JavaScript 暴力破解网页表单
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6715514/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
JavaScript brute force into web form
提问by Suraj
Just above the answer box an error would appear on wrong attempt which says "Incorrect Answer". Additionally we have unlimited number of attempts.
就在答案框上方,错误尝试会出现一个错误,上面写着“错误答案”。此外,我们有无限次数的尝试。
Above is the website preview with detailed information.
以上是详细信息的网站预览。
Code:
代码:
<form id="level" method="post">
<label for="answer">Answer:</label>
<input type="text" name="answer" id="answer" />
<input type="submit" name="submit" id="submit" value="Submit" />
</form>
So simply here we get to know that the form does not have action source. The only way (which I know) is to hack through javascript. Like the one used to spam Facebook and Orkut, where we have to put in the javascript in URI, address bar.
所以简单地在这里我们知道表单没有动作源。唯一的方法(我知道)是通过 javascript 破解。就像过去经常向 Facebook 和 Orkut 发送垃圾邮件一样,我们必须将 javascript 放入 URI、地址栏中。
I have built a javascript (for the address bar) to link to the other javascript files.
我已经构建了一个 javascript(用于地址栏)来链接到其他 javascript 文件。
I would like to know some tips and tricks from you geniuses (btw thanks in advance, I know you guys are very generous )
我想知道你们天才的一些技巧和窍门(顺便说一下,我知道你们非常慷慨)
And if someone know some online javascript brute force script or something online that could be linked through javascript.
如果有人知道一些在线 javascript 暴力脚本或可以通过 javascript 链接的在线内容。
回答by Peter Olson
As much as I hate to tell people how to do this sort of thing, it's an interesting problem.
尽管我讨厌告诉人们如何做这种事情,但这是一个有趣的问题。
I should say first, however, that a brute force solution will likely take too long to be practical. If the solution is 8 characters long, and we try 1 million possibilities per second (a very optimistic assumption), it would take about 5 years to try out all of the possibilities.
然而,我应该首先说,蛮力解决方案可能需要太长时间才能实用。如果解决方案长度为 8 个字符,并且我们每秒尝试 100 万种可能性(一个非常乐观的假设),那么尝试所有可能性大约需要 5 年时间。
Nevertheless, here is some Javascript code that you should be able to modify to fit your needs:
不过,这里有一些 Javascript 代码,您应该能够修改以满足您的需要:
var chars = ["a","b","c","d","e","f","g","h","i","j,","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"," "];
while(document.getElementById("answerResult").innerHtml != "Correct Answer"){
var len = Math.floor(Math.random() * 20);
var str = "";
while(str.length < len){
str += chars[Math.floor(Math.random() * chars.length)];
}
document.getElementId("answer").value = str;
document.getElementById("level").submit();
}
This solution does not actually use brute force. It implements a method similar to bogosort. While more fun and simple, it may take a bit longer to finish. If you're an incredibly lucky person, it might be solved on the first iteration.
此解决方案实际上并未使用蛮力。它实现了一个类似于bogosort的方法。虽然更有趣和简单,但完成可能需要更长的时间。如果你是一个非常幸运的人,它可能会在第一次迭代中解决。
回答by Adipradeep
static String seqToken(long value) {
String[] digitsAlpabets = { "a", "b", "c", "d", "e", "f", "g", "h",
"i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t",
"u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5",
"6", "7", "8", "9" };
int codePoint = (int) (--value % 36);
long higher = value / 36;
String letter = digitsAlpabets[codePoint];
return higher == 0 ? letter : seqToken(higher).concat(letter);
}
change the character set as you like and use the size accordingly To get the sequence generator.
根据需要更改字符集并相应地使用大小来获取序列生成器。
回答by Ilia Choly
You need to find the script it's connecting to. Use this http://blog.getfirebug.com/2009/10/30/event-listener-view-for-firebug/to see what event listeners are associated with the button. You might also need to download a javascript deobfuscator plugin for firefox https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/
您需要找到它所连接的脚本。使用此http://blog.getfirebug.com/2009/10/30/event-listener-view-for-firebug/查看与按钮关联的事件侦听器。您可能还需要为 firefox https://addons.mozilla.org/en-US/firefox/addon/javascript-deobfuscator/下载一个 javascript deobfuscator 插件
