谷歌ReCaptchaV2逆向
目标网站:
aHR0cHM6Ly9yZWNhcHRjaGEubmV0L3JlY2FwdGNoYS9hcGkyL2RlbW8=
遇到这个验证码 尝试破解一下
点击框框后 会发送一个 reload 的请求
内容为字节 实际就是protobuf编码格式
是一个26个数组的格式 大概就长这样 好多没有值的
{
"1": "bytearray(b'Hq4JZivxx1Tzodj')",
"2": "bytearray(b'03AFcWeA4ixA_LKGmUjwD6l1eA')",
"4": "bytearray(b'!oaegp6IKAAxJ-mHS7SwRGhyw')",
"5": "bytearray(b'-787762967')",
"6": "bytearray(b'fi')",
"14": "bytearray(b'6Le-wvkSAAAAAPBMRTvw0Q4Muexq9bi0DJwx_mJ-')",
"16": "bytearray(b'0SwpSjrxO6h8')",
"20": "bytearray(b'tbMSwxMzgsMTxGNoYS5uZXQiXV0')",
"25": "bytearray(b'W10')"
}
就需要详细分析一下不同位置值的含义了
1 是js代码代号?
2 是前面返回的 captcha-token
4 是vmp 返回的结果
5和16 是同一字符串返回的不同结果 就是下面这组75个数组转的字符串
[null,null,null,null,"61e2",6,null,null,null,null,null,null,null,null,null,null,["xxxx"],2,"xxx=",null,null,null,null,null,null,null,null,["x",1632,576],["x",3553,564],["x",3838,586],["bFA",["\"[]\"",3215,0],[[["Chromium","116"],["x,"24"],["xe","116"]],0,"xx"],[],null,["xxx",148819652,0]]
具体内容代表什么含义就得自己扣了 挺费劲的
20 25 也是同一字符串返回的
最终需要去请求 verify 去验证一下子
[
"uvresp",
返回了这就是过啦
"03AFcWeA7wPxIdQ1obebG-cogi-UAnu_mvlNamBHjKl2n-Kx9PMgH-y2OB-zZtt2gIBNr8BaF4Zeh1yhk76QRB9OthA8MrCGFxPGbjj4wxxuwlvGe8qJ48ivLWYez6FFzjWGnQgnmy-cwmImJEvhZ15issuulYlJ2YWHFfUskO4sv5uxxxxxxxxxxxadsasdawdawdaaiuawgdfiuagwduygawiuydguyagwdiuyawdWwi7gIxL9x76oyCoy1gfT9ekaiEBrI7MgoMnrHp1UfZywxjDCWQBN3i8dpVT6Ie-FR8YsjF31aUHUoMREcNs6ir2Jg32dZwpjeIYta2705Dntv4b4jYPUBIf8JT_QddxmaLjzN_Z8-YmTd37wDJfbJA_1iWFAyyUdLPe23LnnaxXEKy4rhh9iISfdvNCCGLbZ41kwUPyTbanzbzlD1FC_O7xfZbAyLhZCH5Amb7OGlyG56PszwjuobtWTda0TvHdZaDfuTLoN_sZ_e74GBtTGMmIOJEf2XPBRWUdUQMbVF4v4rT6Dg8t3Uo-eKzQ",
1,120,null,null,null,null,null,
"09AH4jZCS5DAaG3KfUzYtwi_FJiLwPBawkdhajkwhdjkahwdjkawdVEQgmCIOS_g5ORDyMC7lD19iTVZdnGpbnMl7g"]
代码提交结果
这个难点在于 postMessage 和onmessage 传递的参数 还有异步函数
找值比较费劲