用JAVASCRIPT加密HTML源代码,它是如何工作的?

piok6c0g  于 2022-11-20  发布在  Java
关注(0)|答案(5)|浏览(200)

我正在检查是否有可能真正加密html代码或没有。我发现一个地方,他们加密的HTML代码在Javascript。我想知道它是如何工作的或在什么格式可以有人请告诉我?
实际代码

<!DOCTYPE html>
<html>
<body>

<p>This is going to be encrypted.</p>
</body>
</html>

加密的HTML代码

<html>
<head>
</head>
<body>

<script type="text/javascript">
<!-- 
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%69%31%64%62%33%31%39%65%38%61%66%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%37%36%39%35%39%36%38%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%38%31%33%35%32%39%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%33%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%69%31%64%62%33%31%39%65%38%61%66%28%27') + '%3b%21%46%51%44%56%59%5b%49%20%6e%75%79%6b%44%11%0e%3d%6a%72%78%6e%42%15%0f%36%61%77%66%7f%43%11%08%18%0c%3c%76%43%5e%6f%69%77%20%6e%77%26%62%73%6f%74%68%2a%73%77%22%66%6a%22%6d%79%67%76%79%71%7e%6c%62%30%3c%30%72%44%18%0c%3c%37%67%7b%63%79%40%13%0f%3e%37%63%76%73%6a%437695968%34%35%31%33%32%31%35' + unescape('%27%29%29%3b'));
// -->
</script>
<noscript><i>Javascript required</i></noscript>

</html>

你可以试着在他们的文件中运行。它不费任何力气就能工作。所以有人能告诉你它是怎么加密的吗?或者是什么加密?

ajsxfq5m

ajsxfq5m1#

这被称为**URL-encoding或百分比编码。使用JavaScript的unescape()**方法可以很容易地恢复这种编码,如图所示。
第一行解密为:

function i1db319e8af(s) {
    var r = "";
    var tmp = s.split("7695968");
    s = unescape(tmp[0]);
    k = unescape(tmp[1] + "813529");
    for( var i = 0; i < s.length; i++) {
        r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-3);
    }
    return r;
}

第二行分为三部分:

document.write(i1db319e8af('

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215

'));

合并为:

document.write(i1db319e8af(';!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC76959684513215'));

这会将字串;!FQDVY[I nuykD=jrxnB6awfC <vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD <7g{cy@>7cvsjC76959684513215当做函式参数传递至i1db319e8af函式,然后将结果写入页面。
然后i1db319e8af函数获取该字符串,并在7695968上将其拆分为两部分。这样,您就有了一个名为tmp的变量,它包含两部分:

;!FQDVY[I nuykD=jrxnB6awfC<vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD<7g{cy@>7cvsjC
4513215

k4513215)中添加了字符串813529,该字符串获得了附加,导致变量为4513215813529
然后,该函数在;!FQDVY[I nuykD=jrxnB6awfC <vC^oiw nw&bsoth*sw"fj"mygvyq~lb0<0rD <7g{cy@>7cvsjC的长度上循环,并根据字符在该字符串中的位置返回看起来是字符的内容。
请注意,这可能返回12个字符或 * 更多 *,因为它在字符``处停止,认为它是无效的(不是UTF-8的字符)。
不幸的是,我目前没有访问沙箱的权限,所以我不能进一步深入。希望这能给予你你正在寻找的信息:)

inn6fuwd

inn6fuwd2#

Unescape对十六进制字符代码进行操作。
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/unescape

var myAwesomeHTMLString = "<p>Weeeee</p>";
var hexEncoded = '';

for (var i = 0; i < myAwesomeHTMLString.length; i++) {
  hexEncoded += '%'+ myAwesomeHTMLString.charCodeAt(i).toString(16);
}

console.log("'encoded': "+ hexEncoded);
console.log("'unencoded': "+ unescape(hexEncoded));
6mw9ycah

6mw9ycah3#

这将是非常弱的加密,因为解密所需的所有内容都在浏览器中容易获得,即unescape方法。

5vf7fwbs

5vf7fwbs4#

script type='application/ld+json' class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://avormin.in/#website","url":"https://avormin.in/","name":"\u0909\u0924\u094d\u092a\u093e\u0926 \u0938\u092e\u0940\u0915\u094d\u0937\u093e","potentialAction":{"@type":"SearchAction","target":"https://avormin.in/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://avormin.in/arthrazex#primaryimage","url":"https://avormin.in/wp-content/uploads/2020/01/1-3.jpg","width":700,"height":300},{"@type":"WebPage","@id":"https://avormin.in/arthrazex#webpage","url":"https://avormin.in/arthrazex","inLanguage":"en-US","name":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902.","isPartOf":{"@id":"https://avormin.in/#website"},"primaryImageOfPage":{"@id":"https://avormin.in/arthrazex#primaryimage"},"datePublished":"2020-01-31T21:00:27+03:00","dateModified":"2020-01-31T21:00:27+03:00","author":{"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af"},"description":"Arthrazex \u091c\u094b\u0921\u093c\u094b\u0902 \u0915\u0947 \u0932\u093f\u090f: \u0938\u0942\u091c\u0928 \u0914\u0930 \u091c\u0932\u0928 \u0926\u0942\u0930 \u0915\u0930\u0924\u0940 \u0939\u0948. \u0938\u092e\u0940\u0915\u094d\u0937\u093e, \u092e\u0942\u0932\u094d\u092f, \u092f\u0939 \u0915\u0948\u0938\u0947 \u0915\u093e\u092e \u0915\u0930\u0924\u093e \u0939\u0948, \u0930\u091a\u0928\u093e, \u0915\u0939\u093e\u0902 \u0938\u0947 \u0916\u0930\u0940\u0926\u0947\u0902."},{"@type":["Person"],"@id":"https://avormin.in/#/schema/person/99c8a23bb122b30eb43f5f425a89e0af","name":"author2","image":{"@type":"ImageObject","@id":"https://avormin.in/#authorlogo","url":"https://secure.gravatar.com/avatar/2696bbcbc2e8deeea6af0e36de8e159d?s=96&d=mm&r=g","caption":"author2"},"sameAs":[]}]}</script>
cgh8pdjw

cgh8pdjw5#

https://youtu.be/Wjth4Wln5S0
请看视频,如果你需要的脚本来收件箱

相关问题