\u7b2c\u4e00\u90e8\u5206:\u5f00\u7bc7\u660e\u4e49 \u2014\u2014 \u5b9a\u4e49\u3001\u4ef7\u503c\u4e0e\u76ee\u6807<\/p>\n
\u5728\u5f53\u4eca\u7684\u4e92\u8054\u7f51\u5b89\u5168\u4f53\u7cfb\u4e2d,\u9a8c\u8bc1\u7801 \u4f5c\u4e3a\u4e00\u79cd\u533a\u5206\u4eba\u7c7b\u7528\u6237\u4e0e\u81ea\u52a8\u5316\u7a0b\u5e8f\u7684\u56fe\u7075\u6d4b\u8bd5\u53d8\u4f53,\u5df2\u6210\u4e3a\u4fdd\u62a4Web\u5e94\u7528\u3001API\u63a5\u53e3\u548c\u5173\u952e\u4e1a\u52a1\u903b\u8f91\u7684\u7b2c\u4e00\u9053\u3001\u4e5f\u5f80\u5f80\u662f\u6700\u8106\u5f31\u7684\u4e00\u9053\u9632\u7ebf\u3002\u5b83\u6a2a\u8de8\u5728\u8eab\u4efd\u8ba4\u8bc1\u3001\u4ea4\u6613\u786e\u8ba4\u3001\u9632\u722c\u866b\u548c\u9632\u66b4\u529b\u7834\u89e3\u7b49\u591a\u4e2a\u5173\u952e\u5b89\u5168\u8282\u70b9\u4e0a\u3002\u56e0\u6b64,\u5bf9\u9a8c\u8bc1\u7801\u673a\u5236\u7684\u5b89\u5168\u6027\u8fdb\u884c\u8bc4\u4f30,\u4e0d\u518d\u662f\u6e17\u900f\u6d4b\u8bd5\u4e2d\u7684\u4e00\u4e2a\u53ef\u9009\u6b65\u9aa4,\u800c\u662f\u8bc4\u4f30\u76ee\u6807\u7cfb\u7edf\u6574\u4f53\u5b89\u5168\u6210\u719f\u5ea6\u7684\u6838\u5fc3\u8bd5\u91d1\u77f3\u3002\u4e00\u4e2a\u8bbe\u8ba1\u4e0d\u5f53\u6216\u5b9e\u73b0\u6709\u8bef\u7684\u9a8c\u8bc1\u7801,\u5176\u5371\u5bb3\u6027\u4e0d\u4e9a\u4e8e\u4e00\u4e2a\u9ad8\u5371\u7684SQL\u6ce8\u5165\u6f0f\u6d1e,\u56e0\u4e3a\u5b83\u53ef\u80fd\u76f4\u63a5\u5bfc\u81f4\u8d26\u6237\u88ab\u6279\u91cf\u7834\u89e3\u3001\u4e1a\u52a1\u8d44\u6e90\u88ab\u6076\u610f\u8017\u5c3d\u6216\u654f\u611f\u6570\u636e\u88ab\u81ea\u52a8\u5316\u722c\u53d6\u3002<\/p>\n
\u7ad9\u5728\u201c\u6559\u80b2\u8005\u201d\u548c\u201c\u5b9e\u6218\u8005\u201d\u7684\u89d2\u5ea6,\u672c\u6587\u65e8\u5728\u5c06\u9a8c\u8bc1\u7801\u5b89\u5168\u6d4b\u8bd5\u8fd9\u4e00\u770b\u4f3c\u7410\u788e\u3001\u5b9e\u5219\u6df1\u9083\u7684\u9886\u57df,\u8fdb\u884c\u7cfb\u7edf\u6027\u89e3\u6784\u3002\u6211\u4eec\u5c06\u4ece\u9a8c\u8bc1\u7801\u8bbe\u8ba1\u7684\u6839\u672c\u76ee\u6807\u51fa\u53d1,\u9010\u5c42\u5256\u6790\u5176\u53ef\u80fd\u5931\u6548\u7684\u6bcf\u4e00\u4e2a\u73af\u8282,\u5e76\u63d0\u4f9b\u4ece\u624b\u52a8\u5206\u6790\u5230\u81ea\u52a8\u5316\u5bf9\u6297\u7684\u5b8c\u6574\u65b9\u6cd5\u8bba\u3002\u65e0\u8bba\u60a8\u662f\u521d\u6d89\u5b89\u5168\u7684\u65b0\u4eba,\u8fd8\u662f\u7ecf\u9a8c\u4e30\u5bcc\u7684\u5de5\u7a0b\u5e08,\u672c\u6587\u90fd\u5c06\u4e3a\u60a8\u63d0\u4f9b\u4e00\u4e2a\u6e05\u6670\u3001\u53ef\u590d\u7528\u7684\u77e5\u8bc6\u6846\u67b6\u3002<\/p>\n
\u5b66\u4e60\u76ee\u6807<\/p>\n
\u8bfb\u5b8c\u672c\u6587,\u4f60\u5c06\u80fd\u591f:<\/p>\n
\u524d\u7f6e\u77e5\u8bc6<\/p>\n
