├── README.md ├── autoDecoder的奇淫技巧 ├── POST转GET │ ├── POST转GET.md │ └── photo │ │ ├── Pasted image 20230220232937.png │ │ ├── Pasted image 20230220233022.png │ │ ├── Pasted image 20230220233345.png │ │ ├── Pasted image 20230220233443.png │ │ ├── Pasted image 20230220233520.png │ │ ├── Pasted image 20230220233546.png │ │ └── Pasted image 20230220234540.png ├── sqlmap的osshell遇到中文字符情况 │ ├── photo │ │ ├── Pasted image 20220426143153.png │ │ ├── Pasted image 20220426143526.png │ │ ├── Pasted image 20220426143617.png │ │ └── Pasted image 20220426144210.png │ └── sqlmap的osshell遇到中文字符情况.md ├── sql注入绕过之sqlmap的数据包换行问题 │ ├── photo │ │ ├── Pasted image 20220422122119.png │ │ ├── Pasted image 20220422122211.png │ │ ├── Pasted image 20220422122239.png │ │ ├── Pasted image 20220422122413.png │ │ ├── Pasted image 20220422122507.png │ │ ├── Pasted image 20220422125105.png │ │ ├── Pasted image 20220422125419.png │ │ ├── Pasted image 20220422125448.png │ │ └── Pasted image 20220422125605.png │ └── sql注入绕过之sqlmap的数据包换行问题.md ├── 加密数据包无法使用被动扫描器来进行扫描的解决方案 │ ├── photo │ │ ├── 1 │ │ │ ├── image-20240510172508963.png │ │ │ ├── image-20240510172558030.png │ │ │ ├── image-20240510172614799.png │ │ │ └── image-20240510172637944.png │ │ ├── image-20240510172249881.png │ │ ├── image-20240510184031244.png │ │ ├── image-20240510184137081.png │ │ ├── image-20240510184204063.png │ │ ├── image-20240510184823699.png │ │ ├── image-20240510184924447.png │ │ ├── image-20240510184941968.png │ │ ├── image-20240510184953514.png │ │ ├── image-20240510185112609.png │ │ ├── image-20240510185112631.png │ │ ├── image-20240510185130816.png │ │ ├── image-20240510185408106.png │ │ ├── image-20240510185514427.png │ │ ├── image-20240510185618653.png │ │ ├── image-20240510185836736.png │ │ └── image-20240510190039659.png │ └── 加密数据包无法使用被动扫描器来进行扫描的解决方案.md ├── 替换参数 │ ├── photo │ │ ├── Pasted image 20230110232535.png │ │ ├── Pasted image 20230110232631.png │ │ ├── Pasted image 20230110232706.png │ │ ├── Pasted image 20230110232748.png │ │ ├── Pasted image 20230110232759.png │ │ ├── Pasted image 20230110232843.png │ │ ├── Pasted image 20230110232853.png │ │ ├── Pasted image 20230110233031.png │ │ ├── Pasted image 20230110233051.png │ │ ├── Pasted image 20230110233340.png │ │ ├── Pasted image 20230110233707.png │ │ ├── Pasted image 20230110233807.png │ │ ├── Pasted image 20230110233840.png │ │ ├── Pasted image 20230110233956.png │ │ ├── Pasted image 20230110234341.png │ │ ├── Pasted image 20230110234419.png │ │ ├── Pasted image 20230110234446.png │ │ └── Pasted image 20230111142316.png │ └── 替换参数.md └── 绕过流量waf │ ├── photo │ ├── Pasted image 20220504190246.png │ ├── Pasted image 20220504190259.png │ ├── Pasted image 20220504190342.png │ ├── Pasted image 20220504190355.png │ ├── Pasted image 20220504190409.png │ └── Pasted image 20220504190419.png │ └── 绕过流量waf.md ├── autoDecoder的调试办法 └── 接口加解密调试 │ ├── photo │ ├── Pasted image 20230221194136.png │ ├── Pasted image 20230221195440.png │ ├── Pasted image 20230221200559.png │ ├── Pasted image 20230221200806.png │ └── Pasted image 20230221200833.png │ └── 接口加解密调试.md ├── 加解密代码例子 └── aes_cbc_zeropadding.py ├── 接口加解密算法的用法 ├── Node │ ├── AES加密 │ │ ├── AES加密.md │ │ └── photo │ │ │ ├── Pasted image 20220518225315.png │ │ │ ├── Pasted image 20220518225410.png │ │ │ ├── Pasted image 20220518225429.png │ │ │ ├── Pasted image 20220518225520.png │ │ │ └── Pasted image 20220518225533.png │ ├── chrome cdp加解密 │ │ ├── Template.js │ │ ├── chrome cdp 加解密.assets │ │ │ ├── 1.png │ │ │ ├── 2.png │ │ │ ├── 3.png │ │ │ ├── image-20230813150454109.png │ │ │ ├── image-20230813150912861.png │ │ │ ├── image-20230813150952394.png │ │ │ └── image-20230813151751430.png │ │ └── chrome cdp 加解密.md │ └── sm4加密 │ │ ├── photo │ │ ├── Pasted image 20220428215242.png │ │ ├── Pasted image 20220428215743.png │ │ ├── Pasted image 20220429154939.png │ │ ├── Pasted image 20220429154955.png │ │ ├── Pasted image 20220429155949.png │ │ └── Pasted image 20220429160015.png │ │ └── sm4加密.md ├── Python │ ├── 3DES加密 │ │ ├── 3DES加密.md │ │ └── photo │ │ │ ├── Pasted image 20220518204139.png │ │ │ ├── Pasted image 20220518204404.png │ │ │ ├── Pasted image 20220518204423.png │ │ │ └── Pasted image 20220518213605.png │ ├── JSON嵌套加密 │ │ ├── JSON嵌套加密.md │ │ └── photo │ │ │ ├── Pasted image 20220518214621.png │ │ │ ├── Pasted image 20220518215855.png │ │ │ └── Pasted image 20220518215911.png │ ├── RC4流加解密 │ │ ├── RC4流加密.md │ │ └── photo │ │ │ ├── image-20240725003952423.png │ │ │ ├── image-20240725004843898.png │ │ │ ├── image-20240725005410402.png │ │ │ ├── image-20240725005947376.png │ │ │ ├── image-20240725010726297.png │ │ │ └── image-20240725011050364.png │ ├── RSA解密 │ │ ├── RSA解密.md │ │ └── photo │ │ │ ├── Pasted image 20230105143101.png │ │ │ ├── Pasted image 20230105143858.png │ │ │ └── Pasted image 20230105143931.png │ ├── chrome中cdp调用加解密 │ │ ├── chrome_cdp.py │ │ ├── chrome中cdp调用加解密.md │ │ └── photo │ │ │ ├── Pasted image 20230702185413.png │ │ │ ├── Pasted image 20230702185426.png │ │ │ └── Pasted image 20230702185432.png │ ├── smartbi请求包自动加解密 │ │ ├── photo │ │ │ ├── 1.png │ │ │ └── 2.png │ │ ├── smartbi │ │ │ ├── __pycache__ │ │ │ │ └── app.cpython-37.pyc │ │ │ ├── app.py │ │ │ └── smartbi_test.py │ │ └── 使用burp插件autoDecoder实现对smartbi请求包自动加解密.md │ ├── 使响应包不解密2 │ │ ├── photo │ │ │ ├── Pasted image 20230221201844.png │ │ │ ├── Pasted image 20230221201859.png │ │ │ ├── Pasted image 20230221201933.png │ │ │ ├── Pasted image 20230221201935.png │ │ │ ├── Pasted image 20230221204509.png │ │ │ ├── Pasted image 20230221204710.png │ │ │ ├── Pasted image 20230221204744.png │ │ │ └── Pasted image 20230221204801.png │ │ └── 使响应包不解密2.md │ ├── 响应包为明文,请求包为密文,请求包需要解密 │ │ ├── photo │ │ │ ├── Pasted image 20240306144644.png │ │ │ ├── Pasted image 20240306144836.png │ │ │ ├── Pasted image 20240306144916.png │ │ │ └── Pasted image 20240306144953.png │ │ └── 响应包为明文,请求包为密文,请求包需要解密.md │ ├── 登录口爆破之ldap的md5加密 │ │ ├── photo │ │ │ ├── Pasted image 20220414141838.png │ │ │ ├── Pasted image 20220414142107.png │ │ │ ├── Pasted image 20220414142541.png │ │ │ ├── Pasted image 20220414142603.png │ │ │ ├── Pasted image 20220414143000.png │ │ │ ├── Pasted image 20220414143037.png │ │ │ ├── Pasted image 20220422110034.png │ │ │ ├── Pasted image 20220422125332.png │ │ │ ├── Pasted image 20220426144941.png │ │ │ └── Pasted image 20220426145224.png │ │ └── 登录口爆破之ldap的md5加密.md │ └── 通过py执行js加密 │ │ ├── photo │ │ ├── Pasted image 20230203145659.png │ │ ├── Pasted image 20230203145800.png │ │ ├── Pasted image 20230203150042.png │ │ └── Pasted image 20230203150117.png │ │ └── 通过py执行js加密.md └── Ruby │ ├── SM4_Base64 │ ├── decode.rb │ ├── photo │ │ ├── Snipaste_1.jpg │ │ ├── Snipaste_2.jpg │ │ ├── Snipaste_3.jpg │ │ ├── Snipaste_4.jpg │ │ ├── Snipaste_5.jpg │ │ ├── Snipaste_6.jpg │ │ └── Snipaste_7.jpg │ ├── server.rb │ └── sm4_base64.md │ └── http_Headers_Sign案例 │ ├── http_Headers_Sign.md │ └── img │ ├── 1.png │ ├── 2.png │ ├── 3.png │ ├── 4.png │ └── 5.png └── 自带加解密算法的用法 ├── multipart提交方式进行加密 ├── multipart提交方式进行加密.md └── photo │ ├── Pasted image 20231111230749.png │ ├── Pasted image 20231111230825.png │ ├── Pasted image 20231111230858.png │ └── Pasted image 20231111230905.png ├── 使响应包不解密1 ├── photo │ ├── Pasted image 20230221165224.png │ ├── Pasted image 20230221165255.png │ ├── Pasted image 20230221165303.png │ ├── Pasted image 20230221165419.png │ ├── Pasted image 20230221170243.png │ └── Pasted image 20230221170254.png └── 使响应包不解密1.md ├── 指定文本加密 ├── photo │ ├── Pasted image 20230221171404.png │ ├── Pasted image 20230221171412.png │ ├── Pasted image 20230221171611.png │ ├── Pasted image 20230221172153.png │ └── Pasted image 20230221172202.png └── 指定文本加密.md └── 文本全加密 ├── photo ├── Pasted image 20230221170110.png ├── Pasted image 20230221170117.png ├── Pasted image 20230221170145.png ├── Pasted image 20230221170342.png └── Pasted image 20230221170534.png └── 文本全加密.md /README.md: -------------------------------------------------------------------------------- 1 | ## autodecoder用法及案例 2 | 3 | 想维护成一个有很多用例、接口的项目,希望各位师傅有加解密之类的需求可以一起沟通,完善本项目。 4 | 5 | 有些案例可能是旧版本下的autoDecoder举例(对于新手[没有代码基础]来说不适合直接在案例的代码中进行修改,参考工具项目的加解密模板代码),但是原理都是一样的,可以通过调试来判断是否达到了满意的效果 6 | 7 | 交流群 8 | 9 | image 10 | 11 | 链接失效可以添加微信`f-f0ng`,备注autoDecoder交流群 12 | 13 | - ## autoDecoder的调试办法 14 | - #### [接口加解密调试](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E8%B0%83%E8%AF%95%E5%8A%9E%E6%B3%95/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E8%B0%83%E8%AF%95/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E8%B0%83%E8%AF%95.md)——举例说明 15 | - ## 自带加解密算法的用法 16 | - #### [使响应包不解密1](https://github.com/f0ng/autoDecoder-usages/blob/main/%E8%87%AA%E5%B8%A6%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/%E4%BD%BF%E5%93%8D%E5%BA%94%E5%8C%85%E4%B8%8D%E8%A7%A3%E5%AF%861/%E4%BD%BF%E5%93%8D%E5%BA%94%E5%8C%85%E4%B8%8D%E8%A7%A3%E5%AF%861.md)——针对请求包有密文,响应包是明文的情况 17 | - #### [文本全加密(DES举例)](https://github.com/f0ng/autoDecoder-usages/blob/main/%E8%87%AA%E5%B8%A6%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/%E6%96%87%E6%9C%AC%E5%85%A8%E5%8A%A0%E5%AF%86/%E6%96%87%E6%9C%AC%E5%85%A8%E5%8A%A0%E5%AF%86.md)——针对请求包、响应包都为同一种加密方式 18 | - #### [指定文本加密(AES举例)](https://github.com/f0ng/autoDecoder-usages/blob/main/%E8%87%AA%E5%B8%A6%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/%E6%8C%87%E5%AE%9A%E6%96%87%E6%9C%AC%E5%8A%A0%E5%AF%86/%E6%8C%87%E5%AE%9A%E6%96%87%E6%9C%AC%E5%8A%A0%E5%AF%86.md)——使用正则匹配请求密文,响应包是明文的情况 19 | - #### [multipart提交方式进行加密](https://github.com/f0ng/autoDecoder-usages/tree/main/%E8%87%AA%E5%B8%A6%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/multipart%E6%8F%90%E4%BA%A4%E6%96%B9%E5%BC%8F%E8%BF%9B%E8%A1%8C%E5%8A%A0%E5%AF%86/multipart%E6%8F%90%E4%BA%A4%E6%96%B9%E5%BC%8F%E8%BF%9B%E8%A1%8C%E5%8A%A0%E5%AF%86.md)——multipart提交方式进行加密 20 | - ## 接口加解密算法的用法 21 | - Python 22 | - #### [使响应包不解密2](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/%E4%BD%BF%E5%93%8D%E5%BA%94%E5%8C%85%E4%B8%8D%E8%A7%A3%E5%AF%862/%E4%BD%BF%E5%93%8D%E5%BA%94%E5%8C%85%E4%B8%8D%E8%A7%A3%E5%AF%862.md)——使用python的flask框架,针对请求包有密文,响应包是明文的情况 23 | - #### [登录数据包中LDAP加密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/%E7%99%BB%E5%BD%95%E5%8F%A3%E7%88%86%E7%A0%B4%E4%B9%8Bldap%E7%9A%84md5%E5%8A%A0%E5%AF%86/%E7%99%BB%E5%BD%95%E5%8F%A3%E7%88%86%E7%A0%B4%E4%B9%8Bldap%E7%9A%84md5%E5%8A%A0%E5%AF%86.md)——使用python的flask框架,配合`autoDecoder`插件、`captcha-killer-modified`插件爆破 24 | - #### [RSA解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/RSA%E8%A7%A3%E5%AF%86/RSA%E8%A7%A3%E5%AF%86.md)——使用python的flask框架,解决分段RSA加密 25 | - #### [JSON嵌套加密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/JSON%E5%B5%8C%E5%A5%97%E5%8A%A0%E5%AF%86/JSON%E5%B5%8C%E5%A5%97%E5%8A%A0%E5%AF%86.md)——使用python的flask框架,解决json数据中嵌套一层base64编码的json加密数据的AES/ECB加解密 26 | - #### [通过Python执行Javascript加密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/%E9%80%9A%E8%BF%87py%E6%89%A7%E8%A1%8Cjs%E5%8A%A0%E5%AF%86/%E9%80%9A%E8%BF%87py%E6%89%A7%E8%A1%8Cjs%E5%8A%A0%E5%AF%86.md)——使用python的flask框架,解决一些Javascript的加密问题 27 | - #### [3DES加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/3DES%E5%8A%A0%E5%AF%86/3DES%E5%8A%A0%E5%AF%86.md)——使用python的flask框架,解决3DES/CBC加解密 28 | - #### [Chrome调用cdp进行加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/chrome%E4%B8%ADcdp%E8%B0%83%E7%94%A8%E5%8A%A0%E8%A7%A3%E5%AF%86/chrome%E4%B8%ADcdp%E8%B0%83%E7%94%A8%E5%8A%A0%E8%A7%A3%E5%AF%86.md)——使用python的flask框架,调用chrome的cdp进行加解密(@[1354668362](https://github.com/1354668362) 师傅提供) 29 | - #### [smartbi请求包自动加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/smartbi%E8%AF%B7%E6%B1%82%E5%8C%85%E8%87%AA%E5%8A%A8%E5%8A%A0%E8%A7%A3%E5%AF%86/%E4%BD%BF%E7%94%A8burp%E6%8F%92%E4%BB%B6autoDecoder%E5%AE%9E%E7%8E%B0%E5%AF%B9smartbi%E8%AF%B7%E6%B1%82%E5%8C%85%E8%87%AA%E5%8A%A8%E5%8A%A0%E8%A7%A3%E5%AF%86.md)——使用python的flask框架,对smartbi请求包进行加解密(@[NaTsUk0](https://github.com/NaTsUk0) 师傅提供) 30 | - #### [响应包为明文,请求包为密文,请求包需要解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/%E5%93%8D%E5%BA%94%E5%8C%85%E4%B8%BA%E6%98%8E%E6%96%87%EF%BC%8C%E8%AF%B7%E6%B1%82%E5%8C%85%E4%B8%BA%E5%AF%86%E6%96%87%EF%BC%8C%E8%AF%B7%E6%B1%82%E5%8C%85%E9%9C%80%E8%A6%81%E8%A7%A3%E5%AF%86/%E5%93%8D%E5%BA%94%E5%8C%85%E4%B8%BA%E6%98%8E%E6%96%87%EF%BC%8C%E8%AF%B7%E6%B1%82%E5%8C%85%E4%B8%BA%E5%AF%86%E6%96%87%EF%BC%8C%E8%AF%B7%E6%B1%82%E5%8C%85%E9%9C%80%E8%A6%81%E8%A7%A3%E5%AF%86.md)——使用python的flask框架,针对响应包为明文,请求包为密文,请求包需要解密的情况(木易 师傅提供) 31 | - #### [RC4流加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/RC4%E6%B5%81%E5%8A%A0%E8%A7%A3%E5%AF%86/RC4%E6%B5%81%E5%8A%A0%E5%AF%86.md)——使用python的flask框架,解决RC4流加解密(c01d 师傅提供) 32 | - Node 33 | - #### [SM4加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Node/sm4%E5%8A%A0%E5%AF%86/sm4%E5%8A%A0%E5%AF%86.md)——使用nodejs的http接口,解决SM4加解密 34 | - #### [AES加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Node/AES%E5%8A%A0%E5%AF%86/AES%E5%8A%A0%E5%AF%86.md)——使用nodejs的http接口,解决AES/ECB加解密_另含有特殊关键字加解密处理方式 35 | - #### [Chrome调用cdp进行加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Node/chrome%20cdp%E5%8A%A0%E8%A7%A3%E5%AF%86/chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.md)——使用nodejs,调用chrome的cdp进行加解密(@[c0r1](https://github.com/c0r1) 师傅提供) 36 | - Ruby 37 | - #### [SM4加解密](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Ruby/SM4_Base64/sm4_base64.md)使用Ruby的http接口,解决SM4加解密,附有案例,可以作为初次使用者参考(@[nullptrKey](https://www.github.com/nullptrKey) 师傅提供) 38 | - #### [请求头校验](https://github.com/f0ng/autoDecoder-usages/blob/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Ruby/http_Headers_Sign%E6%A1%88%E4%BE%8B/http_Headers_Sign.md)使用Ruby的http接口,解决请求头中有sign校验问题(@[nullptrKey](https://www.github.com/nullptrKey) 师傅提供) 39 | - ## autoDecoder的奇淫技巧 40 | - #### [绕过流量waf](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E5%A5%87%E6%B7%AB%E6%8A%80%E5%B7%A7/%E7%BB%95%E8%BF%87%E6%B5%81%E9%87%8Fwaf/%E7%BB%95%E8%BF%87%E6%B5%81%E9%87%8Fwaf.md)——使用python的flask框架,绕过waf对webshell的流量通信的阻断 41 | - #### [接口测试中替换参数](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E5%A5%87%E6%B7%AB%E6%8A%80%E5%B7%A7/%E6%9B%BF%E6%8D%A2%E5%8F%82%E6%95%B0/%E6%9B%BF%E6%8D%A2%E5%8F%82%E6%95%B0.md)——使用python的flask框架,解决自动测试接口中的批量参数替换问题 42 | - #### [sql注入绕过](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E5%A5%87%E6%B7%AB%E6%8A%80%E5%B7%A7/sql%E6%B3%A8%E5%85%A5%E7%BB%95%E8%BF%87%E4%B9%8Bsqlmap%E7%9A%84%E6%95%B0%E6%8D%AE%E5%8C%85%E6%8D%A2%E8%A1%8C%E9%97%AE%E9%A2%98/sql%E6%B3%A8%E5%85%A5%E7%BB%95%E8%BF%87%E4%B9%8Bsqlmap%E7%9A%84%E6%95%B0%E6%8D%AE%E5%8C%85%E6%8D%A2%E8%A1%8C%E9%97%AE%E9%A2%98.md)——使用python的flask框架,解决sqlmap的数据包换行问题 43 | - #### [POST自动转GET](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E5%A5%87%E6%B7%AB%E6%8A%80%E5%B7%A7/POST%E8%BD%ACGET/POST%E8%BD%ACGET.md)——使用python的flask框架,解决POST自动转GET问题 44 | - #### [sqlmap的osshell遇到中文字符](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E5%A5%87%E6%B7%AB%E6%8A%80%E5%B7%A7/sqlmap%E7%9A%84osshell%E9%81%87%E5%88%B0%E4%B8%AD%E6%96%87%E5%AD%97%E7%AC%A6%E6%83%85%E5%86%B5/sqlmap%E7%9A%84osshell%E9%81%87%E5%88%B0%E4%B8%AD%E6%96%87%E5%AD%97%E7%AC%A6%E6%83%85%E5%86%B5.md)——使用python的flask框架,解决osshell中的出现中文目录无法正常执行命令的通病 45 | - #### [加密数据包无法使用被动扫描器来进行扫描的解决方案](https://github.com/f0ng/autoDecoder-usages/blob/main/autoDecoder%E7%9A%84%E5%A5%87%E6%B7%AB%E6%8A%80%E5%B7%A7/%E5%8A%A0%E5%AF%86%E6%95%B0%E6%8D%AE%E5%8C%85%E6%97%A0%E6%B3%95%E4%BD%BF%E7%94%A8%E8%A2%AB%E5%8A%A8%E6%89%AB%E6%8F%8F%E5%99%A8%E6%9D%A5%E8%BF%9B%E8%A1%8C%E6%89%AB%E6%8F%8F%E7%9A%84%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88/%E5%8A%A0%E5%AF%86%E6%95%B0%E6%8D%AE%E5%8C%85%E6%97%A0%E6%B3%95%E4%BD%BF%E7%94%A8%E8%A2%AB%E5%8A%A8%E6%89%AB%E6%8F%8F%E5%99%A8%E6%9D%A5%E8%BF%9B%E8%A1%8C%E6%89%AB%E6%8F%8F%E7%9A%84%E8%A7%A3%E5%86%B3%E6%96%B9%E6%A1%88.md)——使用两个burp-autodecoder划分成客户端、服务端,与扫描工具进行结合 46 | - ## 脚本例子 47 | - #### [aes_cbc_zeropadding.py](https://github.com/f0ng/autoDecoder-usages/blob/main/%E5%8A%A0%E8%A7%A3%E5%AF%86%E4%BB%A3%E7%A0%81%E4%BE%8B%E5%AD%90/aes_cbc_zeropadding.py)——aes/cbc/零填充加密 48 | 49 | ## 写在最后 50 | 感谢xm17师傅提供脚本案例 51 | 52 | 感谢@[nullptrKey](https://www.github.com/nullptrKey) 师傅提供RubySM4加解密案例 53 | 54 | 感谢@[1354668362](https://github.com/1354668362) 师傅提供chrome调用cdp加解密案例 55 | 56 | 感谢@[NaTsUk0](https://github.com/NaTsUk0) 师傅提供smartbi请求包自动加解密案例 57 | 58 | 感谢(@[c0r1](https://github.com/c0r1) 师傅提供调用chrome的cdp进行加解密案例 59 | 60 | 感谢@[nullptrKey](https://www.github.com/nullptrKey) 师傅提供Ruby接口请求头校验案例 61 | 62 | 感谢@[木易]() 师傅提供响应包为明文,请求包为密文,请求包需要解密案例 63 | 64 | 感谢@[3]() 师傅提供加密数据包无法使用被动扫描器来进行扫描的解决方案 65 | 66 | 感谢@[c01d](https://www.github.com/c01d) 师傅提供RC4加解密案例 67 | -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/POST转GET.