【web逆向】某省开放大学登陆接口(上)
打开网站
发现cookie无明显变化使用下面代码自动保存cookie
import requests
requests = requests.session()
点击登陆
发现跳转到了这个网址,上方idsLogin来判断是否登陆成功,输入账号密码发现password和execution参数有有加密。
获取加密密码
先搜索encrypt,一个一个找,找到加密地方,发现这段js代码最可疑,仔细一看是RSA加密,打个断点。
发现确实是这段js代码进行加密,进入到security.js扣取整段代码,最终获取加密的密码
#pip install PyExecJS使用该库运行js代码获取password加密后的参数
import execjs
def encryptpwd(password):
#使用node.js运行js代码
node = execjs.get()
# 读取文件并编译
test = open("password.js", encoding="utf-8").read()
exe = node.compile(test)
# password.js中的encryptAES方法,传入参数 password
encrypt_result = exe.call("encryptAES", password)
return encrypt_result
//js部分代码,完整代码见附件
function encryptAES(val) {
var thisPwd = val;
if (thisPwd.length != 256) {
window.RSAUtils.setMaxDigits(131);
var key = window.RSAUtils.getKeyPair("010001", '', "008aed7e057fe8f14c73550b0e6467b023616ddc8fa91846d2613cdb7f7621e3cada4cd5d812d627af6b87727ade4e26d26208b7326815941492b2204c3167ab2d53df1e3a2c9153bdb7c8c2e968df97a5e7e01cc410f92c4c2c2fba529b3ee988ebc1fca99ff5119e036d732c368acf8beba01aa2fdafa45b21e4de4928d0d403");
var result = window.RSAUtils.encryptedString(key, thisPwd);
}
return result
}
获取execution参数
直接搜索execution发现就在该网页的源代码中,直接请求网址使用正则表达式获取
def getloginservices():
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Referer': 'http://xuexi.jsou.cn/',
'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'cross-site',
'Sec-Fetch-User': '?1',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'sec-ch-ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
}
params = {
'service': 'http://xuexi.jsou.cn/jxpt-web/auth/idsLogin',
}
response = requests.get('https://ids3.jsou.cn/login', params=params, headers=headers)
execution = re.findall(r' <input type="hidden" name="execution" value="(.*?)" />', response.text)
return execution
请求登陆
发现重定向了Location这个网址,requests默认会自动跳转,我们需要让allow_redirects=False来停止跳转,拿到参数,最后在请求Location这个网址,实现登陆成功。
def login(username, password, execution):
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'max-age=0',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded',
'Origin': 'https://ids3.jsou.cn',
'Referer': 'https://ids3.jsou.cn/login?',
'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-User': '?1',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'sec-ch-ua': '"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
}
params = {
'service': 'http://xuexi.jsou.cn/jxpt-web/auth/idsLogin',
}
data = {
'username': username,
'password': password,
'submit': '登录',
'execution': execution,
'encrypted': 'true',
'_eventId': 'submit',
'loginType': '1',
}
response = requests.post('https://ids3.jsou.cn/login', params=params, headers=headers, data=data,
allow_redirects=False)
return response.headers['Location']
def idslogin(Location):
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'max-age=0',
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
}
response = requests.get(
Location,
headers=headers,
verify=False,
)
结语
完整js代码
https://wwm.lanzn.com/b05l314kf
密码:7bpq
下一期更新此学习网站一键看视频,回帖,看文档。