Cookie encryption 8

Refer to the website 【2021-06-07】JS Reverse flush cookie( newest v Values obtained )_ o J~ The blog of -CSDN Blog _ Flush reverse

Supplementary information , Read cookie, Refer to the website ：https://www.jb51.net/article/249192.htm

You can also for cookie Add an expiration time （ With UTC or GMT Time ）. By default ,cookie Delete... When browser is closed ：

document.cookie="username=John Doe; expires=Thu, 18 Dec 2043 12:00:00 GMT";

You can use path Parameters tell the browser cookie The path of . By default ,cookie Belongs to the current page .

document.cookie="username=John Doe; expires=Thu, 18 Dec 2043 12:00:00 GMT; path=/";

Supplementary knowledge ：cookie Generation process of

       （1） When the client's request arrives at the server , On the server side, you can Cookie The value is written in the response header and returned to the client .

       （2） Client side tools （ Such as browser ） When rendering a page , By in the page JavaScript Code generation Cookie value .
        take Cookie and JavaScript Combined to achieve anti - crawler . We were studying JavaScript I learned that ,Location object （ namely window.location object ） You can redirect your browser to another page , Can we take advantage of this feature ？ If in HTML The code introduces a that redirects the browser to the target page JavaScript file , And in this file to achieve random string generation and Cookie Set function , Then the server side only needs to verify Cookie The rule of value .

        A simple verification is that a page springboard needs to be set here , When a user wants to request a content page , The browser will jump to the springboard page first , Execute... On the page JavaScript Code in file , complete Cookie Values are generated and set before redirecting the browser to the content page . So there are some hook Go to the main page , however cookie The encryption process cannot be disconnected .

      （3） stay HTML file JavaScript The file import , The code is as follows ：<script src="fet.js"></script>JavaScript The code generates a timestamp of the current time , The timestamp is spliced with a random string and then used as Cookie Value to initiate the request . Now nginx Not only do you need to verify random strings according to rules , You also need to get the current timestamp of the server , take Cookie Value and the current timestamp , When the time difference exceeds a certain time （ Such as 5
second ）, It can be concluded that Cookie It's a forgery .

Target website ：aHR0cDovL3guMTBqcWthLmNvbS5jbi9zdG9ja3BpY2svc2VhcmNoP3R5cGVkPTEmcHJlUGFyYW1zPSZ0cz0xJmY9MSZxcz1yZXN1bHRfcmV3cml0ZSZzZWxmc2VjdHNuPSZxdWVyeXR5cGU9c3RvY2smc2VhcmNoZmlsdGVyPSZ0aWQ9c3RvY2twaWNrJnc9JUU4JThBJUFGJUU3JTg5JTg3JnF1ZXJ5YXJlYT0=
 

Grab the bag directly , I found that I visited twice , For the second time, I took cookie,v Parameters

First visit   There are two things , The first is to redirect the URL , The second is to set cookie

direct hookcookie

(function() {
  
          'use strict';
   
           var _cookie = ""; // hook cookie
   
           Object.defineProperty(document, 'cookie', {
        
                   set: function(val) {
           
                          console.log('cookie set->', new Date().getTime(), val);
          
                         debugger;
           
                        _cookie = val;
           
                         return val;
       
                   },
       
                   get: function() {
            
                          console.log('coookie:'+_cookie);
           
                          return _cookie;
       
                  }
  
          });

})()

  Direct pursuit js,v Encrypted location , Follow up on your own ：

  then fidder simulation , Successful visit