【2021-10-27】JS逆向之某某统计局cookie
提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
文章目录
- 前言
- 正文
- 结果
前言
好像又好久没更新了,过来水一篇工作中遇到的一个动态cookie的网站吧
目标网站:aHR0cDovL3d3dy5zdGF0cy5nb3YuY24vdGpzai90amJ6L3RqeXFoZG1oY3hoZmRtLzIwMjAvMTEuaHRtbA==
正文
再不切换IP的情况下,频繁访问后会,不返回数据,给你一段JS代码
然后我们先把他扣下来进行分析一波
头部一个大数组,一个jsjiami.com.v6,很明显的就是一个sojsonv6的混淆了,可以直接正则替换,或者AST还原下
然后再去网页抓包,看看是做了啥操作,这里看到了请求这个接口,然后重置了cookie,请求参数是这个wzwschallenge
之后我们在还原后的JS代码里搜这个参数,果然有这个东西
看下这个加密逻辑,用了两个方法
var _0x500dd8 = '/WZWSREL3Rqc2ovdGpiei90anlxaGRtaGN4aGZkbS8yMDIwLzExLmh0bWw=';
var _0x14e579 = '(|fEoZE~ALnTD{W~';
var _0x351708 = '7926';
var _0x41f35b = 'WZWS_METHOD';
var _0x349042 = 'WZWS_PARAMS';
function _0xcff1b8(_0x358fd9) {
var _0x179d92 = {
'TXsUM': function(_0x2383e2, _0x1de425) {
return _0x2383e2(_0x1de425);
},
'HQeHK': _0x4ce3('0', 'VWqE'),
'ZUcpH': function(_0x248b52, _0x5ed497) {
return _0x248b52 < _0x5ed497;
},
'FbBTx': function(_0x36946b, _0x3a2f11) {
return _0x36946b & _0x3a2f11;
},
'jhkwT': function(_0x4e9119, _0xa070d6) {
return _0x4e9119 == _0xa070d6;
},
'WJmPx': function(_0x51583c, _0x5367ea) {
return _0x51583c !== _0x5367ea;
},
'NiLhy': _0x4ce3('1', '#9Vg'),
'FjkCX': function(_0x3ddcc5, _0x2b6867) {
return _0x3ddcc5 >> _0x2b6867;
},
'mBHDt': function(_0x2a91d8, _0x228d4f) {
return _0x2a91d8 << _0x228d4f;
},
'aCQPW': function(_0x1306f3, _0x598fc9) {
return _0x1306f3 & _0x598fc9;
},
'Walbv': function(_0x793957, _0x39b61b) {
return _0x793957 >> _0x39b61b;
},
'NWBHv': function(_0x4586db, _0x3a8868) {
return _0x4586db | _0x3a8868;
},
'fBZaG': function(_0x68d10e, _0x3db0c3) {
return _0x68d10e >> _0x3db0c3;
},
'pOsdD': function(_0x1d641f, _0x4f2573) {
return _0x1d641f & _0x4f2573;
},
'atQDi': function(_0x1b239c, _0x21e5f5) {
return _0x1b239c | _0x21e5f5;
},
'WtLrH': function(_0x31fc35, _0x3b7945) {
return _0x31fc35 << _0x3b7945;
},
'pyPRI': function(_0x328d78, _0x36b47f) {
return _0x328d78 >> _0x36b47f;
},
'LVufl': function(_0x1bdb11, _0x337636) {
return _0x1bdb11 << _0x337636;
},
'NNOIu': function(_0x4d3d01, _0x17a933) {
return _0x4d3d01 & _0x17a933;
},
'OIfGa': function(_0xf3dd18, _0x7f485e) {
return _0xf3dd18 & _0x7f485e;
}
};
var _0xfed051 = _0x179d92[_0x4ce3('2', 'SLM$')];
var _0x2139d5 = _0x358fd9[_0x4ce3('3', '$cDC')];
var _0x10071f = '';
for (var _0x23e584 = 0x0; _0x179d92[_0x4ce3('4', ')JYK')](_0x23e584, _0x2139d5); ) {
var _0x2fa93b = _0x179d92[_0x4ce3('5', 'Q$Zq')](_0x358fd9[_0x4ce3('6', 'v52c')](_0x23e584++), 0xff);
if (_0x179d92[_0x4ce3('7', 'raT7')](_0x23e584, _0x2139d5)) {
if (_0x179d92[_0x4ce3('8', 'dzke')](_0x179d92[_0x4ce3('9', 'HF2V')], _0x179d92[_0x4ce3('a', '7ktK')])) {
_0x179d92[_0x4ce3('b', 'qn)f')](result, '0');
} else {
_0x10071f += _0xfed051[_0x4ce3('c', ')JYK')](_0x179d92[_0x4ce3('d', '8$5@')](_0x2fa93b, 0x2));
_0x10071f += _0xfed051[_0x4ce3('e', 'qn)f')](_0x179d92[_0x4ce3('f', 'x(*l')](_0x179d92[_0x4ce3('10', '6ctV')](_0x2fa93b, 0x3), 0x4));
_0x10071f += '==';
break;
}
}
var _0x3a4809 = _0x358fd9[_0x4ce3('11', 'x1!@')](_0x23e584++);
if (_0x179d92[_0x4ce3('12', '^3U0')](_0x23e584, _0x2139d5)) {
_0x10071f += _0xfed051[_0x4ce3('13', '5&WG')](_0x179d92[_0x4ce3('14', 'Fb!7')](_0x2fa93b, 0x2));
_0x10071f += _0xfed051[_0x4ce3('15', 'jmnh')](_0x179d92[_0x4ce3('16', 'dzke')](_0x179d92[_0x4ce3('17', 'KJRN')](_0x179d92[_0x4ce3('18', 'VWqE')](_0x2fa93b, 0x3), 0x4), _0x179d92[_0x4ce3('19', 'x1!@')](_0x179d92[_0x4ce3('1a', '7ktK')](_0x3a4809, 0xf0), 0x4)));
_0x10071f += _0xfed051[_0x4ce3('1b', 'v52c')](_0x179d92[_0x4ce3('1c', '5&WG')](_0x179d92[_0x4ce3('1d', 'SLM$')](_0x3a4809, 0xf), 0x2));
_0x10071f += '=';
break;
}
var _0x3e2d13 = _0x358fd9[_0x4ce3('1e', 'gSzh')](_0x23e584++);
_0x10071f += _0xfed051[_0x4ce3('1f', '6ctV')](_0x179d92[_0x4ce3('20', 'A@72')](_0x2fa93b, 0x2));
_0x10071f += _0xfed051[_0x4ce3('21', '5MY%')](_0x179d92[_0x4ce3('22', 'w6%r')](_0x179d92[_0x4ce3('23', ')[ZE')](_0x179d92[_0x4ce3('24', 'tPaN')](_0x2fa93b, 0x3), 0x4), _0x179d92[_0x4ce3('25', '^0L$')](_0x179d92[_0x4ce3('26', 'VWqE')](_0x3a4809, 0xf0), 0x4)));
_0x10071f += _0xfed051[_0x4ce3('27', 'a9mC')](_0x179d92[_0x4ce3('28', 'L9rw')](_0x179d92[_0x4ce3('29', ')[ZE')](_0x179d92[_0x4ce3('2a', ')[ZE')](_0x3a4809, 0xf), 0x2), _0x179d92[_0x4ce3('2b', '^3U0')](_0x179d92[_0x4ce3('2c', '2Jzf')](_0x3e2d13, 0xc0), 0x6)));
_0x10071f += _0xfed051[_0x4ce3('2d', 'gSzh')](_0x179d92[_0x4ce3('2e', 'raT7')](_0x3e2d13, 0x3f));
}
return _0x10071f;
}
function _0x13698a() {
var _0x119607 = {
'KPghK': _0x4ce3('79', '7ktK'),
'KzYCs': function(_0x133acc, _0x1d93c7) {
return _0x133acc + _0x1d93c7;
},
'hdMtm': _0x4ce3('7a', 'P75Q'),
'GjEts': function(_0x44acb8, _0x347a6d) {
return _0x44acb8 < _0x347a6d;
}
};
var _0x1e26f5 = _0x119607[_0x4ce3('7b', 'SLM$')][_0x4ce3('7c', 'tPaN')]('|')
, _0xb6e2c5 = 0x0;
while (!![]) {
switch (_0x1e26f5[_0xb6e2c5++]) {
case '0':
return _0x119607[_0x4ce3('7d', 'a9mC')](_0x119607[_0x4ce3('7e', '^3U0')], _0x338d15);
case '1':
var _0xbe152f = 0x0;
continue;
case '2':
for (_0xbe152f = 0x0; _0x119607[_0x4ce3('7f', 'y4mq')](_0xbe152f, _0x14e579[_0x4ce3('3', '$cDC')]); _0xbe152f++) {
_0x338d15 += _0x14e579[_0x4ce3('80', '7pA8')](_0xbe152f);
}
continue;
case '3':
var _0x338d15 = 0x0;
continue;
case '4':
_0x338d15 *= _0x351708;
continue;
case '5':
_0x338d15 += 0x1b207;
continue;
}
break;
}
}
抠出来的是用到的代码,头部大数组由于过大没有贴上去,组合后直接运行看看,这里已经出来了我们需要的值,之后就会获得响应的cookie
结果
