Disclaimer: This article is only for study and research, prohibited for illegal use, otherwise the consequences, such as infringement, please inform to delete, thank you!

---

preface

Target sites: aHR0cHM6Ly9wYXkud2FubWVpLmNvbS8 =

---

I. Page analysis

Click login, and then directly click verification will come out the verification code, if there is no or not slider, refresh and try a few times ok and then the classic verification code trilogyThe first connection takes the capTicketThe second connection is the request to obtain the verification code, will return the verification code type, and then the request parameter op can not write, do not verify, FP is the environment parameter, can write dead

The third is to return some captcha image parameters

---

Two, gap identification

1. Picture restoration

The picture returned by the interface is split, so we need to change the originalThe first thing that comes to mind is to hit the canvas breakpoint, and then after each paragraph, we go to see what the page looks like, and we find that the front end is doing some processing, so what are the values behind it

Here directly search background-image, you can find the unknown, as for how to restore, directly copy Baidu ok blog.csdn.net/chief_victo…

2. Gap identification

This kind of public type gap, identification is very simple, but also Baidu direct copy

---

Third, encryption function

Directly in the checksum position of the endpoint on 🆗, second kill

In the request parameters submitted for validation, validData and op are encrypted

Op is the track encryption, the track is very arbitrary, the array respectively represents X, Y, mouse action, time.

Just simulate it. It’s not strictly calibrated.

ValidData is encrypted based on the gap distance and the time it takes to slide

This is just a little bit of encryption, so easy to say.

---

Test it out