我只是想知道黑客如何在网站(比如 www.xyz.com)前设置反向代理来窃取用户信息。一个简单的例子就足够了。如果用户在 Web 浏览器中键入 www.xyz.com,那么该请求是否可能通过黑客设置的反向代理,或者就像网络钓鱼攻击一样,Web 浏览器中的地址应该与真实网站不同。
最佳答案
反向代理用于向 Web 服务器添加负载平衡、安全性和缓存等功能。
要让黑客利用这一点,他们需要诱骗用户转到与真实地址不同的地址(网络钓鱼),然后使用反向代理使其看起来像是访问了真实网站。
通过本地安装的应用程序或病毒,可以更改主机文件或拦截 dns 请求以将流量重定向到真实地址,但这比网络钓鱼要少得多。
http://en.wikipedia.org/wiki/Reverse_proxy
A reverse proxy is a proxy server that is installed on a server network or on network equipment. Typically, reverse proxies are used in front of Web servers. All connections coming from the Internet addressed to one of the Web servers are routed through the proxy server, which may either deal with the request itself or pass the request wholly or partially to the main web servers.
A reverse proxy dispatches in-bound network traffic to a set of servers, presenting a single interface to the caller. For example, a reverse proxy could be used for load balancing a cluster of web servers. In contrast, a forward proxy acts as a proxy for out-bound traffic. For example, an ISP may use a proxy to forward HTTP traffic from its clients to external web servers on the Internet; it may also cache the results to improve performance.
关于reverse-proxy - 解释反向代理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3971221/