\u00b7 \u57fa\u7840\u7684Web\u6e17\u900f\u6d4b\u8bd5\u6982\u5ff5:\u4e86\u89e3HTTP\/HTTPS\u534f\u8bae\u3001Cookie\u3001Session\u3001\u5e38\u89c1Web\u6f0f\u6d1e(\u5982\u903b\u8f91\u6f0f\u6d1e)\u3002 \u00b7 Burp Suite\u7684\u4f7f\u7528:\u5177\u5907\u4f7f\u7528\u4ee3\u7406\u8fdb\u884c\u8bf7\u6c42\/\u54cd\u5e94\u62e6\u622a\u4e0e\u91cd\u653e\u7684\u57fa\u672c\u80fd\u529b\u3002 \u00b7 \u57fa\u7840\u7684\u7f16\u7a0b\u80fd\u529b(Python):\u80fd\u591f\u7406\u89e3\u5e76\u8fd0\u884c\u63d0\u4f9b\u7684\u811a\u672c\u7247\u6bb5\u3002<\/p>\n
\u7b2c\u4e8c\u90e8\u5206:\u539f\u7406\u6df1\u6398 \u2014\u2014 \u4ece\u201c\u662f\u4ec0\u4e48\u201d\u5230\u201c\u4e3a\u4ec0\u4e48\u201d<\/p>\n
\u6838\u5fc3\u5b9a\u4e49\u4e0e\u7c7b\u6bd4<\/p>\n
\u9a8c\u8bc1\u7801 \u662f\u4e00\u79cd\u5168\u81ea\u52a8\u7684\u3001\u516c\u5f00\u7684\u56fe\u7075\u6d4b\u8bd5,\u7528\u4e8e\u533a\u5206\u8ba1\u7b97\u673a\u548c\u4eba\u7c7b\u3002\u5176\u6838\u5fc3\u76ee\u7684\u662f\u589e\u52a0\u81ea\u52a8\u5316\u653b\u51fb\u7684\u6210\u672c,\u65e0\u8bba\u662f\u6210\u672c(\u65f6\u95f4\u3001\u8d44\u6e90)\u8fd8\u662f\u6280\u672f\u590d\u6742\u5ea6,\u4f7f\u5176\u53d8\u5f97\u4e0d\u7ecf\u6d4e\u6216\u4e0d\u5207\u5b9e\u9645\u3002<\/p>\n
\u4e00\u4e2a\u8d34\u5207\u7684\u6bd4\u55bb\u662f:\u9a8c\u8bc1\u7801\u5982\u540c\u4e00\u4e2a\u5b88\u95e8\u4eba\u3002\u4e00\u4e2a\u7406\u60f3\u7684\u5b88\u95e8\u4eba\u5e94\u8be5\u80fd\u51c6\u786e\u3001\u8fc5\u901f\u5730\u5206\u8fa8\u51fa\u201c\u771f\u6b63\u60f3\u8fdb\u95e8\u7684\u5ba2\u4eba\u201d(\u4eba\u7c7b\u7528\u6237)\u548c\u201c\u4f01\u56fe\u4f2a\u88c5\u6f5c\u5165\u7684\u673a\u5668\u4eba\u201d(\u81ea\u52a8\u5316\u811a\u672c)\u3002\u7136\u800c,\u73b0\u5b9e\u4e2d\u5b88\u95e8\u4eba\u53ef\u80fd\u60a3\u6709\u201c\u8138\u76f2\u75c7\u201d(\u8bc6\u522b\u7b97\u6cd5\u7f3a\u9677)\u3001\u9075\u5faa\u201c\u6b7b\u677f\u89c4\u5219\u201d(\u903b\u8f91\u7f3a\u9677)\u3001\u6216\u8005\u53ef\u4ee5\u88ab\u201c\u4f2a\u9020\u7684\u901a\u884c\u8bc1\u201d(\u81ea\u52a8\u5316\u8bc6\u522b)\u6240\u6b3a\u9a97\u3002<\/p>\n
\u6839\u672c\u539f\u56e0\u5206\u6790:\u9a8c\u8bc1\u7801\u4e3a\u4f55\u4f1a\u88ab\u7ed5\u8fc7?<\/p>\n
\u9a8c\u8bc1\u7801\u5b89\u5168\u95ee\u9898\u5e76\u975e\u6e90\u4e8e\u5355\u4e00\u539f\u56e0,\u800c\u662f\u8bbe\u8ba1\u3001\u5b9e\u73b0\u4e0e\u8fd0\u7ef4\u591a\u4e2a\u5c42\u9762\u7f3a\u9677\u7684\u805a\u5408\u3002\u5176\u6839\u672c\u539f\u56e0\u53ef\u5f52\u7ed3\u4e3a\u4ee5\u4e0b\u51e0\u70b9:<\/p>\n
\u53ef\u89c6\u5316\u6838\u5fc3\u673a\u5236:\u9a8c\u8bc1\u7801\u7cfb\u7edf\u7684\u5bf9\u6297\u9762<\/p>\n
