通常在我们测逻辑漏洞或写爬虫的时候,如果遇到前端加密,我们可以选择将加密算法拖出来,对自己调试的参数进行加密。
常见的加密方式实例
MD5加密实例
- 登录测试,获取到post参数
- 在疑似点下断,并再次发包
- 查看此处值与加密后的值相同,所以这个就是加密算法
- 这是一个闭包函数,实现加密算法
~这里可以直接用md5进行加密测试,但不排除他命名为md5(),实际上自己实现的加密算法。~
(function(g) {
function o(u, z) {
var w = (u & 65535) + (z & 65535)
, v = (u >> 16) + (z >> 16) + (w >> 16);
return (v << 16) | (w & 65535)
}
function s(u, v) {
return (u << v) | (u >>> (32 - v))
}
function c(A, w, v, u, z, y) {
return o(s(o(o(w, A), o(u, y)), z), v)
}
function b(w, v, B, A, u, z, y) {
return c((v & B) | ((~v) & A), w, v, u, z, y)
}
function i(w, v, B, A, u, z, y) {
return c((v & A) | (B & (~A)), w, v, u, z, y)
}
function n(w, v, B, A, u, z, y) {
return c(v ^ B ^ A, w, v, u, z, y)
}
function a(w, v, B, A, u, z, y) {
return c(B ^ (v | (~A)), w, v, u, z, y)
}
function d(F, A) {
F[A >> 5] |= 128 << ((A) % 32);
F[(((A + 64) >>> 9) << 4) + 14] = A;
var w, z, y, v, u, E = 1732584193, D = -271733879, C = -1732584194, B = 271733878;
for (w = 0; w < F.length; w += 16) {
z = E;
y = D;
v = C;
u = B;
E = b(E, D, C, B, F[w], 7, -680876936);
B = b(B, E, D, C, F[w + 1], 12, -389564586);
C = b(C, B, E, D, F[w + 2], 17, 606105819);
D = b(D, C, B, E, F[w + 3], 22, -1044525330);
E = b(E, D, C, B, F[w + 4], 7, -176418897);
B = b(B, E, D, C, F[w + 5], 12, 1200080426);
C = b(C, B, E, D, F[w + 6], 17, -1473231341);
D = b(D, C, B, E, F[w + 7], 22, -45705983);
E = b(E, D, C, B, F[w + 8], 7, 1770035416);
B = b(B, E, D, C, F[w + 9], 12, -1958414417);
C = b(C, B, E, D, F[w + 10], 17, -42063);
D = b(D, C, B, E, F[w + 11], 22, -1990404162);
E = b(E, D, C, B, F[w + 12], 7, 1804603682);
B = b(B, E, D, C, F[w + 13], 12, -40341101);
C = b(C, B, E, D, F[w + 14], 17, -1502002290);
D = b(D, C, B, E, F[w + 15], 22, 1236535329);
E = i(E, D, C, B, F[w + 1], 5, -165796510);
B = i(B, E, D, C, F[w + 6], 9, -1069501632);
C = i(C, B, E, D, F[w + 11], 14, 643717713);
D = i(D, C, B, E, F[w], 20, -373897302);
E = i(E, D, C, B, F[w + 5], 5, -701558691);
B = i(B, E, D, C, F[w + 10], 9, 38016083);
C = i(C, B, E, D, F[w + 15], 14, -660478335);
D = i(D, C, B, E, F[w + 4], 20, -405537848);
E = i(E, D, C, B, F[w + 9], 5, 568446438);
B = i(B, E, D, C, F[w + 14], 9, -1019803690);
C = i(C, B, E, D, F[w + 3], 14, -187363961);
D = i(D, C, B, E, F[w + 8], 20, 1163531501);
E = i(E, D, C, B, F[w + 13], 5, -1444681467);
B = i(B, E, D, C, F[w + 2], 9, -51403784);
C = i(C, B, E, D, F[w + 7], 14, 1735328473);
D = i(D, C, B, E, F[w + 12], 20, -1926607734);
E = n(E, D, C, B, F[w + 5], 4, -378558);
B = n(B, E, D, C, F[w + 8], 11, -2022574463);
C = n(C, B, E, D, F[w + 11], 16, 1839030562);
D = n(D, C, B, E, F[w + 14], 23, -35309556);
E = n(E, D, C, B, F[w + 1], 4, -1530992060);
B = n(B, E, D, C, F[w + 4], 11, 1272893353);
