Shulou(Shulou.com)06/01 Report--

In order to solve this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.

Sensor_data this thing, I believe many people know this thing, I have also done this site login before, but unsuccessful, can only get some web page data, for login, has been rejected, like the following.

Today, I finally took it down.

Next, let's talk about what this thing needs, and this site is easy for you if you can use ast to restore the code. After the restore, it looks like this:

But this website is very magical, after I restore the code, I use fiddler to replace the js file, the site reported an error, and then I try not to open the redirect js file, it is still no good, to remove all the things in cookie is not good, but other people's computers can, if there is a big god knows the reason, I hope to communicate.

After the restore, you will know at a glance what this site has detected, all browser fingerprints. When initializing sensor_data for the first time, only a small number of browser fingerprints, such as ua and browser width, are used. More fingerprints are loaded on several timers, as shown below:

So you need to make a breakpoint in some places where you get browser fingerprints, and it's okay to have more than a few. You'd rather kill by mistake than let it go.

What is more powerful is that the browser fingerprints are all in plain text and are not encrypted. In this way, if you crawl, it will be easy to block the browser and require a large number of browser fingerprints, which is also a very difficult thing. Experienced people can also communicate.

Inside the getforminfo function is to get the current page of the input form properties, this can be simulated, can also be directly fixed, anyway, I can also be fixed, no need to change.

The timing function in it needs to be called by itself at the appropriate time, and the approximate sequence of calls is as follows:

This experienced word is easy to deal with, and then it is more difficult. There are many listening events, such as click, mousedown, keydown, mousemove and other 17 events, but mainly mousemove and mousedown events, because the mousedown event will update abck cookie,mousemove everywhere, but only record the first 100 mousemove, the other is not clear, did not take a closer look.

If you need to simulate events, you can add your own js statements to js to collect event tracks, using fiddler redirection. Note that you must need the mousedown event to be the last, because only this event will update the sensor_data, and everything else is gathering information, so you need him to be the last event.

Coming here is almost successful, and all that's left is the simulation request. If he initializes here, he will have two requests at the beginning.

The first is to request the js of the file, which is used to generate the sensor_data, and the second is to get the initialized sensor_data and send it to the server for verification.

Then the timer will have a request, because it updates the sensor_data, so it also needs to be sent to the server.

Because we need to simulate login, there will be two more mousedown events, one of which is to click login to display the login control.

Another one clicks the login button to log in.

So two more such requests are needed, so it has been verified a total of five times, which is very important.

If you only simulate four times, the success rate is about 50%, and you can't run it every minute. After five simulations, the success rate is stable.

The next step is the login request. I directly fixed the data parameters of the login request, because I was just learning, not climbing or doing anything else, so I fixed it directly. This is all you need for a login request:

Finally, it is important, because this website needs to use many intermediate variables to encrypt sensor_data step by step, and each encrypted variable is related to the last time, so you need to use nodejs to open an api interface. If you use execjs directly, it is very difficult, and it is not difficult to open an api, as follows:

Finally, after doing these, you can log in, the difficulty of this site lies in the track, but it seems that the track is not very calibrated, other things are not difficult, the encryption inside is only using base64 and a summary algorithm, it seems that it is basically plaintext, so it is not difficult, it is easier for you to operate the ast restore code. This is the answer to the question about what sensor_data is needed to log in to the website. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.