Shulou(Shulou.com)06/03 Report--

Python how to carry out spinach website request CAPTCHA data parameter encryption logic analysis, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Today's website

This site also comes from contributions from group friends.

AHR0cDovL ViMy5pZ3V aS5jb20vIy8=

What needs to be analyzed is the data parameter submitted by the refresh CAPTCHA.

Encrypted location

Search for the data parameter first, and the match of 200 + is found in the result, so skip this positioning method for the time being.

However, the request for this page is a xhr request, so use the old method of xhr breakpoint to see

Refresh the page after hitting the breakpoint

The breakpoint is at the location of y.send, which is where the request was made. If you look at the stack on the Internet, you can see that most of the content in the stack is related to angular.js.

"

Angular is a very popular and easy-to-use Web front-end framework, currently maintained by Google

Since it is the content of the frame, do not look at it for a while and continue to look up, you can see the following stacks that need to be paid attention to.

There are several vm here. Click on the stack point corresponding to eval to see the following code

Although the code in this way has been confused, it can be analyzed by keyword that this is the code constructed by a post request.

The position of 1 shows that this is a post method

The location of 2 is the build parameter packet

The location of 3 can be seen as the place to complete the above packet parameter submission and request submission and callback

At this point, hit the breakpoint and refresh it.

If url is not a CAPTCHA request, just let it go.

Ps: other requests may also use this interface. For accuracy, we will only analyze the required links.

Until the url at this location shows the link we need

You can see that the parameter packet here is as follows

After cp, after several layers of logic

The result passed to the following is similar to the request submitted in the previous analysis

So we found the location of the encryption.

Encryption analysis

If you find the location of the encryption according to the above operation, continue to let go of all breakpoints and re-enter the encryption logic.

This time, we have to follow the logic to see what operations have been done after cp. We will dig it all out and we will be done.

Take a look at cp first.

In the cp method, we first make a judgment and enter the JSON.stringify.

It is then passed into the following logic

Lz [_ $_ 480d [1704]] (data_to_cp, 3, on_finish, on_progress)

Here lz [_ $_ 480d [1704]] is the yt function, and the result after the yt function is bit array.

And then into the bth method.

After you get the result of bth, hash the result and then splice the result of hash with the original result.

Var data = hex + md5 (hex)

In this way, we can deduct yt and bth, and the running result is as follows

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.