C = n(C, B, E, D, F[w + 7], 16, -155497632);
D = n(D, C, B, E, F[w + 10], 23, -1094730640);
E = n(E, D, C, B, F[w + 13], 4, 681279174);
B = n(B, E, D, C, F[w], 11, -358537222);
C = n(C, B, E, D, F[w + 3], 16, -722521979);
D = n(D, C, B, E, F[w + 6], 23, 76029189);
E = n(E, D, C, B, F[w + 9], 4, -640364487);
B = n(B, E, D, C, F[w + 12], 11, -421815835);
C = n(C, B, E, D, F[w + 15], 16, 530742520);
D = n(D, C, B, E, F[w + 2], 23, -995338651);
E = a(E, D, C, B, F[w], 6, -198630844);
B = a(B, E, D, C, F[w + 7], 10, 1126891415);
C = a(C, B, E, D, F[w + 14], 15, -1416354905);
D = a(D, C, B, E, F[w + 5], 21, -57434055);
E = a(E, D, C, B, F[w + 12], 6, 1700485571);
B = a(B, E, D, C, F[w + 3], 10, -1894986606);
C = a(C, B, E, D, F[w + 10], 15, -1051523);
D = a(D, C, B, E, F[w + 1], 21, -2054922799);
E = a(E, D, C, B, F[w + 8], 6, 1873313359);
B = a(B, E, D, C, F[w + 15], 10, -30611744);
C = a(C, B, E, D, F[w + 6], 15, -1560198380);
D = a(D, C, B, E, F[w + 13], 21, 1309151649);
E = a(E, D, C, B, F[w + 4], 6, -145523070);
B = a(B, E, D, C, F[w + 11], 10, -1120210379);
C = a(C, B, E, D, F[w + 2], 15, 718787259);
D = a(D, C, B, E, F[w + 9], 21, -343485551);
E = o(E, z);
D = o(D, y);
C = o(C, v);
B = o(B, u)
}
return [E, D, C, B]
}
function p(v) {
var w, u = "";
for (w = 0; w < v.length * 32; w += 8) {
u += String.fromCharCode((v[w >> 5] >>> (w % 32)) & 255)
}
return u
}
function j(v) {
var w, u = [];
u[(v.length >> 2) - 1] = undefined;
for (w = 0; w < u.length; w += 1) {
u[w] = 0
}
for (w = 0; w < v.length * 8; w += 8) {
u[w >> 5] |= (v.charCodeAt(w / 8) & 255) << (w % 32)
}
return u
}
function k(u) {
return p(d(j(u), u.length * 8))
}
function f(w, z) {
var v, y = j(w), u = [], x = [], A;
u[15] = x[15] = undefined;
if (y.length > 16) {
y = d(y, w.length * 8)
}
for (v = 0; v < 16; v += 1) {
u[v] = y[v] ^ 909522486;
x[v] = y[v] ^ 1549556828
}
A = d(u.concat(j(z)), 512 + z.length * 8);
return p(d(x.concat(A), 512 + 128))
}
function t(w) {
var z = "0123456789abcdef", v = "", u, y;
for (y = 0; y < w.length; y += 1) {
u = w.charCodeAt(y);
v += z.charAt((u >>> 4) & 15) + z.charAt(u & 15)
}
return v
}
function m(u) {
return unescape(encodeURIComponent(u))
}
function q(u) {
return k(m(u))
}
function l(u) {
return t(q(u))
}
function h(u, v) {
return f(m(u), m(v))
}
function r(u, v) {
return t(h(u, v))
}
g.md5 = function(v, w, u) {
if (!w) {
if (!u) {
return l(v)
} else {
return q(v)
}
}
if (!u) {
return r(w, v)
} else {
return h(w, v)
}
}
}(typeof jQuery === "function" ? jQuery : this));
调试这段代码
python执行
RSA非对称密钥加密实例
登录发包
疑似点下断
查找加密算法
加密算法实现and调试
var RSAPublicKey = function($modulus_hex, $encryptionExponent_hex) {
this.modulus = new BigInteger( $modulus_hex, 16);
