解决web及移动端H5数据加密Burp调试-通用解决方案
License: GNU General Public License v3.0
站在大佬的肩膀上继续前行。
由于一些原因,现在大部分金融站点、APP都进行了加密,正好忙里偷闲改个轮子,方便大家使用。
在此感谢两位大佬
https://github.com/G-Security-Team
本项目是基于两位大佬的进行二开,具体原理请移步
https://github.com/G-Security-Team/JS-Forward/
原理图:
使用介绍:
将生成的payload直接插入到要篡改的变量前。
解密前:
解密后:
可实现对加密包的全自动化加解密,更方便各位师傅转发到X-RAY、sqlmap等工具上。
传输过程:
注:https站点需要信任证书
前置知识:https://mp.weixin.qq.com/s/1fisk5MumDcCLmSFJWaRpA
个人推荐练习靶场:
yakit Vulinbox
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
