墨者靶场训练

Posted 玛卡巴卡巴巴亚卡

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了墨者靶场训练相关的知识,希望对你有一定的参考价值。

一、浏览器信息伪造

登录后发现说需要使用iphone收集在2g网络下查看微信。

user-agent是用于表示用户设备信息的

从微信6.0开始,其内嵌的浏览器在User-Agent字符串中增加了NetType字段用于标识客户端(手机)当前的网络环境

网上搜索一个iphone的微信在2g网的ua

iPhone 5 / ios 8.0 / 2G
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (Khtml, like Gecko) Mobile/12A365 MicroMessenger/6.0 NetType/2G


 

 二、来源页伪造

网页数据包来源通过referer识别

将referer修改为google.com的即可

 

 三、HTTP动作练习

原始报文如下,get请求传参过长

GET /info.php?content=Vm0wd2QyUXlVWGxWV0d4V1YwZDRWMVl3WkRSV01WbDNXa1JTV0ZKdGVGWlZiVFZyVmxVeFYyTkljRmhoTWsweFZtcEdTMk15U2tWVWJHaG9UVmhDVVZadE1UUlRNazE1Vkd0c2FsSnRhRzlVVjNOM1pVWmFkR05GWkZSTmF6RTFWVEowVjFaWFNraGhSemxWVmpOT00xcFZXbUZrUjA1R1pFWlNUbFpYZHpGV1ZFb3dWakZhV0ZOcmFHaFNlbXhXVm0xNFlVMHhXbk5YYlVacVZtdGFNRlZ0ZUZOVWJVcEdZMFZ3VjJKVVJYZFpWRVpyVTBaT2NscEhjRk5XUjNob1YxZDRVMUl5VW5OWGJHUllZbFZhY2xWcVFURlNNWEJHVjJ4T1ZXSkdjRlpXYlhSM1ZqSktWVkpZWkZwV1JYQklWbXBHVDFkV2NFZGhSMnhUVFcxb1dsWXhXbXROUjFGNVZXNU9hbEp0VWxsWmJGWmhZMVphZEdSSFJrNVNiRm93V2xWYVQxWlhTbFpqUldSYVRVWmFNMVpxU2t0V1ZrcFpXa1p3YkdFelFrbFdiWEJIVkRKU1YxZHVUbFJpVjNoVVZGY3hiMWRzV1hoYVJGSnBUV3RzTTFSVmFHOVhSMHBJVld4c1dtSkhhRlJXTUZwVFZqSkdSbFJzVG1sU2JrSmFWMnhXWVZReFdsaFRiRnBZVmtWd1YxbHJXa3RUUmxweFUydGFiRlpzV2xwWGExcDNZa2RGZWxGcmJGaFhTRUpJVmtSS1UxWXhXblZVYkdocFZqTm9WVlpHWTNoaU1XUkhWMjVTVGxaRlNsaFVWM2hIVGxaYVdFNVZPVmhTTUZZMVZsZDRjMWR0U2toaFJsSlhUVlp3V0ZreFdrdGpiVkpIVld4a2FWSnRPVE5XTW5oWFdWWlJlRmRzYUZSaVJuQnhWV3hrVTFsV1VsWlhiVVpPVFZad2VGVXlkREJXUmtwelYyeHdXR0V4Y0hKWlZXUkdaVWRPU0U5V1pHaGhNSEJ2Vm10U1MxUXlVa2RUYmtwb1VqSm9WRmxZY0ZkbGJHUllaVWM1YVUxWFVraFdNalZUVkd4S1JsZHVTbFZXYkZwNlZHeGFZVmRGTlZaUFZtaFRUVWhDU2xac1pEUmpNV1IwVTJ0a1dHSlhhR0ZVVnpWdlYwWnNObEpzWkdwaVNFSklWMnRrYzFVeVNuSlRiVVpYVFc1b1dGZFdXbEpsUm1SellVWlNhRTFzU25oV1YzUlhXVlpaZUZkdVJsVmlWR3h6V1d0YWQyVkdWWGxrUjNSb1lsVndWMVp0Y0dGWGJGcFhZMGhLVjFaRldreFdNVnBIWTIxS1IyRkdhRlJTVlhCS1ZtMTBVMU14VlhoWFdHaFhZbXhhVjFsc2FFTldSbXhaWTBaa2EwMVdjREJaTUZZd1lWVXhXRlZyYUZkTmFsWlVWa2Q0WVZKc1RuTmhSbFpYWWtaWk1GWkhkR0ZaVm1SSVZXdG9hMUp0YUZSWmJGcExVMnhrVjFadFJtcE5WMUl3VlRKMGExZEhTbGhoUjBaVlZucFdkbFl3V25KbFJtUnlaRWR3YVZacmNFbFdiR1EwWVRKR1YxTnVVbEJXUlRWWVZGYzFiMWRHYkhGVGExcHNVbTFTV2xkclZURlhSa3BaVVd4c1dGWnRVVEJYVm1SSFVqRmFXVnBIYUZOV1ZGWlZWbGN4TkdReVZrZFdiR1JvVW5wc2IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWakpHY2xkcmVGZGhhM0JRVldwS1IxSXlSa2hpUms1cFlUQndNbFp0TVRCVk1VMTRWVmhzVm1FeVVsVlpiWFIzWVVaV2RFMVhPV3BTYkhCNFZrY3dOVmRHV25OalJteGFUVVpWTVZsV1ZYaGpiVXBGVld4a1RtRnNXbFZXYTJRMFdWWktjMVJ1VG1oU2JGcFlXV3RhV2sxR1drZFZhMlJXVFZac05WVnRkR0ZWUmxsNVlVaENWbUpIYUVOYVJFWmhZekZ3UlZWdGNFNVdNVWwzVmxSS01HRXhaRWhUYkdob1VtMW9ZVlpyVm1GTk1WcHlWMjFHYWxacmNEQmFSV1F3VlRKRmVsRllaRmhpUmxwb1dWUktSMVl4VG5WVWJXaE9UVzFvV1ZaR1dtRlRNVlpIWTBWV1UyRXpRbk5WYlRGVFRWWlZlV042UmxkTlZuQjZXVEJhVjFkR1dYcFZia3BhWVd0YWVsWnFTa3RTTWtaSVkwZDRhRTFZUWpSV01XUXdXVmRSZVZaclpGZGliRXBQVm14a1UxWXhVbGhrU0dSWFRWZDRlVlpYTVVkWFJrbDNWbXBTV2sxSGFHaFdha3BIWTIxT1JtVkdXazVXYmtKSlYxaHdSMVl5VFhsU2EyaHBVbXMxY0ZVd1ZrdE5iRnB4VW0xR1ZrMVZNVFJXVnpWVFZqSkZlVlZ0YUZaTlJuQm9WbXBHYzJNeGNFVlZiR1JUWWxob1lWZFVRbUZoTWtWM1RWWmthbEpGU21GVVZWcGFaREZzVjFaWWFGaFNiRnA2V1ZWYWExUnNXWGxoUkVwWFRWWndhRlY2UmtwbFJsSjFWbXhLYVZKc2NGbFdSbEpIVXpBMWMxZHJaRlpoTWxKWFZGWmFkMDFHVm5Sa1J6bFdVbXhzTlZsVmFFTldiVXBJWVVWU1YwMXVhSEpXYWtaaFpFVTVWMVpyTlZkaWEwWXpWbXhqZDAxV1RYaFhhMmhVWWtkb2IxVnFRbUZXYkZwMFpVaGtUazFXY0hsV01qRkhZV3hhY2s1WWJGaGhNWEJRV1ZaYVMyTnRUa1ZYYkdScFVqQTBNRmRZY0VkV2JWRjNUVlprV0dKWGVITlpWRVozVjFaa1dHVkhPVkpOVlRFMFdUQmFZVll4WkVoaFJsSlZWbTFTVkZwWGVITldiR1J6Vkcxb1YyRXpRWGhXVm1NeFlqRlplRmRZY0doVFJYQllWbXRXWVdOc1ZuRlNiR1JxVFZoQ1NGbFZaRzlVYXpGV1kwWmtWMkpIVGpSVWEyUlNaVlphY2xwR1pHbGlSWEJRVm0xNGExVXhXbk5WYkdoclUwZFNWRlJXWkRCTk1WbDVUVlZrVjAxcmNFaFphMUpoVjJ4YVYxTnNRbGROYWtaSFdsWmFWMk5zY0VoU