企业网站建站系统哪个好用,湖州 网站建设,做手机网站的公司,成都seo培训班逆向目标
网址#xff1a;https://match.yuanrenxue.cn/match/6接口#xff1a;https://match.yuanrenxue.cn/api/match/6参数#xff1a;payload(m、q)
逆向过程
老规矩#xff0c;先来分析网络请求#xff0c;加密的地方一目了然#xff0c;没什么可多说的#xff…逆向目标
网址https://match.yuanrenxue.cn/match/6接口https://match.yuanrenxue.cn/api/match/6参数payload(m、q)
逆向过程
老规矩先来分析网络请求加密的地方一目了然没什么可多说的直接进行下一步的分析
逆向分析
启动器跟栈进入打个断点然后翻页
断点断住了
t Date.parse(new Date());
var list {page: window.page,m: r(t, window.o),q: window.i window.o - t |,
};
window.o 1;我们直接进到加密js文件delect.js然后来分析一下这个文件内容 如上截图整个js文件就这么几块内容最后一个红框内容一看就是我们的加密函数中间那个就是一个webpack的对象形式还有对webpack不太熟悉的朋友可以去阅读下这篇文章【JS逆向学习】36kr登陆逆向案例webpack里面有对webpack做了详细介绍并给出了具体案例最上面那个红框里的内容看起来就是一堆的笑脸符号其实就是AAEncode加密/解密遇到这种没见过的加密字符百度搜索就行了这里给出一个AAEncode加密/解密的在线网站 AAEncode加密/解密我们把第一个红框内的内容解密一下看是个什么东西 可以看到这一大坨就只是做了一个变量赋值window.o1;先不管它我们继续跟栈分析
function r(param1, param2) {if (window.o 6) {alert(不要戳这么多下人家好痛嘛~);location.reload();}return z(param1, param2);
}window.o就是翻页累计的变量超过 6 次就会重新加载网页再来看加密的参数
function z(pwd, time) {var n _n(jsencrypt);var g (new n);var r g.encode(pwd, time);return r;
}pwd 就是13位的时间戳time 就是页数加密函数和加密参数都清楚了既然是webpack 而且只有两个模块我们就直接全部扣然后给个值本地调用加密函数看下结果
/Users/rookie/dev/jsprojects/yuanrenxue/Chatper6/test.js:2557ASN1.prototype.getHexStringValue function() {^ReferenceError: ASN1 is not defined奇怪了代码里面明明有定义这个变量 我们先补上window global; 然后输出一下window 看看 window 为空这就怪了肯定有地方对window做了赋值或删除操作我们先全局搜索一下看 自执行函数对window做了重新赋值操作作者巧妙利用了浏览器环境和node环境的区别埋了个雷在浏览器下执行window{}实际不会生效的但是在node 环境中做window{}操作则会生效我们把这行代码注释重新打印观察下window
window: ref *1 Object [global] {global: [Circular *1],queueMicrotask: [Function: queueMicrotask],clearImmediate: [Function: clearImmediate],setImmediate: [Function: setImmediate] {[Symbol(nodejs.util.promisify.custom)]: [Getter]},structuredClone: [Getter/Setter],clearInterval: [Function: clearInterval],clearTimeout: [Function: clearTimeout],setInterval: [Function: setInterval],setTimeout: [Function: setTimeout] {[Symbol(nodejs.util.promisify.custom)]: [Getter]},atob: [Getter/Setter],btoa: [Getter/Setter],performance: [Getter/Setter],fetch: [AsyncFunction: fetch],crypto: [Getter],window: [Circular *1],navigator: {}
}可以看到这个时候window是有值的然后看到又报了其他的错
Message too long for RSA继续分析代码发现了一大坨jsfuck 混淆后的代码 xe [][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]]((!![] []) (![] !![] !![] !![] !![] []) (![] !![] !![] !![] !![] !![] !![] []) (!![] []) (![] !![] !![] !![] !![] []) ([] []) (![] !![] !![] !![] !![] !![] !![] []) ([] []))(![] !![] !![] !![] !![] !![] !![]) ([][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]]((!![] []) (![] !![] !![] !![] !![] !![] []) (![] !![] !![] !![] !![] !![] !![] []) (![] !![] !![] !![] !![] !![] !![] []) (![] !![] !![] !![] !![] !![] !![] []) (![] !![] []) (!![] []