\u4e0b\u56fe\u63cf\u7ed8\u4e86\u4e00\u4e2a\u5178\u578b\u9a8c\u8bc1\u7801\u7cfb\u7edf\u7684\u5de5\u4f5c\u6d41\u7a0b,\u5e76\u9ad8\u4eae\u4e86\u6bcf\u4e2a\u73af\u8282\u53ef\u80fd\u5b58\u5728\u7684\u653b\u51fb\u9762(\u7ea2\u8272\u6807\u6ce8)\u3002\u8fd9\u5f20\u56fe\u662f\u7406\u89e3\u540e\u7eed\u6240\u6709\u6d4b\u8bd5\u6848\u4f8b\u7684\u201c\u5bfc\u822a\u56fe\u201d\u3002<\/p>\n
#mermaid-svg-pFL5YMQTZ9VHZI5D{font-family:\\”trebuchet ms\\”,verdana,arial,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#mermaid-svg-pFL5YMQTZ9VHZI5D .error-icon{fill:#552222;}#mermaid-svg-pFL5YMQTZ9VHZI5D .error-text{fill:#552222;stroke:#552222;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-thickness-normal{stroke-width:1px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-thickness-thick{stroke-width:3.5px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-pattern-solid{stroke-dasharray:0;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-thickness-invisible{stroke-width:0;fill:none;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-pattern-dashed{stroke-dasharray:3;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edge-pattern-dotted{stroke-dasharray:2;}#mermaid-svg-pFL5YMQTZ9VHZI5D .marker{fill:#333333;stroke:#333333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .marker.cross{stroke:#333333;}#mermaid-svg-pFL5YMQTZ9VHZI5D svg{font-family:\\”trebuchet ms\\”,verdana,arial,sans-serif;font-size:16px;}#mermaid-svg-pFL5YMQTZ9VHZI5D p{margin:0;}#mermaid-svg-pFL5YMQTZ9VHZI5D .label{font-family:\\”trebuchet ms\\”,verdana,arial,sans-serif;color:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .cluster-label text{fill:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .cluster-label span{color:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .cluster-label span p{background-color:transparent;}#mermaid-svg-pFL5YMQTZ9VHZI5D .label text,#mermaid-svg-pFL5YMQTZ9VHZI5D span{fill:#333;color:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .node rect,#mermaid-svg-pFL5YMQTZ9VHZI5D .node circle,#mermaid-svg-pFL5YMQTZ9VHZI5D .node ellipse,#mermaid-svg-pFL5YMQTZ9VHZI5D .node polygon,#mermaid-svg-pFL5YMQTZ9VHZI5D .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .rough-node .label text,#mermaid-svg-pFL5YMQTZ9VHZI5D .node .label text,#mermaid-svg-pFL5YMQTZ9VHZI5D .image-shape .label,#mermaid-svg-pFL5YMQTZ9VHZI5D .icon-shape .label{text-anchor:middle;}#mermaid-svg-pFL5YMQTZ9VHZI5D .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .rough-node .label,#mermaid-svg-pFL5YMQTZ9VHZI5D .node .label,#mermaid-svg-pFL5YMQTZ9VHZI5D .image-shape .label,#mermaid-svg-pFL5YMQTZ9VHZI5D .icon-shape .label{text-align:center;}#mermaid-svg-pFL5YMQTZ9VHZI5D .node.clickable{cursor:pointer;}#mermaid-svg-pFL5YMQTZ9VHZI5D .