1. Open the login page of Qiangzhi Educational Administration System, press F12 to open the developer tools, and analyze
You can see that /jsxsd/xk/LoginToXk verifies the login information.
You can see that the account and passwd become encoded through the encodeInp function, that is, the user name and password are encrypted by JS and the encoded is returned to the above URL. You can
open the source and find it
Add the encodeInp method to files with JS encryption algorithm :
var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
function encodeInp(input) {
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
do {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64
} else if (isNaN(chr3)) {
enc4 = 64
}
output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2) + keyStr.charAt(enc3) + keyStr.charAt(enc4);
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = ""
} while (i < input.length);
return output
}
2. The front-end code can copy the above code, and the back-end uses OkHttp to send the request
3. Use jsoup to get real name
