爬虫模拟登录中,目标网站使用 JS 加密密码再 POST,是选择模拟一遍 JS 代码,还是选择使用 JS 引擎获得运行结果?
zyqf · 2018-03-01 16:59:30 +08:00 · 4448 次点击这是一个创建于 2450 天前的主题,其中的信息可能已经有所发展或是发生改变。
主要部分
各位前辈,你们是选择照着 JS 代码敲一遍具体代码,还是选择使用 js 引擎获得运行结果呢?
如果是自己实现 JS 功能的话,我放出关键的 JS 代码,感觉工作量略大。。。。。
两个变量
{"exponent":"AQAB","modulus":"AKpNUUppYjjjE7HljGMT4ufwytJIEoz68S0+K3\/Wvjwotal0lUlu3xvnzlJR3OCrkxEzk4Oa5zvKUhMARip4oO+dprByj97ip7k2M70O8ft28mLs95WEkiMNiLrWJ66hE1pABLSEAxX1RObZsoo\/8XSQ+NlqkwcCY\/cC5nuoG95V"}
登录加密关键代码
var rsaKey = new RSAKey();
rsaKey.setPublic(b64tohex(modulus), b64tohex(exponent));
var enPassword = hex2b64(rsaKey.encrypt($("#mm").val()));
$("#mm").val(enPassword);
$("#hidMm").val(enPassword);
rsa.js
// Depends on jsbn.js and rng.js
// Version 1.1: support utf-8 encoding in pkcs1pad2
// convert a (hex) string to a bignum object
function parseBigInt(str,r) {
return new BigInteger(str,r);
}
function linebrk(s,n) {
var ret = "";
var i = 0;
while(i + n < s.length) {
ret += s.substring(i,i+n) + "\n";
i += n;
}
return ret + s.substring(i,s.length);
}
function byte2Hex(b) {
if(b < 0x10)
return "0" + b.toString(16);
else
return b.toString(16);
}
// PKCS#1 (type 2, random) pad input string s to n bytes, and return a bigint
function pkcs1pad2(s,n) {
if(n < s.length + 11) { // TODO: fix for utf-8
alert("Message too long for RSA");
return null;
}
var ba = new Array();
var i = s.length - 1;
while(i >= 0 && n > 0) {
var c = s.charCodeAt(i--);
if(c < 128) { // encode using utf-8
ba[--n] = c;
}
else if((c > 127) && (c < 2048)) {
ba[--n] = (c & 63) | 128;
ba[--n] = (c >> 6) | 192;
}
else {
ba[--n] = (c & 63) | 128;
ba[--n] = ((c >> 6) & 63) | 128;
ba[--n] = (c >> 12) | 224;
}
}
ba[--n] = 0;
var rng = new SecureRandom();
var x = new Array();
while(n > 2) { // random non-zero pad
x[0] = 0;
while(x[0] == 0) rng.nextBytes(x);
ba[--n] = x[0];
}
ba[--n] = 2;
ba[--n] = 0;
return new BigInteger(ba);
}
// "empty" RSA key constructor
function RSAKey() {
this.n = null;
this.e = 0;
this.d = null;
this.p = null;
this.q = null;
this.dmp1 = null;
this.dmq1 = null;
this.coeff = null;
}
// Set the public key fields N and e from hex strings
function RSASetPublic(N,E) {
if(N != null && E != null && N.length > 0 && E.length > 0) {
this.n = parseBigInt(N,16);
this.e = parseInt(E,16);
}
else
alert("Invalid RSA public key");
}
// Perform raw public operation on "x": return x^e (mod n)
function RSADoPublic(x) {
return x.modPowInt(this.e, this.n);
}
// Return the PKCS#1 RSA encryption of "text" as an even-length hex string
function RSAEncrypt(text) {
var m = pkcs1pad2(text,(this.n.bitLength()+7)>>3);
if(m == null) return null;
var c = this.doPublic(m);
if(c == null) return null;
var h = c.toString(16);
if((h.length & 1) == 0) return h; else return "0" + h;
}
// Return the PKCS#1 RSA encryption of "text" as a Base64-encoded string
