猎聘点选验证码分析

  • 2018-11-27
  • 2,718
  • 15
  • 8

每周两爆(随缘更新)

猎聘点选

猎聘注册地址 https://passport.liepin.com/h/account#sfrom=click-pc_homepage-front_navigation-hunter_new

请勿用于非法用途


我们随便点一个 提交

Request URL: https://passport.liepin.com/captcha/word/verify.json
Request Method: POST
Status Code: 200 OK
Remote Address: 39.105.6.247:443
Referrer Policy: no-referrer-when-downgrade

challenge=a4cb637c086373969708c7c2471069d8
&collectibles=y9GjEXerxSd1jpGhpv7YiwcvI_KL0kYK3NE5M53Y2hXk9ktGJkMd6HJV44Y6oghgC7rCmf4FoeXbYxmNb4btm5U4Z7WtF-T6U7gCLnxMUKy2-sgSJn5SPoQek49rJtAC7ZRlN12HWjfUJgfedfsuCbCdpoo00zD3Fbnt671cR5B9zAqfaYX0az-WWvnbbn431vy1Yyiiash89b8_8Ctwt3tUruPi_d4J2i7G7iXZ7fsojf35tWTB2QUNCAjRLOa0SPdwUhjHY6Jgjh1B0dE0JYhIiZf29_7nPVc81QKN_3jGZfxP_KPOzWl_bDRRnozLavOSWRraGC4NCLL4grrhELZDnRoKjG3rm8tJVLknro7mBMGql9InPlf5geayGNuDgEYnbKEycKwjiFQh0Z-c_U96S4kF5UQz3hnjmy37nC9i_pshBPreSVeDvQrS031kOHer6aHjycBDrngPQP4LzpxKlDeFnIMTde5mB6308L2ylJfElnaaIbcTzxrUxD6FepoFDgM5gEuA9rWWs_G9zlosUKNQTr2DEwsXoQk2NcGWfjzYQ1ytK3MxyHvh38Yk3-m_US5sthAfewY7QWV_rWzLN5pAqaY6tYBEh35Z1zVXCDS_CEr6-PCntFtARqouPYXEsLPfDCyNWpse1ag9-cnmLTvC-cnbEPaspILX7JzkV3Kl5Lm1iuNw3fD0Nchh2LWuGi6-7VS5wf3Ig36UuWA4uf7dyLhQVGH8LFbhq-6K1YaQQ7hm6SJbnxicwYfUvVfY3VCh9GP0KN1hSuSa0bFHpnPFsm3pMibKUlzIsuu6a72YiZHw5VA5G5X9Qy9FgZ1Vpsoa9-L9vnKH8WKxnseTyftjOgLw175gP5ftclI5A2syqflawsWUckhdCDweRsYgIfeyNrJrU-OROBSjPqPhKe4VK7Q3HJcIVxvtN7svZwnpyRQTGMgy_dTwiEpb0qghzNZj4t97BBWLDizwG8gCeftMxoRoxQCf5TKa0-UrMtSz7SAa9yOrDSXhwaOhk7vzZBSUknRWJnPibqzZJ7eyI_SQJe8429JZb5FgAb1lKp9IuynTQLzPPpQJQhVSx3Ve23G1x_V_KQ-G6oOftPwdEVctn39s3Cvs7mT5An9G5l7YN0N_ofGFJiS1qUusX3fQ-GpClJjsrDvTJ8vqBI6MX1WKEfCj6EEE9z5L5ByGW9GanCsMLUKBae_Vj5_k_Rifdnn1WkgB1803wFyKdkVTqPYPrpbEeN5N8LMXfSUmWWwQdmakfIFcN5E6yTCMZJPKQSyk5kncufuY4bMOgvzJEEPNStpjkZn50Yaw5gAf0XdheUgaMgJT3bN7l0V2VPGdMElbdV7KoAb7w5XAd_kjuCm7fBZ--Roc0BvJC0RPQHLuGAoc-mg7rursZJjA8iq9_UkZZ3FLRnXUii8qefwoTqLCyv5n4GBkLUSMBj1q-o_dRO2xMBVPcgJZ6LRrVcTN_FEX0cSukA12b3WEAJ1TUZ1epOi0r882NEo30DFnry3_Odl-nDE1k1_hi2jO2Lq9-sFuhQIS89HNJWerIQGjuwbaEUbLfGrENOm8vXxgSqYV6IbWXg46gUSmNiJ4GV8Kb2bSqhpN6AwFn3I78kFOlF9cQCI4BQx5d6lKz1EhogOAS4oVn5Peg86QNVJoyqR8xyG0bjf3oioONvFN3OAiZrfFypszBM4Hr2ydzqtCTFY5T5HFC8DEbD51cy_8aWeBZG_HczfJhOt2fL_GPUGwRtLkAzmQwpijUWlvrV6W9XUEuSsX6PaFEVem6ILVyRny_MiiIG4fxGQu_Uj402Ufqx-x3Cbpc3Ue6oYHA5jxyc--BaLviLr5zdMfykf7clVd6cvdF6aeBqNwOCAH4ObDNC5D_ydtdjL1uQLGBmL0tLxoFuMpAVqBd1QXe2aT1xuVLUPfmhYHvLVOdccQlrZM2g-qbgzQ8_cReWmKCpdJdpB2Qf5XeklVLElUj1Yyt4MP4RPr-20cggc2H8mgfWjuvbNnqWgLXsuVKVGDneBCUsbN781NKPiSAaPS23WmW3LmfnSQvnDnTm5N_hw3NPr1Jm1no96xSqALgWcA3oGlzGXeykXuqaOUpuzK4TrBAWgHW5U6UYcDZp242B0WFTgl9mFwxYz120BeSsG2uuG-vpT5vxxcBcICDLKT5JcGW_ULoITaqqEXSypRM_umATkA-pMQO8VO3IKq5rjMLnVs_F0JVxMWoyc3wo6Bbky2ZF6V81uPHOVgZubIYgORfajjF4K-Dsee9Xfy7e0rEldsRGytLXkUgMI-7cocTC6ldwx-J81l07iw1d4by0IpUq_PBcspOlFUZn5J_8Ij6rkZbF7Tyjwt4Ej_QCVZdjAIVr326GKFLlGReu_mfSXVzjurelIUTarp3mi_LuFyb8YgY-OiXf_G5cCpFTNA3PnGL0O8n8G09d1tNpKVlQrdah89uR_Bvy3FFovIBgrVqQu7wzL4FElc14M9wIbZxd1H_HuayNoz0f0vbhQgJMsSi2hMa4qZvbeNtef8Bl7NR8aN1IeF0d6rMt2beDtC4dwoHKbasXf31jvV8AREhG3GNfGhvTKzo1GZBcaq9cW6zKscH6lMk-nzwHbMl84xi7xayRZyO9VE7WRvO_oXD0SV_Ky-4hz4llGjQTn-SywdVlyHniIBKxV_dUaLiugCeqwnNynKRS-_X-PsmnEwhhbYTQ**
&p=77%2C166%3B250%2C144%3B142%2C97%3B170%2C173%3B97%2C108
&time=1543297034708

