网络安全CTF比赛模拟题
web:网络攻防
reverse:逆向工程
pwn:二进制
crypto:密码学
mobile:移动安全
misc:安全杂项
工具
hackbar
浏览器插件
右键 检查
burpsuite
java编写的用于测试网络应用程序安全性的图形化工具
dvwa靶场
本地访问
X-Forwarded-For:127.0.0.1
中文乱码:https://blog.csdn.net/weixin_46329243/article/details/112950158
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| Client-IP: 127.0.0.1
Forwarded-For-Ip: 127.0.0.1
Forwarded-For: 127.0.0.1
Forwarded-For: localhost
Forwarded: 127.0.0.1
Forwarded: localhost
True-Client-IP: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Custom-IP-Authorization: 127.0.0.1
X-Forward-For: 127.0.0.1
X-Forward: 127.0.0.1
X-Forward: localhost
X-Forwarded-By: 127.0.0.1
X-Forwarded-By: localhost
X-Forwarded-For-Original: 127.0.0.1
X-Forwarded-For-original: localhost
X-Forwarded-For: 127.0.0.1
X-Forwarded-For: localhost
X-Forwarded-Server: 127.0.0.1
X-Forwarded-Server: localhost
X-Forwarded: 127.0.0.1
X-Forwarded: localhost
X-Forwared-Host: 127.0.0.1
X-Forwared-Host: localhost
X-Host: 127.0.0.1
X-Host: localhost
X-HTTP-Host-Override: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Real-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Remote-Addr: localhost
X-Remote-IP: 127.0.0.1
|
webshell管理工具
一句话木马
蚁剑、冰蝎、哥斯拉
浏览器:about:config
sqlmap
sql注入
用于探测目标是否存在sql注入
hackbar
双写绕过
view-source:http://a.y1ng.vip:1126/robots/robots.txt