Preface:
Do penetration testing found that the front-end keywords encrypted, and the parameters passed to the signature, which led to I can not change the value of the parameters, was going to use JSforward to bypass, the results of attempts failed, so ultimately it is still through the python to write the encryption method for the test. js signing method has been found, it is through the signature of the MD5, the md5 will be added to the server issued by the AES secret key (password encrypted by AES), and the secret key for the fixed secret key, so here is not very difficult, but encountered a pit, that is, thepythoncap (a poem)jstreat (sb a certain way)jsonTo carry out md5 fetch hash,MD5 result value is inconsistent, so looking for methods on the Internet, and finally found the reason, the next record.
Encrypted packets:
Signature method is MD5
python to {'name':'anan','age':'18'} Convert to json string:
The js conversion of {'name':'anan','age':'18'} to a json string:
Compare results:
pythonpass (a bill or inspection etc)Processing results in an extra space between the : and the value
{"name": "anan", "age": "18"} #python
{"name":"anan","age":"18"} #jsHandling:
(data, separators=(",", ":"))
to this article on python and js for MD5 hash what is the difference between the article is introduced to this, more related to python and js for MD5 hash difference content, please search for my previous articles or continue to browse the following related articles I hope you will support me more in the future!