瑞星卡卡安全论坛

Checking If the Browser Can Accept Cookies Using javascript
用javascript来检查用户浏览器是否支持cookie技术
Listing 25.11 Checking If the Browser Can Accept Cookies Using javascript
＜HTML＞
＜HEAD＞
＜SCRIPT LANGUAGE="javascript"＞
document.cookiess="test=OK";

function getCookie(name) {
var cName = name + "=";
var dc = document.cookiess;
if (dc.length＞0) {
  begin = dc.indexOf(cName);
  if (begin != -1) {
    begin += cName.length;
    end = dc.indexOf(";", begin);
    if (end == -1) end = dc.length;
      return unescape(dc.substring(begin,end));
  }
}
return null;
}

if (getCookie('test')==null)
alert("Please change your browser to accept cookies.");
else
alert("Browser accepts cookies");

＜/SCRIPT＞
＜/HEAD＞

＜BODY＞
The page content
＜/BODY＞
＜/HTML＞
Checking If the Browser Accepts Cookies Without javascript
不用javascript来检查用户浏览器是否支持cookie技术！！！
Another way to check if the browser is willing to accept cookies is by creating a cookie on one page and then immediately redirecting the user to a second page. In the second page you can then try to read the cookies. The code in Listing 25.12 uses the ＜META＞ tag to create a cookie called "test" and then redirects the browser to a second page called checkCookie.jsp (in Listing 25.13).
Listing 25.12 Checking Browser Cookie Acceptance with Redirection
＜HTML＞
＜HEAD＞
＜META HTTP-EQUIV="Set-Cookie" CONTENT="test=ok;"＞
＜META HTTP-EQUIV="Refresh" CONTENT="0;URL=checkCookie.jsp"＞
＜/HEAD＞
＜/HTML＞
In the second page, implemented using ASP in this example, you try to read the same cookie using the code in Listing 25.13.
Listing 25.13 Reading the Cookies in the Browser Cookie Acceptance Test
＜%
If Request.cookiesss("test") ＜＞ "" Then
  Response.Write "Cookies accepted."
Else
  Response.Write "Cookies not accepted."
End If
%＞
Even though the code in this example only sends a message to the user telling him or her whether or not his or her browser accepts cookies, you can modify it to suit your needs. For instance, you can transfer the user to a warning page if the cookies are not accepted.
了解一个cookie文件里面的内容的含义！！！！！！！
3.5 What are all those entries in my cookies.txt file?

The layout of Netscape's cookies.txt file is such that each line contains one name-value pair. An example cookies.txt file may have an entry that looks like this:
.netscape.com    TRUE  /  FALSE  946684799  NETSCAPE_ID  100103
Each line represents a single piece of stored inFORMation. A tab is inserted between each of the fields.

From left-to-right, here is what each field represents:

domain - The domain that created AND that can read the variable.
flag - A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by the browser, depending on the value you set for domain.
path - The path within the domain that the variable is valid for.
secure - A TRUE/FALSE value indicating if a secure connection with the domain is needed to access the variable.
expiration - The UNIX time that the variable will expire on. UNIX time is defined as the number of seconds since Jan 1, 1970 00:00:00 GMT.
name - The name of the variable.
value - The value of the variable.
好现在还看看其它方面的，有趣的一面！
在window当中cookie一般存放在C:\Documents and Settings\wwwfox\Cookies
wwwfox为我登录xp的账号,当然由于ie版本不同存放的位置也有所不同,你可以到微软官方网站上去查看,当然最好的方法就是搜一下Cookie文件就可以知道具体在存放在那里了,
下面是Cookies下面的一个Cookie文件wwwfox@cgi-bin.txt内容是:
advpost
0
219.239.245.203/cgi-bin/
1536
1276665728
29789832
2326352352
29783688
对应方法
advpost---＞cookie .getName
0---＞cookie .getvalue()
1536--＞cookie .getMaxAge()如返回为-1表示关闭浏览器cookie就失效
  后面就是创建日期,失效日期
  创建时间,失效时间
现在教你怎么用jsp编程查看上网时网站给你创建的cookie文件，
问题一.cookiess只能由它创建的网站访问，那么我们怎么能够在自己的电脑是运行自己的服务器查看出来呢，如果能成那就是cookie欺骗。侵入别人网站的根源。
好通过示例来演示：, wwwfox@csdn[2].txt当然它的命名是
你的用户电脑帐号@产生的COOKIE的网页文件所在的WEB目录[COOKIE改变的次数].txt
wwwfox电脑帐号在访问csdn网站时是不会发送到csdn网站上去的，也就是只能在我的电脑wwwfox帐号上使用这个cookie其人（帐号）是不能用的。。
在C:\Documents and Settings\wwwfox\Cookies下我有一个登录csdn网站时由它创建的cookie
wwwfox@csdn[2].txt的内容是：
ABCDEF
hbWhkUhCWfRTUyeAVO5k79qTBFZXtGV2qfwAROv%252fvVk9qF3rfkcZQbl1IdMsBxhy15Y%252fqwN2XiLyTy%252fDGuW4LY7zZll16huuVbnJ0CEun26I%252f2bynXLPd2Ymq%252bn2Mt11pSP5w3%252fZNXt9ZJEp79VMCw%253d%253d
csdn.net/
1536
3743055744
29786511
2555961280
29783695
////////////////////////////
在C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps\test新建一个文件checkCookie.jsp
＜%@page pageEncoding="gb2312" %＞
＜%
Cookie[] cookie=request.getCookies();
out.println("this is www.csdn.net/＜br＞");
out.println("＜br＞");
for(int i=0;i＜cookie.length;i++)
{
if(cookie .getName().equals("ABCDEF"))
{
String name=cookie .getName();
String value=cookie .getvalue();
int maxage=cookie .getMaxAge();
out.println("name="+cookie .getName()+"＜br＞");
out.println("value="+cookie .getvalue()+"＜br＞");
out.println("maxage="+cookie .getMaxAge()+"＜br＞");
//out.println("setMaxAge为30");
//cookie .setMaxAge(30);
//out.println("之后为maxage="+cookie .getMaxAge()+"＜br＞");
out.println("domain="+cookie .getDomain()+"＜br＞");
out.println("secure="+cookie .getSecure()+"＜br＞");
out.println("path="+cookie .getPath()+"＜br＞");
}
}
%＞
好现在访问一下
http://localhost:8080/test/checkCookie.jsp是不是显示：
this is www.csdn.net
而没有取到值：因为只能在它的domain下能访问到这个cookie
好现在我们来
把C:\WINDOWS\SYSTEM32\DRIVERS\etc下面的hosts.sam打开修改其中的
127.0.0.1  hostname
为127.0.0.1      www.csdn.net
在这里你还可以再添加多行和上面相访的键值对，这个比外网的dsn优先级高所以它先把www.csdn.net解释成本地的127.0.0.1所以你就可以由这个访问了，这也可以解释为什么我们可以在ie敲http://localhsot的原因，这里localhost你可随便改成你喜欢的名称.
保存
修改conf/servlet.xml当中的端口为80端口
＜Connector port="80" maxHttpHeaderSize="8192"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" redirectPort="8443" acceptCount="100"
              connectionTimeout="20000" disableUploadTimeout="true" /＞
好现在启动tomcat访问http://www.csdn.net/test/checkCookie.jsp
得到结果啦：
this is www.csdn.net

name=ABCDEF
value=hbWhkUhCWfRTUyeAVO5k79qTBFZXtGV2qfwAROv%252fvVk9qF3rfkcZQbl1IdMsBxhy15Y%252fqwN2XiLyTy%252fDGuW4LY7zZll16huuVbnJ0CEun26I%252f2bynXLPd2Ymq%252bn2Mt11pSP5w3%252fZNXt9ZJEp79VMCw%253d%253d
maxage=-1
domain=null
secure=false#一般为默认值false不然为true就表示在像ssl验证时才能访问些cookie
path=null
由于在本机不能创建cookie所以不能演示修改cookie值给大家看.
达内的论坛cookie
存放用户名和密码没有经过加密的如
amembernamecookie
javazhai＃这里是我的用户名
219.239.245.203/cgi-bin/
1536
2476861952
29789838
3517958576
29783694
*
apasswordcookies
xxxxxx#这里是我的密码
219.239.245.203/cgi-bin/
1536
2476861952
29789838
3517958576
29783694
而csdn是经过加密方式存储的如
ABCDEF
hbWhkUhCWfRTUyeAVO5k79qTBFZXtGV2qfwAROv%252fvVk9qF3rfkcZQbl1IdMsBxhy15Y%252fqwN2XiLyTy%252fDGuW4LY7zZll16huuVbnJ0CEun26I%252f2bynXLPd2Ymq%252bn2Mt11pSP5w3%252fZNXt9ZJEp79VMCw%253d%253d
这一串肯定包含了用户名和密码的，它经过某种方式取得原始用户名和密码