Disclaimer: This article is only for study and research, prohibited for illegal use, otherwise the consequences, such as infringement, please inform to delete, thank you!
preface
Target sites: aHR0cHM6Ly9wYXkud2FubWVpLmNvbS8 =
I. Page analysis
Click login, and then directly click verification will come out the verification code, if there is no or not slider, refresh and try a few times ok and then the classic verification code trilogyThe first connection takes the capTicketThe second connection is the request to obtain the verification code, will return the verification code type, and then the request parameter op can not write, do not verify, FP is the environment parameter, can write dead
The third is to return some captcha image parameters
Two, gap identification
1. Picture restoration
The picture returned by the interface is split, so we need to change the originalThe first thing that comes to mind is to hit the canvas breakpoint, and then after each paragraph, we go to see what the page looks like, and we find that the front end is doing some processing, so what are the values behind it
Here directly search background-image, you can find the unknown, as for how to restore, directly copy Baidu ok blog.csdn.net/chief_victo…
2. Gap identification
This kind of public type gap, identification is very simple, but also Baidu direct copy
Third, encryption function
Directly in the checksum position of the endpoint on 🆗, second kill
In the request parameters submitted for validation, validData and op are encrypted
Op is the track encryption, the track is very arbitrary, the array respectively represents X, Y, mouse action, time.
Just simulate it. It’s not strictly calibrated.
ValidData is encrypted based on the gap distance and the time it takes to slide
This is just a little bit of encryption, so easy to say.