-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
在EXEC JS seting 如何调用如下函数? #37
Comments
这个加密已经内置了,是DES里的strEnc |
谢谢您抽出宝贵的时间回复!受教了!
| |
***@***.***
|
|
***@***.***
|
…---- 回复的原邮件 ----
| 发件人 | ***@***.***> |
| 日期 | 2023年02月17日 11:46 |
| 收件人 | ***@***.***> |
| 抄送至 | ***@***.***>***@***.***> |
| 主题 | Re: [whwlsfb/BurpCrypto] 在EXEC JS seting 如何调用如下函数? (Issue #37) |
这个加密已经内置了,是DES里的strEnc
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
听了老大的建议,尝试了一下。但是有一个问题: 谢谢! |
如果lt值来自服务器生成,并且在登录接口的返回中生成,插件就处理不了了 |
否则的话可以尝试写死lt值 |
我注意到,在response中lt可以通过grep的方式抓回来(这意味着值可以写死?),但接下来的payload processing 很费脑筋,我一直没有想好。 |
这个就比较麻烦了,回应里的lt确实是能通过grep取到,但是没法与用户名和密码一起组合,发给插件处理,目前插件还处理不了这种场景 |
|
/**
*/
/*
encrypt the string to string made up of hex
return the encrypted string
*/
function strEnc(data, firstKey, secondKey, thirdKey) {
var leng = data.length;
var encData = "";
var firstKeyBt, secondKeyBt, thirdKeyBt, firstLength, secondLength, thirdLength;
if (firstKey != null && firstKey != "") {
firstKeyBt = getKeyBytes(firstKey);
firstLength = firstKeyBt.length;
}
if (secondKey != null && secondKey != "") {
secondKeyBt = getKeyBytes(secondKey);
secondLength = secondKeyBt.length;
}
if (thirdKey != null && thirdKey != "") {
thirdKeyBt = getKeyBytes(thirdKey);
thirdLength = thirdKeyBt.length;
}
if (leng > 0) {
if (leng < 4) {
var bt = strToBt(data);
var encByte;
if (firstKey != null && firstKey != "" && secondKey != null && secondKey != "" && thirdKey != null && thirdKey != "") {
var tempBt;
var x, y, z;
tempBt = bt;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, secondKeyBt[y]);
}
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, thirdKeyBt[z]);
}
encByte = tempBt;
} else {
if (firstKey != null && firstKey != "" && secondKey != null && secondKey != "") {
var tempBt;
var x, y;
tempBt = bt;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, secondKeyBt[y]);
}
encByte = tempBt;
} else {
if (firstKey != null && firstKey != "") {
var tempBt;
var x = 0;
tempBt = bt;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
encByte = tempBt;
}
}
}
encData = bt64ToHex(encByte);
} else {
var iterator = parseInt(leng / 4);
var remainder = leng % 4;
var i = 0;
for (i = 0; i < iterator; i++) {
var tempData = data.substring(i * 4 + 0, i * 4 + 4);
var tempByte = strToBt(tempData);
var encByte;
if (firstKey != null && firstKey != "" && secondKey != null && secondKey != "" && thirdKey != null && thirdKey != "") {
var tempBt;
var x, y, z;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, secondKeyBt[y]);
}
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, thirdKeyBt[z]);
}
encByte = tempBt;
} else {
if (firstKey != null && firstKey != "" && secondKey != null && secondKey != "") {
var tempBt;
var x, y;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, secondKeyBt[y]);
}
encByte = tempBt;
} else {
if (firstKey != null && firstKey != "") {
var tempBt;
var x;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
encByte = tempBt;
}
}
}
encData += bt64ToHex(encByte);
}
if (remainder > 0) {
var remainderData = data.substring(iterator * 4 + 0, leng);
var tempByte = strToBt(remainderData);
var encByte;
if (firstKey != null && firstKey != "" && secondKey != null && secondKey != "" && thirdKey != null && thirdKey != "") {
var tempBt;
var x, y, z;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, secondKeyBt[y]);
}
for (z = 0; z < thirdLength; z++) {
tempBt = enc(tempBt, thirdKeyBt[z]);
}
encByte = tempBt;
} else {
if (firstKey != null && firstKey != "" && secondKey != null && secondKey != "") {
var tempBt;
var x, y;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
for (y = 0; y < secondLength; y++) {
tempBt = enc(tempBt, secondKeyBt[y]);
}
encByte = tempBt;
} else {
if (firstKey != null && firstKey != "") {
var tempBt;
var x;
tempBt = tempByte;
for (x = 0; x < firstLength; x++) {
tempBt = enc(tempBt, firstKeyBt[x]);
}
encByte = tempBt;
}
}
}
encData += bt64ToHex(encByte);
}
}
}
return encData;
}
在其他位置,又有如下:
$("#rsa").val(strEnc(u + p + b, '1', '2', '3'));
u + p + b 对应如上面函数参数的data ,1、2、3对应firstkey、secondkey、thirdkey
此函数如何在EXEC JS seting 调用呢?
The text was updated successfully, but these errors were encountered: