- 积分
- 14
- 阳光
-
- 花瓣
-
- 雨露
-
- 节操
-
- 基情
-
- 贡献
-
- 注册时间
- 2015-1-11
- 在线时间
- 小时
- 最后登录
- 1970-1-1
- 阅读权限
- 10
该用户从未签到
|
发表于 2015-1-11 21:54:03
|
显示全部楼层
新版12306目前我能看到的在登录时的变化是:
1、客户端在 GET kyfw.12306.cn/otn/login/init 时,在响应报文体中,有这么一段:
<script src="/otn/dynamicJs/lmlyszx" type="text/javascript" xml:space="preserve"></script>
红色的7位字符文件名是一个随机值,拿到他
2、客户端GET一下/otn/dynamicJs/lmlyszx
在响应的报文体含有JS,这个JS做3件事情:
i.会随机分配给你一个key值
ii.通过脚本过滤关键字,以此判断是否为第三方\插件
iii.通过key以及过滤结果进行一个复杂的哈希换算,得到一个value
3、客户端提交用户名、密码、验证码、key、value到服务端,服务端验证
至于楼主想问怎么检测的,那就研究这段脚本吧(可自行抓包):
var submitForm;(function ($){var jq=$.ajax;function fw(kw){var hasKey=false;var values=kw['values'];var html=$(kw['key']).html();if(html){for(var i=0;i<values.length;i++){if(html.indexOf(values)>-1){hasKey= true;break;}}}return hasKey;}function bin216(s){var i,l,o = "",n;s += "";b = "";for(i = 0,l = s.length;i < l;i ++ ){b = s.charCodeAt(i);n = b.toString(16);o += n.length < 2 ? "0" + n : n;}return o;};var Base32 = new function(){var delta = 0x9E3779B8;function longArrayToString(data,includeLength){var length = data.length;var n = (length - 1) << 2;if (includeLength){var m = data[length - 1];if((m < n - 3) || (m > n))return null;n = m;}for(var i = 0;i < length;i ++ ){data = String.fromCharCode(data & 0xff,data >>> 8 & 0xff,data >>> 16 & 0xff,data >>> 24 & 0xff);}if (includeLength){return data.join('').substring(0, n);}else{return data.join('');}};function stringToLongArray(string, includeLength){var length = string.length;var result = [];for (var i = 0; i < length; i += 4){result[i >> 2] = string.charCodeAt(i) | string.charCodeAt(i + 1) << 8 | string.charCodeAt(i + 2) << 16 | string.charCodeAt(i + 3) << 24;}if (includeLength){result[result.length] = length;}return result;};this.encrypt = function(string, key){if (string == ""){return "";}var v = stringToLongArray(string, true);var k = stringToLongArray(key, false);if (k.length < 4){k.length = 4;}var n = v.length - 1;var z = v[n], y = v[0];var mx, e, p, q = Math.floor(6 + 52 / (n + 1)), sum = 0;while (0 < q -- ){sum = sum + delta & 0xffffffff;e = sum >>> 2 & 3;for (p = 0; p < n; p ++ ){y = v[p + 1];mx = (z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z);z = v[p] = v[p] + mx & 0xffffffff;}y = v[0];mx = (z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z);z = v[n] = v[n] + mx & 0xffffffff;}return longArrayToString(v, false);};};var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";function encode32(input){input = escape(input);var output = "";var chr1, chr2, chr3 = "";var enc1, enc2, enc3, enc4 = "";var i = 0;do{chr1 = input.charCodeAt(i ++ );chr2 = input.charCodeAt(i ++ );chr3 = input.charCodeAt(i ++ );enc1 = chr1 >> 2;enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);enc4 = chr3 & 63;if (isNaN(chr2)){enc3 = enc4 = 64;}else if (isNaN(chr3)){enc4 = 64;}output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2) + keyStr.charAt(enc3) + keyStr.charAt(enc4);chr1 = chr2 = chr3 = "";enc1 = enc2 = enc3 = enc4 = "";}while (i < input.length);return output;}; function aj(){var dobj=new Object();dobj['jsv']=window.helperVersion;jq({url :'/otn/dynamicJs/smdwahw',data :dobj,type :'POST',success:function(data,textStatus){if(timmer)clearInterval(timmer);},error:function(XMLHttpRequest, textStatus, errorThrown){}});}var timmer=null;(function check(src){checkSelf();function checkSelf(){var formArr=$('form');if(formArr.length>1){}}timmer=setInterval(gc,2000);})('1_111');$(document).ready(function(){(function(){var dobj=new Object();dobj['jsv']=window.helperVersion;jq({url :'/otn/dynamicJs/smdwahw',data :dobj,type :'POST',success:function(data,textStatus){},error:function(XMLHttpRequest, textStatus, errorThrown){}});var form = document.forms[0];var oldSubmit;if(null!