June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
284
|
第
8
章
在你打算跃跃欲试之前,这套令牌已经被修改了。此处的会话标识符有一个
生存周期的限制。这也有助于防止会话劫持攻击。你可以在首部中看到创建
会话标识符的时间。这表明它被服务器检查时存在一个时间限制。如果攻击
者要获取我的会话标识符信息,他们将在有限的时间内才能使用它。此外,
使用这样的会话标识符,它应该和我的设备绑定,这意味着他不能被复制和
在其他地方使用。
会话劫持攻击以用户为目标,从而获得用户的权限。攻击要求会话标识符被
截获。这可能发生在中间人攻击中,其中拦截了数据流量。这可能意味着攻
击通过其常规流或者路由重定向对网络流量进行拦截。比如,这可以通过嗅
探攻击完成。
你可以从示例中看到商业网站采用了会话标识符。即使普通用户也不得不担
心会话劫持,因为攻击企业的目标并不总是获取系统访问权限,甚至可能不
经常被发现,有时它只是盗窃数据。如果会话标识符可能被劫持,那么你的
Amazon
帐户可用于订购可以转售的商品。你的银行账户可能会被劫持以转移
资金。这完全不是暗示当前大家对这种攻击持开放态度,特别是像亚马逊这
样的公司要求在发货信息发生任何变化之前重新验证信息。
使用代理
代理服务器用于传递请求,使得请求看上去来自代理服务器而不是来自用户
的系统。这些系统通常用于过滤请求,使得用户不会被吸引到恶意站点,或
者有时会使用与业务无关的站点。它们可以用于捕获从客户端到服务器的信
息,反之亦然,以便确保没有恶意软件入侵企业网络。
我们可以使用相同的思路执行安全测试。由于是代理服务器发送请求,然后
可以更改或删除它们 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.