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-20T23:28:06+08:00 3 | updated: 2023-02-20T23:49:28+08:00 4 | --- 5 | ## 背景 6 | 遇到一个shell,特点就是,post的shell传输会直接connection reset,而get就不会,这里传的是蚁剑的shell 7 | 8 | post传payload无响应 9 | ![](photo/Pasted%20image%2020230220232937.png) 10 | 11 | 12 | 但是get传payload是有响应的 13 | ![](photo/Pasted%20image%2020230220233022.png) 14 | 15 | 但是蚁剑冰蝎没有将post转为get的按钮,burp也没有类似post自动转get的 16 | 17 | 写了一个Python的flask框架自动post转get请求,如下: 18 | ```Python 19 | # -*- coding:utf-8 -*- 20 | # author:f0ngf0ng 21 | 22 | from flask import Flask,Response,request 23 | from pyDes import * 24 | import base64 25 | import hashlib 26 | import json 27 | import hmac 28 | import time 29 | 30 | 31 | 32 | app = Flask(__name__) 33 | 34 | @app.route('/encode',methods=["POST"]) 35 | def encrypt(): 36 | param = request.form.get('dataBody') # 获取 post 参数 37 | param_headers = request.form.get('dataHeaders') # 获取header参数 38 | if param_headers != None: 39 | headers0lists = param_headers.split("\n")[0].split(" ")[1] 40 | headers0 = param_headers.split("\n")[0].split(" ")[0] + " " + param_headers.split("\n")[0].split(" ")[1] + "?" + param.strip() + " " + param_headers.split("\n")[0].split(" ")[2] 41 | 42 | return param_headers.replace(param_headers.split("\n")[0],headers0) + "\r\n\r\n\r\n\r\n" + "" 43 | 44 | return param 45 | 46 | @app.route('/decode',methods=["POST"]) 47 | def decrypt(): 48 | 49 | param = request.form.get('dataBody') # 获取 post 参数 50 | param_headers = request.form.get('dataHeaders') # 获取header参数 51 | if param_headers != None: 52 | return param_headers + "\r\n\r\n\r\n\r\n" + param 53 | 54 | return param 55 | 56 | if __name__ == '__main__': 57 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 58 | app.run(host="0.0.0.0",port="8888") 59 | ``` 60 | 这里由于是只对请求包进行处理,所以只需要编写`encrypt()`函数即可 61 | 将以上文件保存为`app.py`文件,执行`python3 app.py`即可 62 | 63 | 配置页面如下: 64 | ![400](photo/Pasted%20image%2020230220233443.png) 65 | 66 | 调试页面如下:(这里使用加密调试,因为我们只需要加密模块) 67 | ![600](photo/Pasted%20image%2020230220233345.png) 68 | 69 | 原始请求: 70 | ![](photo/Pasted%20image%2020230220233520.png) 71 | 72 | 真实请求:(在logger模块可以看到) 73 | ![](photo/Pasted%20image%2020230220233546.png) 74 | 75 | 链接蚁剑代理也正常 76 | ![500](photo/Pasted%20image%2020230220234540.png) 77 | 78 | -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220232937.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220232937.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233022.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233022.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233345.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233345.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233443.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233443.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233520.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233520.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233546.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220233546.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220234540.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/POST转GET/photo/Pasted image 20230220234540.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426143153.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426143153.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426143526.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426143526.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426143617.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426143617.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426144210.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/photo/Pasted image 20220426144210.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sqlmap的osshell遇到中文字符情况/sqlmap的osshell遇到中文字符情况.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-08-31T23:55:33+08:00 3 | updated: 2022-09-02T08:42:15+08:00 4 | --- 5 | # sqlmap的osshell遇到中文字符情况 6 | #autoDecoder例 7 | sqlmap的os-shell经常遇到会有中文字符的目录,我们如果要写webshell、查看路径可能会遇到一些阻碍,可以通过`bitsadmin`、`certutil`等等来进行下载文件,然后再存储之类的,这里也可以用`autoDecoder`来进行处理,如下: 8 | 9 | `sqlmap`的结果: 10 | ![800](photo/Pasted%20image%2020220426143153.png) 11 | 直接是不行的,原因在于将中文进行了hex编码,导致mssql识别不出来 12 | 但是如果我们用`burp`去重放,将hex编码直接替换为编码前的内容,是直接可以的: 13 | sqlmap 的数据包 14 | ![800](photo/Pasted%20image%2020220426143526.png) 15 | 结果是返回不了我们想要的结果的 16 | 17 | 手动修改为中文 18 | ![800](photo/Pasted%20image%2020220426143617.png) 19 | 获得结果 20 | ![800](photo/Pasted%20image%2020220426144210.png) 21 | 配合`autoDecoder`,可以写flask代码如下: 22 | ```python 23 | # -*- coding:utf-8 -*- 24 | # author:f0ngf0ng 25 | 26 | from flask import Flask,Response,request 27 | from pyDes import * 28 | import base64 29 | import re,binascii 30 | from urllib.parse import unquote,quote 31 | 32 | # 解决sqlmap的中文问题 33 | 34 | app = Flask(__name__) 35 | 36 | @app.route('/encode',methods=["POST"]) 37 | def encrypt(): 38 | param = request.form.get('dataBody') # 获取 post 参数 39 | print(param) 40 | if "INSERT" in param: 41 | try : 42 | print(unquote(param)) 43 | b = re.findall("0x(.*?);", unquote(param) ) 44 | # print(b) 45 | c = binascii.a2b_hex(b[0]) 46 | total_param = unquote(param).replace("0x" + b[0], "'" +c.decode() + "'").replace(" ","%20") 47 | print(b[0]) 48 | print(c.decode()) 49 | except: 50 | pass 51 | return total_param 52 | 53 | else : 54 | return param 55 | 56 | @app.route('/decode',methods=["POST"]) # 不解密 57 | def decrypt(): 58 | param = request.form.get('dataBody') # 获取 post 参数 59 | return param 60 | 61 | if __name__ == '__main__': 62 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 63 | app.run(host="0.0.0.0",port="8888") 64 | ``` 65 | 66 | `autoDecoder`配置如下: 67 | ![800](photo/Pasted%20image%2020220426144941.png) 68 | 69 | sqlmap结果如下 70 | ![800](photo/Pasted%20image%2020220426145224.png) -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122119.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122119.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122211.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122211.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122239.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122239.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122413.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122413.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122507.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422122507.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125105.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125105.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125419.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125419.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125448.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125448.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125605.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/photo/Pasted image 20220422125605.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/sql注入绕过之sqlmap的数据包换行问题/sql注入绕过之sqlmap的数据包换行问题.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-08-31T23:55:33+08:00 3 | updated: 2022-09-02T08:42:15+08:00 4 | --- 5 | # sql注入绕过之sqlmap的数据包换行问题 6 | #autoDecoder例 7 | 8 | 碰到个SQL注入,但是网站有防护,如图: 9 | ![800](photo/Pasted%20image%2020220422125448.png) 10 | ![800](photo/Pasted%20image%2020220422125419.png) 11 | 可以通过`change body encoding`解决 12 | ![800](photo/Pasted%20image%2020220422125605.png) 13 | 但是当我们放到sqlmap中跑注入,发现报500错误,后续可以通过autoDecoder来解决,详细如下: 14 | 15 | 数据包是`Content-Type: multipart/form-data;` 的注入 16 | ![800](photo/Pasted%20image%2020220422122119.png) 17 | 但是sqlmap不识别`\r\n`的符号,所以无法跑出注入 18 | 使用`sqlmap --proxy=http://127.0.0.1:8080`代理到burp查看请求 19 | ![800](photo/Pasted%20image%2020220422122211.png) 20 | ![800](photo/Pasted%20image%2020220422122413.png) 21 | 原因就在于`\n`符号,sqlmap不知道什么原因无法识别请求体的换行为`\r\n`,导致请求全是500,报错了 22 | http数据包里的换行应该为`\r\n`,可以编写autoDecoder的flask脚本解决问题 23 | flask脚本如下: 24 | ```python 25 | # -*- coding:utf-8 -*- 26 | # author:f0ngf0ng 27 | 28 | # 解决sqlmap中的\n无法识别为\r\n问题 29 | 30 | from flask import Flask,request 31 | 32 | app = Flask(__name__) 33 | 34 | @app.route('/encode',methods=["POST"]) 35 | def encrypt(): 36 | param = request.form.get('data') # 获取 post 参数 37 | param = param.replace("\r\n","\n") 38 | data = param.replace("\n","\r\n") 39 | print(bytes(data,encoding="utf-8")) 40 | return data 41 | 42 | @app.route('/decode',methods=["POST"]) # 不解密 43 | def decrypt(): 44 | param = request.form.get('data') # 获取 post 参数 45 | return param 46 | 47 | if __name__ == '__main__': 48 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 49 | app.run(host="0.0.0.0",port="8888") 50 | ``` 51 | `autoDecoder`插件配置如下: 52 | ![800](photo/Pasted%20image%2020220422125105.png) 53 | 54 | 即可识别 55 | ![800](photo/Pasted%20image%2020220422122239.png) 56 | 数据库正常跑出 57 | ![800](photo/Pasted%20image%2020220422122507.png) -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172508963.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172508963.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172558030.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172558030.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172614799.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172614799.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172637944.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/1/image-20240510172637944.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510172249881.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510172249881.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184031244.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184031244.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184137081.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184137081.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184204063.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184204063.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184823699.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184823699.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184924447.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184924447.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184941968.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184941968.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184953514.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510184953514.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185112609.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185112609.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185112631.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185112631.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185130816.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185130816.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185408106.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185408106.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185514427.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185514427.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185618653.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185618653.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185836736.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510185836736.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510190039659.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/photo/image-20240510190039659.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/加密数据包无法使用被动扫描器来进行扫描的解决方案/加密数据包无法使用被动扫描器来进行扫描的解决方案.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2024-05-10T08:55:33+08:00 3 | updated: 2024-05-10T23:42:15+08:00 4 | --- 5 | 6 | ## 遇到加密数据包 无法使用被动扫描器来进行扫描解决方案 7 | 8 | 加密数据无法直接加入payload进行漏洞测试 需要先进行解密 在加入payload进行漏洞测试 9 | 10 | 大体原理如图: 11 | 12 | ![image-20240510172249881](photo/image-20240510172249881.png) 13 | 14 | 图中的xiasql可以替换成任意的burp插件或者xray等可以被动扫描的工具 15 | 16 | ## 具体实现 17 | 18 | BurpA需要主要配置内容 19 | 20 | ​ 1、下游代理BurpB的监听端口 21 | 22 | ![image-20240510184031244](photo/image-20240510184031244.png) 23 | 24 | ​ 2、加解密接口需要互换 25 | 26 | ![image-20240510184137081](photo/image-20240510184137081.png) 27 | 28 | ​ 3、明文密文关键字互换 29 | 30 | ![image-20240510184204063](photo/image-20240510184204063.png) 31 | 32 | BurpB无需复杂的配置按照正常逻辑配置即可 33 | 34 | ## 案例 35 | 36 | ![image-20240510184823699](photo/image-20240510184823699.png) 37 | 38 | 发现数据为加密 写脚本 配置autodecoder插件 39 | 40 | 41 | 42 | BurpA配置如下 43 | 44 | ![image-20240510184941968](photo/image-20240510184941968.png) 45 | 46 | ![image-20240510184953514](photo/image-20240510184953514.png) 47 | 48 | BurpB autodecoder配置 49 | 50 | ![image-20240510185112609](photo/image-20240510185112609.png)![image-20240510185112631](photo/image-20240510185112631.png) 51 | 52 | ![image-20240510185408106](photo/image-20240510185408106.png) 53 | 54 | 55 | 56 | 57 | 58 | 开启burpA的xiasql等被动扫描插件 然后在点击各个功能点进行被动测试 59 | 60 | ![image-20240510185618653](photo/image-20240510185618653.png) 61 | 62 | ![image-20240510185836736](photo/image-20240510185836736.png) 63 | 64 | xiasql正常发送数据包 65 | 66 | 67 | 68 | BurpB收到的数据包为明文 通过加密会发送到服务端 69 | 70 | ![image-20240510190039659](photo/image-20240510190039659.png) 71 | -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232535.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232535.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232631.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232631.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232706.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232706.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232748.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232748.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232759.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232759.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232843.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232843.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232853.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110232853.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233031.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233031.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233051.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233051.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233340.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233340.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233707.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233707.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233807.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233807.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233840.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233840.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233956.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110233956.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110234341.