js reverse analysis

Probably processes: (1) know how to find the login interface (2) know how to determine the location of Js (3) know how to observe the implementation of js (4) know js method of execution

1. Determine the site's login interfaces

······ form form (1) in the action corresponding to the login address url

······ (2) Analysis found capture, both the address and the parameters in the request body url, switch to mobile version, how much the number of parameters, JS Analysis

2, to determine the position of JS

······ (1) by clicking on the button, and then click Event Listener section, users can find the binding event, corresponding, just click to jump to the position js

????? (2) parts of the site may not bind button JS time to listen, then this time can be found by searching for the location of JS request keywords, such as Livecell

3. Observe the execution of js

After ····· (1) js Found positions, we can observe the position js, in particular how to find js performed, we can perform a subsequent simulation program by js python, or directly using a similar js2py js code into python program execution.

????? (2) After adding breakpoints continue to click login, each time the program will stop at the breakpoint position, if the bank through this variable has produced variable results will be displayed in the middle scoope

4. Perform js

Observe the code requires those parameters

(1) We need to login password is encrypted and obtain the value of the field rkey

(2) field values rkey we direct transmission request is available upon request rkey

(3) The password is first inverted and then RSA encrypts, js code is very complicated, we hope that through the implementation in python to achieve js

import requests

import json

import js2py

# - realization of ideas:

# - 1. Use the session to send rKey need for login information

# - url: http://activity.renren.com/livecell/rKey

# - Method: get

# Get session object

session = requests.session()

headers = {

"User-Agent": "Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Mobile Safari/537.36",

"X-Requested-With": "XMLHttpRequest",

"Content-Type":"application/x-www-form-urlencoded"

}

# Set the session information request header

session.headers = headers

response = session.get("http://activity.renren.com/livecell/rKey")

# print(response.content.decode())

n = json.loads(response.content)['data']

# - 2. encrypts the password according to the obtained information

# - Prepare your username and password

phoneNum = "131..."

password = "****"

# - Use js2py generate js execution environment: context

context = js2py.EvalJs()

# - use to copy the contents of the js file to this project

# - read the contents js file, use the context to execute them

with open("BigInt.js", 'r', encoding='utf8') as f:

context.execute(f.read())

with open("RSA.js", 'r', encoding='utf8') as f:

context.execute(f.read())

with open("Barrett.js", 'r', encoding='utf8') as f:

context.execute(f.read())

# - add the required data to the context of the environment

context.t = {'password': password}

context.n = n

# - js characters perform encryption password

js = '''

t.password = t.password.split("").reverse().join(""),

setMaxDigits(130);

var o = new RSAKeyPair(n.e,"",n.n)

, r = encryptedString(o, t.password);

'''

context.execute(js)

# - After obtaining the encrypted password information through context

# print(context.r)

password = context.r

# - 3. Use the session to send a login request

# - URL: http://activity.renren.com/livecell/ajax/clog

# - request methods: POST

# - Data:

# - phoneNum: 15565280933

# - password: (encrypted production)

# - c1: 0

# - rKey: rkey requests to obtain

data = {

'phoneNum': '131....',

'password': password,

'C1': 0,

'rKey':n['rkey']

}

# print(session.headers)

response = session.post("http://activity.renren.com/livecell/ajax/clog", data=data)

Guess you like