Questionnaire star questionnaire packet capturing analysis

Google debugging analysis

Submitted package data

Pictured , You can see that the submission is data , Let's start with jqsign To perform a global search

Attention points for this global search

Do a global search before committing ctrl+shift+F Search to find , Otherwise, the global search will not find anything after the submission is completed

Pictured , Search without submitting , You can see jqsin keyword

Web source code analysis

jqnonce( later stage jqsign Encryption requires )

In the web page source code ~ So every time you request a web page, it changes

rndnum( Late submission requests require )

• There are still pages

// The web page provides many parameters 
var isYdb=0;
var isPub=0;
var isQywx =0;
var isinterview =0;
var isQywxAnswerChangeUrl = '';
var cqType=1;
var ddcorpid="";
var sojumpParm='';
var parmsign='';
var casign='';
var cats='';
var endTs='';
var isKaoShi=0;
var lastTopic=0;
var Password = window.Password ? window.Password : "";
var PasswordExt = window.PasswordExt ? window.PasswordExt : "";
var pwdExt="";
var emailName="";
var displayExt="";
var phoneName="";
var wxNickName="";
var cepingName="";
var guid = "";
var udsid=0;var fromsour="";
var langVer=0;
var cProvince="";
var cCity="";
var cIp="";
var divTip=document.getElementById("divTip");
var displayPrevPage="none";
var inviteid='';var jbkid='';
var access_token="";
var openid = "";
var unionId = "";
var wxUserId = ""; 
var isQQLogin=0;
var isDingTalkLogin = 0;
var wxthird=0;
var parterts="";
var parterjoiner="";
var partersign="";
var parterrealname="";
var parterextf="";
var parterdept="";
var parterpuser="";
var relusername="";
var relts="";
var relsign="";
var relrealname="";
var reldept="";
var relext = "";
var writeuser = "";
var formopen="";
var formts="";
var formsign="";
var formnick="";
var nbk=0;
var corpId="";
var flist=0;
var isPvw=0;
var user_token="";
var IsSampleService=0;
var hashb=0;
var sjUser='';
var sjts='';
var sjsign='';
var outuser='';
var sourcelink='';
var outsign='';
var sourceurl = '';
var sourcename="";
var isSimple='';
var jiFenBao=0;
var isRunning=1;
var SJBack='';var jiFen="0";
var FromSj=0;
var ItemDicData="";
// Need to use 
var rndnum="1792470105.05000187";
var totalPage=1;
var totalCut=0;
var cepingCandidate="";
var allowPart =0;
var showTotalScore =0;
var OneaTime =0;
var oneDept =0;
var oneneedcontcp =0
var cpid="";
var needSaveJoin=0;
var isChuangGuan=0;
// Need to use 
var jqnonce="61348c0e-ff49-4ffb-b2a7-f60ae3106771";
var maxCgTime=0;
var maxOpTime=0;
// Need to use , Post commit just changes 
var qBeginDate="1656339402157";
var randomMode=0;
var fisrtLoadTime=new Date().getTime();
var canAward=1;
var allowAward=1;
var isVip =0;
var emUserName = "V30SQaxJ9+XY5Hw0HBxVmINnib19XMvSDwMRfIUgpMA=";
var LogStoreLocal=0;
var needAddList=0;

var needLogCompanyId=0;
var needHBAlert=0;
var isPromoteing=0;
var prsjts = "";
var  prsjsign = "";
var  cityPeiEQues = "";

var ishydj = 0;
var canEditAnswer = 0;
var forbidEditStr = "";
var markerText = '';
var jumpOrgMinPro =1;
var progressBarType = 1;
var isdingtalkFreeUser = 0
var themeId = "";
var fengmainId = "";
var backgroundId = "";
var useNewAppearance = "1";
var hasTouPiao =0;
var compressPictures =0;
var completeResultType = 1;

jqsign Parameter encryption analysis

Encryption key js And code , Pictured

Code

/*a For web pages window.jqnonce Parameters of  ktimes  Number of clicks on the page  */
function dataenc(a,ktimes) {
    
    var c, d, e, b = ktimes % 10;
    for (0 == b && (b = 1),
    c = [],
    d = 0; d < a.length; d++)
        e = a.charCodeAt(d) ^ b,
        c.push(String.fromCharCode(e));
    return encodeURIComponent(c.join(""));
}

dataenc("fcabefd7-5003-480f-a256-6f0e24f813be",2);
// Return content 
//dac%60gdf5%2F7221%2F6%3A2d%2Fc074%2F4d2g06d%3A31%60g

Parameters

• Here we use https://www.wjx.cn/vm/tuf9t53.aspx Take the questionnaire as an example

get Parameters

// Here we use https://www.wjx.cn/vm/tuf9t53.aspx Take the questionnaire as an example 
shortid: tuf9t53 // Questionnaire suffix 
starttime: 2022/6/27 22:31:23 // Starting time 
submittype: 1 // The submission type looks like ( Don't know much about it )
ktimes: 49 // It seems to count the number of clicks on the web page 
hlv: 1 
rn: 1792470105.85906191
jqpram: hyKUJxeSJ // There are... After the web page is loaded 
nw: 1
t: 1656340310465 // Time stamp 
jqnonce: 2b1b7383-4cc2-4b14-a29d-4b53af74a1fc
jqsign: ;k8k>:1:$=jj;$=k8=$h;0m$=k<:ho>=h8oj // Specific to see jqsign Parameter encryption analysis section 

post Parameters

• All the questionnaires here are The radio For example https://www.wjx.cn/vm/tuf9t53.aspx
• The rule of this questionnaire is very simple
  • } Split topic
  • The radio :1$1 The previous representative topic , The following represents the title number

// I choose all here A 了 , You will find the rules 
}  Split topic 
1$1  The previous representative topic , The following represents the title number 
submitdata: 1$1}2$1}3$1}4$1}5$1

• I looked at the multiple choices in the back , Analyze with this questionnaire https://www.wjx.cn/vm/mpPVSKK.aspx
• The rule of this questionnaire is also quite simple
  • } Split topic
  • The radio :1$1 The previous representative topic , The following represents the title number
  • multi-select :6$1|2 The front represents the title , The following represents options , With | Division

// The sixth question is multiple choice , I fast 1,2, So here it is 
// 6$1|2
submitdata: 1$1}2$1}3$1}4$1}5$1}6$1|2}7$1