TG incapsula_resource && incapsula_reese84
TG incapsula_resource && incapsula_reese84
这个站原本不归我开发,但是同事一直请求不成功,所以就让我帮忙看看,结果我被折磨了两天= =
网址:aHR0cHM6Ly93d3cudGhhaWFpcndheXMuY29tLw==
起初以为他只有一个incapsula_reese84,然后去中请求,reese84生成没问题,但是一直成功不了,后面发现了这个参数也在起作用incap_ses_xxx_2166334
有兴趣的可以玩一玩
incap_ses_xxx_2166334
问题就在这,这个参数是响应中的,之前是直接拿来用,请求不成功。但是事实是需要将他进行激活才能用
怎么样激活呢,是通过这个接口进行激活的
奇葩的是,不管是否携带___utmvc,这个接口都返回1(有被误导)
接下来就说一下怎么生成___utmvc和reese84
incapsula_resource生成___utmvc参数
这个参数的js是动态的,不能扣代码,需补环境
把z拿出来本地分析看看
代码没多少,里面有格式化检测和debugger,先解混淆看看
代码解混淆
只解开了字面量,看着舒服一点就行
// 解字面量
const decodeOb = {
CallExpression(path) {
node = path.node
callee = node.callee
if (callee.type === "Identifier" && callee.name == '_0xc805') {
if (node.arguments.length == 2) {
arg1 = node.arguments[0]
value1 = arg1.value
arg2 = node.arguments[1]
value2 = arg2.value
result = _0xc805(value1, value2)
console.log(value1, value2, result)
path.replaceWith(types.stringLiteral(result))
}
}
}
}环境检测
环境检测的代码
[["navigator","exists"],["navigator.vendor","value"],["navigator.appName","value"],["navigator.plugins.length==0","value"],["navigator.platform","value"],["navigator.webdriver","value"],["platform","plugin_extentions"],["ActiveXObject","exists"],["webkitURL","exists"],["_phantom","exists"],["callPhantom","exists"],["chrome","exists"],["yandex","exists"],["opera","exists"],["opr","exists"],["safari","exists"],["awesomium","exists"],["puffinDevice","exists"],["__nightmare","exists"],["domAutomation","exists"],["domAutomationController","exists"],["_Selenium_IDE_Recorder","exists"],["document.__webdriver_script_fn","exists"],["document.$cdc_asdjflasutopfhvcZLmcfl_","exists"],["process.version","exists"],["global.require","exists"],["global.process","exists"],["WebAssembly","exists"],["require('fs')","exists"],["globalThis==global","value"],["window.toString()","value"],["navigator.cpuClass","exists"],["navigator.oscpu","exists"],["navigator.connection","exists"],["navigator.language=='C'","value"],["Object.keys(window).length","value"],["window.outerWidth==0","value"],["window.outerHeight==0","value"],["window.WebGLRenderingContext","exists"],["window.constructor.toString()","value"],["Boolean(typeof process !== 'null' && process.versions && process.versions.node)","value"],["document.documentMode","value"],["eval.toString().length","value"],["navigator.connection.rtt","value"],["deviceType","function"],["screen.width","value"],["screen.height","value"],["eoapi","exists"],["eoapi_VerifyThis","exists"],["eoapi_extInvoke","exists"],["eoWebBrowserDispatcher","exists"],["window.HIDDEN_CLASS","exists"],["navigator.mimeTypes.length==2","value"],["navigator.plugins.length==2","value"],["window.globalThis","exists"],["navigator.userAgentData.brands[0].brand","value"],["navigator.userAgentData.brands[1].brand","value"],["navigator.userAgentData.brands[2].brand","value"],["navigator.plugins['Microsoft Edge PDF Plugin']","exists"],["navigator.brave","exists"],["navigator.userAgentData.mobile","value"],["navigator.userAgentData.platform","value"],["'v710795c5d3d01e41f3931c99fea232707fb24d541c43079ca049ecaeb1c5efca'.toString()","value"]]环境检测没多少,大概也就补了四百多行这样,和reese84比起来就太少了
然后将生成的环境字符串和document.cookie计算出的值进行拼接,然后通过加密生产结果,赋值给document.cookie
效果
incapsula_reese84生成reese84参数
这个参数我就不介绍了,航司很常见
起初这个参数我是通过纯算去做的,后面正是因为很常见,不同航司还不通用,所以就开始了补环境通杀(也更容易迭代),可并发
补环境代码2800行左右
因为对reese84太熟悉了,就不知道怎么说它。有想学习或者需要的请加右侧微信联系
结束
本文是原创文章,采用 CC 4.0 协议,完整转载请注明来自 http://www.1997.pro/
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果