Why did I get a piece of JavaScript code back when I requested a web page

Today I’m bringing you a forum site, the Cowboy Club – Nubian Community,

The website is https://bbs.nubia.cn/

If you want to access the source code of this website, you must first obtain a cookie with the field name: acw_sc__v2. You still need to get the cookie value to climb the site? To be honest, I didn’t believe it when I first started climbing until I ran the request code and, look, returned me this:

What is this, a piece of JavaScript code, it is easy to see that there is a setCookie method below, isn’t that the cookie field I just said I need to fetch? If you saw this and shed unskilled tears? Don’t be afraid, I advise you to dry your tears, continue to see, you will find the new continent!

First, open Chrome, open developer Tools, type in the url: https://bbs.nubia.cn/(to clear cookies), and you’ll see something like this:

Did you freeze? This is debug, although nothing is clicked, if you press the escape function, you can temporarily escape, but when you run a few more lines of code, it will run a function that executes debug indefinitely, so that you never turn over, always keep debugging.

So what? Don’t panic, in fact, the running code here is the first time we asked this site to return JavaScript code, so we can just copy the code back into an HTML file, use chrome browser to open.

If you unfold that code, when you open it, it will refresh indefinitely until the browser crashes.

You’ve expanded the code, so it’s going to refresh indefinitely. This is called memory bursting.

So let’s just copy it in and debug it when we open Chrome.

However, as soon as we open the developer tools, the debug page will pop up

Why is that? Let’s see how this works based on the call stack on the right. Looking at the call stack, we can see this function:

If you’ve learned JavaScript, you probably know that setInterval is a function that’s set to do something at intervals. So every once in a while, he will execute a function to check whether the user has opened the developer tool. This is too strong, I don’t know how it works, if you know, don’t be afraid to share it with you in the comments below.

Ok, after that, we can directly find the timing setting statement in the original file to delete it. The debug statement is still executed after the deletion, so we continue to delete the execution.

Now debug is not displayed, but a new problem occurs, the page is constantly refreshed, also a timed operation, what to do in this case? Because it’s a refresh operation, every refresh will execute the JavaScript code inside, so you can just hit a breakpoint, look at the call stack, and I’m a little bit more experienced here, so I hit a breakpoint here

Since relaod is a function that refreshes the page, click here and you can be sure that the function will be executed. If the breakpoint you set is not executed, you can make several breakpoints and it will be executed.

When the breakpoint is executed, you can look at the call stack on the right, which is easy to find

This setTimeout is also a timed execution, but it is executed only once, equivalent to a time bomb. And because it will be reload every time, the bomb will continue to be refreshed every time, so it will have the constant refresh. After understanding the principle, we can delete the setTimeout.

At this time, refresh the page again, what resistance is no longer, is it not easy to feel this step? Ha ha, a reptile is like this, and climb the pit of death to the end, refuse to do, to see who is more patient.

Now we can finally start our debugging journey, because we know that the JavaScript will return a cookie value after execution, so the next step is to find the generated location, if you are skilled, you can use dichotomy to find, specific how to find their own exploration, because I am not very skilled. If you’re not familiar with it, you can do what I did, because there’s only a few hundred lines of code, so you can start with the first line.

If you look for it, it won’t take long to find this. Arg2 is the value of the cookie we need to find, so you can break the point here and see what happens.

(hexXor) (hexXor) (hexXor) (hexXor) (hexXor) (hexXor) http://www.ruanyifeng.com/blog/2017/05/xor.html, we can also according to the JavaScript code directly into the python code can also, not difficult.

Through debugging, it is found that two parameters are needed, one is the encrypted information, the other is the key

The encrypted message is easily found and generated from here

So you can also break here, refresh again, and you can see that the encrypted message is generated by this function.

The JavaScript code here is also easy and can be translated directly into Python code. The argument needs to be arg1, which is declared on the first line of the code, so you can use the re to fetch it.

Then we get the key. If you just search for the key variable, you can easily find this one

The encryption function is long, but it can be transferred to Python itself without much difficulty.

After many tests, I found that the key is fixed, so I don’t need to implement the function myself, I can just take the value.

Now that you’re done, you can get the cookie values you need. It was not easy.

However, there is a bug here, that is, sometimes I still get JavaScript code, but I can still get HTML source code by running it several times. Because I only get this value, I just need to succeed, so I didn’t study it. If you know the reason, you can also tell me in the comment area.

Finally, summarize the challenges encountered:

The code will flush indefinitely, the memory will explode, and if you really debug yourself, you’ll find that there are a couple of re’s in there, and some of them are for matching functions, for checking whether or not you’re expanding the code, and if you’re expanding it, it means someone wants to do something with the code, so it’ll flush indefinitely.
Set timing and refresh web page, so that the web page unlimited refresh. This is not a problem for us to debug, after all, we can debug the code with breakpoints every time we refresh
Set the timer to check whether the developer tool is open, this is the most powerful, detect if unlimited debug.

Finally, there is no, if you need the source code, can get on my lot, address is: https://github.com/SergioJune/Spider-Crack-JS/tree/master/nubiya_bbs

If it is useful to you, please give me a star. I will keep updating. You can also issue any website you need to crack.

Capsula -CDN ‘s type of cookie will be better than that of its original type Incapsula CDN’ s type of cookie.

Original is not easy, I hope I can give you a thumbs up, give you a star, support to continue to write.

This article is only for exchange study, do not use it for illegal purposes, the consequences are at your own risk!

Why did I get a piece of JavaScript code back when I requested a web page

Why did I get a piece of JavaScript code back when I requested a web page

Related Posts

Spring AOP implementation principle (two) to implement a simple AOP

With 3 years of development experience, why is your technology so much worse than others?

How do I gracefully shut down the JVM? See how the hook function is implemented in one step