Reverse step
The reverse steps mainly include the following:
-
caught
The process of packet capture is actually very simple, when learning crawler entry, surely this is a stage that every classmate must learn. Open the developer debugging tool, refresh the page, and you can view the loaded packets in the Network panel.
-
debugging
When the target packet is found, according to the keyword parameter in the form data of the target packet, the global search can basically find the JS file where the target parameter is located, and the target value can be found through the breakpoint. Note: this is just for most sites.
-
Cutting js
When finding the way of generating the value of the target parameter, it is necessary to find the method of generating the value of the target parameter by tracking the method stack, and copy the JS code and run the code.
-
Rewrite the js
Sometimes, the js code that is removed is not standard and needs to be changed simply. This requires you to be familiar with the JS code.
-
Native running code
Once you’ve done that, you can copy the code and run it locally with the same result as you already know.
Common encryption methods
MD series
There are three encryption modes in the MD series: MD5, MD4, and MD2.
The MD series focuses on MD5, which encrypts no matter how long a string is to 32 or 16 bits. The MD5 encoding is composed of digits and letters. Therefore, you can quickly identify the MD5 encoding by seeing the digits and letters.
MD5 encoding is irreversible. Plaintext can be encrypted into ciphertext, but plaintext cannot be inferred based on ciphertext and encryption mode, which greatly ensures security. But there are many online decryption MD5 websites, how does it do?
In fact, it is very simple, it will be common plaintext encryption MD5 ciphertext form, save the results, when the need to query the match can be. In fact, this method is similar to brute force cracking.
Speaking from personal experience
As for MD5 encryption, I would like to say my personal experience. Generally speaking, it will be used when the account and password are logged in. (For some sites)
We will use 123456 when entering the password, so that we can remember it easily.
Why do you say that?
Because 123456 corresponds to the 16-bit and 32-bit MD5 strings, respectively:
49 ba59abbe56e057 # 16 e10adc3949ba59abbe56e057f20f883e # 32Copy the codeRemember that the 16-bit ciphertext of 123456 starts with 49, while the 32-bit ciphertext of 123456 starts with E10. If such information is found in the data packet, you can check it.
Another point is that programmers generally don’t look for things to do. Encryption function and encryption parameters are placed in the same JS file, if it is not found, it does not matter, you can consider using the method stack trace to find.
Today’s web site
aHR0cHM6Ly93d3cuc29odS5jb20v
This website is mainly to consider how to crack the MD5 encryption on the login, and began to write the same content, be sure to operate in accordance with the reverse steps.
Packet capture is performed first:
As shown in the picture above, THE password I entered was 123456, which also passed me, except that when I clicked login, it showed me the wrong password or account number. Some sites will not accept 123456, so if not, consider switching to a more complex password.
Take a look, is this the packet we are looking for?
Obviously, when we look at the value of password, do we think about the characteristics of the encryption method just described? I believe that you have a good idea!
The parameters in the form data are things that we can search for, such as userID, password, persistentCookie, etc., or values in the top URL that we need to search globally.
To save time, let’s just do a global search for the password.
After searching, we can see from the figure that there are quite a lot of results. But have you ever wondered how the MD5 encrypted value is passed to the password? Generally speaking, isn’tPassword = XXXIn this form? Therefore, the search method can be changed to password= :
I didn’t add a space after the password because the search is unformatted, so if you formatted the code, you would have to add a space after the password. (Note this)
As you can see from the image above, the search results have been filtered down to just one, which is exactly what I wanted.
After entering the js file and searching for password again, you can see that there are 4 results for password.
A breakpoint is then set on this line to trace the encryption function. You can see from the figure above that it is an encryption parameter generated by the utils object.
After we hit the breakpoint, we can see that this is exactly what we need to look for. After the analysis above, we need to look for the utils keyword.
A search shows that the utils keyword does exist in the current JS code and looks like an object, so this is just enough to verify what we just described.
Here I also share my experience with js code:
You can first copy all the JS code to the local, because in the browser brackets can not be shown in pairs, but in the local file is can appear in pairs, convenient deduction when, will not be less parentheses or code and error.
Once the utils code is removed, run it to get the result.
At this point, the MD5 encryption is explained here.
More exciting content, looking forward to next time!!