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110234341.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110234419.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110234419.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110234446.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230110234446.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230111142316.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/替换参数/photo/Pasted image 20230111142316.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/替换参数/替换参数.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-01-10T23:21:35+08:00 3 | updated: 2023-01-13T12:48:26+08:00 4 | --- 5 | 遇到了一个swagger,后面发现参数替换很麻烦,之前都是在burp里直接替换,但是后面发现burp的替换参数那个模块太费劲了,还不好改,于是有了这篇文章 6 | 7 | swagger个人习惯导入postman或者是用lijiejie师傅的swaggerexp 8 | 9 | 这里导入到postman 10 | ![](photo/Pasted%20image%2020230110232535.png) 11 | 12 | 导入即可 13 | 这里需要修改的一个值,就是baseUrl 14 | ![](photo/Pasted%20image%2020230110232631.png) 15 | 填入api的地址,记得保存 16 | ![](photo/Pasted%20image%2020230110232706.png) 17 | 18 | 最后一步,删除postman的header头,以及挂上burp的代理 19 | ![600](photo/Pasted%20image%2020230110232748.png) 20 | 21 | 挂上burp的代理,这一步是为了方便看请求和响应 22 | ![600](photo/Pasted%20image%2020230110232759.png) 23 | 24 | 点run,继续点run 25 | ![](photo/Pasted%20image%2020230110232843.png) 26 | 27 | ![500](photo/Pasted%20image%2020230110232853.png) 28 | 29 | 就可以在burp上看到请求了 30 | ![500](photo/Pasted%20image%2020230110233051.png) 31 | swagger的请求,很多接口大概率都是401或者访问不通的,安全防护越来越好、开发人员的安全意识越来越强、接口安全的普及,但是,100个里面有1个接口没有做好限制,基本就是前功尽弃,如下: 32 | 33 | ![500](photo/Pasted%20image%2020230110233031.png) 34 | 35 | 这里返回了公司的所有信息,如地址,姓名、手机号、commpanyid等等字段 36 | 一般来说,这就算是未授权信息泄露了,但是如何深入其他的接口呢,比如这些响应是200的接口,又有参数 37 | ![500](photo/Pasted%20image%2020230110233707.png) 38 | 那么我们可以把获得的json数据,进行一个转换,如下: 39 | ![500](photo/Pasted%20image%2020230110233807.png) 40 | 转换后 41 | ![500](photo/Pasted%20image%2020230110233840.png) 42 | 这里转换成post的参数,一来直接加在url后面,如xxxx/api?a=1&b=2&c=3 43 | 44 | 二来也可以进行参数替换 45 | ![500](photo/Pasted%20image%2020230111142316.png) 46 | 47 | 然后根据参数对应关系,编写autoDecoder脚本: 48 | ```python 49 | # -*- coding:utf-8 -*- 50 | # author:f0ngf0ng 51 | 52 | # 替换参数 53 | 54 | from flask import Flask,Response,request 55 | from pyDes import * 56 | import base64,hashlib,json 57 | 58 | app = Flask(__name__) 59 | 60 | @app.route('/encode',methods=["POST"]) 61 | def encrypt(): 62 | param = request.form.get('dataBody') # 获取 post 参数 63 | param_headers = request.form.get('dataHeaders') # 获取 post 参数 64 | param_requestorresponse = request.form.get('requestorresponse') 65 | print(param_headers ) 66 | param_headers = param_headers.replace("company_id=voluptate","company_id=xxxxx") 67 | param_headers = param_headers.replace("userid=voluptate","userid=yyyyyy") 68 | 69 | 70 | if param_requestorresponse == "request": 71 | print(param_headers.strip() + "\r\n\r\n\r\n\r\n" + param.strip()) 72 | return param_headers.strip() + "\r\n\r\n\r\n\r\n" + param.strip() 73 | else: 74 | return param.strip() 75 | 76 | 77 | @app.route('/decode',methods=["POST"]) # 不解密 78 | def decrypt(): 79 | param = request.form.get('dataBody') # 获取 post 参数 80 | param_headers = request.form.get('dataHeaders') # 获取 post 参数 81 | param_requestorresponse = request.form.get('requestorresponse') 82 | print(request.form) 83 | if param_requestorresponse == "response": 84 | return param_headers.strip() + "\r\n\r\n\r\n\r\n" + param.strip() 85 | else: 86 | return param.strip() 87 | 88 | if __name__ == '__main__': 89 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 90 | app.run(host="0.0.0.0",port="8888") 91 | ``` 92 | 如果请求包为json,同样也可以进行替换 93 | 94 | autoDecoder配置如下: 95 | ![500](photo/Pasted%20image%2020230110233956.png) 96 | 97 | 实际效果: 98 | 开启之前: 99 | ![](photo/Pasted%20image%2020230110234341.png) 100 | 101 | 开启之后: 102 | ![](photo/Pasted%20image%2020230110234419.png) 103 | 104 | 实际请求: 105 | ![](photo/Pasted%20image%2020230110234446.png) 106 | 107 | 当然,也可以配合xray,这样测得更全面,而且更细致了 -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190246.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190246.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190259.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190259.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190342.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190342.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190355.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190355.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190409.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190409.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190419.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的奇淫技巧/绕过流量waf/photo/Pasted image 20220504190419.png -------------------------------------------------------------------------------- /autoDecoder的奇淫技巧/绕过流量waf/绕过流量waf.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-09-01T00:06:38+08:00 3 | updated: 2022-09-02T08:42:15+08:00 4 | --- 5 | ### 流量waf绕过 6 | 7 | 碰到个thinkphp很硬的站点,php7的环境,拦截的很死,拦截``短标签绕过,拦截一些关键词`eval`等函数,可以通过php伪协议写入进行绕过 8 | 9 | 这个waf还有个比较厉害的点,流量拦截,base64、rsa、aes等流量都会识别到直接reset 10 | 11 | base64流量如下: 12 | 13 | ![800](photo/Pasted%20image%2020220504190246.png) 14 | 15 | 直接reset,没有状态码,包括其他rsa、aes也是直接reset 16 | 17 | rsa流量如下: 18 | 19 | ![800](photo/Pasted%20image%2020220504190259.png) 20 | 21 | 直接reset,也没有状态码 22 | 23 | 24 | 后续尝试更换payload中的关键字,发现没办法绕过,这个waf还是比较智能的 25 | 26 | 中间想到了使用伪协议写大马进服务器,发现无法写入,可能请求包数据太大,想了想其他的方法 27 | 28 | 继续尝试绕过waf,这里把`payload`更换位置,猜测waf只会识别数据包的请求体,而不会去看其他的请求头,把`payload`放到请求头里,发现服务器可以得到请求,如下: 29 | 30 | ![800](https://files.mdnice.com/user/23628/09dec26a-6bee-46d2-90b7-2376b383d2bb.png) 31 | 那么就可以把之前的马: 32 | ```php 33 | 36 | ``` 37 | 更改为: 38 | ```php 39 | 42 | ``` 43 | 然后编写mitm脚本如下: 44 | ```python 45 | # -*- coding:utf-8 -*- 46 | # author:f0ngf0ng 47 | # @Date: 2022/4/9 下午9:30 48 | # 将post的参数转移到Accept 49 | # 配合webshell 50 | ''' 51 | 52 | ''' 53 | # 配合蚁剑的myencoder mydecoder 密码设置为x 54 | 55 | from mitmproxy import http, ctx 56 | from urllib.parse import unquote 57 | 58 | class Mitm: 59 | def request(self, flow): 60 | if flow.request.host != "x.x.x.x" : 61 | # ctx.log.info(flow.request.host) 62 | return 63 | 64 | ctx.log.info(f"payload为 {flow.request.text}") 65 | payload = flow.request.text.split("x=")[1].split("&")[0] # payload参数 66 | flow.request.headers.add("Accept",unquote(payload) ) 67 | flow.request.set_text(flow.request.text.replace("x=" + payload , "")) 68 | 69 | ctx.log.info(f"发送的请求包 = {flow.request.text}") 70 | addons = [ 71 | Mitm() 72 | ] 73 | ``` 74 | 运行命令如下: 75 | 76 | `mitmweb -s mitm.py --listen-port 8082` 77 | 78 | 蚁剑进行代理到本地 79 | 80 | `127.0.0.1:8082` 81 | 82 | 点击测试连接,成功 83 | 84 | ![800](photo/Pasted%20image%2020220504190342.png) 85 | 86 | 87 | ![800](photo/Pasted%20image%2020220504190355.png) 88 | `mitmproxy`运行界面如下 89 | 90 | ![800](photo/Pasted%20image%2020220504190409.png) 91 | 92 | 命令执行界面如下: 93 | ![800](photo/Pasted%20image%2020220504190419.png) 94 | 也可以编写`autoDecoder`的加解密脚本,如下: 95 | ```python 96 | # -*- coding:utf-8 -*- 97 | # author:f0ngf0ng 98 | from flask import Flask,Response,request 99 | from pyDes import * 100 | import base64 101 | app = Flask(__name__) 102 | 103 | @app.route('/encode',methods=["POST"]) 104 | def encrypt(): 105 | body = request.form.get('dataBody') # 获取 post 参数 必需 106 | headers = request.form.get('dataHeaders') # 获取 post 参数 可选 107 | body_accept = body.split("x=")[1].split("&")[0] # 获取payload 108 | body = body.replace("x=" + body_accept,"") 109 | 110 | if headers != None: # 开启了请求头加密 111 | print(headers + "\r\n\r\n\r\n\r\n" + body) 112 | headers = headers + "Accept:" + body_accept + "\r\n" 113 | return headers + "\r\n\r\n\r\n\r\n" + body # 返回值为固定格式,不可更改 114 | 115 | return body 116 | 117 | @app.route('/decode',methods=["POST"]) # 不解密 118 | def decrypt(): 119 | param = request.form.get('dataBody') # 获取 post 参数 120 | return param 121 | 122 | if __name__ == '__main__': 123 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 124 | app.run(host="0.0.0.0",port="8888") 125 | ``` -------------------------------------------------------------------------------- /autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221194136.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221194136.png -------------------------------------------------------------------------------- /autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221195440.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221195440.png -------------------------------------------------------------------------------- /autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221200559.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221200559.png -------------------------------------------------------------------------------- /autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221200806.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221200806.png -------------------------------------------------------------------------------- /autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221200833.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/autoDecoder的调试办法/接口加解密调试/photo/Pasted image 20230221200833.png -------------------------------------------------------------------------------- /autoDecoder的调试办法/接口加解密调试/接口加解密调试.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-21T19:21:35+08:00 3 | updated: 2023-02-21T21:48:57+08:00 4 | --- 5 | #### 该案例属于autoDecoder的调试办法中的一例 6 | 7 | 算法为DES/CBC/PKCS5Padding算法,密钥为f0ngtest,iv为f0ngf0ng 8 | 9 | 请求体为 10 | ``` 11 | I9z1fsH5QQ2NUbJi/7a8lw== 12 | ``` 13 | 14 | 响应体为 15 | ``` 16 | dCtLdlmk7wI= 17 | ``` 18 | 19 | python文件如下: 20 | ```python 21 | # -*- coding:utf-8 -*- 22 | # author:f0ngf0ng 23 | 24 | from flask import Flask,Response,request 25 | from pyDes import * 26 | import base64 27 | 28 | def des_encrypt(s): 29 | """ 30 | DES 加密 :param s: 原始字符串 :return: 加密后字符串,16进制 31 | """ 32 | secret_key = "f0ngtest" 33 | iv = "f0ngf0ng" 34 | k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5) 35 | en = k.encrypt(s, padmode=PAD_PKCS5) 36 | return base64.encodebytes(en).decode() 37 | 38 | def des_decrypt(s): 39 | """ 40 | DES 解密 :param s: 加密后的字符串,16进制 :return: 解密后的字符串 41 | """ 42 | secret_key = "f0ngtest" 43 | iv = "f0ngf0ng" 44 | k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5) 45 | de = k.decrypt(base64.decodebytes(bytes(s,encoding="utf-8")), padmode=PAD_PKCS5) 46 | return de.decode() 47 | 48 | app = Flask(__name__) 49 | 50 | @app.route('/encode',methods=["POST"]) 51 | def encrypt(): 52 | param = request.form.get('dataBody') # 获取 post 参数 53 | param_headers = request.form.get('dataHeaders') # 获取 post 参数 54 | param_requestorresponse = request.form.get('requestorresponse') # 获取 post 参数 55 | encry_param = des_encrypt(param.strip("\n")) 56 | print(param) 57 | print(encry_param) 58 | if param_requestorresponse == "request": 59 | return param_headers + "\r\n\r\n\r\n\r\n" + encry_param 60 | return encry_param 61 | 62 | @app.route('/decode',methods=["POST"]) 63 | def decrypt(): 64 | print(request.form) 65 | param = request.form.get('dataBody') # 获取 post 参数 66 | param_headers = request.form.get('dataHeaders') # 获取 post 参数 67 | param_requestorresponse = request.form.get('requestorresponse') # 获取 post 参数 68 | decrypt_param = des_decrypt(param.strip("\n")) 69 | print(decrypt_param) 70 | print(param_headers) 71 | print(param_requestorresponse) 72 | if param_requestorresponse == "request": 73 | return param_headers + "\r\n\r\n\r\n\r\n" + decrypt_param 74 | else: 75 | return decrypt_param 76 | 77 | if __name__ == '__main__': 78 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 79 | app.run(host="0.0.0.0",port="8888") 80 | ``` 81 | 将以上代码保存为app.py,运行`python3 app.py` 82 | 83 | 复制请求包到接口 84 | ```bash 85 | POST /testsql.php HTTP/1.1 86 | Host: 10.211.55.4 87 | User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0 88 | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 89 | Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 90 | Accept-Encoding: gzip, deflate 91 | Connection: keep-alive 92 | Upgrade-Insecure-Requests: 1 93 | Content-Type: application/x-www-form-urlencoded 94 | Content-Length: 24 95 | 96 | I9z1fsH5QQ2NUbJi/7a8lw== 97 | ``` 98 | 解密可以看到请求体被解密了,加密也可以看到请求体被加密了 99 | 100 | ![](photo/Pasted%20image%2020230221194136.png) 101 | 102 | 103 | 复制响应包到接口,解密可以看到响应体被解密了,加密也可以看到响应体被加密了 104 | ![](photo/Pasted%20image%2020230221195440.png) 105 | 106 | 如果需要修改请求头,选中对数据头进行处理即可 107 | ![](photo/Pasted%20image%2020230221200559.png) 108 | 109 | 响应头同理 110 | ![](photo/Pasted%20image%2020230221200833.png) -------------------------------------------------------------------------------- /加解密代码例子/aes_cbc_zeropadding.py: -------------------------------------------------------------------------------- 1 | from flask import Flask 2 | import base64 3 | from Crypto.Cipher import AES 4 | from flask import request 5 | 6 | # 密钥(key), 密斯偏移量(vi) CBC模式加密 7 | app = Flask(__name__) 8 | def AES_Encrypt(key, data): 9 | vi = '1234567890123456' 10 | pad = lambda s: s + (16 - len(s)%16) * chr(0) 11 | data = pad(data) 12 | # 字符串补位 13 | cipher = AES.new(key.encode('utf8'), AES.MODE_CBC, vi.encode('utf8')) 14 | encryptedbytes = cipher.encrypt(data.encode('utf8')) 15 | # 加密后得到的是bytes类型的数据 16 | encodestrs = base64.b64encode(encryptedbytes) 17 | # 使用Base64进行编码,返回byte字符串 18 | enctext = encodestrs.decode('utf8') 19 | # 对byte字符串按utf-8进行解码 20 | return enctext 21 | 22 | @app.route('/encrypt',methods=["POST"]) 23 | def encrypt(): 24 | param = request.form.get('dataBody') # 获取 post 参数 25 | 26 | print(param) 27 | encry_param = AES_Encrypt('1234567890123456',param) 28 | return encry_param 29 | 30 | @app.route('/decode',methods=["POST"]) # 不解密 31 | def decrypt(): 32 | param = request.form.get('dataBody') # 获取 post 参数 33 | return param 34 | 35 | 36 | if __name__ == '__main__': 37 | app.run() 38 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/AES加密/AES加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-09-01T00:06:38+08:00 3 | updated: 2023-02-21T20:55:07+08:00 4 | --- 5 | # AES加密 6 | 7 | *使用nodejs实现了http接口* 8 | 9 | 明文为: 10 | {"username":"f0ng","password":"onlysecurity"} 11 | 12 | 密文为: 13 | 1vwZCmsFRAq5njm+82Pq8sMud5TG0RD8Up2GKhpHIB5cdoDOLu2SPZ94uArMa+7b 14 | 15 | 这里还有一个小难点,账号登录的时候数据包为`DATA=1vwZCmsFRAq5njm+82Pq8sMud5TG0RD8Up2GKhpHIB5cdoDOLu2SPZ94uArMa+7b` 16 | 所以我们在代码处增加逻辑判断: 17 | 加密的时候,识别登录的明文关键字,这里为`password`,当存在`password`关键字的时候,自动加上`DATA=` 18 | 19 | 解密的时候,我们直接全局替换`DATA=`,有的话就会被替换,没有也不影响结果 20 | 21 | ECB模式 22 | 密钥为`onlysecurityonlysecurityf0ngf0ng` 23 | 24 | ```Javascript 25 | // 明文为 {"username":"f0ng","password":"onlysecurity"} 26 | // 密文为 1vwZCmsFRAq5njm+82Pq8sMud5TG0RD8Up2GKhpHIB5cdoDOLu2SPZ94uArMa+7b 27 | var http = require('http'); 28 | const url = require('url'); 29 | const querystring = require('querystring'); 30 | var CryptoJS = require("./crypto-js/crypto-js"); 31 | 32 | var key = CryptoJS.enc.Hex.parse("onlysecurityonlysecurityf0ngf0ng"); 33 | 34 | 35 | function Encrypt(word) { 36 | var srcs = CryptoJS.enc.Utf8.parse(word); 37 | var encrypted = CryptoJS.AES.encrypt(srcs, key, { 38 | mode : CryptoJS.mode.ECB, 39 | padding : CryptoJS.pad.Pkcs7 40 | }); 41 | return encrypted.toString(); 42 | } 43 | 44 | function Decrypt(word) { 45 | var decrypt = CryptoJS.AES.decrypt(word, key, { 46 | mode : CryptoJS.mode.ECB, 47 | padding : CryptoJS.pad.Pkcs7 48 | }); 49 | return CryptoJS.enc.Utf8.stringify(decrypt).toString(); 50 | } 51 | 52 | 53 | http.createServer(function (req, res) { 54 | let path = url.parse(req.url); 55 | let postparms = ''; 56 | if (path.pathname === '/encode') { 57 | console.log("encode路由"); 58 | req.on('data', (parms) => { 59 | postparms += parms; 60 | }); 61 | req.on('end', () => { 62 | 63 | postparms = querystring.parse(postparms); 64 | console.log(postparms); 65 | let dataBody = postparms.dataBody; 66 | if (dataBody.indexOf("password") > 0) { 67 | let Data = querystring.escape(Encrypt(dataBody)); // querystring.escape url编码 68 | console.log(Data); 69 | Data = "DATA=" + Data; 70 | res.end(Data); 71 | } else { 72 | // let Data = escape(Encrypt(dataBody)); 73 | let Data = Encrypt(dataBody); 74 | console.log(Data); 75 | // Data = "X-BASE-DATA=" + Data; 76 | res.end(Data); 77 | } 78 | }) 79 | } else if (path.pathname === '/decode') { 80 | console.log("decode路由") 81 | req.on('data', (parms) => { 82 | postparms += parms; 83 | }) 84 | req.on('end', () => { 85 | 86 | postparms = querystring.parse(postparms); 87 | let dataBody = postparms.dataBody; 88 | dataBody = dataBody.replace("DATA=",""); 89 | console.log(dataBody); 90 | dataBody = unescape(dataBody) 91 | let decryptData = Decrypt(dataBody); // 解密,默认输出 utf8 字符串,默认使用 pkcs#7 填充(传 pkcs#5 也会走 pkcs#7 填充) 92 | // decryptData = Buffer.from(decryptData) // console.log(decryptData) // decryptData = decryptData.toString('utf-8') 93 | console.log(decryptData); 94 | res.end( decryptData ); 95 | }) 96 | } else{ 97 | res.write("end"); 98 | res.end() 99 | 100 | } 101 | }).listen(8888); 102 | ``` 103 | 104 | ## 登录数据包 105 | 原始请求包:(明文) 106 | ![800](photo/Pasted%20image%2020220518225410.png) 107 | 108 | 实际请求包:(添加了`DATA=`关键字) 109 | ![800](photo/Pasted%20image%2020220518225429.png) 110 | 111 | ## 正常交互数据包 112 | 原始请求包:(明文) 113 | ![800](photo/Pasted%20image%2020220518225520.png) 114 | 115 | 实际请求包: 116 | ![800](photo/Pasted%20image%2020220518225533.png) 117 | 118 | 119 | autoDecoder配置 120 | ![800](photo/Pasted%20image%2020220518225315.