1. Is this attack method feasible?
2.How to implement php? How to fill in the registration data into the other party's form, and how to implement random registration in a loop?
淡淡烟草味2017-06-23 09:13:23
1. Yes (if there is no verification code or the verification code is cracked)
2: The steps of the plan are as follows:
Use fidder and other packet capture tools to find out the interface URI registered by the website
Analyze the data required by the registration form, such as username: Zhang San password:12345
Construct form parameters username=zhangsna&passpord=12345
Use a PHP script on your computer to write a CURL simulation POST to submit form data to the registered interface uri address
If the above steps are successful, you can write a script in contrba of Linux to continuously construct fake user names
Just keep submitting while(true)
A new registration script is started every minute, so there are more and more processes, and the database will soon reach thousands of people
But it is still far from collapse, and the MySQL database can store 50 million data without any problem.
代言2017-06-23 09:13:23
CC, a single computer crashed the database. . . Might as well find an injection point
ringa_lee2017-06-23 09:13:23
Why use multiple threads to request writes at the same time. It's best to use distributed attacks to achieve high concurrency and it will collapse.
If you rely solely on the amount of data, MySQL can handle writing 10 million data.
巴扎黑2017-06-23 09:13:23
Do you have such a website? Let me test it
1. Look at the address where the data is submitted and try to post the data directly
2. Use selenium to simulate user operations