Analysis of the request

First, go to the target website, Elephant Hunt (taodaxiang.com/credit2).

Open “Developer Tools” to automatically enter debug, let’s first format to see if we can override the function.

This is obviously not easy to solve, so let’s try to get around this retrocrawl by using conditional breakpoints.

In line 3393 and 3395, we right-click and Add “Add Conditional Breakpoint” and enter “false” in the dialog box that appears. At this time, we bypass the infinite Debbuger’s backward crawl.

Although reverse climbing is quickly bypassed here, the “conditional breakpoint” has some limitations, and I recommend an article for you to learn.

Segmentfault.com/a/119000001…

After solving the anti-crawling measures, we refreshed the page to view the page request, and soon found the request interface, encryption parameters and other information.

Request interface:

Encryption parameter sign:

Positioning encryption position

We locate the interface and encryption parameters through the captured packet request. We try to locate the encryption location by searching for the sign keyword.

By searching, we found three files containing keywords. By retrieving the files, we quickly located the encryption location of the sign value:

Analysis of the encryption

Obviously, this js file has gone through some confusion, and there are two ways to solve it:

One is to directly button the code, bypassing the debugger after the button this code is not too simple.

Second, read through encryption, directly rewrite python encryption.

The encryption is relatively simple, the overall encryption is MD5, as you can guess by analyzing the request, the encryption will not change multiple times, the next step is to analyze which fields are encrypted to md5 values.

What is obvious here are two pieces of code in JS:

_0x2C114b [‘XDFEp’] This method concatenates strings

_0x2C114b [‘zANjZ’] This method takes the MD5 value of the string

After debugging the breakpoint, it is found that the last string is composed of “query keyword” + “fixed key” + “query keyword” + “type parameter value”.

Comparing the two methods, the python method is more convenient to rewrite, the main code is as follows:

from hashlib import md5
def md5value(s):
	a = md5(s.encode()).hexdigest()
	return a
Copy the code

Here the analysis of the website – tao elephant was we cracked, the website encryption is not very difficult is the main difficulty of the analysis of the infinite debugger, in fact, there are many other similar websites, you can refer to the method mentioned in the article to try their own ~