Many voting websites cannot vote repeatedly, mainly restricting IP. One ip can only vote once. Let’s take a look at the cheating plan of voting websites that use HTML to implement ip restrictions. Friends who need it can refer to it.
For cheating schemes for voting websites that restrict IP, this method uses some vulnerabilities in voting websites to monitor remote IPs, and does not really forge IP addresses. http is the seventh layer above the tcp established. It is impossible to forge real IP addresses. Recently, friends who need a voting software. I recently studied this voting website. This voting website has a verification code, and each IP is limited to one vote, which seems to be a standard voting website. I've studied the verification code first:
The verification code of this voting website is very simple to start with, with four standard numbers in standard locations, which are easy to identify. Later, the number of abnormal numbers of digits is not certain, and there are letters, and the position is not certain. The recognition of verification codes is not only difficult for software to recognize, but also difficult for manual recognition. There is no way out when you are at the end of your life. There is another village with dark willows and flowers. Please see the next paragraph of decomposition!
After I continued to analyze and research, I found that there were loopholes in his verification code inspection. I found this vulnerability. This verification code was useless. There was no need to identify or verify code. I went around directly because he only set a js code to check whether the verification code is empty on the voting option page. The js code is run on the client, and the effect of this verification is zero. Generally, JS verification is only for the convenience of users. As a voting website, it only uses this verification method. On the voting dynamic page, it is really not a good idea to check whether the verification code is empty. It poses great hidden dangers to the security of the website.
Regarding the verification code problem, I have learned the cracking method. As long as you do not directly access the verification code file when voting, the verification code is empty. Since its dynamic page does not check whether the verification code is empty, as long as the verification code parameters are empty when posting.
Then there is another problem. This voting website checks the IP and restricts one IP to only allow voting once. Then it can only be achieved by using a proxy, or by constantly disconnecting the network and dialing. I really couldn't think of any other good solution. Later, this friend found a program that can vote on this website at a very fast speed. I was curious about the IP solution of this program and asked my friend to come and analyze it.
First of all, I used the method of catching packages on this voting software to study it. After I was ready, I opened the voting program to brush it! Prompt for software conflict! I'm dizzy, no, then I'll close some programs. After all, I'll leave only one package grabbing program and prompt a conflict. Haha, it turns out that this program still knows that someone might analyze his software, and it actually traverses the process name to check whether there are suspicious programs. If a program analyzes or captures the package, he refuses to run it. Haha, I currently know that the software he restricts includes Easy Language Programming Software and WSockExpert_Cn packet capture software. Haha, after turning off Yi Language, change the name of WSockExpert_Cn, successfully pass the software's own security detection and run successfully.
Here are the packets I voted for during use:
XML/HTML Code Copy content to clipboard