Nodeseek跳過驗證自動登錄

滲透逆向 · 04-06 · 357 人浏览
Nodeseek跳過驗證自動登錄

看了一篇帖子,找到了思路來源
對於登錄包,我們通過f12查看到請求網址為:https://www.nodeseek.com/api/account/signIn 該請求為post。
2024-04-06T08:19:28.png

然後查看載荷發現該post包,由四部分組成:
password
username
token
version

可以看到token是必備的,儅看到v3的時候我的反應是 reCaptcha V3驗證。
2024-04-06T08:21:50.png

整理思路:
1.注冊api用來跳過驗證
2.提取api返回的響應
3.將api返回的響應添加並模擬發送post包


正文開始:
1.首先注冊yescaptcha
2.獲取 ReCaptcha 网站密钥、Action,websiteURL,分別為:
6LebtWYjAAAAAGeCv0BCBmvCcdgZiU6VbLfV3xkt
submit
https://www.nodeseek.com/api/account/signIn
2024-04-06T08:38:16.png
2024-04-06T08:40:41.png

或者 f12后 在控制臺輸入以下脚本:

function findRecaptchaClients() {
  // eslint-disable-next-line camelcase
  if (typeof (___grecaptcha_cfg) !== 'undefined') {
    // eslint-disable-next-line camelcase, no-undef
    return Object.entries(___grecaptcha_cfg.clients).map(([cid, client]) => {
      const data = { id: cid, version: cid >= 10000 ? 'V3' : 'V2' };
      const objects = Object.entries(client).filter(([_, value]) => value && typeof value === 'object');

      objects.forEach(([toplevelKey, toplevel]) => {
        const found = Object.entries(toplevel).find(([_, value]) => (
          value && typeof value === 'object' && 'sitekey' in value && 'size' in value
        ));
     
        if (typeof toplevel === 'object' && toplevel instanceof HTMLElement && toplevel['tagName'] === 'DIV'){
            data.pageurl = toplevel.baseURI;
        }
        
        if (found) {
          const [sublevelKey, sublevel] = found;

          data.sitekey = sublevel.sitekey;
          const callbackKey = data.version === 'V2' ? 'callback' : 'promise-callback';
          const callback = sublevel[callbackKey];
          if (!callback) {
            data.callback = null;
            data.function = null;
          } else {
            data.function = callback;
            const keys = [cid, toplevelKey, sublevelKey, callbackKey].map((key) => `['${key}']`).join('');
            data.callback = `___grecaptcha_cfg.clients${keys}`;
          }
        }
      });
      return data;
    });
  }
  return [];
}
findRecaptchaClients()

3.創建一個任務 參考地址
請求api
国际节点 https://api.yescaptcha.com
国内节点 https://cn.yescaptcha.com

請求網址:https://api.yescaptcha.com/createTask
请求格式:POST application/json

{
    "clientKey": "yescaptcha key",
    "task": {
        "websiteURL" : "https://www.nodeseek.com/api/account/signIn",
        "websiteKey" : "6LebtWYjAAAAAGeCv0BCBmvCcdgZiU6VbLfV3xkt",
        "pageAction" : "submit", 
        "type" : "RecaptchaV3TaskProxylessM1S9"
    }
}

獲取到了任務id

{
    "errorId": 0,
    "errorCode": "",
    "errorDescription": "",
    "taskId": "61138bb6-19fb-11ec-a9c8-0242ac110006" // 请记录此ID
}

4.請求任務id,判斷是否返回跳過驗證成功
国际节点 https://api.yescaptcha.com
国内节点 https://china.yescaptcha.com

请求地址: https://api.yescaptcha.com/getTaskResult

请求格式:POST application/json

{
    "clientKey":"cc9c18d3e263515c2c072b36a7125eecc078618f3",
    "taskId": "61138bb6-19fb-11ec-a9c8-0242ac110006"
}

例如請求返回了以下,那麽gRecaptchaResponse的值,就是跳過驗證的唯一值,也就是Nodeseek的token:

{
    "errorId": 0,
    "errorCode": null,
    "errorDescription": null,
    "solution": {
        "gRecaptchaResponse": "03AGdBq25SxXT-pmSeBXjzScW-EiocHwwpwqtk1QXlJnGnU......"
    },
    "status": "ready"
}

5.獲取到了token,那麽正常發送請求就好了。

本站立足于美利堅合衆國,請讀者自覺遵守當地法律!如有違規,本站不承擔任何法律責任! This site is based in the United States of America, readers are requested to abide by local laws! If there are any violations, this site does not bear any legal responsibility! Theme Jasmine by Kent Liao