1,
simulated login to a website and found that the password and account number were encrypted when the post form was found. The encrypted data was passed to an input, with the type attribute of hidden. I want to get the input, but after clicking the login button, the input refreshes
jsencoded
inputtypehiddentxtvalue
URLsrc= "" URLrandom
above is the form of post
Last site link is link description
encoding function is quite simple and can be directly converted into python code, as follows
-sharp !/usr/bin/python2
-sharp -*- coding: utf-8 -*-
import requests
def get_login_data():
-sharp
url = 'http://xxx.xxx.xxx/Logon.do?method=logon&flag=sess'
rsp = requests.get(url)
rsp.raise_for_status()
return rsp.text.encode()
def encode(usr, pwd, data):
scode, sxh = data.split('-sharp')
raw = usr + '%%%' + pwd
enc = ''
for i in range(len(raw)):
if i < 20:
enc += raw[i] + scode[0:int(sxh[i])]
scode = scode[int(sxh[i]):]
else:
enc += raw[i:]
break
return enc
def login():
-sharp encoded = encode(xx, xx, get_login_data())
-sharp requests.post(...)
-sharp ...if you encounter a very complex encoding (encryption) function, you can extract the javascript code and execute it directly with a js engine (such as nodejs) to get the result.
the encoded I see is to get a string by requesting the interface / Logon.do?method=logon&flag=sess , then the first half is the string that needs to be mixed, and the second half is the mixed length, and then the string is stitched together with the user name and password to cross-mix to get the final encoded
CAPTCHA you need to identify the picture
it is you who are protected.
Previous: The css element does not work
Next: Prompt "RegisterModelWithPrefix must be run before BootStrap"