The introduction
Recently jumped a game was popular in the whole circle of friends and friends (I) (T), there are a lot of friend around tried a variety of language to write jumped a script, and because I compare lazy, so only try py version of the script experiment, and then studied the process of POST directly submit scores, in the process, to caught it produced the strong interest.
caught
First of all, I want to talk about my own catch bag, a front-end siege lion, so the proxy tool used is AnyProxy of Ali
Key features include:
Based on Node.js, open secondary development capabilities, allowing custom request processing logic to support Https parsing provides a GUI interface for observing requests
Here is a brief description of how to use AnyProxy to fetch HTTPS packages
NPM install -g anyproxy 2. Anyproxy -ca // Generate HTTPS CA certificate 3. Download the generated local CA certificate and add trust. (In IOS, use Safari to open the download address.) 4. Anyproxy -i Start AnyProxy and parse all HTTPS servicesCopy the codeSpecific details here will not expand, Baidu can find a lot of information. Then, since AnyProxy needs to be restarted every time to capture packets by local proxy, and it is very troublesome to ensure that AnyProxy and computer are in the same LOCAL area network, I deployed AnyProxy on the server. The deployment on the server is no different from the local deployment, except that you need to use PM2 to manage AnyProxy
Pm2 start anyproxy -x -- ICopy the codeOne problem here is that AnyProxy has a Web GUI to see captured packages, but there is no authentication, so anyone can log in to this interface to see the package information using this proxy, which is very insecure, so it is better to do secondary development for AnyProxy on the server side.
A game
A brief introduction to this game: it is a single-player game that generates offline revenue based on offline time. (Easy enough…)
Packet analysis
There’s not much to analyze, because the package that gets the offline revenue can be spotted at a glance, and since it’s a single player game, there’s less interaction with the server, so a request like this can be spotted at a glance.
Forge request
This request is easy to forge, requires no authentication, no encrypted data, and all you need to do is forge the host and forward a fake timestamp.
Fake host
The simplest way:
1. Run vim /etc/hosts// to open the hosts file. 2. Add the server IP address pointing to the domain name on the last lineCopy the code
www.hko.gov.hk
host
Server
Therefore, I choose to use Node to create a Simple Server. The address of GET request is /cgi-bin/ GTS /time5a.pr. The Simple Server is as follows
const server = require('server')
const { get } = server.router
server({ post: 80 }, {
get('/cgi-bin/gts/time5a.pr', ctx => '0x191234567890')})Copy the codeThis is lazy, using a third-party library to quickly generate a Simple Server without using HTTP to createServer, and using port 80 directly. If port 80 is occupied, consider using Nginx processing.
results
Now that we’re all set, let’s take a look at the final result.
Other practices
This is just a very simple practice, but before we do this, we have a bold idea. In a jump fire at the same time, found the password red envelope inexplicably fire up, at this time to think about how to extract the password red envelope data and forge it (bad laugh…) So the idea is this
- Capture applets password red envelope interface via proxy (HTTPS)
- Extract the fields that need to be converted to speech
- The interface that converts text to voice forges POST packets
Well… Obviously I failed, or I’d be sitting in the back making a lot of money… It should not be illegal to kiss everyone, after all, IT is a red envelope I grabbed ~~ but those who are interested can try again, if they can catch all the red envelopes… That’s a terrible income…
conclusion
In general this process is relatively easy Esay, but in the process of thinking and exploration, by also give me the front end siege from a lion fought the alarm, the original caught forging is such a terrible thing, to network security guard need special attention, otherwise light such as this little game, or financing related, This is no laughing matter.