2JHUlhUVlZ3VWxac1VrZGhNVTE0VTFob2FsSlhVbWhWYkZKWFZERldjMkZGVGxSTlZuQjRWVzB4UjFack1WWk5WRkpYVm0xb2VsWnNXbXRUUjBaSlVteGFhVkl4UlhkV2JURTBZekpOZUdORmFGQldiVkpVV1d0V2QxZHNXa2hsUjNCUFZteHNORll5TlU5aGJFcFlZVVpvVjJGck5WTmFSRVp6VmpGYVdXRkhjR2xXV0VKSFZteGtOR0V4VW5OWFdHeG9Va1Z3V0ZSV1duZGhSbFkyVW10d2JGSnNTakZXUnpGSFZUSktSMk5HYkZoV00xSm9Xa2N4VjJNeFpISmFSbVJwVmxad2FGWnRjRWRUTVVsNFZXNU9XR0pWV2xkVmJYaHpUbFpzVm1GRlRsZGlWWEJKV1ZWV1QxbFdTa1pYYmtwWFlXdGFhRnBGVlRWV01WcHlUbFprYVdFd1dYcFdiWGhUVXpBMVNGUllhRmhpUjFKb1ZXeGtiMkl4Vm5GUmJVWlhZa1p3TUZwVmFHdFVhekZYWTBoc1YwMXFSa2haVjNoaFkyMU9SVkZ0UmxOV01VWXpWbTF3UzFNeVRuTlVia3BxVW0xb2NGVnRlSGRpTVZweVZXdDBVMDFXYkRSV1Z6VkxWMGRLUjFOdVFsZGlSbkF6VmpGYWExWXhWbkphUjNST1lURndTVmRYZEc5U01WcElVbGhvYWxORk5WZFpiRkpIVmtaU1YxZHNXbXhXTURReVZXMTRiMVV5UlhwUmJVWlhWbTFSTUZwRVJscGxWazV6WWtaYWFWSXlhRzlXVjNSWFdWZE9jMVp1UmxOaVdGSnlWbTE0WVdWV1VuTlhiWFJwVWpCd1dsbFZVbUZXTURGWVZWaGtXRlp0VWxOYVZscGhZMnh3UjFwR2FGTk5NbWcxVm14a2QxUXhWWGxUV0docFUwVTFXRmx0TVZOWFJsSlhXa1JDVGsxV2NEQlVWbFpyVmpBeFJWSnNhRnBoTVVwb1ZqSjRZVmRHVm5WWGJHUk9ZbTFvYjFacVFtRldNazV6WTBWb1UySkhVazlVVnpGdlUyeFplRlZyZEd4aVZscElWakZvYjJGc1NsaFZiV2hXWWtaS1dGWkVSbGRqTWtaR1ZHeFNUbFp1UWpSV1Z6QjRVakZhY2sxV1dtbFNSbHBYV1d0a2IyUnNXWGRYYlhSVVVqRmFTRll5ZUhkV01VcFhZak53VjJGcldtaFpla1pyVjBaU2NtSkdWbWxTTW1oVlYxZDRiMkl3TlZkWGJsSk9Va1ZhYjFSV1duTk9WbFY1WkVkMGFHSkZjREJhVldSdlZqSktSMk5FVGxwTmJtaDZWbXhhUjFkWFJrZGhSazVwVW01Qk1WWXhXbGRaVjBWNFZXNU9XRmRIZUc5VmExWjNWMFpzV0dSRmRHcGlSbGt5VlcweE1GWXdNVmRqUkVaWFlsaG9XRmxXV2s5U2JFNXpZMFprVjFKVmNGbFdXSEJIVkRGWmVGcElWbE5pUlRWd1ZteGFkMkZHV25SalJXUlVUVlZzTkZaWE5VOVhSMHBXVjJ4a1ZtSllhRE5VVlZwelZteGtjMVJzWkZkaVNFSlpWMVJDYTFJeFdsZFhiazVxVTBWd1dGbFhkR0ZoUm5CR1ZsUldWMDFXU25sVWJGcHJWR3N4ZEdGSFJsZGlWRVl6VldwS1NtVldWbGxoUm1ocFlrVndWbGRYZEd0aU1rbDRWbTVTVGxaNmJGaFphMXAzWld4WmVVNVhkRlZoZWtaYVZWZDRjMWxXV2xoaFJrSlhVa1Z3VEZWdE1VOVNWa1owVW14T1YwMVZXWHBXYlhoVFV6RktkRlp1VGxOaWExcFpXV3RrVTJOR1ZuRlJWRUpPVW0xU1dsa3dWbXRXTWtwWFYyeG9WMUo2Vmt4WlZscExZMjFPU1ZGc1pHbFNia0Y2Vm1wR1lWbFdTWGhpUkZwVFlrWndUMVpxUmt0VFZscHhVMnBTVjAxV1ZqVlZNblJyWVd4T1JrNVdhRnBpUjJoVVZGUkdkMWRIVmtoa1IzQnBVakZLTmxaclpEUmlNVlY1VWxoc2EyVnJTbGhXYTFaeVpVWnNjVkpzY0d4U2JWSmFXVEJrYjFaR1NsbFJiV2hZVm0xUmQxZFdaRmRqTVdSMVVteE9hVkl4U25oV1JscHJWVEF4UjFadVVteFNWR3h3VldwQ2QxZHNiRlpWYTNSWFRXdHdTVlpIY0ZOV1YwVjVWV3hPWVZac2NHaFpNbmgzVWpGd1IyRkdUazVOYldjeFZtMTRhMDFHV1hoVVdHaGhVbGRTV0ZsdGVFdGpiRlYzVmxSR1ZVMVdTbGhXTWpWUFZERmFkVkZyWkZoaE1WcHlWbXBCZUZKV1NuTmFSbkJvVFZWd2IxWnFTalJaVm1SSFZtNVdXR0pIVW05WlZFNURVMVprVlZOcVVsUk5helZZVmxjMVUxVXlTa1pPVmxKWFlrWndZVlJWV21Gak1YQkZWV3h3VjJFeWR6RldhMXB2WWpKR2MxTnNhR2hTZW14WFdWZDBkMlJzV2tWU2JGcHJUVlp3ZVZwRlZURmhWa3AxVVZoa1YxSnNjRlJXVkVaaFkyc3hWMWRyTlZkU2EzQlpWbTB3ZUdJeVZuTlhibEpPVmxad2MxWnRlR0ZsYkZsNVpVaGthRlp0VWtoVk1XaDNWMFpaZWxGcmFGZGhhM0JRVm1wR1UyUldTbk5YYld4VFRWVndWbFl4WkRSaU1rbDRZa1prWVZKc1dsTlpiRlpoWWpGU1YxZHVaR3hpUmxZMVZHeGFUMVl5U2xaalJXeGhWbFp3YUZacVNrdFRSbFoxVjIxR1UwMHlhRFpXYlhCSFdWWmtXRkpyWkdGU1ZGWllWRlpXYzA1R1dYaFZhMDVhVmpCV05GWlhOVk5WTWtweVRsWnNXbUV4Y0doV01WcGhaRVV4VjFOck5WTmlSbXQ1Vmxjd2VGSXlSblJTYWxwWFlrZG9XVmxVU2xOa2JGcFZVMnQwVTAxck5VaFphMXB2VmpBd2VGTnRPVmRoYTNBMldsVmFTbVZHY0VsVGJXaFRUVEpvVlZaR1ZtRmtNa1pIVjI1U1RsWkdTbkZVVlZKWFYwWmFkRTVXVG1oTlZXOHlXV3RhYTFadFNsbGhSRTVWVmxad2VsWnRlR3RqTVZKeldrWmthVk5GU2xwV01WSkRZVEZKZUZkc1pGaGlhelZ4VlRCV2QxbFdjRmhrUjBab1VtNUNSMVpzVWxkV01ERlhVMjVzVldKR2NISlpWbVJHWkRGa1dXTkdaR2xYUjJoVlZsaHdRazFXU1hoYVJteG9VbTFTV1ZWcVRtOVdiR1JYVld0MFZrMVdjRmhaYTJoUFZqSktWbGRzYUZwaE1YQXpWRlphY21ReFpIUmtSMmhPWVROQ1NWZFVRbTlqTVZsM1RWaFdhRkpGTldGV2ExWkhUa1paZUZkclpHcGlWVnBJV1ZWa2IxUnNaRVpUYkZwWFlsaG9WRlY2Umt0a1JscDFWR3hPYVdFeGNGcFhWM1JyVlRGUmVHSklVbXhTV0ZKWlZXMTRkMU5HV1hsTlZXUllVakJ3V0ZWdGNFOVdWbHB6VjI1d1dsWnNjRXRhVm1SSFVqRldjMVpzWkd4aE1XOTVWbTF3UjFsV2JGZFRXR2hoVTBaS1ZGbHJXa3RVTVZwellVVk9WRlpzY0hoVk1WSkhWbXN4Y2xkcVFsZGlWRlpNVmpCa1MxTkhSa2RYYkdScFZrVmFWVlp0ZEdGa01XUklWbXRrYWxJemFGaFVWVkpTWlZaYVdFMVVVbWhOVmtwNlZqSTFWMVZ0Um5OalJteFhZVEZhVEZsVldtRldWa3AwWkVaT1RsWXhTWGhXYkdRMFdWWlplRk5zV21wU2JrSllXV3hTUTA1R1dsVlNhemxUVFZad01WVnRlRTloVm1SSFUyNXNWMkpVUlRCVmVrcFhZekpLUjFkdFJsUlNWRlpZVmtaa01HUXlWbGRXV0d4c1VsZFNXRlJYZEhkV2JGWllZMFpPVjFZd1ZqVldWM2hQV1ZaYWMyTkhhR0ZTYkhCVVdrVmFTMk14Vm5OVWJHaFRWbGhDYUZadGNFZFpWMFYzVFZWa1ZWZEhhRmxXTUdSdlZqRnNjbGR1WkZkTlYzaFdWVEo0VDFkR1duTmpSRUpoVmxkb2NsWXdXbUZrVmtaeldrWndWMVl4UmpOV2FrSmhVMjFSZUZwR1ZsUmlSbkJ3VmpCYVMwNXNXblJqUldSWVlsWmFlbFp0TlZkWFIwcElWVzA1V2xaRk5VUlZNVnByVmxaT1dXRkdWazVXV0VGM1ZtMHhNR0V4WkVoU2FscFhZa2RvWVZsc2FGTlVSbFY1WlVad2JGSXdXa3BYYTFwUFZHeFplbUZHY0ZkaE1YQjJXV3BLUjJNeFRuTmhSbHBwVW01Q2FGZFhkR3RpTWxKellraEdVMkpGTlZoVVZtUlRaV3hyZDFwRVVtaFdhM0F4VlZab2ExZEdXa1pUYkdoYVZrVmFjbGw2Um10WFZuQkhXa2RvYVZKWVFscFdNV1F3WVRKSmVWVnVUbGhpYXpWb1ZXeGFkMk14V25SbFIwWnNZa1p3TUZwVmFHdGhSbHAwVld0b1ZrMVhhRE5XTUZwaFl6RmtkR0ZHWkdoaE0wSlZWbGN4ZW1WR1dYbFNhMlJTWWtkU1QxUlZWbmRXYkZsNFdrUkNhRTFFUWpWV2JUVlBWMFprU0dWSVNsWmhhelZFVmxWYVlXTldSbk5hUlRsWFlrWlpNVmRyVm10TlIwWklVMnRhYWxKdGVHRldiRnAzWkd4WmVVMVZkRk5OVlRWNVdWVmFZVlJzU25WUmJXaFlZVEZLU0ZwRVJrdGpNazVHVjJ4Q1YwMXVhRlZXYWtKWFUyc3hWMWRZYUZoaVIxSmhWbXBDVjA1R1dsaE9WVGxZVW0xU1NWcFZZelZXYlVWNFYycE9WMDFHY0ZSV2FrWnJaRlp3U0dGR1RtbFRSVXBJVm14amVHVnJOVmRXV0dST1ZtMVNjVlZyVm1GWFJsWnhWRzA1V0ZKdGVGaFdNblF3WVdzeGNrNVZhRnBoTVhCMlZtcEJkMlZHVG5GVGJHUlhZa1Z3U1ZaclVrZFhiVlpIWTBWc1ZHSlhhRlJVVkVwdlZsWmFSMVp0Um10TlYxSllWakowYTFsV1RrbFJiazVXWWtaS1dGWXdXbUZrUlRWWFZHMW9UbFpYT0hsWFYzUnFUbFphVjFkdVRsaGhhelZvVm1wT2IxbFdjRmRhUlRsUFlrWndlbGRyVlRGaFJUQjNVMnhvVjJKVVFqUlVWVnBTWlVkS1IxcEdVbWhOV0VKYVYxY3hNR1F4YkZkalJtaHJVakJhYjFWdE5VTlNNVmw1WkVSQ2FHRjZSbGhaTUdoelZsZEtSMk5JU2xkU00yaG9WakJrVW1WdFRrZGFSMnhZVWpKb05WWnJaREJoTVU1MFZteGtWbUpIZUc5VmJURnZZMFpzY2xadVpGZGlSMUpaVkZab2QxUnNXWGRPVm1oWFlsUldWRlpIZUdGT2JVcElVbXhrYVZkSFozcFhiRnBoV1ZkU1JrMVdXbUZTYkZwdldsZDBZVmxXV2xkYVJGSnFUVmQ0V0ZZeWVHdGhiRXBHVGxkR1YyRXhXa2hVYTFwYVpVWmtjbHBIY0dsV1ZuQkpWMVpXYTJJeFVuTmFSVnBVWWtad1dGbHNhRzlXUmxZMlVtdDBhMUpzY0RGV1IzaFBZVmRGZUdOR2NGaFdNMUp5VmxSS1QxSXhaSFZUYkdSb1RUQktVRlpYTUhoVk1XUnpZVE5rVjJKWVVsaFVWM1IzVjBaV2RHTkZPVmRXYkhCNlZqSTFkMWRzV25OalJYUmhVa1ZhY2xwR1dsTmpNazVIV2taT1YxSnNjRWRXYlRGM1VqRnNXRkpZYUZoWFIyaHhWV3hhWVZVeGJITmhSazVxVW14d01GcEZXbmRVYkVwMFZXeHNZVkpYVWtoWlZsVjRZMnhrZFdKR1ZsZFdNbWcyVjFaV1lWTXlVa2hTYTJSWVlrZFNjRll3Wkc1bGJHUlhWbTFHVmsxV2JEUlhhMmhUVlRKS1IxTnNVbFZXYkhBelZURmFZV05zYTNwaFIyeE9WbTEzTVZaWGVHOWtNVlowVW01T2FsSnRlRmhaVkVaaFZFWnNWbGR1VGs5aVJYQXdXa1ZhVDFSc1dYaFRXR2hYWVRKUk1GWlVTa2RTYXpGSllrZG9VMkpZYUZsWFYzaHZWVEZrUjFwR1pHRlNWR3h4VkZaYWQwMVdWblJsUlRsb1ZteHdXRmt3YUhOV01rcFZVbGhrWVZKRmNGaFpla1pyWkZaV2NrNVdhRk5XUmxwWlZtdGFZVmxYVVhoVWEyUllWMGQ0YzFVd1ZURlhSbEpZWkVaa1QxSnRkRE5YYTJNMVYwWktjMk5JY0ZwTlIyZ3pWbXBLUjJOc1pITlZiSEJPWW0xbmVsWlhjRWRrTVU1SVUydG9hRkl6YUhCVmJUVkRXVlphZEdORlpHaGlWbHBKVm0wMVMxUnNXblJWYkd4WFRVZFNkbFl4V25Oa1IxWkdaRWR3VGxac2NEUldWbU40VWpGa1IxTnVVbXhUUjNoWVZGYzFVbVF4V25GUldHaFhUV3MxU0ZscldsZGhWa3B6WWtST1YySlVSVEJYVm1ST1pVWndTVlJzYUdsU2JIQlpWbTB4TUdRd05WZFhiRnBZWVRGd1VWWnRkRXRWTVZaSFZWaGtVVlZVTURrPQ HTTP/1.1
Host: 219.153.49.228:45830
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://219.153.49.228:45830/index.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

burp转换 请求方式

 

 成功

开始由于只是把GET变为POST,并且把get传参的内容变到post中,但忽略了post报文和get报文格式的不同。post报文中会有content-type好content-lenth,而get报文中没有。

 

 四、投票系统缺陷分析

 需要将ggg投成第一

投票数据包,ggg的id是7.

 

X-Forwarded-For 是一个 HTTP 扩展头部。HTTP/1.1(RFC 2616)协议并没有对它的定义,它最开始是由 Squid 这个缓存代理软件引入,用来表示 HTTP 请求端真实 IP,使用爆破

 

 

 

 

 

 

 

 

以上是关于墨者靶场训练的主要内容,如果未能解决你的问题,请参考以下文章

墨者靶场训练

墨者靶场(综合)

墨者靶场(综合)

墨者靶场(初级) Webmin未经身份验证的远程代码执行

墨者靶场(初级) Webmin未经身份验证的远程代码执行

墨者靶场 SQL注入漏洞测试(布尔盲注)