从网站获取任何文本和图像的最简单方法是选择它,使用CTRL+C键复制它,然后使用CTRL+V粘贴它。如果粘贴的材料不是您从网站上复制的怎么办?当然你会再次复制粘贴,结果可能是一样的。这是有风险的,我们将讨论原因。
一个简单的示例是,您从网站复制命令并将其粘贴到控制台上。事实证明命令已更改,这会损坏您的数据。你复制粘贴的方式有问题吗?还是有什么恶意?这篇文章讨论了什么是Pastejacking——改变你从网页复制的内容的艺术。
什么是粘贴劫持
几乎所有浏览器都允许网站在用户的计算机上运行命令。此功能可以让恶意网站接管您计算机的剪贴板。也就是说,当您复制某些内容并将其粘贴到剪贴板时,该网站可以使用您的浏览器运行一个或多个命令。该方法可用于更改剪贴板内容。虽然如果您只是复制到记事本(Notepad)或Word等可能不会很危险,但如果您将某些内容直接粘贴到命令提示符(Command Prompt),则可能会给您的计算机带来问题。
当用户完成任何特定操作时,网站会运行命令——例如按下特定键或右键单击鼠标。当您在键盘上按CTRL+C稍等片刻(比如 800 毫秒)后,它会将恶意内容粘贴到剪贴板。等待是让您使用CTRL+V粘贴您复制的原始文本。某些网站可能会跟踪CTRL+V并使用它来触发更改剪贴板内容的命令。
他们还可以跟踪鼠标移动。如果您不使用键盘,而是使用上下文菜单进行复制,那么它们也可以触发命令来替换剪贴板内容。
简而言之,Pastejacking 是恶意网站用来控制您的计算机剪贴板并在您不知情的情况下将其内容更改为有害内容的一种方法。(In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge.)
为什么粘贴劫持有害
假设(Suppose)您要从网站复制粘贴到Microsoft Word。当您按下CTRL+C或CTRL+V时,网站会在您的剪贴板上放置一些可以创建和执行有害宏的命令。
更糟糕的是,当您将内容直接粘贴到PowerShell或命令提示符(Command Prompt)窗口等控制台时。Mac用户在使用iTerm时会有一定的安全性。这是一个允许Mac用户替换默认控制台的仿真。使用 iTerm 时,它会询问用户是否真的希望粘贴包含“换行符”字符的内容。然后,用户可以根据他们正在做什么选择“是”或“否”。
换行符(Newline character)实际上是Enter键的一半。Enter键通常由一个箭头表示,该箭头似乎从上一行到下一行然后再到左。回车(Enter)键是换行符(Newline)(更改到下一行)和回车(Return)符(如打字机中的“回车到最左边的位置 x,0”)字符的组合。当您按Enter键时,将执行该控制台行上的任何命令。请求确认取决于控制台。
对于大多数命令, Windows命令提示符不会要求确认。只有在您使用DEL或FORMAT命令时,它才会要求确认。对于RENAME等命令,它不会要求确认。我没有太多使用Powershell,所以我不知道那里的命令是如何被接受的。
在任何情况下,如果网站使用Enter(Enter)键(/n/r,其中 /n 是换行符,/r 是回车符)在剪贴板上放置命令,控制台或任何可编程应用程序都会直接运行命令。如果这些命令是有害的,它们可能会对您的机器和网络造成严重破坏。
阅读:网站流量指纹(Website Traffic Fingerprinting)。
如何避免粘贴劫持
如果您是OS X,您可以使用 iTerm 模拟器以确保安全。如果使用已附加的Enter(Enter)字符集发生粘贴劫持,它将提示您。
Windows用户需要检查放入计算机剪贴板的内容。为此,首先,将内容粘贴到记事本(Notepad)中。它仅将剪贴板粘贴为文本,并让您查看剪贴板中的内容。如果您看到您复制的内容,您可以继续将其粘贴到您想要的任何位置。这意味着一个额外的步骤,但比获得Pastejacked更好。请记住(Remember),使用Word检查剪贴板可能很危险,因为它也可以使用宏等进行编程。
请记住(Remember),使用Word检查剪贴板可能很危险,因为它也可以使用宏等进行编程。记事本(Notepad)不可编程,因此可以安全地检查剪贴板的内容。当然,由于内容是纯文本粘贴的,所以您不会看到格式、字体和样式等。
对于图像,虽然我不确定,但我认为右键单击并选择“另存为...(Save As…) ”比使用“复制(Copy)”命令更好。
另请阅读:(Also read:) 剪贴板数据盗窃 - 加强 Internet Explorer 中的安全设置。
What is Pastejacking? Why you shouldn't copy paste from web?
