burp 爆破 JS加密

首先右键登录按钮属性查看html源代码,发现id=‘rsa’

https://vuln.top/2020/08/04/burpjs/Untitled.png

ctrl+shift+f 查找rsa描点,发现调用了strEnr

https://vuln.top/2020/08/04/burpjs/Untitled%201.png

继续查找strEnr,并进入函数

https://vuln.top/2020/08/04/burpjs/Untitled%202.png

对加密函数添加断点进行判断,发现123123账号密码进入了此处,且3个key分别为1,2,3。

https://vuln.top/2020/08/04/burpjs/Untitled%203.png

我们直接控制台调用,尝试加密解密

https://vuln.top/2020/08/04/burpjs/Untitled%204.png

保存des.js到本地

https://vuln.top/2020/08/04/burpjs/Untitled%205.png

既然找到了加密解密函数现在就是通过burp调用函数使其加解密,修改phantomjs_server.js

https://vuln.top/2020/08/04/burpjs/Untitled%206.png

载入server.js

https://vuln.top/2020/08/04/burpjs/Untitled%207.png

burp连接server端口,test,我们现在已经可以成功加密了

https://vuln.top/2020/08/04/burpjs/Untitled%208.png

配置burp intruder,添加变量

https://vuln.top/2020/08/04/burpjs/Untitled%209.png

选择Custom ,1为用户

https://vuln.top/2020/08/04/burpjs/Untitled%2010.png

2为密码

https://vuln.top/2020/08/04/burpjs/Untitled%2011.png

添加payload加密

https://vuln.top/2020/08/04/burpjs/Untitled%2012.png

start attack,成功爆破

https://vuln.top/2020/08/04/burpjs/Untitled%2013.png

尝试解密下加密字符串,成功

https://vuln.top/2020/08/04/burpjs/Untitled%2014.png