Tag: forge

4.6.5-Testing_for_Cross_Site_Request_Forgery

Testing for Cross Site Request Forgery ID WSTG-SESS-05 Summary Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions on a web application in which they are currently authenticated. With a little social engineering help (like sending a link via email or chat), an attacker may force the users […]

Pikachu Range – Cross-Site Request Forgery (CSRF)

Article directory 1. Cross-site request forgery (CSRF) 1.1 CSRF(get) 1.2 CSRF(post) 1.3 CSRF Token 1.4 CSRF vulnerability defense 1. Cross-site request forgery (CSRF) You can also refer to my other article: Cross-site request forgery (CSRF) The full name is Cross-site request forgery, which translates as cross-site request forgery. It refers to using the victim’s identity […]

Web vulnerability-SSRF server request forgery

Directory SSRF server request forgery 1. Definition 2. Causes of vulnerabilities 3. Vulnerability detection 4. Exploiting vulnerabilities 5. Reproduce the SSRF experiment at the Pikachu shooting range and detect the opening of the target drone port. 6. Use SSRF to detect the intranet environment and obtain the shell 7. Bypass techniques 8. SSRF defense solution […]

Forged DNS attack via DHCP service

Foreword Hello everyone, in this chapter I will explain to you how to forge DNS through the DHCP service, attack it, and use phishing websites to obtain the login user name and password. Principle of attack The imitated host suffered a false domain name resolution attack and information was leaked. Network topology Windows server 2008 […]

Interface automated testing practice: interface framework modification, dynamic parameterization and data forgery

1. Foreword This article mainly explains the framework construction and modification of Python interface automated testing, automated test case design, dynamic parameterization form of use case design in interface testing, etc. This article will skip some of the framework construction content. Without further ado, let’s do it together. Take a look. 2. Practical exercises 2.1 […]

Minecraft 1.20.1 forge module development – particles

Particles first particle How to generate particles TestParticle–particle class TestOption–Implements the interface ParticleOptions to store and process the data used to create particle effects. TestType–particle type ParticleRegistry–Register particles ParticleFactoryRegistry–Register factory class texture–texture First particle I recently had some ideas, so I started learning module development again. This article is mainly used to record problems in […]

Use FinalShell to remotely connect to the server and forget the connection password

Use FinalShell to remotely connect to the server and forget the connection password Export connection information first, json file Connection name_connect_config.json, find the password of passowrd Decryption <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.15</version> </dependency> import org.apache.commons.codec.digest.DigestUtils; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.SecureRandom; import java.util.Random; public […]

Server-side request forgery (SSRF) and vulnerability recurrence

Article directory Penetration testing vulnerability principles Server request forgery 1. SSRF Overview 1.1 SSRF scenario 1.1.1 PHP implementation 1.2 SSRF principle 1.3 SSRF hazards 2. SSRF attack and defense 2.1 SSRF Exploitation 2.1.1 File access 2.1.2 Port scanning 2.1.3 Reading local files 2.1.4 Intranet application fingerprint identification 2.1.5 Attack intranet web applications 2.2 SSRF classic […]