目标靶场
墨者学院在线靶场-网络安全-浏览器信息伪造
网站地址:https://www.mozhe.cn/bug
参考链接:https://blog.csdn.net/lilin_emcc/article/details/40145113
NetType测试数据:
iPhone 5 / iOS 8.0 / Wifi
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12A365 MicroMessenger/6.0 NetType/WIFI
iPhone 5 / iOS 8.0 / 2G
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12A365 MicroMessenger/6.0 NetType/2G
iPhone 5 / iOS 8.0 / 3G
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12A365 MicroMessenger/6.0 NetType/3G+
红米 / Android 4.2.2 / Wifi
Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; 2014011 Build/HM2014011) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 MicroMessenger/6.0.0.50_r844973.501 NetType/WIFI
小米3 / Android 4.4.2 / Wifi (微信5.3还没有提供 NetType 字段)
Mozilla/5.0 (Linux; Android 4.4.2; MI 3 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36 MicroMessenger/5.3.0.51_r697493.440
靶场通关测试
burpsuite抓包,修改浏览器版本信息user-agent,并替换为上面的iPhone手机的参数值:
Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Mobile/12A365 MicroMessenger/6.0 NetType/2G