某章大模型JS逆向

关键词：Hook、F12、Websocket 

 https://playground.xes1v1.cn/MathGPT

目录

一、按F12毫无反应、按右键→检查毫无反应

分析：网站禁止了F12和右键菜单

解决：先打开空白网页，打开F12，再进入目标网站

二、进入网站，一秒之后，网站跳转空白网页

分析：网站有定时任务，每隔一秒进行开发者工具的检测。

解决：使用无限循环hook清除定时任务

三、发起提问

分析：网站可能没有使用http的会话形式

解决：查看websocket栏

四、websocket会话

五、逆向

分析：发现采用的都是明文

解决：直接逆向即可。先获取session_id，再进行会话。

---

 

一、按F12毫无反应、按右键→检查毫无反应

分析：网站禁止了F12和右键菜单

解决：先打开空白网页，打开F12，再进入目标网站

二、进入网站，一秒之后，网站跳转空白网页

分析：网站有定时任务，每隔一秒进行开发者工具的检测。

解决：使用无限循环hook清除定时任务

登录后复制

for (var i = 0; i < 9999999; i++)
    window.clearInterval(i)

• 1.
• 2.

三、发起提问

只发现了一个貌似有点用的XHR请求。但是试了多次会话请求始终没有找到。

分析：网站可能没有使用http的会话形式

解决：查看websocket栏

四、websocket会话

五、逆向

分析：发现采用的都是明文

解决：直接逆向即可。先获取session_id，再进行会话。

登录后复制

import asyncio
import json

import requests
import websockets


class WebSocketClient:
    def __init__(self):
        self.session_id = WebSocketClient.get_session_id()
        self.uri = "wss://openai.100tal.com/mathgpt/learning/ask/ws?" \
                   "language=cn" \
                   "&device_id=TAL1118ECCE82" \
                   "&client_id=000000" \
                   "&ver_num=1.19.01" \
                   "&x-user-source=pc" \
                   "&x-user-token=tal173BWpdiPmvPfb5VSmrLgABBhwbveINZkk89nhKZ3dOIPBWniWazhJ-LNdzZgU9911Sl_MrUKYcfD5bZ4irnCo" \
                   "&type=0" \
                   f"&session_id={self.session_id}"
        self.headers = {
            "Pragma": "no-cache",
            "Origin": "https://playground.xes1v1.cn",
            "Accept-Language": "zh-CN,zh;q=0.9",
            "Sec-WebSocket-Key": "Jjl123VyGJYlr4I123U6IA==",
            "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36",
            "Upgrade": "websocket",
            "Cache-Control": "no-cache",
            "Connection": "Upgrade",
            "Sec-WebSocket-Version": "13",
            "Sec-WebSocket-Extensions": "permessage-deflate; client_max_window_bits"
        }
        self.websocket = None
        self.result = ''
        self.ask_id = None
        self.running = True

    async def connect_and_send(self, message):
        self.websocket = await websockets.connect(self.uri, extra_headers=self.headers)
        await self.websocket.send(message)
        await self._receive_messages()
        await self.websocket.close()
        return self.ask_id, self.result

    async def _receive_messages(self):
        try:
            while self.running:
                response = await self.websocket.recv()
                loads = json.loads(response)
                if 'result' in loads:
                    self.result += loads['result']
                if 'ask_id' in loads:
                    self.ask_id = loads['ask_id']

                if 'status' in loads and loads['status'] == 99999:
                    self.running = False
        except websockets.exceptions.ConnectionClosed:
            pass

    @staticmethod
    def get_session_id():
        """
        获取session_id
        """
        url = "https://openai.100tal.com/mathgpt/learning/dialogue/create"

        payload = json.dumps({"language": "cn", "type": 0})
        headers = {
            'client_id': '000000',
            'device_id': 'TAL11CCE82',
            'ver_num': '1.19.01',
            'x-user-source': 'pc',
            'x-user-token': 'tal173BWpdiPmvPfb5VSmrLgABBhwbveINZkk89nhKZ3dOIPBWniWazhJ-LNdzZgU9911Sl_MrUKYclklqf6-kg4',
            'User-Agent': 'Apifox/1.0.0 (https://apifox.com)',
            'Content-Type': 'application/json;charset=UTF-8'
        }

        response = requests.request("POST", url, headers=headers, data=payload)
        res = response.content.decode('utf-8')
        loads = json.loads(res)
        return loads['data']['session_id']

    def run_sync(self, message):
        msg = {
            "session_id": self.session_id,
            "language": "cn",
            "example": 0,
            "ask_id": 0,
            "parent_id": 0,
            "class_type": None,
            "output_line": 0,
            "messages": [
                {
                    "role": "user",
                    "content": message,
                    "token_class": 0,
                    "token_130b": 0
                }
            ]
        }
        loop = asyncio.get_event_loop()
        ask_id, result = loop.run_until_complete(self.connect_and_send(json.dumps(msg)))
        return ask_id, result

    def delete(self, id):
        url = "https://openai.100tal.com/mathgpt/learning/dialogue/remove"

        payload = json.dumps({"language": "cn", "id": id})
        headers = {
            'client_id': '000000',
            'device_id': 'TAL1118E46CCE82',
            'ver_num': '1.19.01',
            'x-user-source': 'pc',
            'x-user-token': 'tal173BWpdiPmvPfb5VSmrLgABBhwbveINZkk89nhKZ3dOIPBWniWazhJ-LNdzZgU9911Sl_MrUKYclL41lSklqf6-kg4',
            'User-Agent': 'Apifox/1.0.0 (https://apifox.com)',
            'Content-Type': 'application/json;charset=UTF-8'
        }

        response = requests.request("POST", url, headers=headers, data=payload)

        return response.content.decode('utf-8')


if __name__ == "__main__":
    client = WebSocketClient()
    ask_id, result = client.run_sync("你知道唐朝诡事录之西行吗？")
    print(ask_id)
    print(result)
    client.delete(ask_id)

• 1.
• 2.
• 3.
• 4.
• 5.
• 6.
• 7.
• 8.
• 9.
• 10.
• 11.
• 12.
• 13.
• 14.
• 15.
• 16.
• 17.
• 18.
• 19.
• 20.
• 21.
• 22.
• 23.
• 24.
• 25.
• 26.
• 27.
• 28.
• 29.
• 30.
• 31.
• 32.
• 33.
• 34.
• 35.
• 36.
• 37.
• 38.
• 39.
• 40.
• 41.
• 42.
• 43.
• 44.
• 45.
• 46.
• 47.
• 48.
• 49.
• 50.
• 51.
• 52.
• 53.
• 54.
• 55.
• 56.
• 57.
• 58.
• 59.
• 60.
• 61.
• 62.
• 63.
• 64.
• 65.
• 66.
• 67.
• 68.
• 69.
• 70.
• 71.
• 72.
• 73.
• 74.
• 75.
• 76.
• 77.
• 78.
• 79.
• 80.
• 81.
• 82.
• 83.
• 84.
• 85.
• 86.
• 87.
• 88.
• 89.
• 90.
• 91.
• 92.
• 93.
• 94.
• 95.
• 96.
• 97.
• 98.
• 99.
• 100.
• 101.
• 102.
• 103.
• 104.
• 105.
• 106.
• 107.
• 108.
• 109.
• 110.
• 111.
• 112.
• 113.
• 114.
• 115.
• 116.
• 117.
• 118.
• 119.
• 120.
• 121.
• 122.
• 123.
• 124.
• 125.
• 126.
• 127.
• 128.

原创作者: u_14121041 转载于: https://blog.51cto.com/u_14121041/11701062