起因问答区看到一个ob混淆的帖子.解除掉js回答之后发现楼主采纳了.但是我实际上也没有回答什么 只是发了个截图.越想越觉得不能对不起楼主.大半夜起来研究了一下这个站
目标站aHR0cHM6Ly9xaXllLm9iZWkuY29tLmNuL3dlYi16b25lL2J3enkvcHJvY3VyZW1lbnQuaHRtbA==
网站难度一般 定位js加密位置'111.111.111.111' 不知道为什么 好像是采集ip但是获取到的是111 应该是waf关掉了验证
源码有点大
https://wwb.lanzn.com/ixfiN1p7fbuf
放到网盘了
github上也发了一份https://github.com/jwwsjlm/js-obei
具体自写的js代码部分 我是直接用网站取下js 然后自写了个加密函数
吐槽一个奇葩的地方
根据他网页js来看 _0x1b0941 = _$Q2()
[JavaScript] 纯文本查看 复制代码 function _$Q2() {
var _0x4d27a8 = '';
var _0x35c067 = 0x0;
var _0x41790a = '';
var _0x53ada9 = 0x0;
var _0x17a998 = '';
for (var _0x2363bb in window['navigator']) {
_0x35c067++;
_0x41790a = _0x35c067;
_0x17a998 = '' + window['navigator'][_0x2363bb];
_0x53ada9 = _0x17a998[_$m3()]()['length'];
if (_0x53ada9 <= 0x14) {
_0x41790a = _0x17a998;
}
if (_0x4d27a8 == '') {
_0x4d27a8 = _0x2363bb + '=' + _0x41790a;
} else {
_0x4d27a8 = _0x4d27a8 + ';' + _0x2363bb + '=' + _0x41790a;
}
}
return _0x4d27a8;
}
遍历navigator 然后拼接成字符串 刚开始根据网上 写了几个navigator让他循环
结果跟到j1加密函数里面一看...
[JavaScript] 纯文本查看 复制代码 function _$j1(_0x28b6ed, _0x215789, _0x27ba55, _0x222d28, _0x5a606a, _0x3add1d, _0x170f51, _0x1e14bf, _0x426ec5) {
_0x426ec5 = '';
_0x170f51 = _0x170f51 == undefined ? 'aaaaa' : _0x170f51;
var _0x29da29 = _$I6(coockieNameUnique);
return xazxBase64['encode']('{\x22mousex\x22:\x22' + _0x28b6ed + '\x22,\x22mousey\x22:\x22' + _0x215789 + '\x22,\x22screenw\x22:\x22' + _0x27ba55 + '\x22,\x22screenh\x22:\x22' + _0x222d28 + '\x22,\x22noheader\x22:\x22' + _0x5a606a + '\x22,\x22nomal\x22:\x22' + _0x3add1d + '\x22,\x22ajax\x22:\x22' + _0x170f51 + '\x22,\x22now_unique\x22:\x22' + _0x29da29 + '\x22,\x22shebei\x22:\x22' + _0x1e14bf + '\x22,\x22navigator\x22:\x22' + _0x426ec5 + '\x22}');
}
_0x426ec5 = ''..........
只怪自己没经验 | 
[复制链接]
发表于 2024-2-24 04:49
|
发表于 2024-2-24 19:39