this.encryptionExponent = new BigInteger( $encryptionExponent_hex, 16);
};
var Base64 = {
base64: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
encode: function($input) {
if (!$input) {
return false;
}
var $output = "";
var $chr1, $chr2, $chr3;
var $enc1, $enc2, $enc3, $enc4;
var $i = 0;
do {
$chr1 = $input.charCodeAt($i++);
$chr2 = $input.charCodeAt($i++);
$chr3 = $input.charCodeAt($i++);
$enc1 = $chr1 >> 2;
$enc2 = (($chr1 & 3) << 4) | ($chr2 >> 4);
$enc3 = (($chr2 & 15) << 2) | ($chr3 >> 6);
$enc4 = $chr3 & 63;
if (isNaN($chr2)) $enc3 = $enc4 = 64;
else if (isNaN($chr3)) $enc4 = 64;
$output += this.base64.charAt($enc1) + this.base64.charAt($enc2) + this.base64.charAt($enc3) + this.base64.charAt($enc4);
} while ($i < $input.length);
return $output;
},
decode: function($input) {
if(!$input) return false;
$input = $input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
var $output = "";
var $enc1, $enc2, $enc3, $enc4;
var $i = 0;
do {
$enc1 = this.base64.indexOf($input.charAt($i++));
$enc2 = this.base64.indexOf($input.charAt($i++));
$enc3 = this.base64.indexOf($input.charAt($i++));
$enc4 = this.base64.indexOf($input.charAt($i++));
$output += String.fromCharCode(($enc1 << 2) | ($enc2 >> 4));
if ($enc3 != 64) $output += String.fromCharCode((($enc2 & 15) << 4) | ($enc3 >> 2));
if ($enc4 != 64) $output += String.fromCharCode((($enc3 & 3) << 6) | $enc4);
} while ($i < $input.length);
return $output;
}
};
var Hex = {
hex: "0123456789abcdef",
encode: function($input) {
if(!$input) return false;
var $output = "";
var $k;
var $i = 0;
do {
$k = $input.charCodeAt($i++);
$output += this.hex.charAt(($k >> 4) &0xf) + this.hex.charAt($k & 0xf);
} while ($i < $input.length);
return $output;
},
decode: function($input) {
if(!$input) return false;
$input = $input.replace(/[^0-9abcdef]/g, "");
var $output = "";
var $i = 0;
do {
$output += String.fromCharCode(((this.hex.indexOf($input.charAt($i++)) << 4) & 0xf0) | (this.hex.indexOf($input.charAt($i++)) & 0xf));
} while ($i < $input.length);
return $output;
}
};
- BigInteger未定义,查找这个函数实现并贴上去
function bnpCopyTo(r) {
for(var i = this.t-1; i >= 0; --i) r[i] = this[i];
r.t = this.t;
r.s = this.s;
}
// (protected) set from integer value x, -DV <= x < DV
function bnpFromInt(x) {
this.t = 1;
this.s = (x<0)?-1:0;
if(x > 0) this[0] = x;
else if(x < -1) this[0] = x+DV;
else this.t = 0;
}
// return bigint initialized to value
function nbv(i) { var r = nbi(); r.fromInt(i); return r; }
// (protected) set from string and radix
function bnpFromString(s,b) {
var k;
if(b == 16) k = 4;
else if(b == 8) k = 3;
else if(b == 256) k = 8; // byte array
else if(b == 2) k = 1;
else if(b == 32) k = 5;
else if(b == 4) k = 2;
else { this.fromRadix(s,b); return; }
this.t = 0;
