JS混淆
!(data/attachment/forum/202103/20/111725y6zmmio3j4vramvj.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")搜索抓包
!(data/attachment/forum/202103/20/111752epbp0egqblpgbgtz.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
!(data/attachment/forum/202103/20/111809h13946u2muja992w.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
跳转过去
!(data/attachment/forum/202103/20/111850ey033f20ay3qj3tv.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
很明显的看到data的来源下断点调试,再次搜索
!(data/attachment/forum/202103/20/111926ajo45xjxspohsssh.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
成功断下
很明显就是里面的那串字符串 作为参数 通过encode这个函数进行加密的
我们进入这个函数看一下
!(data/attachment/forum/202103/20/112029rgkhqr8h9kdouohk.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
!(data/attachment/forum/202103/20/112128idskrrkqsddz2skk.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
写一个调用函数然后将encode扣出来
!(data/attachment/forum/202103/20/112257if9o1xfjvqmofuvs.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
提示这个未定义 直接源码中搜索找一下
!(data/attachment/forum/202103/20/112425fjdd9v5cnebpocjd.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
函数位置
!(data/attachment/forum/202103/20/112606utakhioc9tb5kj9c.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
简化一下 报这个去console定义一下这个东西
!(data/attachment/forum/202103/20/112739fdzdxo1ftbxbhdjm.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
在调试工具定义一下再次调试
!(data/attachment/forum/202103/20/112801y5rl05q0nnnlelnl.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
浏览器相关直接复制扔过去
!(data/attachment/forum/202103/20/112905dot775hzot7t5u0t.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
再次调试
!(data/attachment/forum/202103/20/112920isrjhkzssr0rhioe.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
md5未定义可以直接用MD5库也可以扣一下
源码搜索md5
!(data/attachment/forum/202103/20/113011o6c660uuw7go66wh.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
看到调用了很多次md5点击跳转进入md5
!(data/attachment/forum/202103/20/113042c5faysxpry55exk8.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
上下大概看一下 是我们最熟悉的md5直接整个文件 拿下来扔进调试工具
!(data/attachment/forum/202103/20/113144oxvim5rimo0q5vkq.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
!(data/attachment/forum/202103/20/113336lyhm9ykq4yj3zqza.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/300 "image.png")
第一次搞简单的混淆...这几天也比较忙 抽空搞了 好几天....不过也算搞定啦
阿巴阿巴,只知道刘明野的工具箱界面,其他的没看懂。 阿巴阿巴 阿巴阿巴,话说,阿巴阿巴是啥意思
页:
[1]