//function RSAEncryptB64(text) {
// var h = this.encrypt(text);
// if(h) return hex2b64(h); else return null;
//}
// protected
RSAKey.prototype.doPublic = RSADoPublic;
// public
RSAKey.prototype.setPublic = RSASetPublic;
RSAKey.prototype.encrypt = RSAEncrypt;
//RSAKey.prototype.encrypt_b64 = RSAEncryptB64;
base64.js
var b64map="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var b64pad="=";
function hex2b64(h) {
var i;
var c;
var ret = "";
for(i = 0; i+3 <= h.length; i+=3) {
c = parseInt(h.substring(i,i+3),16);
ret += b64map.charAt(c >> 6) + b64map.charAt(c & 63);
}
if(i+1 == h.length) {
c = parseInt(h.substring(i,i+1),16);
ret += b64map.charAt(c << 2);
}
else if(i+2 == h.length) {
c = parseInt(h.substring(i,i+2),16);
ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4);
}
while((ret.length & 3) > 0) ret += b64pad;
return ret;
}
// convert a base64 string to hex
function b64tohex(s) {
var ret = ""
var i;
var k = 0; // b64 state, 0-3
var slop;
for(i = 0; i < s.length; ++i) {
if(s.charAt(i) == b64pad) break;
v = b64map.indexOf(s.charAt(i));
if(v < 0) continue;
if(k == 0) {
ret += int2char(v >> 2);
slop = v & 3;
k = 1;
}
else if(k == 1) {
ret += int2char((slop << 2) | (v >> 4));
slop = v & 0xf;
k = 2;
}
else if(k == 2) {
ret += int2char(slop);
ret += int2char(v >> 2);
slop = v & 3;
k = 3;
}
else {
ret += int2char((slop << 2) | (v >> 4));
ret += int2char(v & 0xf);
k = 0;
}
}
if(k == 1)
ret += int2char(slop << 2);
return ret;
}
// convert a base64 string to a byte/number array
function b64toBA(s) {
//piggyback on b64tohex for now, optimize later
var h = b64tohex(s);
var i;
var a = new Array();
for(i = 0; 2*i < h.length; ++i) {
a[i] = parseInt(h.substring(2*i,2*i+2),16);
}
return a;
}
 |
1
zhenjiachen 2018-03-01 17:09:47 +08:00
我是调用 js 的方法的。
|
 |
2
golmic 2018-03-01 17:10:33 +08:00 via Android  1
建议直接本地 node 跑出结果,然后 python 提交
|
 |
3
jackyzy823 2018-03-01 17:11:11 +08:00 via Android
rsa 加密…各种语言都有成熟的库…为啥要模拟 /调用 js
|
 |
4
zyqf OP @jackyzy823 老哥,你看下 rsa,RSASetPublic 的方法,这种应该是非标准的。
|
 |
6
lc4t 2018-03-01 17:44:32 +08:00
不应该是先看一下目标用的什么加密,找一下 python 库里有没有写好的么..
|
|
7
jackyzy823 2018-03-01 17:58:11 +08:00
@zyqf
RSA and ECC in JavaScript : http://www-cs-students.stanford.edu/%7Etjw/jsbn/ Demo: http://travistidwell.com/blog/2013/02/15/a-better-library-for-javascript-asymmetrical-rsa-encryption/ 请问哪里非标准了? |
|
8
jackyzy823 2018-03-01 17:59:09 +08:00 1
|
 |
9
swirling 2018-03-01 18:17:42 +08:00 1
base64tohex: .decode("base64").encode("hex")
rsa: https://stackoverflow.com/questions/34180984/how-to-create-an-rsa-key-from-hex-encoded-modulus-and-encrypt-in-node-js 以上 |
|
10
swirling 2018-03-01 18:19:02 +08:00
|
|
11
zyqf OP |
 |
12
TongNianShanHe 2021-04-18 01:11:33 +08:00
正方教务系统......
这玩意儿搞了我一整天,心态炸了 |
Select Language