本文章内容仅仅提供学习与交流,严禁用于商业和非法用途,如侵权请联系删除!!!
刚好可以看到存在解密,点进去,发现有提个创建解密器的函数
打上断点,并且我们发现上面有enc的字眼,初步判断为AES或者DES解密
刷新网页,卡在断点处,查看调用栈
发现堆栈有两个 decrypt ,点进去加上断点,再次刷新请求!
参数L 看起来就是我们要的解密数据,顺着断点一步一步下去,发现加密位置
将代码扣下来
var tp = require('crypto-js');
function decrypt(e) {
var e=e.replace(/\s+/g,"+");
const t = "uVayqL4ONKjFbVzQ";
var r = tp.enc.Utf8.parse(t)
, n = tp.AES.decrypt(e, r, {
mode: tp.mode.ECB,
padding: tp.pad.Pkcs7
});
return tp.enc.Utf8.stringify(n);
}
console.log(decrypt(""))
import requests
import execjs
from functools import partial
from subprocess import Popen
Popen=partial(Popen,encoding='utf-8')
body=open('a.js','r',encoding='utf-8').read()
obj=execjs.compile(body)
header={
"accept": "application/json, text/plain, */*",
"accept-language": "zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
"cache-control": "no-cache",
"content-type": "application/json;charset=UTF-8",
"isencrypt": "encrypt",
"origin": "aHR0cHM6Ly93d3cuY2JhbGVhZ3VlLmNvbS8=",
"referer": "aHR0cHM6Ly93d3cuY2JhbGVhZ3VlLmNvbS8=",
"sec-ch-ua": "\"Microsoft Edge\";v=\"111\", \"Not(A:Brand\";v=\"8\", \"Chromium\";v=\"111\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-site",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.62"
}
url='aHR0cHM6Ly9kYXRhLXNlcnZlci5jYmFsZWFndWUuY29tL2FwaS9wbGF5ZXItb2ZmaWNpYWwvc29ydA=='
parems={
"pageNumber":"1",
"pageSize":"20"
}
data={
"season": "2021",
"matchtypeid": "1",
"direction": "2",
"range": "1",
"sortField": "pointsAverage"
}
resp=requests.post(url,params=parems,json=data,headers=header,verify=False)
print(resp.status_code)
content=obj.call('decrypt',resp.json())
print(content)
对于返回内容是密文的逆向,我们可以先搜搜看decrypt解密字眼看能不能找得到,或者去调用栈找到密文位置然后一步一步的去栈里找。
这个网站其他端口的解密过程也是一样,感兴趣的多试一试
希望大家多多支持,一起努力学习,后续慢慢分享更多新奇有趣的东西