The specific details of using XMLHTTP to create a thief are out of date. Many people have posted and discussed it, but in the process of creating an ASP thief, many people found that the ASP thief is not as powerful as the PHP thief. Indeed, if there is form submission or cookie verification on the original website, it would be difficult for ASP to complete it without using SOCKET-based components. In fact, the other two methods of XMLHTTP have been ignored by us, and this is the key to the problem.
Let’s first talk about this method
1. .send()
Since popular thieves use GET instead of POST to transmit data, many people ignore this method. It is also very simple to use SEND to send data, which is SEND (content). However,
Sending a form is not that simple, because if the form you send is in Chinese, it will involve encoding issues.
First of all, you must make sure to use POST when OPEN, that is, .open(POST, address, whether it is asynchronous).
Then, add the content of your form in SEND. For example, the form you want to submit has three form fields, namely A, B, and C, and the corresponding values are 1, 2, and 3 respectively. Then, when you SEND You can submit the form by writing like this, .send(A=1&B=2&C=3), how about it, it’s very simple, didn’t you expect it? But don't get too happy too early. As I mentioned before, if the value of the form is in Chinese, there will be an error in data transmission. Here we use a function escape(). Friends who are familiar with JAVASCRIPT should know the role of this function. Now VBSCRIPT also supports this function. .send(A=escape('value1')&B=escape('value2')&C=escape('value3')) .
2. .setRequestHeader()
Following the above, your data is sent out, but the other party will not receive it. Why? In fact, it is because your HTTP header is missing something, and then you can use this function to add it. Specifically, it is .setRequestHeader(CONTENT-TYPE,application/x-www-form-urlencoded), tells the other party that you submitted a urlencoded form.
Okay, now that we’ve talked about form submission, let’s talk about how to send cookies.
In fact, sending cookies is also very simple. You can also use this function to add things in the HTTP header. For example, the cookies I am currently behind are
cdb_sid=ybBiK0; cdb_cookietime=315360000; cdb_oldtopics=D869008D; cdb_visitedfid=1D45; cdb_auth=AQYHXVFDGERdsggVQA1VYUgxQDwFVV1dUAlwFAFRXVwU%2FbAIJB1lUCg; cdb_fid45=1113370145
Now I want to send this cookie directly.setRequestHeader(Cookie,cdb_sid=ybBiK0; cdb_cookietime=315360000; cdb_oldtopics=D869008D; cdb_visitedfid=1D45; cdb_auth=AQYHXVFDGERdsggVQA1VYUgxQDwFVV1dUAlwFAFRXVwU%2FbAIJB1lUCg; cdb_fid45=1113370145)
Of course, some website pages have a page judgment function. This is not difficult, that is.setRequestHeader (Referer, the absolute address of the source)