this.s = 0;
var i = s.length, mi = false, sh = 0;
while(--i >= 0) {
var x = (k==8)?s[i]&0xff:intAt(s,i);
if(x < 0) {
if(s.charAt(i) == "-") mi = true;
continue;
}
mi = false;
if(sh == 0)
this[this.t++] = x;
else if(sh+k > this.DB) {
this[this.t-1] |= (x&((1<<(this.DB-sh))-1))<<sh;
this[this.t++] = (x>>(this.DB-sh));
}
else
this[this.t-1] |= x<<sh;
sh += k;
if(sh >= this.DB) sh -= this.DB;
}
if(k == 8 && (s[0]&0x80) != 0) {
this.s = -1;
if(sh > 0) this[this.t-1] |= ((1<<(this.DB-sh))-1)<<sh;
}
this.clamp();
if(mi) BigInteger.ZERO.subTo(this,this);
}
// (protected) clamp off excess high words
function bnpClamp() {
var c = this.s&this.DM;
while(this.t > 0 && this[this.t-1] == c) --this.t;
}
// (public) return string representation in given radix
function bnToString(b) {
if(this.s < 0) return "-"+this.negate().toString(b);
var k;
if(b == 16) k = 4;
else if(b == 8) k = 3;
else if(b == 2) k = 1;
else if(b == 32) k = 5;
else if(b == 4) k = 2;
else return this.toRadix(b);
var km = (1<<k)-1, d, m = false, r = "", i = this.t;
var p = this.DB-(i*this.DB)%k;
if(i-- > 0) {
if(p < this.DB && (d = this[i]>>p) > 0) { m = true; r = int2char(d); }
while(i >= 0) {
if(p < k) {
d = (this[i]&((1<<p)-1))<<(k-p);
d |= this[--i]>>(p+=this.DB-k);
}
else {
d = (this[i]>>(p-=k))&km;
if(p <= 0) { p += this.DB; --i; }
}
if(d > 0) m = true;
if(m) r += int2char(d);
}
}
return m?r:"0";
}
// (public) -this
function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }
// (public) |this|
function bnAbs() { return (this.s<0)?this.negate():this; }
// (public) return + if this > a, - if this < a, 0 if equal
function bnCompareTo(a) {
var r = this.s-a.s;
if(r != 0) return r;
var i = this.t;
r = i-a.t;
if(r != 0) return r;
while(--i >= 0) if((r=this[i]-a[i]) != 0) return r;
return 0;
}
// returns bit length of the integer x
function nbits(x) {
var r = 1, t;
if((t=x>>>16) != 0) { x = t; r += 16; }
if((t=x>>8) != 0) { x = t; r += 8; }
if((t=x>>4) != 0) { x = t; r += 4; }
if((t=x>>2) != 0) { x = t; r += 2; }
if((t=x>>1) != 0) { x = t; r += 1; }
return r;
}
// (public) return the number of bits in "this"
function bnBitLength() {
if(this.t <= 0) return 0;
return this.DB*(this.t-1)+nbits(this[this.t-1]^(this.s&this.DM));
}
// (protected) r = this << n*DB
function bnpDLShiftTo(n,r) {
var i;
for(i = this.t-1; i >= 0; --i) r[i+n] = this[i];
for(i = n-1; i >= 0; --i) r[i] = 0;
r.t = this.t+n;
r.s = this.s;
}
// (protected) r = this >> n*DB
function bnpDRShiftTo(n,r) {
for(var i = n; i < this.t; ++i) r[i-n] = this[i];
r.t = Math.max(this.t-n,0);
r.s = this.s;
}
// (protected) r = this << n
function bnpLShiftTo(n,r) {
var bs = n%this.DB;
var cbs = this.DB-bs;
var bm = (1<<cbs)-1;
var ds = Math.floor(n/this.DB), c = (this.s<<bs)&this.DM, i;
