Small knowledge, big challenge! This article is participating in the creation activity of “Essential Tips for Programmers”
This article has participated in the “Digitalstar Project” and won a creative gift package to challenge the creative incentive money.
Thought analysis
A few days ago, I wanted to take a look at what the popular articles in Nuggets are. After debugging the page, I located the requested interface (this interface will asynchronously pull 20 articles and render them to the page). The parameters of this interface are as follows
The two most important parameters are cursor, which can be understood as the page number of the current request, and limit, which can be understood as the number of data returned by the current request
The request parameters in the figure above are automatically requested during the first screen rendering. Then, when we manually pull down the scroll bar, the page will automatically fetch the data for the next screen
The parameters of the above two pictures are the parameters of the articles that are automatically pulled through the FETCH. Take out several encrypted cursors and put them out to study the rules
eyJ2IjoiNzAyMzYyMzk2NDExMDg4MDc4MiIsImkiOjIwfQ==
eyJ2IjoiNzAyMzYyMzk2NDExMDg4MDc4MiIsImkiOjYwfQ==
eyJ2IjoiNzAyMzYyMzk2NDExMDg4MDc4MiIsImkiOjgwfQ==
Copy the code
Observation found only one difference, suspected to be caused by cursor changes on the page
Generally speaking, there are two schemes for data encryption: (1) MD5 encryption, which is irreversible, and (2) Base64 encryption, which can be decrypted
Give it a try, throw that string of data at an online site and test it
I = = = = = = = = = = = = = = = = = Select * from xx limit ${cursor}, ${cursor}
To sum up, the parameters are indeed encrypted, but only a little
How to implement Base64 encryption and decryption with JS
In this case, we can generate the encrypted cursor by ourselves, and then directly tune the interface to pull the corresponding data. Finally, we can analyze the data
Share how to do base64 encryption and decryption for characters in JS.
let base64 = function() {
// private property
_keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
return {
encode(input) {
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var i = 0;
while (i < input.length) {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) < <4) | (chr2 >> 4);
enc3 = ((chr2 & 15) < <2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output + _keyStr.charAt(enc1) + _keyStr.charAt(enc2) + _keyStr.charAt(enc3) + _keyStr.charAt(enc4);
}
return output;
},
decode(input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = input.replace(/[^A-Za-z0-9\+\/\=]/g."");
while (i < input.length) {
enc1 = _keyStr.indexOf(input.charAt(i++));
enc2 = _keyStr.indexOf(input.charAt(i++));
enc3 = _keyStr.indexOf(input.charAt(i++));
enc4 = _keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) < <4) | (enc3 >> 2);
chr3 = ((enc3 & 3) < <6) | enc4;
output = output + String.fromCharCode(chr1);
if(enc3 ! =64) {
output = output + String.fromCharCode(chr2);
}
if(enc4 ! =64) {
output = output + String.fromCharCode(chr3); }}returnoutput; }}} ();Copy the code