) (![] !![] !![] !![] !![] []))(![] !![] !![] !![] !![] !![]) [][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]](([] []) [][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]]((!![] [])[!![]] ([][[]] [])[![] !![] !![]] (!![] [])[[]] ([][[]] [])[[]] (!![] [])[!![]] ([][[]] [])[!![]] ([] {})[![] !![] !![] !![] !![] !![] !![]] ([][[]] [])[[]] ([][[]] [])[!![]] ([][[]] [])[![] !![] !![]] (![] [])[![] !![] !![]] ([] {})[![] !![] !![] !![] !![]] ({} [])[!![]] ([] [][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]]((!![] [])[!![]] ([][[]] [])[![] !![] !![]] (!![] [])[[]] ([][[]] [])[[]] (!![] [])[!![]] ([][[]] [])[!![]] ([] {})[![] !![] !![] !![] !![] !![] !![]] (![] [])[![] !![]] ([] {})[!![]] ([] {})[![] !![] !![] !![] !![]] ({} [])[!![]] (!![] [])[[]] ([][[]] [])[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]])(!![]))[![] !![] !![]] ([][[]] [])[![] !![] !![]])(![] !![] !![] !![] !![])([][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]]((!![] [])[!![]] ([][[]] [])[![] !![] !![]] (!![] [])[[]] ([][[]] [])[[]] (!![] [])[!![]] ([][[]] [])[!![]] ([] {})[![] !![] !![] !![] !![] !![] !![]] ([][[]] [])[![] !![] !![]] (![] [])[![] !![] !![]] ([] {})[![] !![] !![] !![] !![]] ({} [])[!![]] ([] [][(![] [])[![] !![] !![]] ([] {})[!![]] (!![] [])[!![]] (!![] [])[[]]][([] {})[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]] (![] [])[![] !![] !![]] (!![] [])[[]] (!![] [])[!![]] ([][[]] [])[[]] ([] {})[![] !![] !![] !![] !![]] (!![] [])[[]] ([] {})[!![]] (!![] [])[!![]]]((!![] [])[!![]] ([][[]] [])[![] !![] !![]] (!![] [])[[]] ([][[]] [])[[]] (!![] [])[!![]] ([][[]] [])[!![]] ([] {})[![] !![] !![] !![] !![] !![] !![]] (![] [])[![] !![]] ([] {})[!![]] ([] {})[![] !![] !![] !![] !![]] ({} [])[!![]] (!![] [])[[]] ([][[]] [])[![] !![] !![] !![] !![]] ([] {})[!![]] ([][[]] [])[!![]])(!![]))[![] !![] !![]] ([][[]] [])[![] !![] !![]])(![] !![] !![] !![] !![] !![] !![] !![])(([] {})[[]])[[]] (![] !![] !![] !![] !![] !![] !![] []) (![] !![] !![] !![] !![] !![] !![] !![] [])) ([][[]] [])[![] !![]] ([][[]] [])[![] !![] !![]] ({} [])[!![]] ([][[]] [])[![] !![]] ([] {})[![] !![]] ([][[]] [])[![] !![] !![]] ([][[]] [])[![] !![] !![]] ([][[]] [])[![] !![] !![] !![]] ([] {})[![] !![] !![] !![] !![]] ({} [])[!![]] ([][[]] [])[![] !![] !![] !![]] ([][[]] [])[![] !![] !![]])(![] !![] !![]));直接拷贝到控制台执行一下就是一个false
xe false直接替换下然后再次执行代码发现有结果了
55oooAObwblpKTvAWBcmMINgCzert2%2BSoeGzJ2CV9XzdzsMpWK9WNJlKOj%2FDzXor7TvLUKMguBnnK0thBNq%2BrZrBtokWfWJze8dvmB%2FUpTrmLTKnQvCHfKuoMuBkUd%2FZt4LzQykZCDlz9Fwl69VAoxJMak8c0SxvqXv0%2FdeC8GI%3D到这里m参数的加密已经分析结束了我们继续看q
q: window.i window.o - t |再结合网络请求来看q是做了拼接了
q: 1-1710235684000|2-1710235690000|但是我们每次用于加密的是没有拼接 至此两个参数的加密分析都完成了
逆向结果
源码需要的自取猿人学第六题源码
