V5验证官网滑块验证码WSS协议逆向算法分析
目标:aHR0cHM6Ly93d3cudmVyaWZ5NS5jb20vZGVtbw==
首先观察到背景图URL是
https://ss.verify5.com/s/8fe/1f3edd59bd4e49c5b8fd71a2055c2afb.jpg
滑块图URL是
https://ss.verify5.com/s/8fe/e29e029a14ca48068daf0f90672af21b.png
只有中间这一串是变化的
WSS协议先是发了3个消息,然后接收了一个消息
清除cookie缓存,就能断住,可以看到还没有发送消息
发送消息分析
正常发送消息成功会返回数据
如果发送消息失败就会报错
接收消息分析
接收消息解密就在这里,进去之后发现是AES解密
const CryptoJS = require('crypto-js');function aes_decrypt(a, b) {b = CryptoJS.enc.Utf8.parse(b);var c = CryptoJS.enc.Base64.parse(a).toString(CryptoJS.enc.Hex);a = CryptoJS.enc.Hex.parse(c.slice(0, 32));c = CryptoJS.enc.Hex.parse(c.slice(32));a = {mode: CryptoJS.mode.CTR,padding: CryptoJS.pad.NoPadding,iv: a};b = CryptoJS.AES.decrypt(c.toString(CryptoJS.enc.Base64), b, a);try {return b.toString(CryptoJS.enc.Utf8)} catch (e) {throw "Token is wrong or expired.";}
}a = 'rzDoKds7ZDBIjh1KGj5V42skpSHqhvPiQmyAX1hUg4wer3xhaWVqtR1wDT2kQMSEUdVset5XnR8RnfD+uSEwRQIBZU/1en3y/wqEnkMISg/bSJf4pzd5mNaEC4tUM11HYeBMSjAoku6PlC3chbZnArCHWc1JlrFN4hjjBzSBiG+o2j04XprCdtNu0N87dWCHi2fzPxVqcBOQ/UZtm0hEce4/+ReBS2yVNotKuXCusXlOjNWBQpn6zOZ2VBWlhGPpkyrXrXP8rw6MUBhP4TlaP6gG+z7eXzNRTQ1rRdohUVX2e+WY44V9HLfFK1nlqG3Z3Io/7NaqFtWOCoZt0DzVo3oqZdNpwFc8GqAg5f+b/l58JREyYla+mdHAzmi3CQ=='
b = 'sJtLl0310ZezFe6Z'
console.log(aes_decrypt(a, b))
-
成功验证后会关闭WSS连接
-
失败验证,会一直自动刷新滑块
