来源:网络安全技术博客
现在ARP嗅探越来越流行,虽然是很老的方法,但是也很有效,下面说下如何将网站本地JS加密
比如某论坛程序的 传输加密
(令人纠结的Wordpress,如果想复制粘贴代码请将<替换成<)
就是用的JS加密方法
var pwmd5log = new Array();
function pwmd5() {
numargs = pwmd5.arguments.length;
for(var i = 0; i < numargs; i++) {
if(!pwmd5log[pwmd5.arguments[i]] || $(pwmd5.arguments[i]).value.length != 32) {
pwmd5log[pwmd5.arguments[i]] = $(pwmd5.arguments[i]).value = hex_md5($(pwmd5.arguments[i]).value);
}
}
}
就像这个,就是JS加密
如何在传输之前加密呢
<form method="post" name="login" id="loginform" class="s_clear" onsubmit="pwmd5('password3');pwdclear = 1;" action="log.php">
<option value="username">用户名</option>
<option value="uid">UID</option>
<option value="email">Email</option>
</select>
<input type="text" name="username" autocomplete="off" size="36" class="txt" tabindex="1" value="" />
</div>
<p class="selectinput loginpsw">
<label for="password3">密 码 :</label>
<input type="password" id="password3" name="password" size="36" class="txt" tabindex="1" />
</p>
</div>
<p class="fsubmit s_clear">
<button class="submit" type="submit" name="loginsubmit" value="true" tabindex="1">登录
</p>
</form>
这就是国内某著名论坛程序的传输加密方法,将password3加密后传输,这样嗅探的都是MD5,当然也可以更BT一点,弄一大堆MD5加密,但必须和数据库匹配
也就是说加密传输之后,需要和数据库里的密文匹配
下面给一段示范
<form method="post" name="login" id="loginform" class="s_clear" onsubmit="pwmd5('password3');pwdclear = 1;" action="log.php">
用户名:
<input type="text" name="username" autocomplete="off" size="36" class="txt" tabindex="1" value="" />
</div>
<p class="selectinput loginpsw">
<label for="password3">密 码 :
<input type="password" id="password3" name="password" size="36" class="txt" tabindex="1" />
</p>
</div>
<p class="fsubmit s_clear">
<button class="submit" type="submit" name="loginsubmit" value="true" tabindex="1">登录
</p>
</form>
<script>
var pwmd5log = new Array();
function pwmd5() {
numargs = pwmd5.arguments.length;
for(var i = 0; i < numargs; i++) {
if(!pwmd5log[pwmd5.arguments[i]] || $(pwmd5.arguments[i]).value.length != 32) {
pwmd5log[pwmd5.arguments[i]] = $(pwmd5.arguments[i]).value = hex_md5($(pwmd5.arguments[i]).value);
}
}
}
</script>
不过这种方法是防君子不防小人,如果有条件的话操作服务器的话···建议看看一下两篇文章
1./Article/201107/97251.html
2./Article/201107/97252.html