dro44817 2017-06-23 23:13
浏览 64
已采纳

尝试自动访问使用Javascript加密表单数据的Web界面[关闭]

First, thank you for taking the time to read this. I am pretty sure this is not a failure of my google-fu.

I am trying to build an automation tool to access a device that has an HTTP/HTML interface. (Specifically, it is an IP Telephone.) The login page has a username field and a password field, but that form doesn't get submitted. A hidden form gets filled in with a combination of extra data from the device that it uses as an RSA key, then MD5 hash and AES encryption of a string, before submitting the hidden form.

It also sets session cookies via Javascript, with session id obtained via Ajax. I gave up on a similar project a year or two ago when I got mired in trying to port the Javascript functions to php and/or replicate the results, but I have to believe there's a better way than that.

function ajaxSucceedCallBack(req, res)
{
if (/^[\w,]+$/.test(res))
{
    var res = res.split(",");
}
var rsa = new RSAKey();
var sessid = "";

if (res.length == 3)
{
    rsa.setPublic(res[0], res[1]);
    sessid = res[2];
    document.cookie = "JSESSIONID=" + sessid;
}

var key = CryptoJS.MD5(Math.random().toString()).toString();
document.formInput2.key.value = rsa.encrypt(key);
key = CryptoJS.enc.Hex.parse(key);
var iv = CryptoJS.MD5(Math.random().toString()).toString();
document.formInput2.iv.value = rsa.encrypt(iv);
iv = CryptoJS.enc.Hex.parse(iv);
var data = "rand=" + Math.random() + ";";
data += "sessionid=" + sessid + ";";
data += "username=" + document.formInput.username.value + ";";
data += "pwd=" + document.formInput.pwd.value + ";";
data = "MD5=" + CryptoJS.MD5(data) + ";" + data;
var encrypted = CryptoJS.AES.encrypt(data, key, 
  { iv:iv, mode:CryptoJS.mode.CBC, padding:CryptoJS.pad.ZeroPadding });
document.formInput2.data.value = encrypted.toString();
document.getElementById("notice").innerHTML="";
document.formInput2.submit();
}

The end goal is to have a web interface on a single system that is able to automatically log in and download and upload the configuration file from/to all of the devices. I am starting this in php, but if it works, I'm happy with perl, python, making calls to curl, even bash script if it gets the job done.

Thank you for your time.

  • 写回答

1条回答 默认 最新

  • dragon_9000 2017-06-23 23:24
    关注

    If you don't care about the performance of the automation, a simple way to do it is using WebDriver. See an example in Python: http://selenium-python.readthedocs.io/getting-started.html

    Essentially it starts up a browser that you can control from Python (or other languages). If you don't want the overhead of starting up a browser you could use Node.js for example.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 解决一个加好友限制问题 或者有好的方案
  • ¥15 关于#java#的问题,请各位专家解答!
  • ¥15 急matlab编程仿真二阶震荡系统
  • ¥20 TEC-9的数据通路实验
  • ¥15 ue5 .3之前好好的现在只要是激活关卡就会崩溃
  • ¥50 MATLAB实现圆柱体容器内球形颗粒堆积
  • ¥15 python如何将动态的多个子列表,拼接后进行集合的交集
  • ¥20 vitis-ai量化基于pytorch框架下的yolov5模型
  • ¥15 如何实现H5在QQ平台上的二次分享卡片效果?
  • ¥30 求解达问题(有红包)