The easiest method to obtain any text and images from a website is to sеlect it, copy it using CTRL+C keyѕ and then paste it using CTRL+V. What if the pasted material is not what you copiеd from the website? Surely you’ll copy-paste again, and the results might be the same. It’s risky, and we’ll talk why.
A quick example is that you copy a command from a website and paste it on the console. It turns out the command was changed, and this damages your data. Is it something wrong with the way you copy paste? Or is it something malicious? This article talks about what is Pastejacking – the art of changing what you copy from web pages.
What is Pastejacking
Nearly all browsers allow websites to run commands on the users’ computers. This feature can allow malicious websites to take over your computers’ clipboard. That is, when you copy something and paste it to your clipboard, the website can run one or more commands using your browser. The method can be used to change the Clipboard contents. While it may not be much dangerous if you are just copying to Notepad or Word etc. , it could be a problem for your computer if you paste something directly to the Command Prompt.
Websites run command(s) when anything specific is done by the user – like when pressing a specific key or right-clicking the mouse. When you press CTRL+C on your keyboard, it triggers the website command mode. After a small wait, say 800 ms, it pastes something malicious to your clipboard. The wait is to let you use CTRL+V paste the original text that you copied. Some websites may track CTRL+V and use it to trigger a command that changes the clipboard contents.
They can also track mouse movements. If you do not use the keyboard but instead, use the context menu to copy, then too they can trigger commands to replace your clipboard contents.
In short, Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge.
Why is Pastejacking harmful
Suppose you are copy pasting from a website to Microsoft Word. When you press CTRL+C or CTRL+V, the website places few commands on your clipboard that can create and execute harmful macros.
Worse is when you are pasting content directly to a console like PowerShell or Command Prompt window. Mac users have some security if they are using iTerm. It is an emulation that allows Mac users to replace the default console. When using iTerm, it asks the users if they really wish to paste something containing “newline” character. Users can then select “Yes” or “No” depending on what they are doing.
The Newline character is actually half the Enter key. The Enter key is depicted, generally by an arrow that seems to be originating fro an upper line to lower line and then to left. The Enter key is a combination of Newline (change to next line) and Return (read “carriage return to leftmost position x,0” as in typewriters) character. When you press the Enter key, any command on that console line is executed. It is dependent upon the console to ask for confirmation.
The Windows command prompt does not ask for confirmation in case of most commands. It asks confirmation only in case you use a DEL or FORMAT command. For commands like RENAME etc., it will not ask for confirmation. I haven’t used Powershell much so I don’t know how the commands are accepted there.
In any case, if the website places commands on your clipboard with the Enter key (/n/r where /n is newline and /r is carriage return), the console or any programmable application directly runs the command(s). If these commands are harmful, they can create havoc on your machine and network.
Read: Website Traffic Fingerprinting.
How to avoid Pastejacking
If you are an OS X, you can use the iTerm emulator for safety. It will prompt you in case pastejacking happens with already appended Enter set of characters.
Windows users need to check what is placed into your computers’ clipboard. To do this, first, paste the contents into the Notepad. It pastes clipboard as text only and lets you see what is there in the clipboard. If you see what you copied, you can go ahead and paste it wherever you want. It means an additional step but is better than getting Pastejacked. Remember that using Word to check clipboard may be dangerous as it too is programmable using macros etc.
Remember that using Word to check clipboard may be dangerous as it too is programmable using macros etc. Notepad is not programmable and hence is safe to check the contents of the clipboard. Of course, you will not see the format, fonts, and styles, etc. as the contents are pasted as plain text.
For images, though I am not sure, I think right-clicking and selecting “Save As…” is better than using the “Copy” command.
Also read: Clipboard Data Theft – Harden security setting in Internet Explorer.