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .arrowheadPath{fill:#333333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edgePath .path{stroke:#333333;stroke-width:2.0px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .flowchart-link{stroke:#333333;fill:none;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-pFL5YMQTZ9VHZI5D .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#mermaid-svg-pFL5YMQTZ9VHZI5D .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-pFL5YMQTZ9VHZI5D .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#mermaid-svg-pFL5YMQTZ9VHZI5D .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .cluster text{fill:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D .cluster span{color:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:\\”trebuchet ms\\”,verdana,arial,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#mermaid-svg-pFL5YMQTZ9VHZI5D .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#mermaid-svg-pFL5YMQTZ9VHZI5D rect.text{fill:none;stroke-width:0;}#mermaid-svg-pFL5YMQTZ9VHZI5D .icon-shape,#mermaid-svg-pFL5YMQTZ9VHZI5D .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#mermaid-svg-pFL5YMQTZ9VHZI5D .icon-shape p,#mermaid-svg-pFL5YMQTZ9VHZI5D .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#mermaid-svg-pFL5YMQTZ9VHZI5D .icon-shape rect,#mermaid-svg-pFL5YMQTZ9VHZI5D .image-shape rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#mermaid-svg-pFL5YMQTZ9VHZI5D .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#mermaid-svg-pFL5YMQTZ9VHZI5D .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#mermaid-svg-pFL5YMQTZ9VHZI5D :root{–mermaid-font-family:\\”trebuchet ms\\”,verdana,arial,sans-serif;}<\/p>\n
<\/p>\n \u81ea\u52a8\u5316\u653b\u51fb\u94fe\u8def<\/p>\n <\/span><\/p>\n <\/p>\n \u670d\u52a1\u5668\u7aef<\/p>\n <\/span><\/p>\n <\/p>\n \u5ba2\u6237\u7aef (\u653b\u51fb\u8005\u89c6\u89d2)<\/p>\n <\/span><\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u9762\u2460: \u9884\u6d4b\/\u679a\u4e3e<\/p>\n <\/span><\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u9762\u2461: \u4fe1\u606f\u6cc4\u6f0f\u3001\u91cd\u653e<\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u9762\u2462: \u524d\u7aef\u6821\u9a8c\u7ed5\u8fc7<\/p>\n <\/span><\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u9762\u2463: \u5b58\u50a8\u7f3a\u9677\u3001\u8fc7\u671f\u7b56\u7565<\/p>\n <\/span><\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u9762\u2464: \u903b\u8f91\u7f3a\u9677\u3001\u66b4\u529b\u7834\u89e3<\/p>\n <\/span><\/p>\n <\/p>\n \u662f<\/p>\n <\/span><\/p>\n <\/p>\n \u5426<\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u9762\u2465: \u72b6\u6001\u4e0d\u540c\u6b65<\/p>\n <\/span><\/p>\n <\/p>\n \u65c1\u8def\u653b\u51fb: OCR\u8bc6\u522b\u3001\u6df1\u5ea6\u5b66\u4e60\u63a8\u7406<\/p>\n <\/span><\/p>\n <\/p>\n \u5229\u7528\u653b\u51fb: \u91cd\u653e\u8bf7\u6c42\u3001\u7be1\u6539\u6570\u636e\u3001\u8c03\u7528API<\/p>\n <\/span><\/p>\n <\/p>\n \u6d41\u7a0b\u5206\u6790: \u903b\u8f91\u3001\u89c4\u5f8b\u3001\u67b6\u6784<\/p>\n <\/span><\/p>\n <\/p>\n \u7528\u6237\u8bbf\u95ee\u9700\u8981\u9a8c\u8bc1\u7801\u7684\u9875\u9762<\/p>\n <\/span><\/p>\n <\/p>\n \u524d\u7aef\u8bf7\u6c42\u83b7\u53d6\u9a8c\u8bc1\u7801<\/p>\n <\/span><\/p>\n <\/p>\n \u670d\u52a1\u5668\u751f\u6210\u9a8c\u8bc1\u7801<\/p>\n <\/span><\/p>\n <\/p>\n \u8fd4\u56de\u9a8c\u8bc1\u7801\u56fe\u7247\/Token\/\u53c2\u6570<\/p>\n <\/span><\/p>\n <\/p>\n \u7528\u6237\u8f93\u5165\u9a8c\u8bc1\u7801<\/p>\n <\/span><\/p>\n <\/p>\n \u63d0\u4ea4\u8868\u5355\u542b\u9a8c\u8bc1\u7801\u7b54\u6848<\/p>\n <\/span><\/p>\n <\/p>\n \u5c06\u6b63\u786e\u7b54\u6848\u4e0eSession\/Key\u7ed1\u5b9a\u5e76\u5b58\u50a8<\/p>\n <\/span><\/p>\n <\/p>\n \u540e\u7aef\u9a8c\u8bc1\u63d0\u4ea4\u7684\u7b54\u6848<\/p>\n <\/span><\/p>\n <\/p>\n \u9a8c\u8bc1\u6210\u529f?<\/p>\n <\/span><\/p>\n <\/p>\n \u6267\u884c\u540e\u7eed\u4e1a\u52a1\u903b\u8f91<\/p>\n <\/span><\/p>\n <\/p>\n \u8fd4\u56de\u9519\u8bef\u53ef\u80fd\u5237\u65b0\u9a8c\u8bc1\u7801<\/p>\n <\/span><\/p>\n <\/p>\n \u81ea\u52a8\u5316\u811a\u672c\/\u5de5\u5177<\/p>\n <\/span><\/p>\n <\/p>\n \u653b\u51fb\u8005\u5927\u8111<\/p>\n <\/span><\/p>\n <\/p>\n \u6574\u4e2a\u6d41\u7a0b<\/p>\n <\/span><\/p>\n \u653b\u51fb\u9762\u89e3\u8bfb:<\/p>\n \u00b7 \u2460 \u9884\u6d4b\/\u679a\u4e3e:\u9a8c\u8bc1\u7801\u662f\u5426\u53ef\u9884\u6d4b(\u5982\u57fa\u4e8e\u65f6\u95f4\u6233)?\u7b54\u6848\u7a7a\u95f4\u662f\u5426\u8fc7\u5c0f(\u59824\u4f4d\u7eaf\u6570\u5b57)? \u00b7 \u2461 \u4fe1\u606f\u6cc4\u6f0f\u4e0e\u91cd\u653e:\u9a8c\u8bc1\u7801\u7b54\u6848\u662f\u5426\u76f4\u63a5\u8fd4\u56de\u5728\u54cd\u5e94\u4e2d?\u9a8c\u8bc1\u7801\u56fe\u7247\/Token\u662f\u5426\u53ef\u88ab\u540c\u4e00\u4f1a\u8bdd\u591a\u6b21\u4f7f\u7528? \u00b7 \u2462 \u524d\u7aef\u6821\u9a8c\u7ed5\u8fc7:\u9a8c\u8bc1\u662f\u5426\u4ec5\u5728\u524d\u7aefJavaScript\u8fdb\u884c?