12:js逆向-请求头加密(mcode)

 经过观察得知,这个只有请求头的mcode加密了,一样直接搜索

 

 不要忘了校验:

 

function mcode (){
        var time=Math.floor(new Date().getTime()/1000);
        console.log(time)
        //var time=Math.floor(1675654114);
        return missjson(""+time);
    }
     function missjson (input) {
        var keyStr = "ABCDEFGHIJKLMNOP" + "QRSTUVWXYZabcdef" + "ghijklmnopqrstuv" + "wxyz0123456789+/" + "=";
        var output = "";
        var chr1, chr2, chr3 = "";
        var enc1, enc2, enc3, enc4 = "";
        var i = 0;
        do {
            chr1 = input.charCodeAt(i++);
            chr2 = input.charCodeAt(i++);
            chr3 = input.charCodeAt(i++);
            enc1 = chr1 >> 2;
            enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
            enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
            enc4 = chr3 & 63;
            if (isNaN(chr2)) {
                enc3 = enc4 = 64;
            } else if (isNaN(chr3)) {
                enc4 = 64;
            }
            output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2)
                + keyStr.charAt(enc3) + keyStr.charAt(enc4);
            chr1 = chr2 = chr3 = "";
            enc1 = enc2 = enc3 = enc4 = "";
        } while (i < input.length);

        return output;

    }
    console.log(mcode())

 下面使用py实现

t=int(time.time())
print(t)
mcode=base64.b64encode(str(t).encode()).decode()
print(mcode)

 总结:这里的请求头加密,实际上就是把实时的时间,转化为base64的形式