This is the 9th day of my participation in the August More Text Challenge. For details, see:August is more challenging
Today’s web site
aHR0cHM6Ly93ZWIuemtoMzYwLmNvbS9saXN0L2MtMjYwMTg2Lmh0bWw/c2hvd1R5cGU9cGljJmNscD0x
I found this website in a communication group and saved it for today’s story
Packet capture analysis and encryption location
Looking at the results of the packet capture, you can see that the request header contains two unknown parameters, ZKHS and ZKHST
Further retrieval of parameters ZKHST and ZKHS shows that the values of these two parameters have not been confused
And there are corresponding search results
According to the prompt inde of the search results, ZKHST and ZKHS are further retrieved in the file
The following key locations can be found in the file
Encryption analysis
It’s obvious in logic
e.headers.zkhs = o,e.headers.zkhst = r
Copy the codeThis line of code indicates that we are analyzing the two variables o and r
The assignments for these two variables can be found in the js logic above, respectively
o = u()("body=".concat(i, "¶ms=").concat(o, "&sign_token=").concat(r), r)
r = Object(s.f)("zkhst")
Copy the codeNext, as long as a single point of debugging, first look at the generation of O
The logic of o is to concatenate all parameters into u()
The argument here is a comma expression, and the resulting passed argument is r
r = ("body=".concat(i, "¶ms=").concat(o, "&sign_token=").concat(r)
Copy the codeThe obvious unknown parameters here are body and sign_token
And you can get the following result from the breakpoint analysis, which is the calculated r
body={"brandId":""."catalogueId":"260186"."cityCode":350100."clp":true."extraFilter": {"inStock":false."showIndustryFeatured":false},"from":0."fz":false."keyword":""."productFilter": {"brandIds": [""]."properties": {}},"rangeFilter":null."searchType": {"notNeedCorrect":false},"size":20."sort":0}¶ms={"traceId":"213681131613962067063"}&sign_token=799c9842f09c490196047064e10dead8
Copy the codeThe development of the website is very thoughtful, and added console.log to the logic
Both body and parmas are query parameters. The body contains information such as city information, which needs to be modified according to the content to be crawled
In addition to the unknown sign_token, this is another parameter to analyze ZKHST
ZKHST access
The result of debugging is that there is a switch control flow in the js located
If r = Object(s.f)(” ZKHST “) does not get a value, it goes to Object(L.i.)(); if r = Object(s.f)(” ZKHST “) does not get a value; This logic. If there is a value, the logic on line 926 will be broken.
So we need to change the value of Object(s.f)(” ZKHST “) to undefinde, enter s.f, and see the following logic
h = function(t) {
t = document.cookie.match(new RegExp("(^| )".concat(t, "= (/ ^; (*). | $)")));
return null! = t ?decodeURIComponent(t[2) :null
}
Copy the codeYou can get the ZKHST from the cookie, and you can just clear the ZKHST from the cookie to get into the generated logic
So clear the browser cache/cookies
Enter (L.i.)() successfully, and you can see the following logic
And it is also confirmed in the network
The ZKHST is returned by the page request.
At this point both encryption parameters have been obtained, you can get the data of the page.
Well, that’s all for today. See you next time