\u63d0\u4ea4\u7684\u53c2\u6570\u540d\u662f\u5426\u53ef\u731c\u6d4b(\u5982code\u3001captcha)? \u00b7 \u2463 \u5b58\u50a8\u4e0e\u72b6\u6001\u7f3a\u9677:\u670d\u52a1\u5668\u5982\u4f55\u5b58\u50a8\u9884\u671f\u7b54\u6848?Session\u7ba1\u7406\u662f\u5426\u5b89\u5168?\u9a8c\u8bc1\u7801\u662f\u5426\u6c38\u4e0d\u5931\u6548\u6216\u8fc7\u65e9\u5931\u6548? \u00b7 \u2464 \u6838\u5fc3\u903b\u8f91\u7f3a\u9677:\u9a8c\u8bc1\u4e0e\u4e1a\u52a1\u6267\u884c\u662f\u5426\u539f\u5b50\u64cd\u4f5c?\u9a8c\u8bc1\u5931\u8d25\u540e,\u5df2\u6263\u51cf\u7684\u8d44\u6e90(\u5982\u77ed\u4fe1\u6b21\u6570)\u662f\u5426\u56de\u6eda? \u00b7 \u2465 \u72b6\u6001\u540c\u6b65\u95ee\u9898:\u9a8c\u8bc1\u5931\u8d25\u540e,\u65e7\u7684\u9a8c\u8bc1\u7801\u662f\u5426\u4f9d\u7136\u6709\u6548?\u5237\u65b0\u673a\u5236\u662f\u5426\u5b58\u5728\u7ade\u4e89\u6761\u4ef6?<\/p>\n \u7b2c\u4e09\u90e8\u5206:\u5b9e\u6218\u6f14\u7ec3 \u2014\u2014 \u4ece\u201c\u4e3a\u4ec0\u4e48\u201d\u5230\u201c\u600e\u4e48\u505a\u201d<\/p>\n \u73af\u5883\u4e0e\u5de5\u5177\u51c6\u5907<\/p>\n \u6211\u4eec\u5c06\u5728\u4e00\u4e2a\u53ef\u63a7\u7684\u6388\u6743\u6d4b\u8bd5\u73af\u5883\u4e2d\u8fdb\u884c\u6f14\u793a\u3002\u672c\u73af\u5883\u96c6\u6210\u4e86\u591a\u79cd\u6709\u7f3a\u9677\u7684\u9a8c\u8bc1\u7801\u5b9e\u73b0\u3002<\/p>\n \u6f14\u793a\u73af\u5883:<\/p>\n \u00b7 \u76ee\u6807\u5e94\u7528:\u4e00\u4e2a\u4e13\u4e3a\u5b89\u5168\u6d4b\u8bd5\u8bbe\u8ba1\u7684\u8106\u5f31Web\u5e94\u7528 (\u4f8b\u5982: http:\/\/vuln-captcha-lab:8080)\u3002 \u00b7 \u6280\u672f\u6808:Spring Boot + Thymeleaf, \u5305\u542b\u591a\u4e2a\u72ec\u7acb\u7684\u3001\u5b58\u5728\u4e0d\u540c\u6f0f\u6d1e\u7684\u9a8c\u8bc1\u7801\u793a\u4f8b\u7aef\u70b9\u3002<\/p>\n \u6838\u5fc3\u5de5\u5177\u6e05\u5355:<\/p>\n \u6700\u5c0f\u5316\u5b9e\u9a8c\u73af\u5883\u642d\u5efa(\u4f7f\u7528Docker):<\/p>\n # docker-compose.yml<\/span> burp<\/span>:<\/span> networks<\/span>:<\/span> \u4f7f\u7528\u547d\u4ee4 docker-compose up -d \u542f\u52a8\u73af\u5883\u3002<\/p>\n \u6807\u51c6\u64cd\u4f5c\u6d41\u7a0b<\/p>\n \u9636\u6bb5\u4e00:\u4fe1\u606f\u6536\u96c6\u4e0e\u4fa6\u5bdf<\/p>\n \u8bbf\u95ee\u76ee\u6807\u5e94\u7528, \u679a\u4e3e\u6240\u6709\u6d89\u53ca\u9a8c\u8bc1\u7801\u7684\u529f\u80fd\u70b9:\u767b\u5f55\u3001\u6ce8\u518c\u3001\u5bc6\u7801\u627e\u56de\u3001\u77ed\u4fe1\u53d1\u9001\u3001\u6295\u7968\u3001\u8bc4\u8bba\u7b49\u3002<\/p>\n \u4f7f\u7528Burp Suite\u6293\u53d6\u4e00\u4e2a\u5178\u578b\u7684\u9a8c\u8bc1\u7801\u8bf7\u6c42\u6d41\u7a0b:<\/p>\n \u9636\u6bb5\u4e8c:\u903b\u8f91\u4e0e\u4e1a\u52a1\u6d41\u5206\u6790<\/p>\n \u8fd9\u662f\u6700\u6709\u6548\u7684\u7ed5\u8fc7\u624b\u6bb5,\u901a\u5e38\u4e0d\u4f9d\u8d56\u4e8e\u590d\u6742\u7684\u6280\u672f\u8bc6\u522b\u3002<\/p>\n \u6d4b\u8bd5\u6848\u4f8b1:\u9a8c\u8bc1\u7801\u53ef\u91cd\u7528<\/p>\n \u6d4b\u8bd5\u6848\u4f8b2:\u9a8c\u8bc1\u73af\u8282\u7f3a\u5931\u6216\u53ef\u7ed5\u8fc7<\/p>\n \u6d4b\u8bd5\u6848\u4f8b3:\u9a8c\u8bc1\u7801\u4e0e\u4e1a\u52a1\u64cd\u4f5c\u975e\u539f\u5b50\u6027<\/p>\n \u9636\u6bb5\u4e09:\u6280\u672f\u5b9e\u73b0\u5206\u6790<\/p>\n \u5f53\u903b\u8f91\u5c42\u9762\u6ca1\u6709\u660e\u663e\u6f0f\u6d1e\u65f6,\u6211\u4eec\u9700\u8981\u5206\u6790\u9a8c\u8bc1\u7801\u672c\u8eab\u7684\u6280\u672f\u5b9e\u73b0\u3002<\/p>\n \u6d4b\u8bd5\u6848\u4f8b4:\u7b80\u5355\u7684\u56fe\u5f62\u9a8c\u8bc1\u7801(\u6570\u5b57\u3001\u5b57\u6bcd)<\/p>\n \u00b7 \u5de5\u5177:pytesseract (Tesseract OCR) \u00b7 \u6b65\u9aa4:<\/p>\n # \u793a\u4f8b\u4ee3\u7801:\u7b80\u5355OCR\u8bc6\u522b\u9a8c\u8bc1\u7801<\/span> session =<\/span> requests.<\/span>Session(<\/span>)<\/span> # 2. \u9884\u5904\u7406\u56fe\u50cf<\/span> # 3. \u4f7f\u7528Tesseract\u8bc6\u522b<\/span> # 4. \u4f7f\u7528\u8bc6\u522b\u7ed3\u679c\u53d1\u8d77\u8bf7\u6c42 (\u4f8b\u5982\u767b\u5f55)<\/span> \u7ed5\u8fc7\u4e0e\u8fdb\u5316:\u5982\u679c\u9a8c\u8bc1\u7801\u52a0\u5165\u4e86\u7b80\u5355\u7684\u5e72\u6270\u7ebf\u3001\u626d\u66f2, Tesseract\u53ef\u80fd\u5931\u8d25\u3002\u6b64\u65f6\u9700\u8981\u66f4\u590d\u6742\u7684\u9884\u5904\u7406(\u5982\u4f7f\u7528OpenCV\u8fdb\u884c\u5f62\u6001\u5b66\u64cd\u4f5c\u53bb\u9664\u5e72\u6270\u7ebf)\u6216\u8bad\u7ec3\u4e13\u5c5e\u7684\u8bc6\u522b\u6a21\u578b\u3002<\/p>\n \u6d4b\u8bd5\u6848\u4f8b5:\u6ed1\u52a8\u62fc\u56fe\u9a8c\u8bc1\u7801<\/p>\n \u00b7 \u539f\u7406:\u7f3a\u53e3\u4f4d\u7f6e\u56fa\u5b9a\u6216\u53ef\u8ba1\u7b97\u3002 \u00b7 \u6b65\u9aa4:<\/p>\n # \u793a\u4f8b\u4ee3\u7801:\u8ba1\u7b97\u6ed1\u52a8\u7f3a\u53e3\u8ddd\u79bb (\u7b80\u5316\u7248)<\/span> def<\/span> get_slide_distance<\/span>(<\/span>bg_path,<\/span> slide_path)<\/span>:<\/span>
\n
\nversion<\/span>:<\/span> '3.8'<\/span>
\nservices<\/span>:<\/span>
\n vuln-captcha-lab<\/span>:<\/span>
\n image<\/span>:<\/span> registry.cn–<\/span>hangzhou.aliyuncs.com\/sec–<\/span>lab\/vuln–<\/span>captcha–<\/span>demo:<\/span>latest # \u5047\u8bbe\u5b58\u5728\u6b64\u955c\u50cf<\/span>
\n ports<\/span>:<\/span>
\n –<\/span> "8080:8080"<\/span>
\n environment<\/span>:<\/span>
\n –<\/span> SPRING_PROFILES_ACTIVE=test
\n networks<\/span>:<\/span>
\n –<\/span> test–<\/span>net<\/p>\n
\n image<\/span>:<\/span> linuxkonsult\/kali–<\/span>burpsuite:<\/span>latest
\n privileged<\/span>:<\/span> true<\/span>
\n networks<\/span>:<\/span>
\n –<\/span> test–<\/span>net