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225315.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225315.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225410.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225410.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225429.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225429.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225520.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225520.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225533.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/AES加密/photo/Pasted image 20220518225533.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/Template.js: -------------------------------------------------------------------------------- 1 | import express from "express"; 2 | import axios from "axios"; 3 | import puppeteer from "puppeteer-core"; 4 | 5 | const app = express(); 6 | app.use( 7 | express.urlencoded({ 8 | extended: true, 9 | limit: "50mb", 10 | parameterLimit: 5000, 11 | }) 12 | ); 13 | app.use(express.json({ limit: "50mb" })); 14 | 15 | // 加密 16 | app.post("/encode", async (req, res) => { 17 | let body = req.body.dataBody; 18 | 19 | let encResult = ""; 20 | if (typeof req.body.requestorresponse == "undefined") { 21 | encResult = await bothEncode(body); 22 | } else if (req.body.requestorresponse == "request") { 23 | encResult = await requestEncode(body); 24 | } else { 25 | encResult = await responseEncode(body); 26 | } 27 | 28 | console.log("发送加密报文:%O\r\n", encResult); 29 | res.send(encResult); 30 | }); 31 | 32 | async function bothEncode(body) { 33 | console.log("-".repeat(15) + " [Both Encode] " + "-".repeat(15) + "\n"); 34 | console.log("Body: " + body + "\r\n"); 35 | 36 | // let result = await consoleRun(`encryptBody(\`${data}\`)`); 37 | // console.log("result:" + result + "\r\n"); 38 | return result; 39 | } 40 | 41 | async function requestEncode(body) { 42 | console.log("-".repeat(15) + " [Request Encode] " + "-".repeat(15) + "\n"); 43 | } 44 | 45 | async function responseEncode(body) { 46 | console.log("-".repeat(15) + " [Response Encode] " + "-".repeat(15) + "\n"); 47 | } 48 | 49 | // 解密 50 | app.post("/decode", async (req, res) => { 51 | let body = req.body.dataBody; 52 | let decResult = ""; 53 | if (typeof req.body.requestorresponse == "undefined") { 54 | decResult = await bothDecode(body); 55 | } else if (req.body.requestorresponse == "request") { 56 | decResult = await requestDecode(body); 57 | } else { 58 | decResult = await responseDecode(body); 59 | } 60 | 61 | console.log("接收加密明文:%O\r\n", decResult); 62 | res.header("Content-Type", "application/json;charset=utf-8"); 63 | res.send(decResult); 64 | }); 65 | 66 | async function bothDecode(body) { 67 | console.log("-".repeat(15) + " [Both Decode] " + "-".repeat(15) + "\n"); 68 | body = body.trim(); 69 | 70 | // return await consoleRun(`decryptKey('${body}')`); 71 | } 72 | 73 | async function requestDecode(body) { 74 | console.log("-".repeat(15) + " [Request Decode] " + "-".repeat(15) + "\n"); 75 | } 76 | 77 | async function responseDecode(body) { 78 | console.log("-".repeat(15) + " [Response Decode] " + "-".repeat(15) + "\n"); 79 | } 80 | 81 | // Hook 调试 82 | app.post("/debug", async (req, res) => { 83 | console.log("-".repeat(15) + " [Console Debug] " + "-".repeat(15) + "\n"); 84 | let command = Object.keys(req.body)[0]; 85 | let result = await consoleRun(command); 86 | 87 | console.log(`Command:${command} \r\nResult: ${result}\r\n`); 88 | res.header("Content-Type", "text/plain;charset=utf-8"); 89 | res.send(result); 90 | }); 91 | 92 | // 在 Chrome Console 控制台执行命令 93 | async function consoleRun(command) { 94 | const wsKey = await axios.get("http://127.0.0.1:9222/json/version"); 95 | const browser = await puppeteer.connect({ 96 | browserWSEndpoint: wsKey.data.webSocketDebuggerUrl, 97 | defaultViewport: null, 98 | }); 99 | 100 | const pages = await browser.pages(); 101 | const page = pages[0]; 102 | console.log(`\r\n[+] Console run: ${command}\r\n`); 103 | const res = await page.evaluate(command); 104 | await browser.disconnect(); 105 | 106 | return res; 107 | } 108 | 109 | const server = app.listen(8888, function () { 110 | const host = server.address().address; 111 | const port = server.address().port; 112 | 113 | console.log("应用实例,访问地址为 http://%s:%s\n", host, port); 114 | }); 115 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/1.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/2.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/3.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813150454109.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813150454109.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813150912861.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813150912861.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813150952394.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813150952394.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813151751430.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.assets/image-20230813151751430.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/chrome cdp加解密/chrome cdp 加解密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-08-13T16:35:51+08:00 3 | updated: 2023-08-13T16:35:51+08:00 4 | --- 5 | # 0x01 使用 6 | 7 | 首先需要开启 Chrome 浏览器的远程调试功能,先退出现有的 Chrome 程序再执行以下命令 8 | 9 | ``` 10 | /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222 11 | ``` 12 | 13 | ![1](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/1.png) 14 | 15 | 运行 node 服务器 16 | 17 | ![img](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/2.png) 18 | 19 | 访问 http://127.0.0.1:8888/debug 接口,测试当前 Hook 的调试页面 20 | 21 | ![3](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/3.png) 22 | 23 | ![image-20230813151751430](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/image-20230813151751430.png) 24 | 25 | 默认设置为 Hook 最新打开的标签页,如果需要 Hook 之前的页面可以修改脚本中默认的 pages 索引 26 | 27 | ![image-20230813150454109](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/image-20230813150454109.png) 28 | 29 | # 0x02 参考 30 | 31 | 在浏览器中下断点,运行到指定函数位置时在 Console 中运行指令将函数提升为全局函数 32 | 33 | ![image-20230813150912861](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/image-20230813150912861.png) 34 | 35 | 36 | 37 | ![image-20230813150952394](chrome%20cdp%20%E5%8A%A0%E8%A7%A3%E5%AF%86.assets/image-20230813150952394.png) 38 | 39 | PS: 全部函数设置完毕后==将浏览器调试断点放开,开启断点时会将脚本进程阻塞。使用过程中勿刷新页面,刷新页面后需重新提升函数== 40 | 41 | 然后就可以在 node 脚本里调用浏览器中的全局函数进行加解密操作了 42 | 43 | # 0xFF Refer 44 | 45 | https://pptr.dev/ 46 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220428215242.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220428215242.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220428215743.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220428215743.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429154939.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429154939.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429154955.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429154955.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429155949.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429155949.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429160015.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Node/sm4加密/photo/Pasted image 20220429160015.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Node/sm4加密/sm4加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-09-01T00:06:38+08:00 3 | updated: 2022-09-02T08:42:15+08:00 4 | --- 5 | # sm4加解密的例子 6 | 7 | #autoDecoder例 8 | 9 | 遇到了一个sm4加解密的,这里简单的实现一下 10 | 11 | `JavaScript`代码如下: 12 | ```javascript 13 | //sm4转换 14 | 15 | const stringToByte = function (str) { 16 | var len, c 17 | len = str.length 18 | var bytes = [] 19 | for (var i = 0; i < len; i++) { 20 | 21 | c = str.charCodeAt(i) 22 | 23 | if (c >= 0x010000 && c <= 0x10FFFF) { 24 | 25 | bytes.push(((c >> 18) & 0x07) | 0xF0) 26 | 27 | bytes.push(((c >> 12) & 0x3F) | 0x80) 28 | 29 | bytes.push(((c >> 6) & 0x3F) | 0x80) 30 | 31 | bytes.push((c & 0x3F) | 0x80) 32 | 33 | } else if (c >= 0x000800 && c <= 0x00FFFF) { 34 | 35 | bytes.push(((c >> 12) & 0x0F) | 0xE0) 36 | 37 | bytes.push(((c >> 6) & 0x3F) | 0x80) 38 | 39 | bytes.push((c & 0x3F) | 0x80) 40 | 41 | } else if (c >= 0x000080 && c <= 0x0007FF) { 42 | 43 | bytes.push(((c >> 6) & 0x1F) | 0xC0) 44 | 45 | bytes.push((c & 0x3F) | 0x80) 46 | 47 | } else { 48 | 49 | bytes.push(c & 0xFF) 50 | 51 | } 52 | 53 | } 54 | 55 | return new Int8Array(bytes) 56 | 57 | } 58 | 59 | 60 | const sm4 = require('sm-crypto').sm4 61 | const encryptData = '77327a37ff72f97ea72031861b20bbcd652284611571a0c06edfaeba4e405643' // 可以为 16 进制串或字节数组 62 | 63 | const key = stringToByte("onlysecurityf0ng") // 可以为 16 进制串或字节数组,要求为 128 比特 64 | let decryptData = sm4.decrypt(encryptData, key, { 65 | output: 'array' 66 | }) // 解密,默认输出 utf8 字符串,默认使用 pkcs#7 填充(传 pkcs#5 也会走 pkcs#7 填充) 67 | 68 | decryptData = Buffer.from(decryptData) 69 | 70 | decryptData = decryptData.toString('utf-8') 71 | 72 | console.log(decryptData) 73 | 74 | let Data = sm4.encrypt(decryptData,key) 75 | 76 | console.log(Data) 77 | ``` 78 | 运行代码: 79 | ![800](photo/Pasted%20image%2020220428215242.png) 80 | `{"f0ng":"onlysecurity"}`为明文,`77327a37ff72f97ea72031861b20bbcd652284611571a0c06edfaeba4e405643`为密文 81 | 这里只是通过js实现了加解密,按照之前的经验,我们是通过flask进行加解密的,所以需要转换成python代码,这里用到了python的`execjs`模块,代码如下: 82 | ```Python 83 | # -*- coding:utf-8 -*- 84 | # author:f0ngf0ng 85 | # @Date: 2022/4/28 下午5:14 86 | import execjs 87 | ctx = execjs.compile(""" 88 | const sm4 = require('sm-crypto').sm4 //引入请求加密算法 89 | 90 | //sm4转换 91 | const stringToByte = function (str) { 92 | var len, c len = str.length 93 | var bytes = [] 94 | for (var i = 0; 95 | i < len; i++) { 96 | c = str.charCodeAt(i) 97 | if (c >= 0x010000 && c <= 0x10FFFF) { 98 | bytes.push(((c >> 18) & 0x07) | 0xF0) 99 | bytes.push(((c >> 12) & 0x3F) | 0x80) 100 | bytes.push(((c >> 6) & 0x3F) | 0x80) 101 | bytes.push((c & 0x3F) | 0x80) 102 | } else if (c >= 0x000800 && c <= 0x00FFFF) { 103 | bytes.push(((c >> 12) & 0x0F) | 0xE0) 104 | bytes.push(((c >> 6) & 0x3F) | 0x80) 105 | bytes.push((c & 0x3F) | 0x80) 106 | } else if (c >= 0x000080 && c <= 0x0007FF) { 107 | bytes.push(((c >> 6) & 0x1F) | 0xC0) 108 | bytes.push((c & 0x3F) | 0x80) 109 | } else { 110 | bytes.push(c & 0xFF) 111 | } 112 | } 113 | return new Int8Array(bytes) 114 | } 115 | 116 | const decrypt = function ( str) { 117 | let key = 'onlysecurityf0ng' 118 | let decryptData = sm4.decrypt(str, stringToByte(key), { 119 | output: 'array' }) 120 | decryptData = Buffer.from(decryptData) 121 | decryptData = decryptData.toString('utf-8') 122 | console.log('解密-------:' + decryptData) 123 | return decryptData} 124 | 125 | //sm4 加密 flag是否白名单 126 | const encrypt = function ( str) { 127 | let key = 'onlysecurityf0ng' 128 | let arrayData = JSON.stringify(str) 129 | let encryptData = sm4.encrypt(arrayData, stringToByte(key)) 130 | //console.log('加密------:' + encryptData) 131 | return encryptData} 132 | 133 | """) 134 | # print(ctx.call("stringToByte","onlysecurityf0ng")) 135 | 136 | print(ctx.call("decrypt" ,"77327a37ff72f97ea72031861b20bbcd652284611571a0c06edfaeba4e405643")) 137 | print(ctx.call("encrypt",{"f0ng":"onlysecurity"})) 138 | ``` 139 | ![800](photo/Pasted%20image%2020220428215743.png) 140 | 这里就简单做好了,但是转念一想,`autoDecoder`是适配各种各样的接口的,那不如就用node写一个http请求进行加解密的接口呢 141 | 说干就干,直接码代码 142 | nodejs服务代码如下: 143 | ```JavaScript 144 | var http = require('http'); 145 | 146 | const url = require('url'); 147 | 148 | const querystring = require('querystring'); 149 | 150 | //sm4转换 151 | 152 | const stringToByte = function (str) { 153 | 154 | var len, c 155 | 156 | len = str.length 157 | 158 | var bytes = [] 159 | 160 | for (var i = 0; i < len; i++) { 161 | 162 | c = str.charCodeAt(i) 163 | 164 | if (c >= 0x010000 && c <= 0x10FFFF) { 165 | 166 | bytes.push(((c >> 18) & 0x07) | 0xF0) 167 | 168 | bytes.push(((c >> 12) & 0x3F) | 0x80) 169 | 170 | bytes.push(((c >> 6) & 0x3F) | 0x80) 171 | 172 | bytes.push((c & 0x3F) | 0x80) 173 | 174 | } else if (c >= 0x000800 && c <= 0x00FFFF) { 175 | 176 | bytes.push(((c >> 12) & 0x0F) | 0xE0) 177 | 178 | bytes.push(((c >> 6) & 0x3F) | 0x80) 179 | 180 | bytes.push((c & 0x3F) | 0x80) 181 | 182 | } else if (c >= 0x000080 && c <= 0x0007FF) { 183 | 184 | bytes.push(((c >> 6) & 0x1F) | 0xC0) 185 | 186 | bytes.push((c & 0x3F) | 0x80) 187 | 188 | } else { 189 | 190 | bytes.push(c & 0xFF) 191 | 192 | } 193 | 194 | } 195 | 196 | return new Int8Array(bytes) 197 | 198 | } 199 | 200 | const sm4 = require('sm-crypto').sm4 201 | 202 | const key = stringToByte("onlysecurityf0ng") // 可以为 16 进制串或字节数组,要求为 128 比特 203 | 204 | 205 | 206 | 207 | http.createServer(function (req, res) { 208 | 209 | let path = url.parse(req.url); 210 | 211 | let postparms = ''; 212 | 213 | if (path.pathname === '/encode') { 214 | 215 | console.log("encode路由"); 216 | 217 | req.on('data', (parms) => { 218 | 219 | postparms += parms; 220 | 221 | }) 222 | 223 | req.on('end', () => { 224 | 225 | postparms = querystring.parse(postparms); 226 | 227 | console.log(postparms) 228 | 229 | let dataBody = postparms.dataBody; 230 | 231 | let Data = sm4.encrypt(dataBody,key) 232 | 233 | console.log(Data) 234 | 235 | res.end(Data); 236 | 237 | }) 238 | 239 | } else if (path.pathname === '/decode') { 240 | 241 | console.log("decode路由") 242 | 243 | req.on('data', (parms) => { 244 | 245 | postparms += parms; 246 | 247 | }) 248 | 249 | req.on('end', () => { 250 | 251 | postparms = querystring.parse(postparms); 252 | 253 | console.log(postparms) 254 | 255 | let dataBody = postparms.dataBody; 256 | 257 | const encryptData = dataBody 258 | 259 | let decryptData = sm4.decrypt(encryptData, key, { 260 | 261 | output: 'array' 262 | 263 | }) // 解密,默认输出 utf8 字符串,默认使用 pkcs#7 填充(传 pkcs#5 也会走 pkcs#7 填充) 264 | 265 | decryptData = Buffer.from(decryptData) 266 | 267 | // console.log(decryptData) 268 | 269 | decryptData = decryptData.toString('utf-8') 270 | 271 | console.log(decryptData); 272 | 273 | res.end( decryptData ); 274 | 275 | }) 276 | 277 | 278 | 279 | } else{ 280 | 281 | res.write("end"); 282 | 283 | res.end() 