Hello, big jia, it’s time to practice again, and this is the number one thing I share with you. A reverse article. The previous several fierce poke below:
Python crawlers: An introduction to JS reverse
JS reverse new list login
JS reverse Air China login
JS reverse telecom login
It is said that good-looking people end up better looking! Ok, get down to business, this is the website we want to crack today: m.beibei.com/login/login…
Analysis of the
Chrome developer tools I think it is necessary to learn, after all, to do a good job, must first sharpen its tools. Do a good job of crawler, JS reverse, tools is the first. First look at the packet capture situation:
This is the final login request. What? Checkcode = beibeitoekn = beibeitoekn = beiBeitoekn Before you jump on a shuttle, search the encryption parameters as soon as you see them. The first step is to open the request data for the entire process, because sometimes the encryption parameter is returned in the previous request response. For example, the time-sensitive token is usually used by the server for verification, first sent to the client, then sent to the server, and then verified on the server
So, finally, we are going to crack the first request, and we can see that there are no encryption parameters in the Form Data. Note that there is an ABR encryption parameter in Params, the key is to crack it
crack
This is an XHR request, easy! XHR breakpoint:
After you click login again, you will see that the request is blocked.
A few more clicks down, and you’ll have the key points
The final result is generated by the function m, and I go in and I break
Resending the request:
The previous encryption functions are ignored, just a simple conversion, focusing on l[“default”], find the function location, click inside
And then we’re gonna go into the buckle code,
Keep moving down and notice where you find the key
Very obvious identification, but also buckle what code ah! Do you dislike too much hair?? Go ahead and verify it! This is the parameter that we passed, so let’s write it down
Then we’ll do it in Python code
1>>> ts = "username=17775731459&scene=h5_login&rams_device_id=2972225991"
2>>> import hashlib
3>>> res = hashlib.md5(ts.encode("utf-8")).hexdigest()
4>>> res
5 '8afdca35566e68fd7821aed42cab7ae0'
Copy the codeThen go to the browser output to view the results
Bingo! Exactly. That’s it?? Hold happy too early, there is a step behind encryption
It feels like this routine is the same! Is it also called the encryption module! What is the result, please continue to read
The code structure is similar!
1 a.HMAC = r.extend()
Copy the codeHMAC! Hmac is also a Hash algorithm, and Hmac is very similar to a regular Hash algorithm. The length of the Hmac output is the same as that of the original hash algorithm. Python’s own Hmac module also implements the standard Hmac algorithm
For the sake of hair, I choose to give up the code and use Python directly to find the passed parameter and salt, where the passed parameter is generated in the previous step, the salt call encryption function in the text, can be output to see
The following is implemented in Python:
1 import hamc
2
3 def c(g, key):
4 return hmac.new(key.encode("utf-8"), msg=g.encode("utf-8"), digestmod=hashlib.sha1).hexdigest()
Copy the codeThis step encrypted verification results, try it yourself. The code is put together and the token is successfully obtained
conclusion
For more encrypted JS code, can be implemented in Python encryption algorithm as far as possible. This also is a kind to prevent hair loss secret actually, of course your hair is more words, can ignore, try to buckle JS code, also is not impossible!
Welcome to Python