会返回ticket

请求其中有四个参数

challenge是验证码ID

collectibles 是行为数据(后文分析)

p是坐标

time是时间戳

依次分析

challenge

没有xhr请求获取challenge 但是可以在验证码图片的cookie找到

collectibles

下xhr断点, 特征为verify

根据Callstack反查

找到collectibles的算法

不过我还是想吐槽下… 为啥这里要用替换啊, 改下base64的字符表不好么…

那么可以看到这个参数其实是aes -cbc -pkcs7加密的结果

{"triggerData":{"height":40,"width":314,"left":813,"top":289,"x":983,"y":302,"t":1543296465252},"triggerButton":{"height":40,"width":314,"left":813,"top":289,"x":983,"y":302,"t":1543296465252},"refreshCount":0,"refreshButton":{"left":29,"top":228,"width":26,"height":27},"submitButton":{"left":163,"top":228,"width":122,"height":30},"mousemoveData":[{"t":1543296468238,"x":233,"y":131},{"t":1543296469241,"x":116,"y":138}],"mouseLeftClickData":[{"height":40,"width":314,"left":813,"top":289,"x":983,"y":302,"t":1543296465252},{"t":1543296468547,"x":143,"y":132},{"t":1543296469037,"x":128,"y":110},{"t":1543296469350,"x":116,"y":138},{"t":1543296469668,"x":153,"y":191},{"t":1543296470095,"x":219,"y":237}],"mouseLeftDownData":[{"t":1543296468456,"x":143,"y":132},{"t":1543296468941,"x":128,"y":110},{"t":1543296469273,"x":116,"y":138},{"t":1543296469608,"x":153,"y":191},{"t":1543296470095,"x":219,"y":237}],"mouseLeftUpData":[{"t":1543296468547,"x":143,"y":132},{"t":1543296469037,"x":128,"y":110},{"t":1543296469350,"x":116,"y":138},{"t":1543296469668,"x":153,"y":191},{"t":1543296470095,"x":219,"y":237}],"mouseRightClickData":[],"mouseRightDownData":[],"mouseRightUpData":[],"valuableClickData":[{"t":1543296468547,"x":143,"y":132},{"t":1543296469037,"x":128,"y":110},{"t":1543296469350,"x":116,"y":138},{"t":1543296469668,"x":153,"y":191}],"mouseClickMaxCount":20,"mouseClickCount":5,"validateCount":0,"startTime":1543296465795,"keydownData":[],"captchaImage":{"top":58,"left":29,"width":256,"height":160},"challenge":"29a86a0ace5c9a51d324526b57f5b2ae","plugins":3,"productSub":"20030107","evalSize":33,"toSource":false,"resolution":[1920,1080]}

加密数据如上

可以看到主要是

和点选坐标一致 再加一个提交按钮的点击坐标.

点选坐标

challenge challenge

还有些别的, 命名非常清晰, 自己看看吧


分析到此结束

请勿用于非法用途

评论

  • Leonardo Pretti回复

    I carry on listening to the rumor speak about getting boundless online grant applications so I have been looking around for the most excellent site to get one. Could you tell me please, where could i find some?

  • 哈哈是回复

    群多少号啊

  • 11回复

    群满了 不升级一下吗

    • lengyue回复

      没满啊

  • DaoCao回复

    大佬有时间帮我看看这个网站,使用selenium操作登录的时候不成功,https://www.tai3355.com/Register,好像做了鼠标轨迹的识别,我找不到验证鼠标轨迹的方法;只能通过 pyautogui 去移动鼠标。

    • lengyue回复

      有API 了解下么

  • q664010563回复

    js 不难,主要是汉字识别以及对应的坐标

    • lengyue回复

      跑半天就出来了。。

  • 三毛回复

    😊 鱼和渔一起打包更好嘛

  • lengyue回复

    授人以鱼不如授人以渔啊

  • 三毛回复

    冷月大大 执行js部分可以上传一波gayhub吗 😊 😊 😊