Shulou(Shulou.com)06/01 Report--

Almost all browsers support calling up developer tools through the F12 button or the "View elements" function, which is supposed to be used by professional Web application and website developers, but it is also important for Web security testing.

Different types of browsers use different developer tools, which can be divided into two categories: Firefox and IE. For example, 360 browsers, by default, the speed mode uses the Firefox kernel, so press F12 to call up Firefox developer tools. If you choose compatibility mode, use the IE kernel, and F12 is the developer tool for IE.

For Firefox browsers, the most commonly used functions in developer tools are "viewer" and "console".

The source code of the web page can be seen in the viewer, and the content on the web page can be modified through it, because this part of the code is executed on the client side and implements the corresponding function, which belongs to the Web front end. However, the Viewer can only change the display on the local browser, not the server-side code.

You can run and debug some Javascript code directly in the console.

Example 2:BugKu calculator

Http://123.206.87.240:8002/yanzhengma/

After clicking on the link, let you enter the CAPTCHA, but only one digit.

Then it's easy to change the length of the text box through the viewer feature of the Firefox developer tool.

After entering the CAPTCHA correctly, you get the flag.

Example 3:forms

Experiment: http://ctf5.shiyanbar.com/10/main.php

After opening the page in the title, enter any value in the text box to display the error message.

Looking at the source code of the page, you will see that there is a hidden text box of type hidden, and name is showsource.

Through the viewer function of the Firefox developer tool, change the text box type to text so that it appears on the page.

Enter any value in this text box, and a code will be displayed on the page, which is used to determine whether the PIN code entered by the user is correct.

Copy the PIN code in the code and submit it to get the flag.

Example 4:what a fuck! What the heck is this?

Experiment, http://ctf5.shiyanbar.com/DUTCTF/1.html.

After opening the web page, there is a typical jother encoding.

Jother is a kind of coding used in Javascript, which can encode any string with a small number of characters "!, +, (,), [,], {,}".

Since it's Javascript code, you can try running it in the console of the developer's tool. Select all the contents of the web page, and then copy it to the console to run

Come out, flag.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.