284 | 285 | 286 | 287 | } 288 | 289 | }).listen(8888); 290 | ``` 291 | `autoDecoder`配置如下 292 | ![800](photo/Pasted%20image%2020220429154939.png) 293 | 原始请求如下: 294 | ![800](photo/Pasted%20image%2020220429154955.png) 295 | 296 | 当请求为明文: 297 | ![800](photo/Pasted%20image%2020220429155949.png) 298 | node服务端日志: 299 | ![600](photo/Pasted%20image%2020220429160015.png) 300 | 301 | 302 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/3DES加密/3DES加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-09-01T00:06:38+08:00 3 | updated: 2023-02-21T20:53:54+08:00 4 | --- 5 | 6 | *使用python的flask框架实现了http接口* 7 | 8 | 明文为 9 | {"userName":"admin","userPwd":"123456"} 10 | 11 | 密文为 12 | cB9pLEou6hsxiVAEuKNQJ+LEoNY0A8BFgJIqwqkreQtP893kcB9OzQ== 13 | 14 | CBC模式 15 | 偏移量为`11111111` 16 | 密钥为`onlysecurityonlysecurity` 17 | 18 | flask代码如下: 19 | ```python 20 | # -*- coding:utf-8 -*- 21 | # author:f0ngf0ng 22 | # @Date: 2022/5/15 下午10:25 23 | from Crypto.Cipher import DES3 24 | import pyDes,base64 25 | 26 | # 3des加密实现 27 | # 明文为 28 | # {'username':'admin'} 29 | # 30 | # 密文为 31 | # 5Pne6rhiOkxfngbJMpSc+aBCaNE/09HW 32 | 33 | class EncryptDate: 34 | def __init__(self, key): 35 | self.key = key # 初始化密钥 36 | self.iv = b'11111111' # 偏移量 37 | self.length = DES3.block_size # 初始化数据块大小 38 | self.des3 = DES3.new(self.key, DES3.MODE_CBC, self.iv) # 初始化AES,CBC模式的实例 39 | # 截断函数,去除填充的字符 self.unpad = lambda date: date[0:-ord(date[-1])] 40 | 41 | def pad(self, text): 42 | """ 43 | #填充函数,使被加密数据的字节码长度是block_size的整数倍 """ count = len(text.encode('utf-8')) 44 | add = self.length - (count % self.length) 45 | entext = text + (chr(add) * add) 46 | return entext 47 | 48 | def encrypt(self, encrData): # 加密函数 49 | 50 | res = self.des3.encrypt(self.pad(encrData).encode("utf8")) 51 | msg = str(base64.b64encode(res), encoding="utf8") 52 | # msg = res.hex() 53 | return msg 54 | 55 | def decrypt(self, decrData): # 解密函数 56 | res = base64.decodebytes(decrData.encode("utf8")) 57 | # res = bytes.fromhex(decrData) 58 | msg = self.des3.decrypt(res).decode("utf8") 59 | return self.unpad(msg) 60 | 61 | from flask import Flask,Response,request 62 | from pyDes import * 63 | import base64 64 | app = Flask(__name__) 65 | 66 | @app.route('/encode',methods=["POST"]) 67 | def encrypt(): 68 | body = request.form.get('dataBody') # 获取 post 参数 必需 69 | headers = request.form.get('dataHeaders') # 获取 post 参数 可选 70 | 71 | if headers != None: # 开启了请求头加密 72 | headers = headers + "aaaa:bbbb\r\n" 73 | headers = headers + "f0ng:test" 74 | print(headers + "\r\n\r\n\r\n\r\n" + body) 75 | return headers + "\r\n\r\n\r\n\r\n" + body # 返回值为固定格式,不可更改 76 | eg1 = EncryptDate('onlysecurityonlysecurity') 77 | body = eg1.encrypt(body) 78 | return body 79 | 80 | @app.route('/decode',methods=["POST"]) 81 | def decrypt(): 82 | body = request.form.get('dataBody') # 获取 post 参数 必需 83 | headers = request.form.get('dataHeaders') # 获取 post 参数 可选 84 | print(body) 85 | if headers != None: # 开启了响应头加密 86 | print(headers + "\r\n\r\n\r\n\r\n" + body) 87 | headers = headers + "yyyy:zzzz\r\n" 88 | headers = headers + "f0ng:onlysecurity" 89 | return headers + "\r\n\r\n\r\n\r\n" + body # 返回值为固定格式,不可更改 90 | if '"' in body: 91 | body = body.replace('"',"") 92 | eg = EncryptDate("onlysecurityonlysecurity") 93 | body = eg.decrypt(body) 94 | print(body) 95 | return body 96 | 97 | if __name__ == '__main__': 98 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 99 | app.run(host="0.0.0.0",port="8888") 100 | ``` 101 | 将以上代码保存为app.py,运行`python3 app.py` 102 | 103 | 原始请求包:(明文) 104 | ![800](photo/Pasted%20image%2020220518204404.png) 105 | 106 | 实际请求包: 107 | ![800](photo/Pasted%20image%2020220518204423.png) 108 | 109 | autoDecoder配置如下: 110 | ![800](photo/Pasted%20image%2020220518213605.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518204139.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518204139.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518204404.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518204404.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518204423.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518204423.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518213605.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/3DES加密/photo/Pasted image 20220518213605.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/JSON嵌套加密/JSON嵌套加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-09-01T00:06:38+08:00 3 | updated: 2022-09-02T08:42:15+08:00 4 | --- 5 | # JSON嵌套加密 6 | 7 | *使用python的flask框架实现了http接口* 8 | 9 | 明文为: 10 | {"userName":"admin","userPwd":"123456"} 11 | 12 | 密文为: 13 | DL10Kvw9TGp/it/qR93PAIeTJhMnzp4gk2dfGYhnqxniTH1LVtWDaWwT8lQkqFWz 14 | 15 | 密文还有一层base64编码,所以实际上的数据包的入参为: 16 | {"data":"`REwxMEt2dzlUR3AvaXQvcVI5M1BBSWVUSmhNbnpwNGdrMmRmR1lobnF4bmlUSDFMVnRXRGFXd1Q4bFFrcUZXeg==`"} 17 | 18 | 特殊点在于,json数据中传入了加密数据,而加密数据也是json的,这就导致了当加密关键字设置了`"`时,无法分辨出来什么是密文、什么是明文,所以在`0.18`版本中更新了密文关键字,出现该关键字则不进行加密 19 | 20 | flask代码如下: 21 | ```python 22 | # -*- coding:utf-8 -*- 23 | # author:f0ngf0ng 24 | # @Date: 2022/5/17 下午9:08 25 | # aes、base64 26 | # aes加密后,外面套了一层base64 27 | # 明文为 28 | # {"userName":"admin","userPwd":"123456"} 29 | # 30 | # 加密后的数据为 31 | # DL10Kvw9TGp/it/qR93PAIeTJhMnzp4gk2dfGYhnqxniTH1LVtWDaWwT8lQkqFWz 32 | # 33 | # 数据包的入参为 34 | # {"data":"DL10Kvw9TGp/it/qR93PAIeTJhMnzp4gk2dfGYhnqxniTH1LVtWDaWwT8lQkqFWz"} 35 | 36 | from Crypto.Cipher import AES 37 | import base64,json 38 | 39 | from Crypto.Util.Padding import pad 40 | 41 | def aes_encrypt(text): 42 | password = b'f0ngonlysecurity' #秘钥,b就是表示为bytes类型 43 | text = text.encode() #需要加密的内容,bytes类型 44 | aes = AES.new(password,AES.MODE_ECB) #创建一个aes对象 45 | # AES.MODE_ECB 表示模式是ECB模式 text = pad(text, 16) 46 | en_text = aes.encrypt(text) #加密明文 47 | out = base64.b64encode(en_text) 48 | return out.decode() #加密明文,bytes类型 49 | 50 | 51 | def aes_decrypt(text): 52 | password = b'f0ngonlysecurity' #秘钥,b就是表示为bytes类型 53 | text = base64.b64decode(text) #需要加密的内容,bytes类型 54 | aes = AES.new(password,AES.MODE_ECB) #创建一个aes对象 55 | # AES.MODE_ECB 表示模式是ECB模式 en_text = aes.decrypt(text) #加密明文 56 | return en_text.decode() 57 | 58 | 59 | from flask import Flask,Response,request 60 | import base64 61 | app = Flask(__name__) 62 | 63 | @app.route('/encode',methods=["POST"]) 64 | def encrypt(): 65 | body = request.form.get('dataBody') # 获取 post 参数 必需 66 | headers = request.form.get('dataHeaders') # 获取 post 参数 可选 67 | print(body) 68 | if headers != None: # 开启了请求头加密 69 | headers = headers + "aaaa:bbbb\r\n" 70 | headers = headers + "f0ng:test" 71 | print(headers + "\r\n\r\n\r\n\r\n" + body) 72 | return headers + "\r\n\r\n\r\n\r\n" + body # 返回值为固定格式,不可更改 73 | body = aes_encrypt(body) 74 | body = base64.b64encode(body.encode()) 75 | body = '{"data":"' + body.decode() + '"}' 76 | return body 77 | 78 | @app.route('/decode',methods=["POST"]) 79 | def decrypt(): 80 | body = request.form.get('dataBody') # 获取 post 参数 必需 81 | headers = request.form.get('dataHeaders') # 获取 post 参数 可选 82 | print(body) 83 | if headers != None: # 开启了响应头加密 84 | print(headers + "\r\n\r\n\r\n\r\n" + body) 85 | headers = headers + "yyyy:zzzz\r\n" 86 | headers = headers + "f0ng:onlysecurity" 87 | return headers + "\r\n\r\n\r\n\r\n" + body # 返回值为固定格式,不可更改 88 | 89 | if "data" in body: 90 | body = json.loads(body)['data'] 91 | body = base64.b64decode(body) 92 | body = aes_decrypt(body.decode()) 93 | print(body) 94 | return body.strip() 95 | else: 96 | return body.strip() 97 | 98 | # print(aes_encrypt('{"userName":"admin","userPwd":"123456"}')) 99 | if __name__ == '__main__': 100 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 101 | app.run(host="0.0.0.0",port="8888") 102 | ``` 103 | 104 | 原始请求包:(明文) 105 | ![800](photo/Pasted%20image%2020220518215855.png) 106 | 107 | 108 | 实际请求包: 109 | ![800](photo/Pasted%20image%2020220518215911.png) 110 | 111 | 112 | 113 | 114 | 115 | `autoDecoder`配置如下: 116 | ![800](photo/Pasted%20image%2020220518214621.png) 117 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/JSON嵌套加密/photo/Pasted image 20220518214621.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/JSON嵌套加密/photo/Pasted image 20220518214621.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/JSON嵌套加密/photo/Pasted image 20220518215855.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/JSON嵌套加密/photo/Pasted image 20220518215855.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/JSON嵌套加密/photo/Pasted image 20220518215911.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/JSON嵌套加密/photo/Pasted image 20220518215911.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/RC4流加密.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | RC4流加密 4 | 5 | 登录前,请求头中的“Authorization”是加解密的密钥 6 | 7 | ![image-20240725003952423](./photo/image-20240725003952423.png) 8 | 9 | 登录后,用json格式,data存放加密数据,同时对数据包md5加密防篡改。请求头中的“Authorization: Bearer”是加密密钥,响应头中的“Current-Token”是解密密钥,一般情况下两个值是相等的。 10 | 11 | ![image-20240725004843898](./photo/image-20240725004843898.png) 12 | 13 | 当登录后,响应头中不存在“Current-Token:”,则使用固定的“zcareze”解密。出现这种情况请求包存在错误,服务器无法验证。 14 | 15 | ![image-20240725005410402](./photo/image-20240725005410402.png) 16 | 17 | ``` 18 | #js中的响应解密代码 19 | if (200 === r.status) { 20 | let e = r.response; 21 | if (r.getResponseHeader("encryption") && e) { 22 | let t = r.getResponseHeader("current-token") 23 | , n = e; 24 | if ("string" == typeof e) { 25 | n = x(n, t || "zcareze"); #这里是响应头没有标志的密钥 26 | try { 27 | n = JSON.parse(n) 28 | } catch (e) {} 29 | } 30 | e = n 31 | } 32 | 0, 33 | r.getResponseHeader("current-token") && C.update(r.getResponseHeader("current-token")), 34 | n(e) 35 | ``` 36 | 37 | **脚本存在缺陷,没有明确明文和密文,可能加密其他东西,需要等网站完全加载之后再开启接口** 38 | 39 | ![image-20240725005947376](./photo/image-20240725005947376.png) 40 | 41 | python脚本如下: 42 | 43 | ``` 44 | # -*- coding:utf-8 -*- 45 | from flask import Flask,Response,request 46 | import re 47 | import json 48 | import hashlib 49 | 50 | def RC4(x, y): 51 | # 初始化状态数组 S 和索引 j 52 | z=[0] * 256 53 | A=len(y) 54 | B=len(x) 55 | for E in range(256): 56 | z[E] = E 57 | G = 0 58 | for E in range(256): 59 | G = (G + z[E] + ord(y[E % A])) % 256 60 | I = z[E] 61 | z[E], z[G] = z[G], I 62 | J = '' 63 | E = G = 0 64 | for K in range(B): 65 | E = (E + 1) & 255 66 | G = (G + z[E]) & 255 67 | L = ord(x[K]) 68 | M = L ^ z[(z[E] + z[G]) % 256] 69 | J += chr(M) 70 | z[E], z[G] = z[G], z[E] 71 | G = (G + M + L) & 255 72 | return J 73 | 74 | app = Flask(__name__) 75 | 76 | @app.route('/encode',methods=["POST"]) 77 | def encrypt(): 78 | print('\n加密\n'+'-'*100) 79 | auth = request.form.get('dataHeaders') 80 | if 'Authorization: Bearer' in auth: #判断密钥头是 Authorization: Bearer 或者 Authorization: 81 | pattern = r'Authorization: Bearer (\S+)' #匹配Authorization: Bearer 4il9VEfg2JECgyhIYnh8gN8Q7iNvOiWFlQCFPTrSJD/GSef2k3SG56aTLQNh5rIuyFI/MisKk/JEKB1cMcsCldlrht94DejYvMFUxWciafPjPo+nxUsDPgyjMl33KE5taP5E/1X7v2FbfTzA4Xipq32hKtVBRnasobmtD3NbVts 82 | elif 'Authorization:' in auth: 83 | pattern = r'Authorization:\s+([a-fA-F0-9\-]+)' #匹配2d59d42c-4790-4ee9-8877-2b597324efd3 84 | else: 85 | key = "8ac014c0-7f8e-424c-8402-11318d0cc0b6" #这个不确定能不能用,用来占位的,如果请求包中没有密钥,根据实际情况修改 86 | key = re.findall(pattern,auth)[0] #杜绝匹配不到key 87 | open('./tmp.txt', 'w').write(key) #应对返回包请求头中没有加密密钥得情况,将密钥写入文件。特别不优雅,一点不优雅,有一定概率解决响应头中没有密钥的情况。 88 | 89 | body = request.form.get('dataBody') # 获取 post 参数 必需 90 | body = eval("{}".format(body)) #直接转成字典,body = json.loads(body) 效果相同 91 | 92 | #sign 是否存在,sign是md5加密的 93 | if 'sign' not in body: #简单的写前面,后面写否对参数进行md5加密 94 | body = RC4(str(body),key) 95 | return auth + "\r\n\r\n\r\n" + body #加密之后发包是三个"\r\n" 96 | else: 97 | #下面是对数据包的处理 98 | text = body['data'] 99 | sign_text = "service={}&version=app&data={}&token={}".format(body['service'],text,key) 100 | md5_txt = hashlib.md5() 101 | md5_txt.update(sign_text.encode('utf-8')) 102 | print(md5_txt) 103 | body['data'] = RC4(text, key) 104 | body['sign'] = md5_txt.hexdigest() 105 | body = json.dumps(body) #转回字符串 106 | return auth + "\r\n\r\n\r\n" + body 107 | 108 | @app.route('/decode',methods=["POST"]) 109 | def decrypt(): 110 | print('\n解密\n'+'-'*100) 111 | iii = False #用来判断需不需要保存密钥,可以改true,覆盖保存每次解密的密钥,只对响应头中没有密钥的情况有影响, 112 | auth = request.form.get('dataHeaders') 113 | if 'Authorization: Bearer' in auth: #判断密钥头是 Authorization: Bearer 或者 Authorization: 114 | pattern = r'Authorization: Bearer (\S+)' #匹配Authorization: Bearer 4il9VEfg2JECgyhIYnh8gN8Q7iNvOiWFlQCFPTrSJD/GSef2k3SG56aTLQNh5rIuyFI/MisKk/JEKB1cMcsCldlrht94DejYvMFUxWciafPjPo+nxUsDPgyjMl33KE5taP5E/1X7v2FbfTzA4Xipq32hKtVBRnasobmtD3NbVts 115 | elif 'Authorization:' in auth: 116 | pattern = r'Authorization:\s+([a-fA-F0-9\-]+)' #匹配2d59d42c-4790-4ee9-8877-2b597324efd3 117 | iii = True 118 | elif 'Current-Token:' in auth: #返回包中存放密钥的参数 119 | pattern = r'Current-Token:\s+(\S+)' 120 | elif 'Encryption:' in auth: 121 | key = 'zcareze' 122 | body = request.form.get('dataBody') # 为了逻辑简单清晰,继续不优雅,如果 123 | if '\\u' in body: body = eval("{}".format(body)) #消除加密中的"unicode"编码,body从获取到就是字符串,将"\u"转为"\\u"没办法正确解密。没有找到更好的办法 124 | body = RC4(body,key) 125 | return auth + "\r\n\r\n\r\n\r\n" + body 126 | else: 127 | with open('./tmp.txt','r') as f: #当响应头中没有参数的时候,尝试用tmp中保存的密钥解密 128 | key = f.read() 129 | body = request.form.get('dataBody') # 为了逻辑简单清晰,继续不优雅,如果 130 | if '\\u' in body: body = eval("{}".format(body)) #消除加密中的"unicode"编码,body从获取到就是字符串,将"\u"转为"\\u"没办法正确解密。没有找到更好的办法 131 | body = RC4(body,key) 132 | return auth + "\r\n\r\n\r\n\r\n" + body 133 | key = re.findall(pattern,auth)[0] #杜绝匹配不到key,提取json中内容,json中请求和响应都是带有密钥的,请求出错时没有密钥 134 | open('./tmp.txt', 'w').write(key) if iii else None #应对返回包请求头中没有加密密钥得情况,将密钥写入文件。特别不优雅,一点不优雅。没有找到更好的办法 135 | 136 | #上面是获取key,下面是解密body 137 | 138 | body = request.form.get('dataBody') # 获取 post 参数 必需 139 | # if '\\u' in body: body = eval("{}".format(body)) #和上面一样。 140 | if 'data":' in body: 141 | body = eval("{}".format(body)) 142 | text = body['data'] #提取body里面json加密的部分,根据实际情况修改”data“参数 143 | body['data'] = RC4(text,key) #解密赋值 144 | return auth + "\r\n\r\n\r\n\r\n" + json.dumps(body) #将body中的单引号转为双引号,看起来更好看 145 | elif '\\u' in body: 146 | body = eval("{}".format(body)) 147 | body = RC4(body,key) #解密赋值 148 | return auth + "\r\n\r\n\r\n\r\n" + body 149 | 150 | # print(aes_encrypt('{"userName":"admin","userPwd":"123456"}')) 151 | if __name__ == '__main__': 152 | app.run(host="0.0.0.0",port="8888") 153 | ``` 154 | 155 | 原始响应包 156 | 157 | ![image-20240725011050364](./photo/image-20240725011050364.png) 158 | 159 | 解密如下: 160 | 161 | ![image-20240725010726297](./photo/image-20240725010726297.png) 162 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725003952423.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725003952423.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725004843898.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725004843898.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725005410402.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725005410402.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725005947376.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725005947376.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725010726297.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725010726297.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725011050364.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RC4流加解密/photo/image-20240725011050364.