一般来说,使用工具进行字典爆破进行登录时,通常根据服务器返回的响应报文的长度是否发生变化来得出哪一个为正确的账户口令。但是如果登录页面的名称的字数,和登录成功后首页的名称的字数是一样的,且服务器均响应为302错误。此时,只有通过响应报文的重定向行指向的网页的名称来判断是否成功登录。如果不细心一点,很可能错过得到正确账户口令的机会。
例如:响应报文只有Location行有差别。如:
登录失败:
HTTP/1.1 302 Found
Date: Thu, 27 Jul 2017 01:19:46 GMT
Server: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/4.0.38 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.2-1ubuntu4.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: login.php
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html
登录成功:
HTTP/1.1 302 Found
Date: Thu, 27 Jul 2017 01:19:46 GMT
Server: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/4.0.38 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By: PHP/5.3.2-1ubuntu4.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: index.php
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html