0x00目标url
aHR0cHM6Ly93d3cuY2hhbm1hbWEuY29tL2F1dGhvckRldGFpbC85OTI0MjExODcxOC9wcm9tb3Rpb24=
0x01接口分析
简单的get
但是返回数据被加密了
这里我们就来想想怎么解密这些数据。首先后端发来的数据是加密的,但是我们在前端看到的可不是加密后的数据。前端必然存在解密的js函数。
0x02定位解密函数
可以直接看看发起程序。这里有更快捷键的方式就是搜索decrpt
下断点后进行调试。
可以看到经过ungzip函数后,解密数据e被解密了,这时我们可以进行rpc,即可获取完整的解密数据。但是我们可以仔细研究下这个ungzip是什么。
0x03关键函数扣取
n = _.enc.Utf8.parse("cmmgfgehahweuuii"),
a= _.AES.decrypt(e, n, {
mode: _.mode.ECB,
padding: _.pad.Pkcs7
}),
i = O(a),
r = x.ungzip(i, {
to: "string"
})
第一个ECB模式的decrypt可以用Crypto-js方便地实现,然后直接跟进ungzip函数
Fi函数即使ungzip,正常来说,我们只要把代码扣下来,放到本地运行,然后根据报错信息进行补全(补环境即可)。但是我们把文件拉到最开始,你会发现是webpack打包后的js文件。
那么如何应对呢?
首先要知道webpack是什么以及起到的作用,简单来说webpack就是把要到的js文件进行打包,当然开发者也有可能对其中的js文件进行混淆,作为保护js代码的防护措施。那么打包的型式就有单文件打包和整体打包。同时打包后的模块需要导出才能使用,模块与模块之间可能会存在依赖关系,需要具体情况具体分析,这里推荐一个视频,lx大佬在b站录制的–
https://www.bilibili.com/video/BV1QS4y1i7vp/?spm_id_from=333.337.search-card.all.click&vd_source=ea03b03f388e19d21c8823f140d40a8b
现在回到本文.
从这里看到是整体打包,先全部扣取到本地。
我们搜索Fi(e,函数,定位到acff
复制到一个新的js文件
接着先用Crypto-js实现第一部分的AES解密
const CryptoJs = require("crypto-js");
const cfg = {
mode:CryptoJs.mode.ECB,
padding:CryptoJs.pad.Pkcs7
}
function O_(t){
var e, n, a = t.words.length, i = new Uint8Array(t.sigBytes), r = 0;
for (n = 0; n < a; n++)
e = t.words[n],
i[r++] = e >> 24,
i[r++] = e >> 16 & 255,
i[r++] = e >> 8 & 255,
i[r++] = 255 & e;
return i
}
let key = CryptoJs.enc.Utf8.parse("cmmgfgehahweuuii")
var enc_data = "ka+WNHBuUPTHPXSmTK/vnmD7GVU3MIlUFcCxJk3sRMICNxFcF0NVrlkcwXTAqXvl/ZwBgfRW09jyay6iO8z3Poy+FcvgBD5fV3tk0177InpE2xH2shl8DeqN1p2Qz0x+EPhiJxj609ghJGaBKyeUBzzJobWH+pBEFOk0CDCqFUh2HikNsTO3rTJ2vwpovpA6GszQFSSY2Sj/Kp/NYTqTjThCe08TcxtkmctKs+NcvqyweHrk0jRbOec9c1QIcOIaFaAHCCe6oy9I/Hoi3F5kWk+dAErur0W1ZdxxQStMn0C7yx2hi+qxiYxoGtaYvHatKcR9EY3WDvhUmlwS63XOaZ4Gjay2vPNVi8UtF0LZkQE3AmdUa6P1Bmxd1de14WtEP4F/EK/WiEVcrV3AzzS1dy00n+EAkSiWXYApMgI10KbdPxukWn0QXPlk/YT0/sv4fQRXn8Q3hmX3Q/YJ2UAcZA=="
var dec_data = CryptoJs.AES.decrypt(enc_data,key,cfg)
var i_ = O_(dec_data)
console.log(i_)
与浏览器的数据对比,可以看到完全一致
然后我们将acff有关n的注释掉
最终得到了可以运行的解密函数。
0x04解密结果
{"volume_chart":[{"date":"20230401","first":0,"second":64248,"second_text":"5w~7.5w"},{"second":158192,"second_text":"10w~25w","date":"20230402","first":0},{"date":"20230408","first
":0,"second":123907,"second_text":"10w~25w"},{"date":"20230412","first":0,"second":107826,"second_text":"10w~25w"},{"date":"20230415","first":0,"second":154260,"second_text":"10w~25
w"},{"date":"20230423","first":0,"second":195428,"second_text":"10w~25w"}],"amount_chart":[{"date":"20230401","first":0,"second":2737909.51,"second_text":"250w~500w"},{"date":"20230
402","first":0,"second":10213450.8,"second_text":"1000w~2500w"},{"date":"20230408","first":0,"second":8599872.58,"second_text":"750w~1000w"},{"second_text":"750w~1000w","date":"2023
0412","first":0,"second":8676732.92},{"date":"20230415","first":0,"second":10139499.41,"second_text":"1000w~2500w"},{"second_text":"1000w~2500w","date":"20230423","first":0,"second"
:15799242.52}],"aweme_chart":[{"date":"20230401","first":0,"second":0},{"first":0,"second":0,"date":"20230402"},{"date":"20230408","first":0,"second":0},{"date":"20230412","first":0
,"second":0},{"date":"20230415","first":0,"second":0},{"date":"20230423","first":0,"second":0}],"room_chart":[{"date":"20230401","first":64248,"second":2737909.51},{"date":"20230402
","first":158192,"second":10213450.8},{"date":"20230408","first":123907,"second":8599872.58},{"second":8676732.92,"date":"20230412","first":107826},{"date":"20230415","first":154260
,"second":10139499.41},{"second":15799242.52,"date":"20230423","first":195428}]}
![读书笔记-《ON JAVA 中文版》-摘要15[第十五章 异常]](https://img-blog.csdnimg.cn/23514dd52c824b8b95e44071635a1b67.png)