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RSA解密/RSA解密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-01-05T14:28:51+08:00 3 | updated: 2023-01-05T14:41:41+08:00 4 | --- 5 | 遇到了一个RSA的加密,直接找到私钥,然后通过私钥去解密 6 | ![](photo/Pasted%20image%2020230105143101.png) 7 | 8 | python脚本如下:(这里只用到了解密,所以直接用解密了) 9 | ```python 10 | # -*- coding: utf-8 -*- 11 | # @Time : 2022/12/19 3:17 下午 12 | # @Software: f0ng 13 | 14 | from flask import Flask,Response,request 15 | import base64 16 | from Crypto.Cipher import PKCS1_v1_5 17 | from Crypto import Random 18 | from Crypto.PublicKey import RSA 19 | import json 20 | 21 | # 存放rsa私钥的 22 | def read_private_key(file_path="crypto_private_key.pem") -> bytes: 23 | with open(file_path, "rb") as x: 24 | b = x.read() 25 | return b 26 | 27 | def decryption(text_encrypted_base64: str, private_key: bytes): 28 | # 字符串指定编码(转为bytes) 29 | text_encrypted_base64 = text_encrypted_base64.encode('utf-8') 30 | # base64解码 31 | text_encrypted = base64.b64decode(text_encrypted_base64) 32 | # 构建私钥对象 33 | cipher_private = PKCS1_v1_5.new(RSA.importKey(private_key)) 34 | # 解密(bytes) 35 | text_decrypted = cipher_private.decrypt(text_encrypted, Random.new().read) 36 | # 解码为字符串 37 | text_decrypted = text_decrypted.decode() 38 | return text_decrypted 39 | 40 | def rsa_decrypt(s): 41 | """ 42 | DES 解密 :param s: 加密后的字符串,16进制 :return: 解密后的字符串 43 | """ 44 | private_key = read_private_key() # 私钥 45 | text_decrypted = decryption(s, private_key) 46 | 47 | return text_decrypted 48 | 49 | app = Flask(__name__) 50 | 51 | 52 | @app.route('/decode',methods=["POST"]) 53 | def decrypt(): 54 | 55 | param = request.form.get('dataBody') # 获取 post 参数 56 | print(param) 57 | data = json.loads(param)['data'] 58 | total = "" 59 | 60 | # 这里的响应包里rsa加密后的字符串是分段的,所以这里是进行拼接,获取加密后完整的字段 61 | for _ in data: 62 | total = total + rsa_decrypt(_.strip("\n")) 63 | print("*****") 64 | print(total) 65 | 66 | # if param_requestorresponse == "reponse": 67 | return total 68 | 69 | if __name__ == '__main__': 70 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 71 | app.run(host="0.0.0.0",port="8888") 72 | ``` 73 | 74 | crypto_private_key.pem文件如下: 75 | ``` 76 | -----BEGIN PRIVATE KEY----- 77 | enID8+C40UKx89EDq1B5z577tGCiWZrLHLI7Xh7i7dXJgj9ejGUrBeQYYoLMjx0J 78 | l3UKUJCJO5tAbYsBoCa55vo8VdnkzMxahN5lbvXv9irh9vj7ZkanUfbMt/jvVCon 79 | enID8+C40UKx89EDq1B5z577tGCiWZrLHLI7Xh7i7dXJgj9ejGUrBeQYYoLMjx0J 80 | czWHm5EJG9cgUsh9XFW6V8QFoRe7AgMBAAECgYEAhLexscAGsssXlKCbng0ZroxT 81 | enID8+C40UKx89EDq1B5z577tGCiWZrLHLI7Xh7i7dXJgj9ejGUrBeQYYoLMjx0J 82 | AzA2m+9LscI6e6YY3FHgjC0ZVaYmVR7DGatjoUcLn15lsoTVtRp88S33ier3GTn1 83 | BX/vC8v0gIIDr4rBAAECQQDmUA5aNz94SXZkZnCKkvvZu1M7TVaXyZ8dV6E0l20S 84 | enID8+C40UKx89EDq1B5z577tGCiWZrLHLI7Xh7i7dXJgj9ejGUrBeQYYoLMjx0J 85 | X4zUjBz+rGyiMgCeffCKHIlXa88kK7LrtiHUwCUuQEM3N+QjBIvNMAn8es83RuP0 86 | fmHMAQJAEgrHdQ3K7RNkMO1Nd62YCTCBjq26UN28l0HcIRCTvNZUlqy9CpeMpZAg 87 | vHirjBkBuhkauCVHFvzFxZO/nhScLQJAJ8YJ/W0YxNV765Eo23eIGLo9LAnf6cwJ 88 | Ni9vhCvyYgic/uDfiGoZVf8oV8fn6yL/TAYVsMiTpbwcRg5ZsCyMAQJAPhyrOCTx 89 | 0ArmVJ/0Q3YAqNsThun7xdji1/7CqD3UNHpT297HQkyHX00WnjHP6vmD9mkAC8jK 90 | JgVfAoEaK2ReDQ== 91 | -----END PRIVATE KEY----- 92 | ``` 93 | 原始响应包如下: 94 | ![500](photo/Pasted%20image%2020230105143858.png) 95 | 96 | 解密如下: 97 | ![500](photo/Pasted%20image%2020230105143931.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RSA解密/photo/Pasted image 20230105143101.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RSA解密/photo/Pasted image 20230105143101.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RSA解密/photo/Pasted image 20230105143858.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RSA解密/photo/Pasted image 20230105143858.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/RSA解密/photo/Pasted image 20230105143931.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/RSA解密/photo/Pasted image 20230105143931.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/chrome中cdp调用加解密/chrome_cdp.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | # author:f0ngf0ng 3 | import pychrome,time,re,os 4 | import requests 5 | from flask import Flask,Response,request 6 | import base64,hashlib,json 7 | #进行第二步延迟时间 8 | times = 10 9 | 10 | #远程cdp地址以下不需要变动 11 | urls="http://127.0.0.1:9222" 12 | callFrameId_str = '' 13 | tab = None 14 | title_str = '' 15 | decrypt_str = '' 16 | encrypt_str = '' 17 | def cdp_encrypt(s): 18 | global title_str 19 | global decrypt_str 20 | global encrypt_str 21 | global tab 22 | encrypt_list = encrypt_str.split("%%%") 23 | print('当前加密函数:'+str(encrypt_list)) 24 | print('当前加密写法:'+encrypt_list[0].replace(" ","")+"'"+s+"'"+encrypt_list[1]) 25 | encrypt_string = tab.Debugger.evaluateOnCallFrame(callFrameId=callFrameId_str,expression=encrypt_list[0]+"'"+s+"'"+encrypt_list[1])['result']['value'] 26 | return encrypt_string 27 | 28 | def cdp_decrypt(s): 29 | global title_str 30 | global decrypt_str 31 | global encrypt_str 32 | global tab 33 | decrypt_list = decrypt_str.split("%%%") 34 | print('当前解密函数:'+str(decrypt_list)) 35 | print('当前解密写法:'+decrypt_list[0]+"'"+s+"'"+decrypt_list[1]) 36 | decrypt_string = tab.Debugger.evaluateOnCallFrame(callFrameId=callFrameId_str,expression=decrypt_list[0]+"'"+s+"'"+decrypt_list[1])['result']['value'] 37 | return decrypt_string 38 | 39 | app = Flask(__name__) 40 | 41 | def setup(): 42 | global title_str 43 | global decrypt_str 44 | global encrypt_str 45 | global tab 46 | title_str = input("请输入title(关键字即可):") 47 | #title_str = '应用' 48 | decrypt_str = input('请输入解密代码(%%%为解密值):') 49 | encrypt_str = input('请输入加密代码(%%%为加密值):') 50 | 51 | def request_will_be_sent(**kwargs): 52 | global callFrameId_str 53 | return_kwargs = kwargs.get('callFrames') 54 | callFrameId_str_list = re.findall("'callFrameId': '(.*?)'",str(return_kwargs)) 55 | callFrameId_str = callFrameId_str_list[0] 56 | print(f"callFrameId_str:{callFrameId_str_list[0]}") 57 | chrome = pychrome.Browser(url=urls) 58 | 59 | for _tab in chrome.list_tab(): 60 | if title_str in _tab._kwargs['title']: 61 | tab = _tab 62 | url = urls+r'/devtools/inspector.html?ws=127.0.0.1:9222/devtools/page/'+str(tab).replace(r"","") 63 | print("调试地址:") 64 | print(url) 65 | tab.start() 66 | break 67 | if not tab: 68 | print('未发现可见TAB.') 69 | 70 | tab.Debugger.enable() 71 | print(f'进行第二步,当前延迟时间{str(times)}') 72 | tab.set_listener("Debugger.paused", request_will_be_sent) 73 | time.sleep(times) 74 | with app.app_context(): 75 | setup() 76 | 77 | @app.route('/') 78 | def index(): 79 | return 'Hello, World!' 80 | @app.route('/encode',methods=["POST"]) 81 | def encrypt(): 82 | global title_str 83 | global decrypt_str 84 | global encrypt_str 85 | if encrypt_str !="": 86 | param = request.form.get('dataBody') # 获取 post 参数 87 | print('加密之前的值:'+str(param)) 88 | encry_param = cdp_encrypt(param) 89 | print('加密之后的值:'+encry_param) 90 | return encry_param 91 | else: 92 | param = request.form.get('dataBody') 93 | return param 94 | 95 | @app.route('/decode',methods=["POST"]) # 不解密 96 | def decrypt(): 97 | global title_str 98 | global decrypt_str 99 | global encrypt_str 100 | if decrypt_str !="": 101 | param = request.form.get('dataBody') # 获取 post 参数 102 | print('解密之前的值:'+str(param)) 103 | decrypt_param = cdp_decrypt(param) 104 | print("解密之后的值:"+decrypt_param) 105 | return decrypt_param 106 | else: 107 | param = request.form.get('dataBody') 108 | return param 109 | 110 | if __name__ == '__main__': 111 | 112 | #app.debug = True # 设置调试模式,生产模式的时候要关掉debug 113 | app.run(host="0.0.0.0",port="8888") -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/chrome中cdp调用加解密/chrome中cdp调用加解密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-07-02T18:51:27+08:00 3 | updated: 2023-07-02T18:55:06+08:00 4 | --- 5 | # 谷歌浏览器设置 6 | 7 | 调试模式启动chrome浏览器 8 | 9 | windows 10 | 11 | ```powershell 12 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* 13 | ``` 14 | 15 | macos 16 | 17 | ```bash 18 | sudo /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222 --remote-allow-origins=* 19 | ``` 20 | 21 | # 第一步 22 | 23 | python3 -m pip install -r req.txt 24 | 25 | req.txt内容如下 26 | ```bash 27 | Flask 28 | pychrome 29 | requests 30 | ``` 31 | 32 | 安装需要的各种库 33 | 34 | # 第二步 35 | 36 | 运行chrome_cdp.py并输入对应的参数 37 | ![](photo/Pasted%20image%2020230702185413.png) 38 | 解密和加密各可以为空,以满足一些站点请求是明文但响应不是明文 39 | 40 | # 第三步 41 | 42 | 在插件中设置好各种值即可正常使用 43 | 44 | # 注意事项 45 | 46 | ## title值要确保只能获取到一个 47 | 48 | 现有5个title 49 | 50 | ![](photo/Pasted%20image%2020230702185432.png) 51 | 52 | ![](photo/Pasted%20image%2020230702185426.png) 53 | 54 | 可以设置为666699、7777888、99999999999 55 | 56 | 不能设置为777、8888、999(因为这些在title中可以找到多个) 57 | 58 | ## 谷歌浏览器一定要是先以调试模式打开 59 | 60 | 先打开一个普通的谷歌浏览器在打开一个调试模式的谷歌浏览器不行,必须先以调试模式打开谷歌浏览器 61 | 62 | ### 参考链接 63 | https://zhaomenghuan.js.org/blog/chrome-devtools.html#chrome-devtools-protocol 64 | 65 | https://chromedevtools.github.io/devtools-protocol/tot/Debugger/ 66 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/chrome中cdp调用加解密/photo/Pasted image 20230702185413.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/chrome中cdp调用加解密/photo/Pasted image 20230702185413.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/chrome中cdp调用加解密/photo/Pasted image 20230702185426.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/chrome中cdp调用加解密/photo/Pasted image 20230702185426.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/chrome中cdp调用加解密/photo/Pasted image 20230702185432.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/chrome中cdp调用加解密/photo/Pasted image 20230702185432.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/smartbi请求包自动加解密/photo/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/smartbi请求包自动加解密/photo/1.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/smartbi请求包自动加解密/photo/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/smartbi请求包自动加解密/photo/2.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/smartbi请求包自动加解密/smartbi/__pycache__/app.cpython-37.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/smartbi请求包自动加解密/smartbi/__pycache__/app.cpython-37.pyc -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/smartbi请求包自动加解密/smartbi/app.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | # author:NaTsUk0 3 | # @Date: 2022/11/11 下午14:25 4 | 5 | 6 | # smartbi加解密实现 7 | # 明文为 8 | # {"encode":"sysConfService.renewalSession+%5B%22u_41707964b0664542b783eca32f319e5f-11%22%5D","r":0.7287782339312623} 9 | # 密文为 10 | # {"encode":"D2Dtw6_Wp4gRipq4p6pb(SWpDDRw6+/JV/uuQyK1979mMK~7MMKJKu~9'Npi(Nu_N1mpJ_f11/uu/JT","r":0.7287782339312623} 11 | 12 | 13 | from flask import Flask, Response, request 14 | import re 15 | 16 | app = Flask(__name__) 17 | 18 | 19 | @app.route('/encode', methods=["POST"]) 20 | def encrypt(): 21 | body = request.form.get('dataBody') # 获取 post 参数 必需 22 | # headers = request.form.get('dataHeaders') # 获取 post 参数 可选 23 | 24 | enc = { 25 | "0": "7", "1": "1", "2": "u", "3": "N", "4": "K", "5": "J", "6": "M", "7": "9", "8": "'", "9": "m", "!": "P", 26 | "%": "/", "'": "n", "(": "A", ")": "E", "*": "s", "+": "+", "-": "f", ".": "q", "A": "O", "B": "V", "C": "t", 27 | "D": "T", "E": "a", "F": "x", "G": "H", "H": "r", "I": "c", "J": "v", "K": "l", "L": "8", "M": "F", "N": "3", 28 | "O": "o", "P": "L", "Q": "Y", "R": "j", "S": "W", "T": "*", "U": "z", "V": "Z", "W": "!", "X": "B", "Y": ")", 29 | "Z": "U", "a": "(", "b": "~", "c": "i", "d": "h", "e": "p", "f": "_", "g": "-", "h": "I", "i": "R", "j": ".", 30 | "k": "G", "l": "S", "m": "d", "n": "6", "o": "w", "p": "5", "q": "0", "r": "4", "s": "D", "t": "k", "u": "Q", 31 | "v": "g", "w": "b", "x": "C", "y": "2", "z": "X", "~": "e", "_": "y", 32 | } 33 | 34 | plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if len(re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body)) != 0 else re.compile(r'(?<="data":")(.*?)(?=",")') 35 | 36 | out = '' 37 | for item in plain_text.findall(body)[0]: 38 | out += enc.get(item, item) 39 | 40 | return plain_text.sub(out, body) 41 | 42 | 43 | @app.route('/decode', methods=["POST"]) 44 | def decrypt(): 45 | body = request.form.get('dataBody') # 获取 post 参数 必需 46 | # headers = request.form.get('dataHeaders') # 获取 post 参数 可选 47 | print(body) 48 | 49 | dec = { 50 | "7": "0", "1": "1", "u": "2", "N": "3", "K": "4", "J": "5", "M": "6", "9": "7", "'": "8", "m": "9", "P": "!", 51 | "/": "%", "n": "'", "A": "(", "E": ")", "s": "*", "+": "+", "f": "-", "q": ".", "O": "A", "V": "B", "t": "C", 52 | "T": "D", "a": "E", "x": "F", "H": "G", "r": "H", "c": "I", "v": "J", "l": "K", "8": "L", "F": "M", "3": "N", 53 | "o": "O", "L": "P", "Y": "Q", "j": "R", "W": "S", "*": "T", "z": "U", "Z": "V", "!": "W", "B": "X", ")": "Y", 54 | "U": "Z", "(": "a", "~": "b", "i": "c", "h": "d", "p": "e", "_": "f", "-": "g", "I": "h", "R": "i", ".": "j", 55 | "G": "k", "S": "l", "d": "m", "6": "n", "w": "o", "5": "p", "0": "q", "4": "r", "D": "s", "k": "t", "Q": "u", 56 | "g": "v", "b": "w", "C": "x", "2": "y", "X": "z", "e": "~", "y": "_", 57 | } 58 | 59 | plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if len(re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body)) != 0 else re.compile(r'(?<="data":")(.*?)(?=",")') 60 | 61 | out = '' 62 | for item in plain_text.findall(body)[0]: 63 | out += dec.get(item, item) 64 | 65 | return plain_text.sub(out, body) 66 | 67 | 68 | if __name__ == '__main__': 69 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 70 | app.run(host="0.0.0.0", port=8888) 71 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/smartbi请求包自动加解密/smartbi/smartbi_test.py: -------------------------------------------------------------------------------- 1 | # -*- coding:utf-8 -*- 2 | # author:f0ngf0ng 3 | # @Date: 2022/5/15 下午10:25 4 | 5 | 6 | # 3des加密实现 7 | # 明文为 8 | # {'username':'admin'} 9 | # 10 | # 密文为 11 | # 5Pne6rhiOkxfngbJMpSc+aBCaNE/09HW 12 | 13 | import re 14 | 15 | 16 | def encrypt(body): 17 | enc = { 18 | "0": "7", "1": "1", "2": "u", "3": "N", "4": "K", "5": "J", "6": "M", "7": "9", "8": "'", "9": "m", "!": "P", 19 | "%": "/", "'": "n", "(": "A", ")": "E", "*": "s", "+": "+", "-": "f", ".": "q", "A": "O", "B": "V", "C": "t", 20 | "D": "T", "E": "a", "F": "x", "G": "H", "H": "r", "I": "c", "J": "v", "K": "l", "L": "8", "M": "F", "N": "3", 21 | "O": "o", "P": "L", "Q": "Y", "R": "j", "S": "W", "T": "*", "U": "z", "V": "Z", "W": "!", "X": "B", "Y": ")", 22 | "Z": "U", "a": "(", "b": "~", "c": "i", "d": "h", "e": "p", "f": "_", "g": "-", "h": "I", "i": "R", "j": ".", 23 | "k": "G", "l": "S", "m": "d", "n": "6", "o": "w", "p": "5", "q": "0", "r": "4", "s": "D", "t": "k", "u": "Q", 24 | "v": "g", "w": "b", "x": "C", "y": "2", "z": "X", "~": "e", "_": "y", 25 | } 26 | 27 | plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body) is False else re.compile(r'(?<="data":")(.*?)(?=",")') 28 | 29 | print(plain_text) 30 | 31 | out = '' 32 | for item in plain_text.findall(body): 33 | out += enc.get(item, item) 34 | 35 | return plain_text.sub(out, body) 36 | 37 | 38 | def decrypt(body): 39 | dec = { 40 | "7": "0", "1": "1", "u": "2", "N": "3", "K": "4", "J": "5", "M": "6", "9": "7", "'": "8", "m": "9", "P": "!", 41 | "/": "%", "n": "'", "A": "(", "E": ")", "s": "*", "+": "+", "f": "-", "q": ".", "O": "A", "V": "B", "t": "C", 42 | "T": "D", "a": "E", "x": "F", "H": "G", "r": "H", "c": "I", "v": "J", "l": "K", "8": "L", "F": "M", "3": "N", 43 | "o": "O", "L": "P", "Y": "Q", "j": "R", "W": "S", "*": "T", "z": "U", "Z": "V", "!": "W", "B": "X", ")": "Y", 44 | "U": "Z", "(": "a", "~": "b", "i": "c", "h": "d", "p": "e", "_": "f", "-": "g", "I": "h", "R": "i", ".": "j", 45 | "G": "k", "S": "l", "d": "m", "6": "n", "w": "o", "5": "p", "0": "q", "4": "r", "D": "s", "k": "t", "Q": "u", 46 | "g": "v", "b": "w", "C": "x", "2": "y", "X": "z", "e": "~", "y": "_", 47 | } 48 | 49 | # plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if len(re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body)) != 0 else re.compile(r'(?<="data":")(.*?)(?