Shulou(Shulou.com)06/01 Report--

For what is the solution of POST content encryption in the process of HTTP, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Preface of 0x00

A few days ago, my master and I mentioned that under normal circumstances, when you encounter encryption in the process of grabbing a bag, you will be very confused. I also thank you for the guidance among the bosses. At first, I saw that the type of password was subconsciously base64, but when I went to decrypt it and found that it was not correct, I later learned that the encrypted content of DES needed a key. See below.

0x01 text

First of all, let's briefly talk about DES encryption.

DES encryption: this is symmetrical encryption. To put it simply, encryption and decryption all use the same key.

So if we need to decrypt it, we need a key.

You can see here that the information in the red box is encrypted, so if we want to decrypt it, we have to have the key, and there's no need to panic, because the key pit can be found on the page, usually in the js file. It took me some time to find this file.

So we can get our key directly by using this function, and we can get our key directly by copying the function that generates the key in this js file and running it directly in the developer's tool.

This key is actually quite simple, this key is to extract the values in the token, and then the token can be seen in the request package.

And then we have the key, and we have to decrypt our parameters through the decryption function, but here we refer to the third-party "library", so we can't use it directly in the developer tool. I'm using node.js here.

I installed this library here through npm install crypto-js in advance because crypto-js is referenced in the function.

So you only need to run the encrypted content and key with this function to get the decrypted content.

0x02 summary

Finally, to sum up, don't be afraid when you encounter a package that is encrypted, because our functions like the above are easy to find and difficult to find, and then decrypt our content by referring to that decryption function.

This is the answer to the question about what is the solution to the encryption of POST content in the HTTP process. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.