=form && form != 'undefined'&&form.id=='loginForm'){form.oldSubmit = form.submit;submitForm = function (){var keyVlues=gc().split(':');var inputObj=$('<input type="hidden" name="'+keyVlues[0]+'" value="'+encode32(bin216(Base32.encrypt(keyVlues[1],keyVlues[0])))+'" />');var myObj=$('<input type="hidden" name="myversion" value="'+window.helperVersion+'" />');inputObj.appendTo($(form));myObj.appendTo($(form));delete inputObj;delete myObj;}}else{submitForm = function (){var keyVlues=gc().split(':');return keyVlues[0]+",-,"+encode32(bin216(Base32.encrypt(keyVlues[1], keyVlues[0])))+":::"+'myversion'+",-,"+window.helperVersion;};}})();});function gc(){var key='NzgyOTA0';var value='';var cssArr=['selectSeatType','ev_light','ev_light','fishTimeRangePicker','updatesFound','tipScript','refreshButton','fish_clock','refreshStudentButton','btnMoreOptions','btnAutoLogin','fish_button','defaultSafeModeTime','ticket-navigation-item'];var csschek=false;if(cssArr&&cssArr.length>0){for(var i=0;i<cssArr.length;i++){if($('.'+cssArr).length>0){csschek=true;break;}}}if(csschek){value+='0';}else{value+='1';}var idArr=['btnMoreOptions','refreshStudentButton','fishTimeRangePicker','helpertooltable','outerbox','updateInfo','fish_clock','refreshStudentButton','btnAutoRefresh','btnAutoSubmit','btnRefreshPassenger','autoLogin','bnAutoRefreshStu','orderCountCell','refreshStudentButton','enableAdvPanel','autoDelayInvoke','refreshButton','refreshTimesBar','chkAllSeat'];var idchek=false;for(var i=0;i<idArr.length;i++){if($('#'+idArr)[0]){idchek=true;break;}}if(idchek){value+='0';}else{value+='1';}var attrArr=['helperVersion'];var attrLen=attrArr?attrArr.length:0;var attrchek=false;for(var p in parent){if(!attrchek){for(var k=0;k<attrLen;k++){if(String(p).indexOf(attrArr[k])>-1){attrchek=true;break;}}}else break;}for(var p in window){if(!attrchek){for(var k=0;k<attrLen;k++){if(String(p).indexOf(attrArr[k])>-1){attrchek=true;break;}}}else break;}var styleArr=['.enter_right>.enter_enw>.enter_rtitle','.objbox td'];var stylechek=false;if(styleArr&&styleArr.length>0){for(var i=0;i<styleArr.length;i++){var tempStyle=$(styleArr);if(tempStyle[0]){for(var k=0;k<tempStyle.length>0;k++){if(tempStyle.eq(k).attr('style')){stylechek=true;break;}}}}}if(stylechek){value+='0';}else{value+='1';}var keywordArr=[{key:".enter_right",values:["亲","抢票","助手"]},{key:".cx_form",values:["点发车","刷票"]},{key:"#gridbox",values:["只选","仅选","checkBox","checkbox"]},{key:".enter_w",values:["助手"]}];var keywordchek=false;if(keywordArr&&keywordArr.length>0){for(var i=0;i<keywordArr.length;i++){var kw=keywordArr;if(fw(kw)){keywordchek=true;break;}}}if(keywordchek){value+='0';}else{value+='1';}if(value.indexOf('0')>-1){aj();}return key+':'+value;}})(jQuery);
|
|
窥视卡
雷达卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡
