Some time ago, there has been a friend around me: small Q ah, you will not this JS reverse ah, we do not know the boss recently which tendon is wrong, let me go to the whole thing, the head is a little not enough, for rescue ah, more
That today I sorted out how to complete the reverse analysis of website encryption parameters, through a case to tell you, a basic idea of JS reverse is what it looks like, the site case for www.hh1024.com/
background
Previously, we have talked about why websites set encryption parameters. Briefly speaking, one is to speed up the loading speed of the website framework, and the other is to shield some low-end crawlers. For programs that cannot decrypt parameters, they cannot launch normal network requests.
Now let’s start analyzing the interface of this website. Ready?
\
\
Interface analysis
Before analyzing the interface information, you first capture several different requests using the browser’s own developer tools.
\
Request parameter content
\
Response data results
According to the content displayed in the packet capture request, it can be found that in order to obtain the list data, it must simulate sending the request.
If you want to simulate sending a request, you must first understand the meaning of each parameter, among which the parameters that will change with each request are sign and TIMESTAMP.
After observation and analysis, it can be found that timestamp is a timestamp, so we only need to get the encryption mode of parameter sign to simulate sending a request.
Parameter encryption analysis
After knowing the encryption parameters that need to be obtained, the position of JS encryption can be found by searching the request parameters.
The specific search process is shown in the figure below:
\
The search process
After searching for all of the request parameters in sequence, you can see that the search for the tenant parameter returns only one result.
\
tenant
After entering the unique JS file, continue to search for Tenant by CTRL + F and you will see the following:
\
\
You can see the composition of the sign parameter. Let’s briefly analyze what the sign parameter consists of before encryption.
The first is the parameter param, which is the submitted parameter we requested this time. The data is in the format of a key-value pair, and then a time stamp and a fixed character H are spliced together. After obtaining the original data, sha256 encryption is called to process the data.
Python simulates the encryption process
Now that we know how to encrypt the sign parameter and the original content of the encryption, let’s construct the same content and the same encryption algorithm in Python to see if we can simulate the encryption process.
import hashlib H = "kbn%&)@<? FGkfs8sdf4Vg1*+; 'kf5nDL $" param= '{"no":"dy0019","data":{"rankType":5}}' TIMESTAMP = '1613885007548' # Encrypt_data =" param=" + Param + "×tamp=" + timestamp + "&tenant=1&salt=" + H hs = hashlib.sha256() hs.update(encrypt_data.encode(' UTF-8 ')) sign = hs.hexdigest() print(sign)Copy the code
According to the result of code operation, the result after encryption is consistent with the sign that needs to be verified, and the encryption is complete.
See here, our first JS website reverse content is over, mainly to share with you, after meeting the request parameter encryption, how to calmly analyze the parameters, and how to find the parameters of the encryption process.
If you want to learn more, you can continue to follow, and a series of specific anti-crawler solutions will be updated next.
Thanks for your attention ~