=",")') 50 | # 51 | # print(plain_text) 52 | # 53 | # out = '' 54 | # for item in plain_text.findall(body)[0]: 55 | # out += dec.get(item, item) 56 | # 57 | # print(out) 58 | # 59 | # return plain_text.sub(out, body) 60 | 61 | out = '' 62 | for item in body: 63 | out += dec.get(item, item) 64 | 65 | return out 66 | 67 | 68 | if __name__ == '__main__': 69 | # body='{"encode":"D2Dtw6_Wp4gRipq4p6pb(SWpDDRw6+/JV/uuQyK1979mMK~7MMKJKu~9\'Npi(Nu_N1mpJ_f11/uu/JT","r":0.7287782339312623}' 70 | # body = '{\"code\":0,\"data\":\"{\"IOm~\":q,\"9*v\":\"\",\"~9*v\":\"\",\"mECE\":{\"eEv~lcU~\":1q,\"eEv~329w~H\":q,\"COCEK!Ev~*\":1,\"COCEK)K~9~\'C*\":q,\"*cU~\":1q,\"\'29w~H\":q,\"\'29w~HA-)K~9~\'C*\":q,\"KE*C\":CH2~,\"-cH*C\":CH2~,\"IO'C~'C\":[]},\"Cc9~\":np}\",\"time\":0}' 71 | body = input() 72 | print(decrypt(body)) 73 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/smartbi请求包自动加解密/使用burp插件autoDecoder实现对smartbi请求包自动加解密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-08-13T14:53:51+08:00 3 | updated: 2023-08-13T14:53:51+08:00 4 | --- 5 | # 使用burp插件autoDecoder实现对smartbi请求包自动加解密 6 | 7 | # 安装autoDecoder插件 8 | 9 | github下载的在新版burp会有bug,请使用压缩包中的插件安装 10 | 11 | # 编写针对smartbi的加解密脚本 12 | 13 | 因为它的加解密都是一对一替换,所以很简单,就实现加解密两个函数就行了,脚本也在压缩包里。 14 | 15 | # 启动加解密脚本 16 | 17 | 插件里写的是8888端口,怎么改启动端口自己去百度。 18 | 19 | # 选择使用接口进行加解密 20 | 21 | 如图 22 | ![1](photo/1.png) 23 | 24 | # 设置监控域名及明密文关键词 25 | 26 | smartbi特征比较明显 27 | ![image.png](photo/2.png) 28 | 29 | # 然后就实现自动加解密了 30 | 31 | 脚本见[这里](https://github.com/f0ng/autoDecoder-usages/tree/main/%E6%8E%A5%E5%8F%A3%E5%8A%A0%E8%A7%A3%E5%AF%86%E7%AE%97%E6%B3%95%E7%9A%84%E7%94%A8%E6%B3%95/Python/smartbi%E8%AF%B7%E6%B1%82%E5%8C%85%E8%87%AA%E5%8A%A8%E5%8A%A0%E8%A7%A3%E5%AF%86/smartbi) 32 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201844.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201844.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201859.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201859.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201933.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201933.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201935.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221201935.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204509.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204509.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204710.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204710.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204744.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204744.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204801.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/使响应包不解密2/photo/Pasted image 20230221204801.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/使响应包不解密2/使响应包不解密2.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-21T20:13:26+08:00 3 | updated: 2023-02-21T20:49:33+08:00 4 | --- 5 | 该案例属于接口加解密算法的用法中的一例 6 | 算法为DES/CBC/PKCS5Padding算法 7 | 请求体为 8 | ``` 9 | I9z1fsH5QQ2NUbJi/7a8lw== 10 | ``` 11 | 12 | python文件如下: 13 | ```python 14 | # -*- coding:utf-8 -*- 15 | # author:f0ngf0ng 16 | 17 | from flask import Flask,Response,request 18 | import base64,hashlib,json 19 | from pyDes import * 20 | 21 | def des_encrypt(s): 22 | """ 23 | DES 加密 :param s: 原始字符串 :return: 加密后字符串,16进制 24 | """ secret_key = "f0ngtest" 25 | iv = "f0ngf0ng" 26 | k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5) 27 | en = k.encrypt(s, padmode=PAD_PKCS5) 28 | return base64.encodebytes(en).decode() 29 | 30 | app = Flask(__name__) 31 | 32 | @app.route('/encode',methods=["POST"]) 33 | def encrypt(): 34 | param = request.form.get('dataBody') # 获取 post 参数 35 | data = json.loads(param) 36 | encry_param = param.replace( data["id"],des_encrypt(data["id"]).strip()) 37 | return encry_param 38 | 39 | @app.route('/decode',methods=["POST"]) # 不解密 40 | def decrypt(): 41 | param = request.form.get('dataBody') # 获取 post 参数 42 | return param 43 | 44 | if __name__ == '__main__': 45 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 46 | app.run(host="0.0.0.0",port="8888") 47 | ``` 48 | 将以上代码保存为app.py,运行`python3 app.py` 49 | 50 | 配置如下: 51 | ![](photo/Pasted%20image%2020230221201844.png) 52 | 53 | 54 | ![600](photo/Pasted%20image%2020230221204710.png) 55 | 56 | 57 | 58 | 调试如下: 59 | ![](photo/Pasted%20image%2020230221204509.png) 60 | 61 | 原始请求如下: 62 | ![](photo/Pasted%20image%2020230221204744.png) 63 | 64 | 实际请求如下:(可以去logger模块,或者安装logger++模块中查看) 65 | ![](photo/Pasted%20image%2020230221204801.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144644.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144644.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144836.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144836.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144916.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144916.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144953.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/photo/Pasted image 20240306144953.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/响应包为明文,请求包为密文,请求包需要解密/响应包为明文,请求包为密文,请求包需要解密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2024-03-06T14:49:08+08:00 3 | updated: 2024-03-06T14:51:06+08:00 4 | --- 5 | 原数据包如下 6 | ![](photo/Pasted%20image%2020240306144644.png) 7 | 8 | 请求包为加密、响应包为明文,且需要对请求包的内容进行解密 9 | 10 | 脚本原理为在解密的时候,判断密文的来源,如果密文从请求包里来,则是真正的密文,需要解密;如果密文从响应包里来,则是明文,原样返回即可 11 | 12 | 13 | 脚本如下 14 | ```python 15 | from flask import Flask, request 16 | from Crypto.Cipher import AES 17 | from Crypto.Util.Padding import pad,unpad 18 | import base64 19 | from urllib.parse import parse_qs,quote 20 | import hashlib 21 | 22 | def aes_encrypt(key, data): 23 | cipher = AES.new(key, AES.MODE_ECB) 24 | padded_data = pad(data.encode(), AES.block_size) 25 | cipher_text = cipher.encrypt(padded_data) 26 | return base64.b64encode(cipher_text).decode() 27 | 28 | def aes_decrypt(key, data): 29 | cipher = AES.new(key, AES.MODE_ECB) 30 | decrypted_data = cipher.decrypt(base64.b64decode(data)) 31 | unpadded_data = unpad(decrypted_data, AES.block_size) 32 | return unpadded_data.decode() 33 | 34 | app = Flask(__name__) 35 | 36 | @app.route('/encode', methods=["POST"]) 37 | def encrypt(): 38 | key = b'xxxxxxxxxxxxxxxx' # 16 bytes key 39 | str1 = 'xxxxxxxxxxxxxxxx' 40 | param = request.form.get('dataBody') # Get POST parameter 41 | md5value = param + str1 42 | param1 = quote(aes_encrypt(key,param)) 43 | param2 = hashlib.md5(md5value.encode()).hexdigest() 44 | return f"Param={param1}&Autograph={param2}" 45 | ''' 46 | data = json.loads(param) 47 | encrypted_id = aes_encrypt(key, data["id"]) 48 | encry_param = param.replace(data["id"], encrypted_id) 49 | return base64.b64decode(encry_param.encode()).decode() 50 | ''' 51 | 52 | @app.route('/decode', methods=["POST"]) # No decryption 53 | def decrypt(): 54 | key = b'xxxxxxxxxxxxxxxx' # 16 bytes key 55 | param = request.form.get('dataBody') # Get POST parameter 56 | reqresp = request.form.get('requestorresponse') 57 | if reqresp == "request": # 判断传入的参数来源,如果是请求,则解密,否则,原样返回 58 | parsed_params = parse_qs(param) 59 | return aes_decrypt(key,parsed_params["Param"][0]) 60 | else: 61 | return param 62 | 63 | if __name__ == '__main__': 64 | app.debug = True # Set debug mode, remember to turn it off in production 65 | app.run(host="0.0.0.0", port=8888) 66 | ``` 67 | 68 | 配置如下 69 | ![](photo/Pasted%20image%2020240306144836.png) 70 | 71 | 正常解密 72 | ![](photo/Pasted%20image%2020240306144916.png) 73 | 74 | 发送明文的请求,也自动进行加密 75 | 76 | ![](photo/Pasted%20image%2020240306144953.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414141838.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414141838.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414142107.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414142107.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414142541.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414142541.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414142603.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414142603.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414143000.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414143000.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414143037.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220414143037.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220422110034.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220422110034.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220422125332.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220422125332.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220426144941.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220426144941.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220426145224.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/photo/Pasted image 20220426145224.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/登录口爆破之ldap的md5加密/登录口爆破之ldap的md5加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2022-08-31T23:55:33+08:00 3 | updated: 2022-09-02T08:42:15+08:00 4 | --- 5 | # ldap的md5加密配合`autoDecoder`插件、`captcha-killer-modified`插件 6 | #autoDecoder例 7 | 8 | 需要传入的数据包为: 9 | ```bash 10 | {"username":"admin","password":"{MD5}ISMvKXpXpadDiUoOSoAfww==","code":"YJIV"} 11 | ``` 12 | 13 | `intruder`数据包设置如下: 14 | ```bash 15 | {"username":"admin","password":"§1§","code":"§JOEJ§"} 16 | ``` 17 | 18 | `intruder`设置如下: 19 | ![800](photo/Pasted%20image%2020220414142603.png) 20 | ![800](photo/Pasted%20image%2020220414142107.png) 21 | ![800](photo/Pasted%20image%2020220414142541.png) 22 | 23 | 由于我们只针对`intruder`里的账号密码进行爆破,所以解密接口我们用不到,直接捕捉到数据包直接返回即可: 24 | ```python 25 | @app.route('/decode',methods=["POST"]) # 不解密 26 | def decrypt(): 27 | param = request.form.get('data') # 获取 post 参数 28 | return param 29 | ``` 30 | 加密服务端代码如下: 31 | ```python 32 | # -*- coding:utf-8 -*- 33 | # author:f0ngf0ng 34 | 35 | # ldap的md5加密爆破 36 | 37 | from flask import Flask,Response,request 38 | from pyDes import * 39 | import base64,hashlib,json 40 | 41 | def hash_md5(data): 42 | md = hashlib.md5() 43 | md.update(str(data)) 44 | a = md.digest() 45 | b = base64.b64encode(a) 46 | return b 47 | 48 | app = Flask(__name__) 49 | 50 | @app.route('/encode',methods=["POST"]) 51 | def encrypt(): 52 | param = request.form.get('data') # 获取 post 参数 53 | data = json.loads(param) 54 | print(data) 55 | encry_param = param.replace( "password': '"+ data['password'],"password': '"+"{MD5}" + data['password']) # 密文替换明文,且添加{MD5}关键字 56 | return encry_param 57 | 58 | @app.route('/decode',methods=["POST"]) # 不解密 59 | def decrypt(): 60 | param = request.form.get('data') # 获取 post 参数 61 | return param 62 | 63 | if __name__ == '__main__': 64 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 65 | app.run(host="0.0.0.0",port="8888") 66 | ``` 67 | 运行如下 68 | ```bash 69 | python flask.py 70 | ``` 71 | `autoDecoder`设置如下: 72 | ![800](photo/Pasted%20image%2020220414141838.png) 73 | 74 | `captcha-killer-modified`插件页面如下: 75 | ![800](photo/Pasted%20image%2020220414143000.png) 76 | 爆破如下: 77 | ![800](photo/Pasted%20image%2020220414143037.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203145659.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203145659.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203145800.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203145800.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203150042.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203150042.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203150117.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Python/通过py执行js加密/photo/Pasted image 20230203150117.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Python/通过py执行js加密/通过py执行js加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-03T14:58:51+08:00 3 | updated: 2023-02-21T20:51:40+08:00 4 | --- 5 | 遇到一个js加密的登录框,js代码如下: 6 | ![](photo/Pasted%20image%2020230203145659.png) 7 | 遇到个密码加密,只有一个函数 8 | ```javascript 9 | function encode(_str) { 10 | var staticchars = "PXhw7UT1B0a9kQDKZsjIASmOezxYG4CHo5Jyfg2b8FLpEvRr3WtVnlqMidu6cN"; 11 | var encodechars = ""; 12 | for (var i = 0; i < _str.length; i++) { 13 | var num0 = staticchars.indexOf(_str[i]); 14 | if (num0 == -1) { 15 | var code = _str[i]; 16 | } else { 17 | var code = staticchars[(num0 + 3) % 62]; 18 | } 19 | var num1 = parseInt(Math.random() * 62, 10); 20 | var num2 = parseInt(Math.random() * 62, 10); 21 | encodechars += staticchars[num1] + code + staticchars[num2]; 22 | } 23 | return encodechars; 24 | } 25 | ``` 26 | 27 | 直接利用python的execjs来执行,代码如下: 28 | ```python 29 | # -*- coding: utf-8 -*- 30 | # @Time : 2023/2/3 2:05 下午 31 | # @Software: f0ng 32 | 33 | 34 | from flask import Flask,request 35 | import execjs 36 | from urllib.parse import parse_qsl, parse_qs 37 | 38 | 39 | app = Flask(__name__) 40 | 41 | 42 | ctx = execjs.compile(""" 43 | function encode(_str) { var staticchars = "PXhw7UT1B0a9kQDKZsjIASmOezxYG4CHo5Jyfg2b8FLpEvRr3WtVnlqMidu6cN"; var encodechars = ""; for (var i = 0; i < _str.length; i++) { var num0 = staticchars.indexOf(_str[i]); if (num0 == -1) { var code = _str[i]; } else { var code = staticchars[(num0 + 3) % 62]; } var num1 = parseInt(Math.random() * 62, 10); var num2 = parseInt(Math.random() * 62, 10); encodechars += staticchars[num1] + code + staticchars[num2]; } return encodechars; } 44 | """) 45 | 46 | @app.route('/encode',methods=["POST"]) 47 | def encrypt(): 48 | total = "" 49 | param = request.form.get('dataBody') # 获取 post 参数 50 | # print(param) 51 | dict = parse_qs(param) 52 | en_pwd = ctx.call("encode", dict["password"][0]) 53 | # print(en_pwd) 54 | dict["password"][0] = en_pwd 55 | for key in dict.keys(): 56 | # print(key) 57 | total = total + key + "=" + dict[key][0] + "&" 58 | 59 | print(total[:-1]) 60 | return total[:-1] 61 | 62 | @app.route('/decode',methods=["POST"]) # 不解密 63 | def decrypt(): 64 | param = request.form.get('dataBody') # 获取 post 参数 65 | # print(param) return param 66 | 67 | if __name__ == '__main__': 68 | app.debug = True # 设置调试模式,生产模式的时候要关掉debug 69 | app.run(host="0.0.0.0",port="8888") 70 | ``` 71 | autodecoder配置如下: 72 | ![](photo/Pasted%20image%2020230203145800.png) 73 | 74 | 直接设置为明文密码就行了,intruder如下 75 | ![](photo/Pasted%20image%2020230203150042.png) 76 | 77 | 通过logger查看如下 78 | ![](photo/Pasted%20image%2020230203150117.png) 79 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/decode.rb: -------------------------------------------------------------------------------- 1 | 2 | # encoding: utf-8 3 | # author:{"补天"=>"等闲却变故人心"} 4 | 5 | require 'sinatra' 6 | require 'openssl' 7 | require 'base64' 8 | 9 | def sm4_encrypt(key, iv, plaintext) 10 | cipher = OpenSSL::Cipher.new('sm4-cbc') 11 | cipher.encrypt 12 | cipher.key = key 13 | cipher.iv = iv 14 | encrypted = cipher.update(plaintext) + cipher.final 15 | Base64.strict_encode64(encrypted) 16 | end 17 | 18 | # SM4 解密方法 19 | def sm4_decrypt(key, iv, ciphertext) 20 | cipher = OpenSSL::Cipher.new('sm4-cbc') 21 | cipher.decrypt 22 | cipher.key = key 23 | cipher.iv = iv 24 | decrypted = cipher.update(Base64.strict_decode64(ciphertext)) + cipher.final 25 | decrypted.force_encoding('utf-8') 26 | end 27 | 28 | post '/encode' do 29 | key = 'oibnskaxcde@rsf!' 30 | iv = 'oibnskaxcde@rsf!' 31 | param = params[:dataBody].strip 32 | p param 33 | ciphertext = sm4_encrypt(key, iv, param) 34 | p ciphertext 35 | return ciphertext 36 | end 37 | 38 | post '/decode' do 39 | key = 'oibnskaxcde@rsf!' 40 | iv = 'oibnskaxcde@rsf!' 41 | param = params[:dataBody].strip 42 | p param 43 | plaintext = sm4_decrypt(key, iv, param) 44 | p plaintext 45 | return plaintext 46 | end 47 | 48 | set :bind, '0.0.0.0' 49 | set :port, 8889 50 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_1.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_2.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_2.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_3.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_4.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_4.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_5.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_5.