某组PASSWORD参数URL如下:aHR0cHM6Ly9wYXNzcG9ydC5tZWl0dWFuLmNvbS9hY2NvdW50L3VuaXRpdmVsb2dpbg==抓包接口如下:这里有三个参数,按需构造,password,csrf(这个简单获取)从html可以),h5Fingerprint。h5Fingerprint之前的参数名为token,今天就不演示了,有兴趣的朋友可以试试。今天的主要任务是搞清楚密码是怎么产生的。根据工具栏中的Network,找到Initiator选项栏,将鼠标悬停在抓包的请求上,如上图。我们找到ajax请求前面的e,点击找到重点,对象o有url,post,data,其中data是post的参数,打断点,重新发送请求,如下:e中的password已经加密,跟进找到加密函数u.encrypt(),加密前对对象u进行u.setPublicKey(this.publicKey)。第二个地址:aHR0cDovL3d3dy5pYXBwc3RvZGF5LmNvbS8=下面是浏览器抓包Network一栏,和上面location加密位置一样,鼠标悬停在Initiator一栏选择ajax请求前面的,点击进入如下:很明显前面的代码是获取输入的密码值,并对其进行RSA加密,最后可以下断点取出相关代码。三地址如下:aHR0cHM6Ly9sb2dpbi4xMDA4Ni5jbi9odG1sL2xvZ2luL2VtYWlsX2xvZ2luLmh0bWw=根据password=,快速定位到加密位置在该位置打上断点后进入到加密函数,熟悉的setPublicKey(),典型的RSA加密四地址如下:aHR0cDovL2kuYmFpZHUuY29tL3dlbGNvbWUv抓包之后,根据登录的请求,asshowninthefigureabove,afterclickingin,thepositioningisasfollows,remembertosetabreakpoint,getthepasswordfromthepageinputboxanddoasimpleprocess,andthenenterbaidu.url.escapeSymbol(e.RSA.encrypt(o),whereoItisthepasswordweentered.YoucanseethatthefunctionnameandotherfeaturesareRSAencryption.Wecanclickintoviewtheabovecodetoproveourjudgment.ThepasswordusesRSAencryption.TheabovefourcasesareallRSAencryption.Infact,Ijustfoundthelocationoftheencryptedcode,anddidnotdeductthecodeasbefore.Maybeyouhaveencounteredmanysimilarcasesbefore,andthendeductedforalongtimewithoutdeductionoftheresult!Theresultisawasteoftimeandhasnoeffect.Infact,Thereisnoneedtodeductcodesforthiskindofencryption,becausemostRSAencryptionsareuniversal,andtheencryptionalgorithmisthesame.Fewwebsiteswillchangeit,evenifitismodified,itisonlytheinputofparametersandafterencryptionTheoutputhasbeenfurtherprocessed.Forexample,inthefourthcase,somecharactersintheRSAencryptedresultaresimplyreplaced,baidu.url.escapeSymbol(),sowedon’tneedtodeductthecode,andusethematureRSAencryptiondirectlyThat'sit!HereisaJScodeoftheRSAencryptionalgorithm,https://github.com/travist/jsencrypt/blob/master/bin/jsencrypt.jsYoucanuseitdirectlywhenyouencountersimilarRSAencryptioninthefuture.LearnmoreMorecontent,pleasefollowme公众号,Pythonprogrammingandactualcombat
