|
|
遇到一个逆向中遇到的js的问题,代码如下
"4BWe": function(t, e, r) { "use strict"; var n = r("axmY") , o = r("1AW6") , i = r("RZLI") , a = r("bnxE") , u = r("40nR") , s = r("1vI4"); t.exports = function(t) { return new Promise((function(e, c) { var f = t.data , d = t.headers; n.isFormData(f) && delete d["Content-Type"]; var l = new XMLHttpRequest; if (t.auth) { var h = t.auth.username || "" , p = t.auth.password || ""; d.Authorization = "Basic " + btoa(h + ":" + p) } if (l.open(t.method.toUpperCase(), i(t.url, t.params, t.paramsSerializer), !0), l.timeout = t.timeout, l.onreadystatechange = function() { if (l && 4 === l.readyState && (0 !== l.status || l.responseURL && 0 === l.responseURL.indexOf("file:"))) { var r = "getAllResponseHeaders"in l ? a(l.getAllResponseHeaders()) : null , n = { data: t.responseType && "text" !== t.responseType ? l.response : l.responseText, status: l.status, statusText: l.statusText, headers: r, config: t, request: l }; o(e, c, n), l = null } } , l.onerror = function() { c(s("Network Error", t, null, l)), l = null } , l.ontimeout = function() { c(s("timeout of " + t.timeout + "ms exceeded", t, "ECONNABORTED", l)), l = null } , n.isStandardBrowserEnv()) { var v = r("btti") , m = (t.withCredentials || u(t.url)) && t.xsrfCookieName ? v.read(t.xsrfCookieName) : void 0; m && (d[t.xsrfHeaderName] = m) } if ("setRequestHeader"in l && n.forEach(d, (function(t, e) { "undefined" === typeof f && "content-type" === e.toLowerCase() ? delete d[e] : l.setRequestHeader(e, t) } )), t.withCredentials && (l.withCredentials = !0), t.responseType) try { l.responseType = t.responseType } catch (y) { if ("json" !== t.responseType) throw y } "function" === typeof t.onDownloadProgress && l.addEventListener("progress", t.onDownloadProgress), "function" === typeof t.onUploadProgress && l.upload && l.upload.addEventListener("progress", t.onUploadProgress), t.cancelToken && t.cancelToken.promise.then((function(t) { l && (l.abort(), c(t), l = null) } )), void 0 === f && (f = null), l.send(f) } )) } }
调试数据显示,
n = {
data: t.responseType && "text" !== t.responseType ? l.response : l.responseText, status: l.status, statusText: l.statusText, headers: r, config: t, request: l };这个是把返回的response.text,status数据赋值给n,实际抓包数据显示,返回的response.headers里包括了多个 set-cookies,导致该请求一发送,我的cookies就会变化。
请问在上面的这段代码里,如何修改可以让 请求正常发送和返回,但是让我的cookies不变(让这个set-cookies失效之类的)
我尝试直接如下修改但是失败了,cookies依然变化了(被返回的set-cookies改了)。
n = {
data: '',{"success":true"} status: l.status, statusText: l.statusText, headers: '{'content-type':"application/json;charset=UTF-8"}',
config: t, request: l };
然后我尝试这样修改
n.request.response.responseText
但是报错,原因是XMLHttpRequest 对象的 response 属性是只读的,不能修改。
另外一点就是返回数据头里的 set-cookies字段是 httponly的,
请问各位,如何修改可以让 请求正常发送和返回,但是让我的cookies不变(让这个set-cookies失效)
|
|
粤公网安备 44522102000125 增值电信业务经营许可证 粤B2-20192173
发表于 2023-8-29 12:03:36
主题置顶卡
沉默卡
变色卡
楼主
扫一扫,关注易界动态