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_6.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_6.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_7.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/SM4_Base64/photo/Snipaste_7.jpg -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/server.rb: -------------------------------------------------------------------------------- 1 | 2 | # encoding: utf-8 3 | # author:{"补天"=>"等闲却变故人心"} 4 | require 'openssl' 5 | require 'base64' 6 | require 'sinatra' 7 | require 'mysql2' 8 | 9 | def sm4_encrypt(key, iv, plaintext) 10 | cipher = OpenSSL::Cipher.new('sm4-cbc') 11 | cipher.encrypt 12 | cipher.key = key 13 | cipher.iv = iv 14 | encrypted = cipher.update(plaintext) + cipher.final 15 | Base64.strict_encode64(encrypted) 16 | end 17 | 18 | # SM4 解密方法 19 | def sm4_decrypt(key, iv, ciphertext) 20 | cipher = OpenSSL::Cipher.new('sm4-cbc') 21 | cipher.decrypt 22 | cipher.key = key 23 | cipher.iv = iv 24 | decrypted = cipher.update(Base64.strict_decode64(ciphertext)) + cipher.final 25 | decrypted.force_encoding('utf-8') 26 | end 27 | 28 | 29 | 30 | post '/test' do 31 | begin 32 | key = 'oibnskaxcde@rsf!' 33 | iv = 'oibnskaxcde@rsf!' 34 | param = request.body.read.strip 35 | p param 36 | decryptedtext = sm4_decrypt(key, iv, param) 37 | p decryptedtext 38 | id = JSON.parse(decryptedtext)['id'] 39 | p id 40 | client = Mysql2::Client.new( 41 | :host => '127.0.0.1', # 主机 42 | :username => 'root', # 用户名 43 | :password => 'root', # 密码 44 | :database => 'security', # 数据库 45 | :encoding => 'utf8' # 编码 46 | ) 47 | results = client.query("SELECT * FROM users WHERE id = #{id}") 48 | client.close 49 | result_hash = results.first 50 | p result_hash 51 | result_json = JSON.parse(result_hash.to_json)['username'] 52 | p result_json 53 | #return param 54 | plaintext = sm4_encrypt(key, iv, result_json.to_s) 55 | return plaintext 56 | rescue => e 57 | puts e.message 58 | puts e.backtrace.inspect 59 | return "" 60 | end 61 | end 62 | 63 | set :bind, '0.0.0.0' 64 | set :port, 8899 65 | 66 | key = 'oibnskaxcde@rsf!' 67 | iv = 'oibnskaxcde@rsf!' 68 | plaintext = '{"id":"1"}' 69 | #plaintext = JSON.parse(plaintext) 70 | p plaintext 71 | # 加密明文 72 | ciphertext = sm4_encrypt(key, iv, plaintext) 73 | puts ("加密:"+ciphertext) 74 | 75 | 76 | # 解密密文 77 | #decryptedtext = sm4_decrypt(key, iv, ciphertext) 78 | #puts ("解密结果:"+ decryptedtext) 79 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/SM4_Base64/sm4_base64.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-03-01T00:06:38+08:00 3 | updated: 2023-03-02T08:42:15+08:00 4 | --- 5 | 6 | # sm4加解密的例子 7 | ## autoDecoder例 8 | 9 | 遇到一个sm4加密以base64输出的例子,因为工作任务,不方便把站点拿出来,所以写了一个例子。 10 | 11 | 12 | server.rb是服务端脚本,和作者的testsql.php是一样的作用,不同是接收一段SM4加密后的值。 13 | 14 | 脚本中数据库连接的数据库可以改成自己的,方便测试。 15 | 16 | decode.rb是加解密脚本,包含了数据的加解密功能 17 | 18 | 监听了本地的8889端口,encode是加密接口,decode是解密接口。 19 | 20 | 运行服务端脚本,会在本地监听一个8899的端口。 21 | 22 | ![800](photo/Snipaste_1.jpg) 23 | 24 | 25 | ``` 26 | 加密前:{"id":"1"} 27 | ``` 28 | ``` 29 | 加密后:+u2S6s37hSasjAY6o+LMtw== 30 | ``` 31 | 32 | ### 原始请求包 33 | ``` 34 | POST /test HTTP/1.1 35 | Host: www.test.com:8899 36 | accept: */* 37 | Accept-Encoding: gzip, deflate 38 | Accept-Language: zh-CN,zh;q=0.9 39 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36 40 | Sec-GPC: 1 41 | Connection: close 42 | Content-Length: 24 43 | 44 | +u2S6s37hSasjAY6o+LMtw== 45 | ``` 46 | ### 原始返回包 47 | ``` 48 | HTTP/1.1 200 OK 49 | Content-Type: text/html;charset=utf-8 50 | Content-Length: 24 51 | X-Xss-Protection: 1; mode=block 52 | X-Content-Type-Options: nosniff 53 | X-Frame-Options: SAMEORIGIN 54 | Server: WEBrick/1.6.1 (Ruby/2.7.7/2022-11-24) 55 | Date: Wed, 29 Mar 2023 02:09:20 GMT 56 | Connection: close 57 | 58 | mv32zqE0zSlqceAgieOgBA== 59 | ``` 60 | ![800](photo/Snipaste_2.jpg) 61 | 62 | 63 | 使用插件中的自定义接口功能,对请求包和返回包进行加解密,插件配置如下 64 | ![900](photo/Snipaste_3.jpg) 65 | 测试加解密 66 | ![900](photo/Snipaste_4.jpg) 67 | 68 | 69 | 使用明文进行请求。 70 | 71 | ![900](photo/Snipaste_5.jpg) 72 | 73 | 在logger中进行查看,已经自动进行了加解密 74 | ![900](photo/Snipaste_6.jpg) 75 | 76 | 对ID进行爆破测试。 77 | 78 | ![900](photo/Snipaste_7.jpg) 79 | -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/http_Headers_Sign案例/http_Headers_Sign.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-08-17T00:06:38+08:00 3 | --- 4 | # http请求头sign校验 5 | ## autoDecoder例 6 | 遇到一个校验http请求头sign的例子。 7 | 8 | sign的值生成逻辑是 9 | ``` 10 | md5(md5('123456') + 'a=123454&123456') 11 | ``` 12 | 13 | PS :a=123454&123456是请求数据。 14 | 15 | 16 | ### 原始请求包 17 | ``` 18 | POST /123465 HTTP/1.1 19 | Host: www.baidu.com 20 | Content-Length: 164 21 | Pragma: no-cache 22 | Cache-Control: no-cache 23 | Sec-Ch-Ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" 24 | Dnt: 1 25 | Sec-Ch-Ua-Mobile: ?1 26 | User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36 27 | Content-Type: application/json;charset=UTF-8 28 | Accept: application/json, text/plain, */* 29 | Sec-Ch-Ua-Platform: "Android" 30 | Sec-Fetch-Site: same-site 31 | Sec-Fetch-Mode: cors 32 | Sec-Fetch-Dest: empty 33 | Accept-Encoding: gzip, deflate 34 | Accept-Language: zh-CN,zh;q=0.9 35 | Sign: 0642d1a2e8c65abaf495e35ab3852012 36 | Connection: close 37 | 38 | {"12345":"32","45678":"JSON"} 39 | ``` 40 | 41 | ## 希望达到的效果 42 | 43 | 输入以下请求包 44 | 45 | ``` 46 | POST /123465 HTTP/1.1 47 | Host: www.baidu.com 48 | Content-Length: 164 49 | Pragma: no-cache 50 | Cache-Control: no-cache 51 | Sec-Ch-Ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" 52 | Dnt: 1 53 | Sec-Ch-Ua-Mobile: ?1 54 | User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36 55 | Content-Type: application/json;charset=UTF-8 56 | Accept: application/json, text/plain, */* 57 | Sec-Ch-Ua-Platform: "Android" 58 | Sec-Fetch-Site: same-site 59 | Sec-Fetch-Mode: cors 60 | Sec-Fetch-Dest: empty 61 | Accept-Encoding: gzip, deflate 62 | Accept-Language: zh-CN,zh;q=0.9 63 | Connection: close 64 | 65 | {"12345":"32","45678":"JSON"} 66 | ``` 67 | 68 | 返回计算好Sign值的数据包 69 | ``` 70 | POST /123465 HTTP/1.1 71 | Host: www.baidu.com 72 | Content-Length: 164 73 | Pragma: no-cache 74 | Cache-Control: no-cache 75 | Sec-Ch-Ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" 76 | Dnt: 1 77 | Sec-Ch-Ua-Mobile: ?1 78 | User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Mobile Safari/537.36 79 | Content-Type: application/json;charset=UTF-8 80 | Accept: application/json, text/plain, */* 81 | Sec-Ch-Ua-Platform: "Android" 82 | Sec-Fetch-Site: same-site 83 | Sec-Fetch-Mode: cors 84 | Sec-Fetch-Dest: empty 85 | Accept-Encoding: gzip, deflate 86 | Accept-Language: zh-CN,zh;q=0.9 87 | Connection: close 88 | Sign: 8eea4708aedfe8a0137113c26dc01ca6 89 | 90 | {"12345":"32","45678":"JSON"} 91 | ``` 92 | 效果图(左边是计算后的数据包,右边是计算前的数据包) 93 | 94 | ![Alt text](./img/1.png) 95 | 96 | 代码如下,我这边采用的ruby写的,大家可以参考一下。 97 | ``` 98 | require 'sinatra' 99 | require 'digest' 100 | 101 | configure do 102 | set :bind => '127.0.0.1' 103 | set :port => '1234' 104 | end 105 | 106 | post '/encode' do 107 | #获取http包中的请求数据 108 | param = params[:dataBody].strip 109 | #获取http包中的头信息 110 | param_headers = params[:dataHeaders].strip 111 | #计算sign值 112 | encry_param = Digest::MD5.hexdigest(Digest::MD5.hexdigest('aAr9MVS9j1')+param) 113 | #获取是请求包还是返回包 114 | param_requestorresponse = params[:requestorresponse].strip 115 | #判断是否为请求包,然后进行组装返回 116 | if param_requestorresponse == "request" 117 | return param_headers + "\r\n" + "Sign: " + encry_param + "\r\n\r\n\r\n\r\n" + param 118 | end 119 | end 120 | #因为返回包不需要解密,所以就直接正常返回了 121 | post '/decode' do 122 | #获取返回包中的请求数据 123 | param = params[:dataBody].strip 124 | #获取返回包中的头信息 125 | param_headers = params[:dataHeaders].strip 126 | #获取是请求包还是返回包 127 | param_requestorresponse = params[:requestorresponse].strip 128 | #判断是否为返回包,然后进行组装返回 129 | if param_requestorresponse == "response" 130 | return param_headers + "\r\n\r\n\r\n\r\n" + param 131 | end 132 | end 133 | ``` 134 | 135 | 大家要注意,请求头和数据包之间的换行一定要 "\r\n\r\n\r\n\r\n" , 136 | 137 | 如 headers + "\r\n\r\n\r\n\r\n" + body 。 138 | 139 | 插件是根据"\r\n\r\n\r\n\r\n"区分的。 140 | 141 | 运行脚本以后,对插件进行配置。 142 | 143 | Options设置图片 144 | 145 | ![Options设置图片](./img/2.png) 146 | 147 | 接口加解密设置图片 148 | 149 | ![接口加解密设置图片](./img/3.png) 150 | 151 | 152 | 通过autoDecoder插件,请求包中不带sign值,可以正常返回数据包 153 | 154 | ![Alt text](./img/4.png) 155 | 156 | 通过logger查看,已经正常加上了sign值 157 | 158 | ![Alt text](./img/5.png) -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/1.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/2.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/3.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/4.png -------------------------------------------------------------------------------- /接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/接口加解密算法的用法/Ruby/http_Headers_Sign案例/img/5.png -------------------------------------------------------------------------------- /自带加解密算法的用法/multipart提交方式进行加密/multipart提交方式进行加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-11-11T23:09:41+08:00 3 | updated: 2023-11-11T23:09:41+08:00 4 | --- 5 | 有些时候遇到waf,或者特殊的登录口,需要使用`multipart/form-data`方式进行请求,但是如果有加密存在,没法通过很快捷的方式进行加密,研究了一下autoDecoder,其实是可以用的,配置如下 6 | ![](photo/Pasted%20image%2020231111230749.png) 7 | 8 | 将选中的内容粘贴到正则提取文本中,正则表达式置为`"id"\r\n\r\n([^\n]*)\r\n`,点击提取 9 | 10 | ![](photo/Pasted%20image%2020231111230825.png) 11 | 12 | 获取到111的值以后就可以对参数进行加密了,这里以des/cbc举例 13 | 14 | 15 | 原始请求包为 16 | ![](photo/Pasted%20image%2020231111230858.png) 17 | 18 | 实际请求包如下 19 | ![](photo/Pasted%20image%2020231111230905.png) -------------------------------------------------------------------------------- /自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230749.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230749.png -------------------------------------------------------------------------------- /自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230825.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230825.png -------------------------------------------------------------------------------- /自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230858.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230858.png -------------------------------------------------------------------------------- /自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230905.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/multipart提交方式进行加密/photo/Pasted image 20231111230905.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165224.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165224.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165255.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165255.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165303.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165303.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165419.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221165419.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221170243.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221170243.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221170254.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/使响应包不解密1/photo/Pasted image 20230221170254.png -------------------------------------------------------------------------------- /自带加解密算法的用法/使响应包不解密1/使响应包不解密1.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-21T16:48:04+08:00 3 | updated: 2023-02-21T21:48:54+08:00 4 | --- 5 | #### 该案例属于自带加解密算法的用法中的一例 6 | 7 | 算法为DES/CBC/PKCS5Padding算法,密钥为f0ngtest,iv为f0ngf0ng 8 | 9 | 请求体为 10 | ``` 11 | I9z1fsH5QQ2NUbJi/7a8lw== 12 | ``` 13 | 14 | 加解密如下: 15 | ![](photo/Pasted%20image%2020230221165224.png) 16 | 17 | 配置如下: 18 | 19 | ![](photo/Pasted%20image%2020230221165419.png) 20 | 21 | ![](photo/Pasted%20image%2020230221165303.png) 22 | 即可只对请求包进行解密,而响应包不会解密,如下: 23 | ![](photo/Pasted%20image%2020230221170243.png) 24 | 25 | ![](photo/Pasted%20image%2020230221170254.png) 26 | 针对请求包有密文,响应包是明文的情况 -------------------------------------------------------------------------------- /自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221171404.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221171404.png -------------------------------------------------------------------------------- /自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221171412.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221171412.png -------------------------------------------------------------------------------- /自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221171611.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221171611.png -------------------------------------------------------------------------------- /自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221172153.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221172153.png -------------------------------------------------------------------------------- /自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221172202.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/指定文本加密/photo/Pasted image 20230221172202.png -------------------------------------------------------------------------------- /自带加解密算法的用法/指定文本加密/指定文本加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-21T16:48:04+08:00 3 | updated: 2023-02-21T21:49:52+08:00 4 | --- 5 | #### 该案例属于自带加解密算法的用法中的一例 6 | 7 | 算法为DES/CBC/PKCS5Padding算法,密钥为f0ngtest,iv为f0ngf0ng 8 | 9 | 请求体中有密码加密,如`123456`加密成`CWppt9RAuoY=` 10 | 11 | 配置如下: 12 | ![](photo/Pasted%20image%2020230221171404.png) 13 | 14 | ![](photo/Pasted%20image%2020230221171412.png) 15 | 16 | 需要加密的请求如下: 17 | ![](photo/Pasted%20image%2020230221171611.png) 18 | 19 | 实际发送的请求如下:(可以去logger模块,或者安装logger++模块中查看) 20 | ![](photo/Pasted%20image%2020230221172202.png) -------------------------------------------------------------------------------- /自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170110.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170110.png -------------------------------------------------------------------------------- /自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170117.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170117.png -------------------------------------------------------------------------------- /自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170145.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170145.png -------------------------------------------------------------------------------- /自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170342.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170342.png -------------------------------------------------------------------------------- /自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170534.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/f0ng/autoDecoder-usages/a09696ddf01c706b76ed4311a1eb050a8f6b7646/自带加解密算法的用法/文本全加密/photo/Pasted image 20230221170534.png -------------------------------------------------------------------------------- /自带加解密算法的用法/文本全加密/文本全加密.md: -------------------------------------------------------------------------------- 1 | --- 2 | created: 2023-02-21T16:55:53+08:00 3 | updated: 2023-02-21T21:49:38+08:00 4 | --- 5 | #### 该案例属于自带加解密算法的用法中的一例 6 | 7 | 算法为DES/CBC/PKCS5Padding算法,密钥为f0ngtest,iv为f0ngf0ng 8 | 9 | 请求体为 10 | ``` 11 | I9z1fsH5QQ2NUbJi/7a8lw== 12 | ``` 13 | 14 | 响应体为 15 | ``` 16 | dCtLdlmk7wI= 17 | ``` 18 | 19 | 配置如下: 20 | 21 | ![](photo/Pasted%20image%2020230221170110.png) 22 | 23 | 24 | ![](photo/Pasted%20image%2020230221170117.png) 25 | 26 | 原始请求如下: 27 | ![](photo/Pasted%20image%2020230221170145.png) 28 | 29 | 请求包响应包都调至autoDecoder选项卡: 30 | ![](photo/Pasted%20image%2020230221170342.png) 31 | 32 | 将响应包的选项卡还原为raw,修改请求包中的1为2 33 | ![](photo/Pasted%20image%2020230221170534.png) 34 | 响应包自动解密 --------------------------------------------------------------------------------