|
本帖最后由 机器兔 于 2022-5-6 19:31 编辑
大佬们来看个js网站的反调试
https://bbs.125.la/forum.php?mod=viewthread&tid=14728798
相关网址:https://huancang.art/#/
步骤一(发送短信)
url => https://api.onemeta.com.cn/api/sms/send
data => {"event":"mobilelogin","mobile":"15144445555","timestamp":1651834384372}
Host: api.onemeta.com.cn
Connection: keep-alive
Content-Length: 72
Accept: application/json, text/plain, */*
signature: 2bd17b71495819c32b37b39388bcb2ac
x-token: 054458d037366875cb9af1f293c7ce55
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
token: null
Content-Type: application/json;charset=UTF-8
Origin: https://huancang.art
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://huancang.art/
下面干掉协议头上 x-token 和 signature 签名算法
A.signature => A.headers.signature = J(J("7Tv7LrinK2bsNAi9TF2uui3ZIcoxK1WT"))var e = "api/sms/send?event=mobilelogin&mobile=15144445555×tamp=1651835890613&key=6rnrdpjjv6wz2sspxqeibesov1itxddc"
A.x-token => J(e)
A.headers.token = localStorage.getItem("token") //本地缓存,发送手机为空,当前估计应该是登录之后用户的令牌;
var J = md5() //默认小写即可
步骤二(提交短信)
url => https://api.onemeta.com.cn/api/user/mobilelogin
data => {"captcha":"1122","mobile":"15144445555","timestamp":1651835430313}
Host: api.onemeta.com.cn
Connection: keep-alive
Content-Length: 72
Accept: application/json, text/plain, */*
signature: 2bd17b71495819c32b37b39388bcb2ac
x-token: 48cc56b65a95e45457a3191e1eef7576
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36
token: null
Content-Type: application/json;charset=UTF-8
Origin: https://huancang.art
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://huancang.art/
下面干掉协议头上 x-token 和 signature 签名算法
A.signature => A.headers.signature = J(J("7Tv7LrinK2bsNAi9TF2uui3ZIcoxK1WT"))var e = "api/user/mobilelogin?captcha=1122&mobile=15144445555×tamp=1651835609732&key=6rnrdpjjv6wz2sspxqeibesov1itxddc"
A.x-token => J(e)
A.headers.token = localStorage.getItem("token") //本地缓存,发送手机为空,当前估计应该是登录之后用户的令牌;
var J = md5() //默认小写即可
最后来个小广告,对于这个网站不足为过吧!!,,前端逆向qq群: https://jq.qq.com/?_wv=1027&k=JaSFuWf3
|
|