超星登陆地址:https://passport2.chaoxing.com/login?fid=&refer=
分析:
首先随便输入一个账号:123456密码:888888,看一下请求数据
根据下图所知,账号和密码都已经被加密了:
uname:0QgUbMUJj2usHikiqtb8HQ==
password:Zo7aV9DDeXK+uJLxeGKtsQ==
账号和密码加密后的长度一致,应该是同一个加密,最后进行的Base64加密
在代码中搜索password看能不能搜索到加密结果
很幸运,在这里找到了加密方法,是一个AES加密。点进去看一下代码,这里密钥和AES加密方法都告诉我们啦,下面搜索一下encryptByAES加密方法
let transferKey = "u2oh6Vu^HWe4_AES";
password = encryptByAES(password, transferKey);
uname = encryptByAES(uname, transferKey);在图上,已经搜索到加密方法,复制下来
function encryptByAES(message, key){
let CBCOptions = {
iv: CryptoJS.enc.Utf8.parse(key),
mode:CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
};
let aeskey = CryptoJS.enc.Utf8.parse(key);
let secretData = CryptoJS.enc.Utf8.parse(message);
let encrypted = CryptoJS.AES.encrypt(
secretData,
aeskey,
CBCOptions
);
return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
}最终代码:
由上面分析我们已经知道了AES加密方法,以及密钥。这里我用js写一下解密过程
function encryptByAES(message, key){
let CBCOptions = {
iv: CryptoJS.enc.Utf8.parse(key),
mode:CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
};
let aeskey = CryptoJS.enc.Utf8.parse(key);
let secretData = CryptoJS.enc.Utf8.parse(message);
let encrypted = CryptoJS.AES.encrypt(
secretData,
aeskey,
CBCOptions
);
return CryptoJS.enc.Base64.stringify(encrypted.ciphertext);
}
var CryptoJS = require("crypto-js");
let transferKey = "u2oh6Vu^HWe4_AES";
const uname = encryptByAES("123456", transferKey);
const password = encryptByAES("888888", transferKey);
console.log("uname: " + uname + " password: "+ password)用node执行后,发现与我们刚开始抓的数据对应上啦
正文完
