This is my fourth times, the first two times are basically looking at someone else's presentation, yet vaguely third time, fourth time also hope the idea can be a little clearer.
Next, look at the demo it. (Please also pass chiefs light spray! If there is an error, please let us know!)
Question: When you click the button below, you can not view the source code
analysis:
(Because Veiw Source is part of a pop-up window, set the page to check whether to ban the pop-up window, due to different browsers, this is not random in the screen shot.)
1, see the web page code
Since this is a button, it must be in accordance with the normal trigger a click event when clicked, but we did not trigger button event here, so we need to press F12 to analyze source code, Ctrl + F to find the id of the information, It found that only one match to match, indicating that the page has been unable to find the source.
As the button events can be bound by a JavaScript script id, but we have this script is not written on the page, so it may be written in a js file them, so we press Sourse -> / dvwa / js- -> dvwaPage.js, before look in the js file id
When you click Find, find no response, that there is no button event we want in the JS file.
2, file search (analysis of this process is slightly complicated, but please be patient and read)
Next we put it another thought, Console us to find the source of the page if the error, check the source of the error message.
When we find such a add_event_listeners.js file in the error message, and hover above, you can find a directory of the file is http://127.0.0.1/dvwa/js/add_event_listeners.js . Since we have all the dvwa page document, so we can DVWA-master (this is only after DVWA installation package when my computer to install unzip the file name, the file on xmapp -> htdocs inside) find add_event_listeners.js open the file and where the file is located.
我们发现这个地址和之前在网页中所看见的地址http://127.0.0.1/dvwa/js/add_event_listeners.js 略有不同 ,即网页中的少了一个DVWA-master,所以我们可以试试在add_event_listeners.js路径中加上DVWA-master,所以我们打开文件add_event_listeners.js ,C+F查找看看是否写了关于路径的语句dvwa/js/add_event_listeners.js,查不到这个,就不断缩小,扩大查找维度,直到dvwa时仍然无法查到相关语句
3、分析当前网页
由于上面文件无法找到路径,所以接下来我们分析当前页面,我们可以发现当前页面所在的路径为:
那么我们可以去打开我们文件中这个路径的PHP代码
在第一个代码中发现连dvwa都无法查找到,而在第二个文件中可以查找到多个dvwa,那么就而下来我们继续查找dvwa/js路径,发现查不到,那么可能就是该路径根本就没有写在文件中,而是通过链接其他文件实现该效果,那么接下来去仔细发现之前的文档中是否有关于链接文件的语句。
如下,我们在上面的第二个文件中找到了一个链接其他文件的语句,
跟随着路径,打开文件,看是否能够寻找到dvwa/js。我们将会发现我们将找到两个dvwa/js。
那么我们试着在前面加上一个之前差的路径(我这边是加DVWA-master),保存,运行 。
依旧报错,那么我们把这个删掉,将下一个按照上面的操作更改
