“This is the 14th day of my participation in the November Gwen Challenge. See details of the event: The Last Gwen Challenge 2021”.

Dear, hello, everyone. I am “Front-end Xiaoxin”. 😇 has been engaged in front-end development and Android development for a long time


Background:

Prevent key information, such as user information, product information, and transaction information, from being exposed after packets are stolen. Packet replay and theft prevention are not considered this time.

Format of reconstruction packet:

  1. The reconstructed packet format is as followsheaderandrequestThe format of response message is similar to that of request message.
  2. inheaderIndicates the business location of the requestrequestType.
  3. headerSource of the packet to be sentfrom, the main difference is PC, Android, IOS or H5 terminal.
  4. headerA fixed representation of a message negotiated with a serverappKeyTo ensure the validity of the C end and prevent the request from the unknown client.
  5. inrequestTo add the service data required by the interface.
{
    "packages": {
        "header": {
            "requestType": ""."appKey": ""."from": ""
        },
        "request": {
            "uasrname": ""."password": ""}}}Copy the code

Front-end packet encryption process:

  1. Assemble the packet information in the preceding format.
  2. willrequestThe JSON object is converted to a string and the 3DES encryption algorithm is used to encrypt the request data and replace the encrypted data with the original datarequestThe content of the;
  3. After converting the JSON object of the message to a string, MD5 algorithm with salt is used to generate the whole message check.

Sending encrypted packets:

  1. Our message adopts POST request mode uniformly.
  2. We use MD5 generated check byurlCarry and pass.

Decryption process after the server receives the packet:

  1. The same salted MD5 is used to generate the check again for the message sent by POST and compare it with the check carried by URL. The information is consistent and proceed to the next step.
  2. The unencrypted header part of the packet is parsed to perform initial filtering for the validity of the packet. After the validity, the next step is performed.
  3. Use the 3DES encryption key of the same front-end and back-end to decrypt packets and send them to the corresponding service layer for use.

Source image:

Conclusion:

  1. The above encryption is semi-encryption, that is, only the service data in the packet is encrypted. You can also encrypt the header together (full encryption).
  2. The above 3DES symmetric encryption algorithm is used for encryption and decryption, and the safe storage of the secret key needs to be considered.
  3. Salt MD5 is used to ensure the consistency of packets before and after receiving.
  4. There are many aspects of packet security to consider. Security penetration companies often perform replay tests.
  5. Add decryption is also relative, crack the matter will do can not do.

Welcome to follow my public account “Front-end Xiaoxin students”, the first time to push original technical articles.