\n # \u901a\u8fc7VNC\u6216X11\u8f6c\u53d1\u8bbf\u95eeBurp\u754c\u9762<\/span><\/p>\n
\n test-net<\/span>:<\/span>
\n driver<\/span>:<\/span> bridge<\/p>\n
\nimport<\/span> requests
\nfrom<\/span> PIL import<\/span> Image,<\/span> ImageFilter
\nimport<\/span> pytesseract
\nimport<\/span> io<\/p>\n
\n# 1. \u83b7\u53d6\u9a8c\u8bc1\u7801\u56fe\u7247<\/span>
\ncaptcha_url =<\/span> "http:\/\/vuln-captcha-lab:8080\/captcha\/simple"<\/span>
\nheaders =<\/span> {<\/span>'User-Agent'<\/span>:<\/span> 'Mozilla\/5.0'<\/span>}<\/span>
\nresp =<\/span> session.<\/span>get(<\/span>captcha_url,<\/span> headers=<\/span>headers)<\/span><\/p>\n
\nimage =<\/span> Image.<\/span>open<\/span>(<\/span>io.<\/span>BytesIO(<\/span>resp.<\/span>content)<\/span>)<\/span>.<\/span>convert(<\/span>'L'<\/span>)<\/span> # \u8f6c\u4e3a\u7070\u5ea6<\/span>
\n# \u4e8c\u503c\u5316 (\u9608\u503c\u53ef\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u8c03\u6574)<\/span>
\nthreshold =<\/span> 150<\/span>
\nimage =<\/span> image.<\/span>point(<\/span>lambda<\/span> p:<\/span> p ><\/span> threshold and<\/span> 255<\/span>)<\/span>
\n# \u53ef\u9009:\u964d\u566a<\/span>
\nimage =<\/span> image.<\/span>filter<\/span>(<\/span>ImageFilter.<\/span>MedianFilter(<\/span>size=<\/span>3<\/span>)<\/span>)<\/span><\/p>\n
\n# \u6ce8\u610f:\u9700\u5148\u5728\u7cfb\u7edf\u5b89\u88c5Tesseract-OCR,\u5e76\u53ef\u80fd\u9700\u8981\u6307\u5b9a\u8bed\u8a00\u5305(eng)<\/span>
\ncustom_config =<\/span> r'–oem 3 –psm 7 -c tessedit_char_whitelist=ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'<\/span>
\ncaptcha_text =<\/span> pytesseract.<\/span>image_to_string(<\/span>image,<\/span> config=<\/span>custom_config)<\/span>.<\/span>strip(<\/span>)<\/span>
\nprint<\/span>(<\/span>f"\u8bc6\u522b\u7ed3\u679c: <\/span>{<\/span>captcha_text}<\/span><\/span>"<\/span><\/span>)<\/span><\/p>\n
\nlogin_url =<\/span> "http:\/\/vuln-captcha-lab:8080\/login"<\/span>
\ndata =<\/span> {<\/span>
\n 'username'<\/span>:<\/span> 'test'<\/span>,<\/span>
\n 'password'<\/span>:<\/span> 'test'<\/span>,<\/span>
\n 'captcha'<\/span>:<\/span> captcha_text
\n}<\/span>
\n# \u6ce8\u610f:\u901a\u5e38\u9700\u8981\u643a\u5e26\u83b7\u53d6\u9a8c\u8bc1\u7801\u65f6\u7684Cookie (session\u5df2\u81ea\u52a8\u5904\u7406)<\/span>
\nlogin_resp =<\/span> session.<\/span>post(<\/span>login_url,<\/span> data=<\/span>data)<\/span>
\nprint<\/span>(<\/span>login_resp.<\/span>status_code,<\/span> login_resp.<\/span>text[<\/span>:<\/span>200<\/span>]<\/span>)<\/span><\/p>\n
\nimport<\/span> cv2
\nimport<\/span> numpy as<\/span> np<\/p>\n