Statement:
This article is for research and study only, do not use for illegal purposes!
The target site
aHR0cHM6Ly9hdXRoLmFsaXBheS5jb20vbG9naW4vaW5kZXguaHRt
Today’s target website is a well-known payment website, feel a little floating ~~
Only the encryption method of the password is decrypted here
Analysis of the request
First look at the request, enter the account number, password and click login, remember to open the browser F12 in advance
Note that the wrong password is entered here, so that we can view the request packet
In the developer tools interface of the browser, the shortcut key Crtl+Shift+F directly opens global search.
Locate the encryption
According to the above search keyword password=, I located the encryption location getPassword in the index.js file, familiar with RSA encryption
After hitting the breakpoint, re-send the request, and sure enough, it stops at the breakpoint!
decryption
RSA encryption is the key to RSA encryption. RSA encryption is the key to RSA encryption. Encrypt(2, I, t); encrypt (2, I, t); encrypt (2, I, t);
function getPassword(t) {
var e = new s.RSA;
i = s.Base64.decode(this.options.TS)
e.setPublicKey(this.options.PK);
return e.alipayEncrypt(2, i, t);Copy the codeWe can easily get the values of I and the public key, both of which are written dead
I is the result of base64 decoding of the parameters in Node. There are direct libraries in Node to handle this, just like you do in Python.
And then fill s.rsa related code, that is, decryption success, specific buckle code details, not detailed
To learn more, please pay attention to the public number Python programming and combat