\u5bc6\u94a5\uff0c\u8fd9\u4e9b\u5bc6\u94a5\u7528\u4e8e\u5728\u6d3b\u52a8\u7f51\u7edc\u4f1a\u8bdd\u671f\u95f4\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u8fd9\u4e9b\u5bc6\u94a5\u6216 Cookie \u901a\u5e38\u4ee5\u672a\u52a0\u5bc6\u7684\u5f62\u5f0f\u901a\u8fc7 HTTP \u53d1\u9001\uff0c\u56e0\u6b64\u5f88\u5bb9\u6613\u88ab\u62e6\u622a\u3002<\/p>\n

Sidejacking \u6d89\u53ca\u7684\u5173\u952e\u7ec4\u4ef6\uff1a<\/h3>\n
    \n
  1. \u4f1a\u8bdd\u5bc6\u94a5<\/strong>\uff1a\u5c06\u7528\u6237\u4e0e\u7279\u5b9a\u4f1a\u8bdd\u5173\u8054\u7684\u552f\u4e00\u6807\u8bc6\u7b26\u3002<\/li>\n
  2. \u653b\u51fb\u8005<\/strong>\uff1a\u8bd5\u56fe\u52ab\u6301\u4f1a\u8bdd\u7684\u4e2a\u4eba\u6216\u5b9e\u4f53\u3002<\/li>\n
  3. \u53d7\u5bb3\u8005<\/strong>\uff1a\u4f1a\u8bdd\u88ab\u52ab\u6301\u7684\u7528\u6237\u3002<\/li>\n
  4. \u670d\u52a1\u5668<\/strong>\uff1a\u6258\u7ba1\u4f1a\u8bdd\u7684 Web \u670d\u52a1\u5668\u3002<\/li>\n<\/ol>\n

    Sidejacking \u7684\u5185\u90e8\u7ed3\u6784\u3002Sidejacking \u662f\u5982\u4f55\u5de5\u4f5c\u7684<\/h2>\n
      \n
    1. \u76d1\u63a7\u7f51\u7edc\u6d41\u91cf<\/strong>\uff1a\u653b\u51fb\u8005\u76d1\u89c6\u672a\u52a0\u5bc6\u7684\u7f51\u7edc\u6d41\u91cf\uff0c\u5bfb\u627e\u6d3b\u52a8\u4f1a\u8bdd\u3002<\/li>\n
    2. \u62e6\u622a<\/strong>\uff1a\u653b\u51fb\u8005\u5229\u7528Wireshark\u6216\u5176\u4ed6\u6570\u636e\u5305\u55c5\u63a2\u5668\u7b49\u5de5\u5177\u62e6\u622a\u4f1a\u8bdd\u5bc6\u94a5\u3002<\/li>\n
    3. \u5192\u5145<\/strong>\uff1a\u653b\u51fb\u8005\u4f7f\u7528\u7a83\u53d6\u7684\u4f1a\u8bdd\u5bc6\u94a5\uff0c\u5192\u5145\u53d7\u5bb3\u8005\uff0c\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u5176\u5e10\u6237\u6216\u79c1\u4eba\u4fe1\u606f\u3002<\/li>\n
    4. \u884c\u52a8<\/strong>\uff1a\u653b\u51fb\u8005\u968f\u540e\u53ef\u80fd\u4f1a\u4ee3\u8868\u53d7\u5bb3\u8005\u6267\u884c\u4e00\u4e9b\u64cd\u4f5c\uff0c\u4f8b\u5982\u8f6c\u8d26\u3001\u66f4\u6539\u5bc6\u7801\u7b49\u3002<\/li>\n<\/ol>\n

      Sidejacking \u4e3b\u8981\u7279\u5f81\u5206\u6790<\/h2>\n