for(i = this.t-1; i >= 0; --i) {
r[i+ds+1] = (this[i]>>cbs)|c;
c = (this[i]&bm)<<bs;
}
for(i = ds-1; i >= 0; --i) r[i] = 0;
r[ds] = c;
r.t = this.t+ds+1;
r.s = this.s;
r.clamp();
}
// (protected) r = this >> n
function bnpRShiftTo(n,r) {
r.s = this.s;
var ds = Math.floor(n/this.DB);
if(ds >= this.t) { r.t = 0; return; }
var bs = n%this.DB;
var cbs = this.DB-bs;
var bm = (1<<bs)-1;
r[0] = this[ds]>>bs;
for(var i = ds+1; i < this.t; ++i) {
r[i-ds-1] |= (this[i]&bm)<<cbs;
r[i-ds] = this[i]>>bs;
}
if(bs > 0) r[this.t-ds-1] |= (this.s&bm)<<cbs;
r.t = this.t-ds;
r.clamp();
}
‘navigator’ 未定义,将 navigator = this
贴上去
调试加密算法
python执行
自写加密算法加密实例
登录发包
疑似点下断调试
查找加密算法
加密算法实现
function p(e, t) {
var n = (65535 & e) + (65535 & t);
return (e >> 16) + (t >> 16) + (n >> 16) << 16 | 65535 & n
}
function a(e, t, n, o, i, r) {
return p((s = p(p(t, e), p(o, r))) << (a = i) | s >>> 32 - a, n);
var s, a
}
function l(e, t, n, o, i, r, s) {
return a(t & n | ~t & o, e, t, i, r, s)
}
function m(e, t, n, o, i, r, s) {
return a(t & o | n & ~o, e, t, i, r, s)
}
function f(e, t, n, o, i, r, s) {
return a(t ^ n ^ o, e, t, i, r, s)
}
function g(e, t, n, o, i, r, s) {
return a(n ^ (t | ~o), e, t, i, r, s)
}
function c(e, t) {
e[t >> 5] |= 128 << t % 32,
e[14 + (t + 64 >>> 9 << 4)] = t;
var n, o, i, r, s, a = 1732584193,
c = -271733879,
u = -1732584194,
d = 271733878;
for (n = 0; n < e.length; n += 16) a = l(o = a, i = c, r = u, s = d, e[n], 7, -680876936),
d = l(d, a, c, u, e[n + 1], 12, -389564586),
u = l(u, d, a, c, e[n + 2], 17, 606105819),
c = l(c, u, d, a, e[n + 3], 22, -1044525330),
a = l(a, c, u, d, e[n + 4], 7, -176418897),
d = l(d, a, c, u, e[n + 5], 12, 1200080426),
u = l(u, d, a, c, e[n + 6], 17, -1473231341),
c = l(c, u, d, a, e[n + 7], 22, -45705983),
a = l(a, c, u, d, e[n + 8], 7, 1770035416),
d = l(d, a, c, u, e[n + 9], 12, -1958414417),
u = l(u, d, a, c, e[n + 10], 17, -42063),
c = l(c, u, d, a, e[n + 11], 22, -1990404162),
a = l(a, c, u, d, e[n + 12], 7, 1804603682),
d = l(d, a, c, u, e[n + 13], 12, -40341101),
u = l(u, d, a, c, e[n + 14], 17, -1502002290),
a = m(a, c = l(c, u, d, a, e[n + 15], 22, 1236535329), u, d, e[n + 1], 5, -165796510),
d = m(d, a, c, u, e[n + 6], 9, -1069501632),
u = m(u, d, a, c, e[n + 11], 14, 643717713),
c = m(c, u, d, a, e[n], 20, -373897302),
a = m(a, c, u, d, e[n + 5], 5, -701558691),
d = m(d, a, c, u, e[n + 10], 9, 38016083),
u = m(u, d, a, c, e[n + 15], 14, -660478335),
c = m(c, u, d, a, e[n + 4], 20, -405537848),
a = m(a, c, u, d, e[n + 9], 5, 568446438),
d = m(d, a, c, u, e[n + 14], 9, -1019803690),
u = m(u, d, a, c, e[n + 3], 14, -187363961),
c = m(c, u, d, a, e[n + 8], 20, 1163531501),
a = m(a, c, u, d, e[n + 13], 5, -1444681467),
