X world password encryption analysis
The victims:
aHR0cHM6Ly9wYXNzcG9ydC5mYW5nLmNvbS8=
Analysis of the
View encrypted fields by entering an incorrect password to capture packets. 【 】 figure 1-1
Locate the encryption position directly by retrieving PWD: [Figure 1-2].
According to the retrieval results, make a breakpoint at the corresponding position [Figure 1-3], and copy the underlined code for future use.
Re-issuing the request finds that the parameters look something like this:
// that.password.val() Enter the password: 11111111111
// encryptedString is the encryption method
encryptedString(key_to_encode, that.password.val())
Copy the codeAccording to the above analysis, a key_to_encode is missing. Direct retrieval can find the following results [Figure 1-4] :
EncryptedString: encryptedString: encryptedString: encryptedString: encryptedString: encryptedString: encryptedString
XX second-hand room password encryption analysis
The victims:
aHR0cDovL2ouZXNmLmxlanUuY29tL3VjZW50ZXIvbG9naW4=
Analysis of the
Also use the wrong password to test login [Figure 2-1]
There are two parameters, password and ckey, which are suspected to be encrypted. Let’s retrieve them first.
A key is the value passed in the hidden fields applicable to the page [Figure 2-2].
The search result of password is more, but the third file is more correlated from the file name. Figure 2-3 】 【
Let’s open the third file and format it for a search [Figure 2-4].
Publickey encryptedString encryptedString encryptedString encryptedString encryptedString encryptedString encryptedString encryptedString At the same time, refer to the X World example [Figure 1-3].
Here there is no suspense, directly use an example of the code can achieve encryption, if you want to buckle out is also possible, but the salt fish feel unnecessary.
