抓包分析
| 序号 | 参数名 | 描述 |
|---|---|---|
| 1 | fid | 学校ID |
| 2 | uname | 加密后的学号 |
| 3 | password | 加密后的密码 |
| 4 | numcode | 验证码 |
除了这几个参数是变动的外,其他的都可以保持原样。
判断一下学号和密码的加密特征
0QgUbMUJj2usHikiqtb8HQ==22个字符加上两个等号 大概可能为..AES加密
直接搜索请求的路径:/unitlogin,定位到login.js文件
向上翻找一下
// 对学号和密码进行加密
if(t == "true"){
let transferKey = "u2oh6Vu^HWe4_AES";
password = encryptByAES(password, transferKey);
uname = encryptByAES(uname, transferKey);
}
// 使用的加密方法
function encryptByAES(message, key){
let CBCOptions = {
iv: CryptoJS.enc.Utf8.parse(key),
mode:CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
};
let aeskey = CryptoJS.enc.Utf8.parse(key);
let secretData = CryptoJS.enc.Utf8.parse(message);
let encrypted = CryptoJS.AES.encrypt(
secretData,
aeskey,
CBCOptions
);
return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
}这里就很明显了
学号和密码的加密方式都是采用 AES 加密
加密模式为CBC
key为:u2oh6Vu^HWe4_AES
chsarp中复现
请求体处理,需要对学号和密码加密后的文本进行URL编码:
string requestBody = $"pid=-1&fid={schoolId}&uname={HttpUtility.UrlEncode(AESHelper.AesEncrypt(sn))}&numcode={verify}&password={HttpUtility.UrlEncode(AESHelper.AesEncrypt(password))}&refer=http%253A%252F%252Fi.chaoxing.com&t=true&hidecompletephone=0&doubleFactorLogin=0&independentId=0";AES加密工具类:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
namespace OnlineCourseToolKit.Utils
{
/// <summary>
/// AES加密解密 助手类
/// CBC加密模式
/// </summary>
public class AESHelper
{
/// <summary>
/// 默认密钥-长度32位
/// </summary>
private const string Key = "u2oh6Vu^HWe4_AES";
/// <summary>
/// 默认向量-长度16位
/// </summary>
private const string Iv = "u2oh6Vu^HWe4_AES";
/// <summary>
/// AES加密
/// </summary>
/// <param name="str">需要加密字符串</param>
/// <returns>加密后字符串</returns>
public static string AesEncrypt(string str)
{
return Encrypt(str, Key);
}
/// <summary>
/// AES解密
/// </summary>
/// <param name="str">需要解密字符串</param>
/// <returns>解密后字符串</returns>
public static string AesDecrypt(string str)
{
return Decrypt(str, Key);
}
/// <summary>
/// AES 加密
/// </summary>
/// <param name="str">明文(待加密)</param>
/// <param name="key">密文</param>
/// <returns></returns>
private static string Encrypt(string str, string key)
{
if (string.IsNullOrEmpty(str)) return null;
Byte[] toEncryptArray = Encoding.UTF8.GetBytes(str);
RijndaelManaged rm = new RijndaelManaged
{
Key = Encoding.UTF8.GetBytes(key),
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7,
IV = Encoding.UTF8.GetBytes(Iv)
};
ICryptoTransform cTransform = rm.CreateEncryptor();
Byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
/// <summary>
/// AES 解密
/// </summary>
/// <param name="str">明文(待解密)</param>
/// <param name="key">密文</param>
/// <returns></returns>
private static string Decrypt(string str, string key)
{
if (string.IsNullOrEmpty(str)) return null;
Byte[] toEncryptArray = Convert.FromBase64String(str);
RijndaelManaged rm = new RijndaelManaged
{
Key = Encoding.UTF8.GetBytes(key),
Mode = CipherMode.ECB,
Padding = PaddingMode.PKCS7,
IV = Encoding.UTF8.GetBytes(Iv)
};
ICryptoTransform cTransform = rm.CreateDecryptor();
Byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
return Encoding.UTF8.GetString(resultArray);
}
}
}
dalao
看不懂,大佬能写一遍不