d = m(d, a, c, u, e[n + 2], 9, -51403784),
u = m(u, d, a, c, e[n + 7], 14, 1735328473),
a = f(a, c = m(c, u, d, a, e[n + 12], 20, -1926607734), u, d, e[n + 5], 4, -378558),
d = f(d, a, c, u, e[n + 8], 11, -2022574463),
u = f(u, d, a, c, e[n + 11], 16, 1839030562),
c = f(c, u, d, a, e[n + 14], 23, -35309556),
a = f(a, c, u, d, e[n + 1], 4, -1530992060),
d = f(d, a, c, u, e[n + 4], 11, 1272893353),
u = f(u, d, a, c, e[n + 7], 16, -155497632),
c = f(c, u, d, a, e[n + 10], 23, -1094730640),
a = f(a, c, u, d, e[n + 13], 4, 681279174),
d = f(d, a, c, u, e[n], 11, -358537222),
u = f(u, d, a, c, e[n + 3], 16, -722521979),
c = f(c, u, d, a, e[n + 6], 23, 76029189),
a = f(a, c, u, d, e[n + 9], 4, -640364487),
d = f(d, a, c, u, e[n + 12], 11, -421815835),
u = f(u, d, a, c, e[n + 15], 16, 530742520),
a = g(a, c = f(c, u, d, a, e[n + 2], 23, -995338651), u, d, e[n], 6, -198630844),
d = g(d, a, c, u, e[n + 7], 10, 1126891415),
u = g(u, d, a, c, e[n + 14], 15, -1416354905),
c = g(c, u, d, a, e[n + 5], 21, -57434055),
a = g(a, c, u, d, e[n + 12], 6, 1700485571),
d = g(d, a, c, u, e[n + 3], 10, -1894986606),
u = g(u, d, a, c, e[n + 10], 15, -1051523),
c = g(c, u, d, a, e[n + 1], 21, -2054922799),
a = g(a, c, u, d, e[n + 8], 6, 1873313359),
d = g(d, a, c, u, e[n + 15], 10, -30611744),
u = g(u, d, a, c, e[n + 6], 15, -1560198380),
c = g(c, u, d, a, e[n + 13], 21, 1309151649),
a = g(a, c, u, d, e[n + 4], 6, -145523070),
d = g(d, a, c, u, e[n + 11], 10, -1120210379),
u = g(u, d, a, c, e[n + 2], 15, 718787259),
c = g(c, u, d, a, e[n + 9], 21, -343485551),
a = p(a, o),
c = p(c, i),
u = p(u, r),
d = p(d, s);
return [a, c, u, d]
}
function u(e) {
var t, n = "";
for (t = 0; t < 32 * e.length; t += 8) n += String.fromCharCode(e[t >> 5] >>> t % 32 & 255);
return n
}
function d(e) {
var t, n = [];
for (n[(e.length >> 2) - 1] = void 0, t = 0; t < n.length; t += 1) n[t] = 0;
for (t = 0; t < 8 * e.length; t += 8) n[t >> 5] |= (255 & e.charCodeAt(t / 8)) << t % 32;
return n
}
function o(e) {
var t, n, o = "0123456789abcdef",
i = "";
for (n = 0; n < e.length; n += 1) t = e.charCodeAt(n),
i += o.charAt(t >>> 4 & 15) + o.charAt(15 & t);
return i
}
function i(e) {
return unescape(encodeURIComponent(e))
}
function r(e) {
return u(c(d(t = i(e)), 8 * t.length));
var t
}
function s(e, t) {
return function(e, t) {
var n, o, i = d(e),
r = [],
s = [];
for (r[15] = s[15] = void 0, 16 < i.length && (i = c(i, 8 * e.length)), n = 0; n < 16; n += 1) r[n] = 909522486 ^ i[n],
s[n] = 1549556828 ^ i[n];
return o = c(r.concat(d(t)), 512 + 8 * t.length),
u(c(s.concat(o), 640))
} (i(e), i(t))
}
function getpwd(e, t, n) {
return t ? n ? s(t, e) : o(s(t, e)) : n ? r(e) : o(r(e))
}
调试加密算法
python执行
总结
以上就是几种常见的前端加密算法的处理方式