某通逆向登陆

URL地址
1
aHR0cHM6Ly9wYXNzcG9ydDIuY2hhb3hpbmcuY29tL2xvZ2luP2ZpZD0mcmVmZXI9aHR0cDovL2kubW9vYy5jaGFveGluZy5jb20=

开始实战

分析目标点
1
打开f12就一直被弹点击这个paused on breakpoint

1

1
先输入错误账号密码

2

1
点击登陆之后我们发现了fanyalogin接口

3

1
从payload看到账号密码是加密的

4

1
我们来到initiator,login.js这里进入

5

JS解密
1
打上断点看看

6

1
这里进入找到js加密代码

7

1
把这个代码复制下来

8

1
这个也要

9

1
编写python和测试js比较简单不再这赘诉

结束

1
完整的代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
const CryptoJS = require("crypto-js");

pwd = 'your'
phone = 'your'
transferKey = "u2oh6Vu^HWe4_AES";
function encryptByAES(message, key) {
    let CBCOptions = {
        iv: CryptoJS.enc.Utf8.parse(key),
        mode: CryptoJS.mode.CBC,
        padding: CryptoJS.pad.Pkcs7
    };
    let aeskey = CryptoJS.enc.Utf8.parse(key);
    let secretData = CryptoJS.enc.Utf8.parse(message);
    let encrypted = CryptoJS.AES.encrypt(
        secretData,
        aeskey,
        CBCOptions
    );
    return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
}

pwd = encryptByAES(pwd, transferKey)
console.log(pwd);
phone = encryptByAES(phone, transferKey)
console.log(phone);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import execjs
import requests

username = "your"
password = "your"
transferKey = "u2oh6Vu^HWe4_AES";
cookies = {
    'lv': '0',
    'fid': '1846',
    '_uid': '112399212',
    'UID': '112399212',
    'vc': 'E4B6668C281AA2F8DE2395D52C660432',
    'vc2': '3C96142F6EF8322A68E54A01F0039FDA',
    'xxtenc': '026486b4caa89a294bee7a33f502bc76',
    'uf': 'b2d2c93beefa90dc2dd691e7f466d1fabe3f2da441a21bcaf34c02416f6ef302db1bf9a0e5ffcfc9e0bd467377a6d736913b662843f1f4ad6d92e371d7fdf644990b1001019c3ee1fd68be96b6183b1a43db19639184bc45d0a625b06b7d163de739a11c37c7a010',
    '_d': '1727683189967',
    'vc3': 'POUK4MCQGfvlX8iloVbG%2Fn%2Bl1cCgsECyafjHQWaJTzJOXY7imCP4a20dN8RJ6wfHTkLwpGXJ8LRjEbyALntJrVyP1zGqJWb3JWyzuuOkN0rfAB%2Bn1I8BMSDeRqB1FUF4WEXyYIP74XlzX13uLDsdMyGmLtxitQYKuDKtXismdrk%3D2e579a0493f142d77471735b9c264936',
    'cx_p_token': '6f976f183a17b5ed4c064d50c63a8b8b',
    'p_auth_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIxMTIzOTkyMTIiLCJsb2dpblRpbWUiOjE3Mjc2ODMxODk5NjksImV4cCI6MTcyODI4Nzk4OX0.vL3GjAGwYouw0hihe9yT1F6_xxrNdr7zdpslkQZ3dgA',
    'DSSTASH_LOG': 'C_38-UN_111-US_112399212-T_1727683189969',
    'JSESSIONID': 'D96A1A21553924FB815A507BC01B5FBE',
    'route': '2763694f69e41d34a4f731c4671ac18e',
    'retainlogin': '1',
}

headers = {
    'Accept': 'application/json, text/javascript, */*; q=0.01',
    'Accept-Language': 'zh-CN,zh;q=0.9,ja;q=0.8',
    'Connection': 'keep-alive',
    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
    # 'Cookie': 'lv=0; fid=1846; _uid=112399212; UID=112399212; vc=E4B6668C281AA2F8DE2395D52C660432; vc2=3C96142F6EF8322A68E54A01F0039FDA; xxtenc=026486b4caa89a294bee7a33f502bc76; uf=b2d2c93beefa90dc2dd691e7f466d1fabe3f2da441a21bcaf34c02416f6ef302db1bf9a0e5ffcfc9e0bd467377a6d736913b662843f1f4ad6d92e371d7fdf644990b1001019c3ee1fd68be96b6183b1a43db19639184bc45d0a625b06b7d163de739a11c37c7a010; _d=1727683189967; vc3=POUK4MCQGfvlX8iloVbG%2Fn%2Bl1cCgsECyafjHQWaJTzJOXY7imCP4a20dN8RJ6wfHTkLwpGXJ8LRjEbyALntJrVyP1zGqJWb3JWyzuuOkN0rfAB%2Bn1I8BMSDeRqB1FUF4WEXyYIP74XlzX13uLDsdMyGmLtxitQYKuDKtXismdrk%3D2e579a0493f142d77471735b9c264936; cx_p_token=6f976f183a17b5ed4c064d50c63a8b8b; p_auth_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIxMTIzOTkyMTIiLCJsb2dpblRpbWUiOjE3Mjc2ODMxODk5NjksImV4cCI6MTcyODI4Nzk4OX0.vL3GjAGwYouw0hihe9yT1F6_xxrNdr7zdpslkQZ3dgA; DSSTASH_LOG=C_38-UN_111-US_112399212-T_1727683189969; JSESSIONID=D96A1A21553924FB815A507BC01B5FBE; route=2763694f69e41d34a4f731c4671ac18e; retainlogin=1',
    'Origin': 'https://passport2.chaoxing.com',
    'Referer': 'https://passport2.chaoxing.com/login?fid=&refer=http://i.mooc.chaoxing.com',
    'Sec-Fetch-Dest': 'empty',
    'Sec-Fetch-Mode': 'cors',
    'Sec-Fetch-Site': 'same-origin',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36',
    'X-Requested-With': 'XMLHttpRequest',
    'sec-ch-ua': '"Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
}

data = {
    'fid': '-1',
    'uname': '',
    'password': '',
    'refer': 'http%3A%2F%2Fi.mooc.chaoxing.com',
    't': 'true',
    'forbidotherlogin': '0',
    'validate': '',
    'doubleFactorLogin': '0',
    'independentId': '0',
    'independentNameId': '0',
}
f = open('xxt.js', encoding='utf-8').read()
js_code = execjs.compile(f)

encoded_username = js_code.call("encryptByAES", username, transferKey)
encoded_password = js_code.call("encryptByAES", password, transferKey)

data["uname"] = encoded_username
data["password"] = encoded_password

response = requests.post('https://passport2.chaoxing.com/fanyalogin', cookies=cookies, headers=headers, data=data)
json_data = response.json()
print(json_data)

通关

20