Record a reptile question bank

Preface

I want to make a wechat app to brush questions , So we need to make a question bank
Don't talk nonsense , I'm a reptile

Crawling

It takes a little longer to load when entering the question brushing website

Yes, indeed vue The front end of development
Request header

accept-encoding: gzip, deflate, br
accept-language: zh-CN,zh;q=0.9
content-length: 2
content-type: application/json;charset=UTF-8
cookie: x-token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjc3d4X3VzZXJfaWQiOiI2OTUwMzAwMTY3MjQxMjAzNzE1IiwibG9naW5fdGltZSI6MTY1NzI0NjI4NDQwMiwiaXNzIjoi6ICD55-l6YCaIiwic2VydmljZS1jb2RlIjoiY3N0ayIsImNzdGtfdXNlcl9pZCI6IjY5NTAzMDAxNjcyNDEyMDM3MTUiLCJleHAiOjE2NTg5NzQyODQ0MDIsImlhdCI6MTY1NzI0NjI4NDQwMn0.XtLBW1Fl4OMSMvKhTPRu4RNj-czvfLgKETNHwLjjyvo
origin:  Manual coding 
referer:  Manual coding 
sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
service-code: cstk
timestamp: 1657335133950
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
version: 3.0.1
web-authorize-flag: hmzJ/IPcepp9QKtustWPqw==
x-authorize-token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjc3d4X3VzZXJfaWQiOiI2OTUwMzAwMTY3MjQxMjAzNzE1IiwibG9naW5fdGltZSI6MTY1NzI0NjI4NDQwMiwiaXNzIjoi6ICD55-l6YCaIiwic2VydmljZS1jb2RlIjoiY3N0ayIsImNzdGtfdXNlcl9pZCI6IjY5NTAzMDAxNjcyNDEyMDM3MTUiLCJleHAiOjE2NTg5NzQyODQ0MDIsImlhdCI6MTY1NzI0NjI4NDQwMn0.XtLBW1Fl4OMSMvKhTPRu4RNj-czvfLgKETNHwLjjyvo

requests Just reproduce
Successful climb subject shapter Data such as

highlight

I found no problem when I crawled the topic
subject list One of them

[{
    
categoryId: "20191218160022-dca2f545-4e2a-4532-878a-cb791bcdd57a"
analysis: " Cyclic redundancy check is used for error detection , Cannot automatically correct errors and regenerate data . The usual practice can be discarded , Automatically request retransmission and report upper layer protocol , The key is to use CRC What is the nature of this agreement . If it is disconnected, discard , If the connection is reliable, request to resend "
analysisFilePath: null
answer: "[{\"option\":\"A\",\"content\":\"  Automatic error correction  \",\"rightFlag\":\"0\"},{\"option\":\"B\",\"content\":\"  Report the upper layer agreement  \",\"rightFlag\":\"0\"},{\"option\":\"C\",\"content\":\"  Regenerate data  \",\"rightFlag\":\"0\"},{\"option\":\"D\",\"content\":\"  Automatic request for resend  \",\"rightFlag\":\"1\"}]"
answerList: null
answertype: null
categoryId: "20191218160022-dca2f545-4e2a-4532-878a-cb791bcdd57a"
chapterId: "1604386088961-f3dedccd-aa5c-408d-9b24-55090ec96241"
collectFlag: 0
fraction: 1
id: "20201103145848-d02188e6-7ff1-45b2-9175-b7072bebd7af"
logId: "61544539661743947776"
questionType: {
    type: "0", name: " Multiple choice questions "}
questionTypeId: null
rightFlag: "0"
seqVal: 1
stem: "iH7ZkmCDBacVeDdbDd/EXGQX/wFx9v341Sb1Jk6vWLD67+XKUKlhdMhRFGHOFDkiUrhhKsPLhZybuQB++DSorgbvQcPkm6bxSP1dY4UY8zvqFSOxEPseI3fZQWUA1je4ecwHyJg9R/QnAA3V3VJj7JKfaHZA3Hi+tLkzWEV3h5Nf4eUfaAON4kvVOQkI6TMevcAwLUVFRtmWAmfFuZWDzw=="
stemFilePath: null
userAnswer: "A"
}]

This is strange ,api return json You can see the title in the front end instead of in the middle
Guess it's cached locally
stay Sources I turned around and didn't see
Guess if you have encountered encryption
stay js Mid search stem
Sure enough
Some encryption functions

 _.forEach((function(q) {
    
                            n.includes(q.questionType.name) || n.push(q.questionType.name);
                            var data = q.stem
                              , e = crypto_js__WEBPACK_IMPORTED_MODULE_15___default.a.enc.Utf8.parse(" Manual coding ")
                              , t = crypto_js__WEBPACK_IMPORTED_MODULE_15___default.a.AES.decrypt(data, e, {
    
                                mode: crypto_js__WEBPACK_IMPORTED_MODULE_15___default.a.mode.ECB,
                                padding: crypto_js__WEBPACK_IMPORTED_MODULE_15___default.a.pad.Pkcs7
                            }).toString(crypto_js__WEBPACK_IMPORTED_MODULE_15___default.a.enc.Utf8);
                            q.stem = t
                        }

original stem The field is passed AES Encrypted
Private key , Encryption modes are given
Trying to decrypt

AES
model:ECB
padding:pkcs7
key: Manual coding 
output:base64

"==" The ending is obviously base64 Output

iH7ZkmCDBacVeDdbDd/EXGQX/wFx9v341Sb1Jk6vWLD67+XKUKlhdMhRFGHOFDkiUrhhKsPLhZybuQB++DSorgbvQcPkm6bxSP1dY4UY8zvqFSOxEPseI3fZQWUA1je4ecwHyJg9R/QnAA3V3VJj7JKfaHZA3Hi+tLkzWEV3h5Nf4eUfaAON4kvVOQkI6TMevcAwLUVFRtmWAmfFuZWDzw==

Output

 Cyclic redundancy check standard CRC-16 The generating polynomial of is G(x)=x^16+x^15+x^2+1, The check code it generates is 16 position , The measures taken by the receiving end after discovering the error are ().

beautiful
Write a script right json Clean
Direct copy json After use navicat Import the database directly
Check it out.

+-----------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| stem                                                                                                                                                      | analysis                                                                                                                                                                                                                                                                             |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|  Cyclic redundancy check standard CRC-16 The generating polynomial of is G(x)=x^16+x^15+x^2+1, The check code it generates is 16 position , The measures taken by the receiving end after discovering the error are ().                                                 |  Cyclic redundancy check is used for error detection , Cannot automatically correct errors and regenerate data . The usual practice can be discarded , Automatically request retransmission and report upper layer protocol , The key is to use CRC What is the nature of this agreement . If it is disconnected, discard , If the connection is reliable, request to resend                                                                                             |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

nice

Postscript

Classic front-end information is not secure
Even if the decryption process is completed by the front end , Can still be crawled
( If you can add a little code confusion, it may be more difficult , But in theory, you can still crawl )
Decryption is done by the back end, not to mention , Direct plaintext transmission
The word "safety" is often remembered