dro44817 2017-06-23 23:13
浏览 64
已采纳

尝试自动访问使用Javascript加密表单数据的Web界面[关闭]

First, thank you for taking the time to read this. I am pretty sure this is not a failure of my google-fu.

I am trying to build an automation tool to access a device that has an HTTP/HTML interface. (Specifically, it is an IP Telephone.) The login page has a username field and a password field, but that form doesn't get submitted. A hidden form gets filled in with a combination of extra data from the device that it uses as an RSA key, then MD5 hash and AES encryption of a string, before submitting the hidden form.

It also sets session cookies via Javascript, with session id obtained via Ajax. I gave up on a similar project a year or two ago when I got mired in trying to port the Javascript functions to php and/or replicate the results, but I have to believe there's a better way than that.

function ajaxSucceedCallBack(req, res)
{
if (/^[\w,]+$/.test(res))
{
    var res = res.split(",");
}
var rsa = new RSAKey();
var sessid = "";

if (res.length == 3)
{
    rsa.setPublic(res[0], res[1]);
    sessid = res[2];
    document.cookie = "JSESSIONID=" + sessid;
}

var key = CryptoJS.MD5(Math.random().toString()).toString();
document.formInput2.key.value = rsa.encrypt(key);
key = CryptoJS.enc.Hex.parse(key);
var iv = CryptoJS.MD5(Math.random().toString()).toString();
document.formInput2.iv.value = rsa.encrypt(iv);
iv = CryptoJS.enc.Hex.parse(iv);
var data = "rand=" + Math.random() + ";";
data += "sessionid=" + sessid + ";";
data += "username=" + document.formInput.username.value + ";";
data += "pwd=" + document.formInput.pwd.value + ";";
data = "MD5=" + CryptoJS.MD5(data) + ";" + data;
var encrypted = CryptoJS.AES.encrypt(data, key, 
  { iv:iv, mode:CryptoJS.mode.CBC, padding:CryptoJS.pad.ZeroPadding });
document.formInput2.data.value = encrypted.toString();
document.getElementById("notice").innerHTML="";
document.formInput2.submit();
}

The end goal is to have a web interface on a single system that is able to automatically log in and download and upload the configuration file from/to all of the devices. I am starting this in php, but if it works, I'm happy with perl, python, making calls to curl, even bash script if it gets the job done.

Thank you for your time.

  • 写回答

1条回答 默认 最新

  • dragon_9000 2017-06-23 23:24
    关注

    If you don't care about the performance of the automation, a simple way to do it is using WebDriver. See an example in Python: http://selenium-python.readthedocs.io/getting-started.html

    Essentially it starts up a browser that you can control from Python (or other languages). If you don't want the overhead of starting up a browser you could use Node.js for example.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 有赏,i卡绘世画不出
  • ¥15 如何用stata画出文献中常见的安慰剂检验图
  • ¥15 c语言链表结构体数据插入
  • ¥40 使用MATLAB解答线性代数问题
  • ¥15 COCOS的问题COCOS的问题
  • ¥15 FPGA-SRIO初始化失败
  • ¥15 MapReduce实现倒排索引失败
  • ¥15 ZABBIX6.0L连接数据库报错,如何解决?(操作系统-centos)
  • ¥15 找一位技术过硬的游戏pj程序员
  • ¥15 matlab生成电测深三层曲线模型代码