Target URL: aHR0cHM6Ly93d3cucWltYWkuY24vcmFuay9pbmRleC9icmFuZC9hbGwvZGV2aWNlL2lwaG9uZS9jb3VudHJ5L2NuL2dlbnJlLzM2 (ba64 decoding is required to obtain the parameters)
Encryption parameters that need to be reversed: analysis
1. Click on the data interface to trigger the request
2. Click the load to view the parameters
You can see that there is a parameter called analysis, which is similar to base64 encryption. It has been verified by the author that different data interfaces have different encryption results.
3. Make XHR breakpoints
Check the encryption process and copy the query path. What is in front of the question mark is the query path. You can copy the entire query path including the domain name and protocol, or you can just copy the query path (just go to the question mark after the domain name).
4. Trigger breakpoints
You can see that the breakpoint stops at send
5. Click the Skip next function call button (marked in red) and click three times
6. After clicking three times, the breakpoint is in the then method. Axios responds to the interception callback method in the then method.
7. Click the button to enter the function (marked in red)
8. Click the Skip function call button again (click twice), and you can see that the response interceptor has obtained the data.
9. Click the Skip function call button again (click twice) to enter the response interceptor.
10. Enter inside the request interceptor
The request interceptor (modify the interception before sending the request) is above. If we scroll up, we can see that the request interceptor is above the response interceptor. What is the use of finding the request interceptor?
It is mainly used to encrypt and decrypt the request body or request parameters before sending the request to ensure the security and correctness of the request. In addition, the request interceptor can also process the request header, request body, request tail and other parts, such as setting request headers, adding back-end verification codes, etc., to enhance the security and reliability of the entire request.
11. Add breakpoint debugging to the request interceptor:
12. Skip function debugging
Click the small triangle button (jump to the next breakpoint)
13. Jump point adjustment
ctrl+R Globally refresh the web page, enter the breakpoint, and click the semicircle button twice (skip the next function call)
14. You can see that e is the decryption result. We need to clarify the logical encryption of e:
e=(0, i[jt])((0,i[qt])(a, d)) 0 represents the priority of code execution
15. Output the value of e on the console and get the following results:
16. After we disassembled e-encryption:
(i[jt])((i[qt])(a, d))
(i[jt])=v method
(i[qt])=h method
17. Dismantle the encryption logic of e
Knowing that v is an encryption method, the h method passes in two parameters, and the result is decrypted by the v method, and finally forms the analysis value we need.
18. Deduct v method and h method
Place the mouse on (i[jt]) to pop up this screen. Click the red icon to enter the v method.
19. Copy the v method and use a similar method to copy the h method.
20. What needs to be noted is: make up for what is missing. The above is the general idea.
Due to the limited length of the article, this article ends here. If you need to finish the js code, please send me a private message (private message content: Qimai js)
Execution effect:
PS: Remember to give it a like if it’s useful!