desc参数分析
desc参数分析
某某航司的des参数,这个参数我看到有四个航司都有
参数生成定位
这里不细说,直接搜索 \x5c+ 进行定位
加密算法与环境值分析
加密算法分析
上图可以看到,这个是一个des加密
DES加密
秘钥:'52D2841A3485DFFBCF2EA6A0515077CD'
加密模式:CBC
填充模式:Nopk
明文:'{"xy":[{"x":1165,"y":398,"t":1714964023704},{"x":1164,"y":398,"t":1714964023720},{"x":1162,"y":396,"t":1714964023760},{"x":1106,"y":395,"t":1714964023864},{"x":1106,"y":395,"t":1714964023955}],"fingerprint":3689427594,"prevent_pev":null,"prevent_cid":"fc8bded2#5a037aac#Netscape&Google Inc.#0#0#Netscape&getBattery&8&12&Gecko&20030107#0#0#0#0#1080,1920#20210715#false#true#true#true#fc8bded220210715fc8bded2","t":1714964088617}'
经过分析,这是一个魔改过的des
解决方法也比较简单
把_0x43cc91这个对象扣出来导出就行
环境值分析
环境数组
{
"xy": [
{
"x": 1165,
"y": 398,
"t": 1714964023704
},
{
"x": 1164,
"y": 398,
"t": 1714964023720
},
{
"x": 1162,
"y": 396,
"t": 1714964023760
},
{
"x": 1106,
"y": 395,
"t": 1714964023864
},
{
"x": 1106,
"y": 395,
"t": 1714964023955
}
],
"fingerprint": 3689427594,
"prevent_pev": null,
"prevent_cid": "fc8bded2#5a037aac#Netscape&Google Inc.#0#0#Netscape&getBattery&8&12&Gecko&20030107#0#0#0#0#1080,1920#20210715#false#true#true#true#fc8bded220210715fc8bded2",
"t": 1714964088617
}
按照下图去逐个分析就行
xy
从上面的环境数组可以猜出,这是五个点的坐标位置加上时间戳
追栈仔细看看
{
"x": 1165, // MouseEvent['pageX']
"y": 398, // MouseEvent['pageY']
"t": 1714964023704 // MouseEvent['timestamp'] || new Date()["valueOf"]()
}
当数组长度大于5时,就会shift出去
fingerprint
这是一个环境指纹
环境数组
// 生成逻辑
function get_arr() {
var _0x3385a2 = [];
if (_0x3385a2.push(navigator.userAgent),
_0x3385a2.push(navigator.language),
_0x3385a2.push(screen.colorDepth),
this.screen_resolution) {
var _0x362e50 = this.getScreenResolution();
if ("undefined" != typeof _0x362e50) {
_0x3385a2.push(this.getScreenResolution().join("x"));
}
}
return _0x3385a2.push(new Date().getTimezoneOffset()),
_0x3385a2.push(this.hasSessionStorage()),
_0x3385a2.push(this.hasLocalStorage()),
_0x3385a2.push(!!_0x102f4c.indexedDB),
_0x575963.body ? _0x3385a2.push(typeof _0x575963.body.addBehavior) : _0x3385a2.push("undefined"),
_0x3385a2.push(typeof _0x102f4c.openDatabase),
_0x3385a2.push("cpuClass:" + navigator.cpuClass),
_0x3385a2.push("platform:" + navigator.platform),
_0x3385a2.push("doNotTrack:" + navigator.doNotTrack),
_0x3385a2.push("Plugin:" + this.getPluginsString()),
this.isCanvasSupported() ? _0x3385a2.push("1") : _0x3385a2.push("0"),
_0x3385a2.push(this.getNodeJsEv()),
_0x3385a2.push(this.getWebDriverEv()),
_0x3385a2.push(this.isPhantomJSEv()),
_0x3385a2.push(this.isChromeHeadless()),
_0x3385a2.push(this.isChromeEv()),
_0x3385a2.push(this.isFireFoxEv()),
_0x3385a2.push(this.isSafariEv()),
_0x3385a2.push(this.getAppNameAndVendor()),
_0x3385a2.push(this.getCanvasFingerprint()),
_0x3385a2;
}
// 结果
[
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
"zh-CN",
24,
-480,
true,
true,
true,
"undefined",
"undefined",
"cpuClass:undefined",
"platform:Win32",
"doNotTrack:null",
"Plugin:PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;Chrome PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;Chromium PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;Microsoft Edge PDF Viewer::Portable Document Format::application/pdf~pdf,text/pdf~pdf;WebKit built-in PDF::Portable Document Format::application/pdf~pdf,text/pdf~pdf",
"1",
"0",
"0",
"0",
"0",
"Netscape&getBattery&8&12&Gecko&20030107",
"0",
"0",
"Netscape&Google Inc.",
"fc8bded2"
]
prevent_cid
// 生成值流程
var _0x1d119d = _0x51f4be.getCanvasFingerprint() + "#" + md5(_0xae9c3 + "you are good!" + Math.floor(Math.random() * 10).toString()).substring(24) + "#" + _0x51f4be.getAppNameAndVendor() + "#" + _0x51f4be.isSafariEv() + "#" + _0x51f4be.isFireFoxEv() + "#" + _0x51f4be.isChromeEv() + "#" + _0x51f4be.isPhantomJSEv() + "#" + _0x51f4be.isChromeHeadless() + "#" + _0x51f4be.getWebDriverEv() + "#" + _0x51f4be.getNodeJsEv() + "#" + _0x51f4be.getScreenResolution() + "#" + _0x525c47 + "#" + _0x51f4be.isIE() + "#" + _0x51f4be.isCanvasSupported() + "#" + _0x51f4be.hasSessionStorage() + "#" + _0x51f4be.hasLocalStorage() + "#" + _0x51f4be.getCanvasFingerprint() + _0x525c47 + _0x51f4be.getCanvasFingerprint();
// 结果
"fc8bded2#5a037aac#Netscape&Google Inc.#0#0#Netscape&getBattery&8&12&Gecko&20030107#0#0#0#0#1080,1920#20210715#false#true#true#true#fc8bded220210715fc8bded2"
需要注意的是,这个是动态的值
md5(_0xae9c3 + "you are good!" + Math.floor(Math.random() * 10).toString()).substring(24)
结束
这个航司请求太快会触发风控,dx滑块、ip风控(检测比较严格,用了两个隧道不行)。
本文是原创文章,采用 CC 4.0 协议,完整转载请注明来自 http://www.1997.pro/
评论
匿名评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果