本文所有教程、源码、软件,仅供技术研究使用。不涉及对计算机信息系统功能的删除、修改、增加、干扰,也不影响计算机信息系统的正常运行。Donotusethecodeforillegalpurposes,suchasinfringinganddeleting!?标题环境win10chrome106目标站:aHR0cHM6Ly93d3cuZ205OS5jb20v加密参数password:K6YEmQrNy%2FQgdnacXhdIZ1upCj4UU562IW89oOZquLkZ%2F16JDNyMqEU7pGVemvQzjfAlOzh7nSOLPkJp3kxbTm8XtWrHp9K%2BmMClOmmhkbdjAyax5xLBWC6PJiD6o8H随便输入一些信息,触发登录,抓包找到接口全局搜索password,没有找到明显的有用信息,使用xhr堆栈随便找个疑似位置Makeabreakpointtofollowupandclearlyanalyzethata.encodeistheencryptionmethod.Lookingatthestructure,wecanseethatitisthewebpackstructure1.Themethodoflocatingtheloadingmodule(loader)webpackmusthaveamethodofloadingthemodule:callorapply,findtheloadingfunctione(s){if(i[s])returni[s].exports;varn=i[s]={exports:{},id:s,loaded:!1};returnt[s].call(n.exports,n,n.exports,e),}2.Constructedasaself-executingmethod,debugintheconsoletoseewhatismissingandwhattomakeup!function(t){functione(s){vari={};if(i[s])returni[s].exports;varn=i[s]={exports:{},id:s,turloaded:]1rest};call(n.exports,n,n.exports,e),}}()3.Locateanddeductthecalledencryptionmethod,setabreakpointata.encode,followuptofindthefinalencryptionmethodandanalyzejsencrypt.encryptItisthefinalencryptionmethodtodeducttheentiremethodofjsencrypt.encrypt,andthenfillitintheself-executingloaderasaparameter,andthenin调用jsencrypt.encrypt的方法也提取出来了。代码太长就不贴了。最终格式如下,!(function(t){vari={};functione(s){if(i[s])returni[s].exports;varn=i[s]={exports:{},id:s,loaded:!1};返回t[s].call(n.exports,n,n.exports,e),n.loaded=!0,n.exports}_e=e;})({encrypt:function(t,e,i){},diaoyong:function(t,e,i){}});4.导出加密方法var_e;!(function(t){vari={};functione(s){if(i[s])returni[s].exports;varn=i[s]={exports:{},id:s,loaded:!1};返回t[s].call(n.exports,n,n.exports,e),n.loaded=!0,n.exports}_e=e;})({encrypt:function(t,e,i){},diaoyong:function(t,e,i){}});5.编写自定义加密方法functiongetkey(pass,time){vardiaoyong=_e("diaoyong");//这里需要用new调用方法,否则得不到方法属性varnew_diaoyong=(newdiaoyong);returnnew_diaoyong.encode(pass,时间)}特效资源下载https://download.csdn.net/dow...本文仅供学习交流,如有侵删!
