这是我用Wireshark抓到的数据包
POST /upload.php HTTP/1.1
Content-Type: multipart/form-data; boundary=---------------------------7d83e2d7a141e
Accept-Encoding: gzip
Host: up.f.360.cn
Content-Length: 1998
Cache-Control: no-cache
Cookie: B=ID=739191265759926:V=2:S=53c7c9433f; __utma=148900148.326659550.1275141945.1275141945.1275531076.2; __utmz=148900148.1275531076.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=360
-----------------------------7d83e2d7a141e
Content-Disposition: form-data; name="attribute"
<?xml version="1.0" encoding="UTF-8" ?><attribute><version>1.0</version><client><product><![CDATA[360safe]]></product><module><![CDATA[newspy_killer]]></module><version><![CDATA[1]]></version><wservicever><![CDATA[]]></wservicever><extinfo><![CDATA[]]></extinfo></client><os><version><![CDATA[5.1.2.0]]></version><windir><![CDATA[C:\WINDOWS]]></windir><sysdir><![CDATA[C:\WINDOWS\system32]]></sysdir></os><info><name><![CDATA[360_formal_1283517590.log.up]]></name><md5>4a0245f7e1958aba3dd290d04eb01ff7</md5><path><![CDATA[C:\Documents and Settings\James\Application Data\360Safe\LogInfo\360_formal_1283517590.log.up]]></path><class>important_log</class><uninstall_name><![CDATA[]]></uninstall_name><filesize></filesize><sign>0</sign><product><![CDATA[]]></product><sign_corp><![CDATA[]]></sign_corp><corp><![CDATA[]]></corp><filetimestamp></filetimestamp><desc><![CDATA[]]></desc><soft_edition></soft_edition><file_edition></file_edition><sign360></sign360><shell></shell><drivertype></drivertype></info></attribute>
-----------------------------7d83e2d7a141e
Content-Disposition: form-data; name="type"
client_log
-----------------------------7d83e2d7a141e
Content-Disposition: form-data; name="vk"
8f7c9ace
-----------------------------7d83e2d7a141e
Content-Disposition: form-data; name="mid"
6f5ef1e945ea77eb32b25eda5e5681e0
-----------------------------7d83e2d7a141e
Content-Disposition: form-data; name="specimen_cont"; filename="C:\DOCUME~1\James\LOCALS~1\Temp\4a0245f7e1958aba3dd290d04eb01ff7.zip"
Content-Type: application/octet-stream
PK..........#=`...e...l... ...4a0245f7e1958aba3dd290d04eb01ff7UT
.....L...L...L..A
.0..........Il..UJ.? V............@.@..4y.\.T..j...M.......u.n......x....x^Xp...W.....
....8.nv..PK............#=`...e...l... ......... .......4a0245f7e1958aba3dd290d04eb01ff7UT......LPK..........W.........
-----------------------------7d83e2d7a141e--
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Fri, 03 Sep 2010 13:06:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.10
Content-Encoding: gzip
15
..........3..!.......
0
------解决方案--------------------
嗯. 对于这类软件, 一定要找个网络嗅探软件, 拷问两三天后,再决定是否用它.
唉.. 现在国内的哪个软件不偷东西?
基本上没有了.
所以, 我一般电脑里装的都是这些优秀软件的最早期的版本. 那些版本经过考察, 还没有加入偷东西的代码.
但是QQ 是强制升级的. 没有办法了..只能任由它强奸....
------解决方案--------------------