相关文章
https://github.com/Gamma-laboratory/JsFak --selenium模拟爆破绕过JS加密
验证码
验证码泄露 网站的源码中 请求的Cookie中 爆破 无条件不刷新 -验证码固定 - 直接爆破 有条件不刷新(如客户端通过js生成)- 验证码在前端校验-抓包爆破 验证码自动识别 通过接口返回验证码-接口唯一/验证码不唯一(Java一般以.do结尾)- 使用工具PKAV HTTP FUzzer 和 Burpsuite 爆破 burpsuite插件 reCAPTCHA
六位数验证码
https://wooyun.laolisafe.com/bug_detail.php?wybug_id=wooyun-2012-014618
Geetest滑动验证码
https://www.freebuf.com/articles/web/140693.html
绕过IP限制爆破 - PHP - 客户端重写HTTP_X_FORWARDED_FOR
$onlineip = ''; if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) { $onlineip = getenv('HTTP_CLIENT_IP'); } elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) { $onlineip = getenv('HTTP_X_FORWARDED_FOR'); } elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) { $onlineip = getenv('REMOTE_ADDR'); } elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) { $onlineip = $_SERVER['REMOTE_ADDR']; } return $onlineip;