关于网页登录抓包的问题！

970767701 · 发表于 2022-12-20 12:33:57

在抓出来的登录包第三个就是post提交账号密码，但是密码是被加密过，现在的问题是在哪找这个加密过程或者加密方式？附上登录页源文件
<!doctype html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" >
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Cache-Control" content="no-cache, must-revalidate" />
<meta http-equiv="Expires" content="0" />
<meta name="format-detection" content="telephone=no">
<title></title>
<script>
document.write("<link type='text/css' href='../ui/css/ui.css?version=" + new Date().getTime() + "' rel='stylesheet' />");
</script>
</head>
<body ng-keypress="docPress($event)" ng-controller="loginController" ng-cloak class="login-body ng-cloak">
<div class="login" id="login">
<div class="top">
<div class="logo"></div>
<div class="language">
<div class="language-show" ng-click="showLanguageList($event)"><span class="current-language" id="current_language"></span></div>
<div class="language-list" id="language_list" ng-click="changeLanguage($event)"></div>
</div>
</div>
<table cellspacing="0" cellpadding="0" border="0" class="middle">
<tr>
<td class="login-l"> </td>
<td class="login-m">
<div class="login-part">
<div class="line"></div>
<div class="login-error">
<div class="inputValidTip" ng-show="szErrorTip!=''"><i class='error'></i><label>{{szErrorTip}}</label></div>
</div>
<div class="login-user">
<input type="text" class="login-input" id="username" ng-model="username" maxlength="32" autocomplete="off" placeholder="{{oLan.username}}" />
<i class="icon-user"></i>
</div>
<div class="login-item">
<input type="password" class="login-input" id="password" ng-model="password" maxlength="16" placeholder="{{oLan.password}}" pigsney />
<i class="icon-pass"></i>
</div>
<div class="login-item bottom">
      <span class="pwd-link" ng-bind="oLan.forgetPwd" ng-show="oCap.bSptGuidImport || oCap.bSptQAReset || oCap.bSupportWithSecurityEmail" ng-click="forgetPwd()"></span>
<button type="button" class="btn btn-primary login-btn" ng-click="login()"><label ng-bind="oLan.login"></label></button>
</div>

</div>
</td>
<td class="login-r"> </td>
</tr>
</table>
<div class="footer" id="footer"></div>
</div>
<div ng-hide="true">
<div id="active" class="msg-content-wrap">
      <div class="msg-content">
         <div class="password">
            <span class="desc"><label ng-bind="oLan.username"></label></span>
            <span><label ng-bind="activeUsername"></label></span>
         </div>
         <div class="password">
            <span class="desc"><label ng-bind="oLan.password"></label></span>
            <span><input id="activePassword" type="password" ng-model="activePassword" maxlength="16" /></span>
            <span style="position: absolute;overflow: visible;width: 0;height: 0;white-space: nowrap;margin-left: 3px;"><span class="inputValidTip" style="display: inline-block; padding: 0; height: 16px;line-height: 16px;" ng-class="{true:'border'}[activePasswordBorder]" style=""><i ng-class="{true:'success', false:'error'}[activePasswordStatus]"></i><label style="background: white; white-space: nowrap;" ng-bind="oTips.activeTips"></label></span></span>
            
         </div>
         <div strength class="passwordstrength" lan="oLan" o-password="activePassword" o-username="activeUsername"></div>
         <div class="password">
            <span class="desc"><label ng-bind="oLan.confirm"></label></span>
            <span><input type="password" ng-model="activePasswordConfirm" maxlength="16" /></span>
            <span style="position: absolute;overflow: visible;width: 0;height: 0;white-space: nowrap;margin-left: 3px;"><span class="inputValidTip" style="display: inline-block; padding: 0; height: 16px;line-height: 16px;" ng-class="{false:'border'}[activeConfirmPasswordStatus]" style=""><i ng-class="{true:'success', false:'error'}[activeConfirmPasswordStatus]"></i><label style="background: white; white-space: nowrap;" ng-bind="oTips.activeConfirmTips"></label></span></span>
         </div>
      </div>
</div>
</div>
<div id="main_plugin" class="no-window login-plugin"></div>
</body>
<script id="seajsnode" src="../script/lib/seajs/seajs/sea.min.js"></script>
<script>
document.write("<script src='../script/lib/seajs/config/sea-config.js?version=" + new Date().getTime() + "' ></scr" + "ipt>");
</script>
</html>

补充内容 (2022-12-20 15:47):
明文是：Hik@12345  ，，不是网站是海康摄像机

970767701 · 发表于 2022-12-20 12:35:38

这是第一个get包返回数据

HTTP/1.1 200 OK
Date: Thu, 01 Jan 1970 03:13:30 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 1387
Connection: keep-alive
Keep-Alive: timeout=8, max=93
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<IOInputPortList version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>1</id>
<enabled>true</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>2</id>
<enabled>false</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>3</id>
<enabled>false</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>4</id>
<enabled>false</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>5</id>
<enabled>false</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>6</id>
<enabled>false</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
<IOInputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>7</id>
<enabled>false</enabled>
<triggering>high</triggering>
<name></name>
</IOInputPort>
</IOInputPortList>

970767701 · 发表于 2022-12-20 12:36:20

这是第二个get返回的数据

HTTP/1.1 200 OK
Date: Thu, 01 Jan 1970 03:13:30 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 666
Connection: keep-alive
Keep-Alive: timeout=8, max=92
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<IOOutputPortList version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<IOOutputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>1</id>
<PowerOnState>
<defaultState>low</defaultState>
<outputState>pulse</outputState>
<pulseDuration>5000</pulseDuration>
</PowerOnState>
<name></name>
</IOOutputPort>
<IOOutputPort version="2.0" xmlns="http://www.hikvision.com/ver20/XMLSchema">
<id>2</id>
<PowerOnState>
<defaultState>low</defaultState>
<outputState>pulse</outputState>
<pulseDuration>5000</pulseDuration>
</PowerOnState>
<name></name>
</IOOutputPort>
</IOOutputPortList>