½ñÌì·ÖÏíµÄÊÇ×÷ÕßÔÚÖÚ²â¹ý³ÌÖÐʵÏÖµÄÒ»´ÎÐÔÑéÖ¤ÃÜÂ루OTP£©Èƹý¼¼ÇÉ£¬Í¨¹ýÀ¹½ØÐÞ¸ÄÏìÓ¦ÖеÄÄÚÈݼ´¿ÉÓÐЧÈƹýOTP£¬×ËÊƷdz£¼òµ¥£¬µ«Ò²ÖµµÃѧϰ½è¼ø£¬Ò»ÆðÀ´¿´¿´¡£
¼ÙÉèÄ¿±êÍøվΪexample.com£¬µ±ÎÒÔÚÆäÖд´½¨ÁËÓû§Õ˺ÅÖ®ºó£¬ÎÒµÄ×¢²áÓÊÏäÖоÍÊÕµ½ÁËÒ»¸öÒ»´ÎÐÔÑéÖ¤ÃÜÂ루OTP£©£¬¸ÃOTPÄ¿µÄÊÇͨ¹ýÑéÖ¤ÓÊÏäÀ´È·ÈÏÎÒµÄÉí·Ý¡£
¿ªÆôBurp×¥°üºó£¬ÎÒÊäÈëÁËÕýÈ·µÄOTPºó£¬ÇëÇóµÄÏìÓ¦¼ò½àÃ÷ÁË£¬ÆäÖаüº¬Ò»¸ö¼òµ¥µÄÏûϢͷ¡¯HTTP/1.1 200 Created¡¯ºÍÒ»¸ö´óÀ¨ºÅ{} µÄÏûÏ¢Ìå¡£´ËʱÎÒÏëµ½ÁËÀ´³¢ÊÔÈƹýÕâÖÖOTP»úÖÆ¡£
1¡¢Ê¹ÓÃÓÊÏäabc123@gmail.com´´½¨ÕË»§£»
2¡¢Ö®ºó£¬ÓÊÏäabc123@gmail.com»áÊÕµ½Ò»¸öOTPÑéÖ¤ÃÜÂ룻
3¡¢°Ñ¸ÃOTP¸´ÖƵ½ÑéÖ¤ÇøÓò£¬¶ÔÓû§Éí·Ý½øÐÐÑéÖ¤¡£´Ëʱ¿ªÆôBurp×¥°ü£¬ÔÚµ±Ç°ÇëÇ󳡾°Ï£¬Í¨¹ýÓÒ¼ü-Do Intercept >Response To This RequestÉèÖÃÀ¹½ØÏìÓ¦°ü£º
È»ºó£¬ÎÒÃÇÀ¹½Ø»ñµÃÁËÕýÈ·OTPÑéÖ¤µÄÏìÓ¦°üÈçÏ£º
4¡¢Íê³ÉÒ»´ÎÕýÈ·µÄOTPÑéÖ¤²Ù×÷£»
5¡¢ÏÖÔÚ£¬ÓÃÊܺ¦ÕßÓÊÏävictim123@gmail.com½øÐÐÕË»§´´½¨£»
6¡¢ÏÖÔÚ£¬¿ÉÒԿ϶¨£¬Ä¿±êÍøÕ¾»áÏòÊܺ¦ÕßÓÊÏävictim123@gmail.com·¢ËÍÁËÒ»¸öOTPÑéÖ¤Â룻
7¡¢µ«ÊÇ£¬ÒòΪÎÒûÓÐÊܺ¦ÕßÓÊÏävictim123@gmail.comµÄµÇ¼ȨÏÞ£¬¾ÍÖ»Óг¢ÊÔÈƹýÁË£»
8¡¢ÎÒÃÇÔÚÄ¿±êÍøÕ¾µÄOTPÑéÖ¤ÇøÓòËæÒâÊäÈëÒ»´®OTPÑéÖ¤Â룻
9¡¢´ÓBurpµÄ×¥°üÖУ¬ÎÒÃÇ»ñµÃÁËÉϸö²½ÖèËæÒâÊäÈëOTPÑéÖ¤µÄÇëÇó£¬È»ºóͬÑù°´ÕÕDo Intercept >Response To This RequestÉèÖÃÀ¹½Ø»ñÈ¡ÏìÓ¦°ü£¬ÈçÏ£º
10¡¢¿ÉÒÔ¿´µ½£¬ÏìÓ¦°üÌáʾÑé֤ʧ°ÜÁË£¬ÆäÖеÄÏûϢͷºÍÏûÏ¢ÌåΪ¡¯HTTP/1.1 400 Bad Request¡¯ ºÍ{¡°error¡±: ¡°user_not_verified¡±}£»
11¡¢ÏÖÔÚ£¬ÎÒÃÇ°ÑÏìÓ¦°üÖеÄÏûϢͷºÍÏûÏ¢Ìå·Ö±ðÌ滻Ϊ£º¡¯HTTP/1.1 200 Created¡¯ ºÍ{}£¬È»ºóµã»÷ÏìӦת·¢¡°Forward¡±;
12¡¢½ÓÏÂÀ´£¬Ææ¼£³öÏÖÁË£¬Ä¿±êÍøÕ¾µÄOTPÑéÖ¤ÇøÓòÌáʾ¡°ÕË»§Éí·ÝÑéÖ¤³É¹¦¡±£¡
OTP¾ÍÕâÑù±»ÈƹýÁË£¡
2020.2.5 ©¶´³õ±¨ 2020.2.6 ©¶´·ÖÀà ©¶´½±Àø£º€ xxx
*²Î¿¼À´Ô´£ºmedium£¬clouds ±àÒëÕûÀí£¬×ªÔØÇë×¢Ã÷À´×Ô FreeBuf.COM
±¾ÎÄ·ÖÏí×Ô FreeBuf ΢ÐŹ«Öںţ¬Ç°Íù²é¿´
ÈçÓÐÇÖȨ£¬ÇëÁªÏµ cloudcommunity@tencent.com ɾ³ý¡£
±¾ÎIJÎÓë?ÌÚѶÔÆ×ÔýÌå·ÖÏí¼Æ»®? £¬»¶ÓÈÈ°®Ð´×÷µÄÄãÒ»Æð²ÎÓ룡