Skip to content

Commit 2894dfa

Browse files
authored
Add files via upload
1 parent 212be2a commit 2894dfa

File tree

6 files changed

+171
-0
lines changed

6 files changed

+171
-0
lines changed
Loading
Loading
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
# -*- coding:utf-8 -*-
2+
# author:NaTsUk0
3+
# @Date: 2022/11/11 下午14:25
4+
5+
6+
# smartbi加解密实现
7+
# 明文为
8+
# {"encode":"sysConfService.renewalSession+%5B%22u_41707964b0664542b783eca32f319e5f-11%22%5D","r":0.7287782339312623}
9+
# 密文为
10+
# {"encode":"D2Dtw6_Wp4gRipq4p6pb(SWpDDRw6+/JV/uuQyK1979mMK~7MMKJKu~9'Npi(Nu_N1mpJ_f11/uu/JT","r":0.7287782339312623}
11+
12+
13+
from flask import Flask, Response, request
14+
import re
15+
16+
app = Flask(__name__)
17+
18+
19+
@app.route('/encode', methods=["POST"])
20+
def encrypt():
21+
body = request.form.get('dataBody') # 获取 post 参数 必需
22+
# headers = request.form.get('dataHeaders') # 获取 post 参数 可选
23+
24+
enc = {
25+
"0": "7", "1": "1", "2": "u", "3": "N", "4": "K", "5": "J", "6": "M", "7": "9", "8": "'", "9": "m", "!": "P",
26+
"%": "/", "'": "n", "(": "A", ")": "E", "*": "s", "+": "+", "-": "f", ".": "q", "A": "O", "B": "V", "C": "t",
27+
"D": "T", "E": "a", "F": "x", "G": "H", "H": "r", "I": "c", "J": "v", "K": "l", "L": "8", "M": "F", "N": "3",
28+
"O": "o", "P": "L", "Q": "Y", "R": "j", "S": "W", "T": "*", "U": "z", "V": "Z", "W": "!", "X": "B", "Y": ")",
29+
"Z": "U", "a": "(", "b": "~", "c": "i", "d": "h", "e": "p", "f": "_", "g": "-", "h": "I", "i": "R", "j": ".",
30+
"k": "G", "l": "S", "m": "d", "n": "6", "o": "w", "p": "5", "q": "0", "r": "4", "s": "D", "t": "k", "u": "Q",
31+
"v": "g", "w": "b", "x": "C", "y": "2", "z": "X", "~": "e", "_": "y",
32+
}
33+
34+
plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if len(re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body)) != 0 else re.compile(r'(?<="data":")(.*?)(?=",")')
35+
36+
out = ''
37+
for item in plain_text.findall(body)[0]:
38+
out += enc.get(item, item)
39+
40+
return plain_text.sub(out, body)
41+
42+
43+
@app.route('/decode', methods=["POST"])
44+
def decrypt():
45+
body = request.form.get('dataBody') # 获取 post 参数 必需
46+
# headers = request.form.get('dataHeaders') # 获取 post 参数 可选
47+
print(body)
48+
49+
dec = {
50+
"7": "0", "1": "1", "u": "2", "N": "3", "K": "4", "J": "5", "M": "6", "9": "7", "'": "8", "m": "9", "P": "!",
51+
"/": "%", "n": "'", "A": "(", "E": ")", "s": "*", "+": "+", "f": "-", "q": ".", "O": "A", "V": "B", "t": "C",
52+
"T": "D", "a": "E", "x": "F", "H": "G", "r": "H", "c": "I", "v": "J", "l": "K", "8": "L", "F": "M", "3": "N",
53+
"o": "O", "L": "P", "Y": "Q", "j": "R", "W": "S", "*": "T", "z": "U", "Z": "V", "!": "W", "B": "X", ")": "Y",
54+
"U": "Z", "(": "a", "~": "b", "i": "c", "h": "d", "p": "e", "_": "f", "-": "g", "I": "h", "R": "i", ".": "j",
55+
"G": "k", "S": "l", "d": "m", "6": "n", "w": "o", "5": "p", "0": "q", "4": "r", "D": "s", "k": "t", "Q": "u",
56+
"g": "v", "b": "w", "C": "x", "2": "y", "X": "z", "e": "~", "y": "_",
57+
}
58+
59+
plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if len(re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body)) != 0 else re.compile(r'(?<="data":")(.*?)(?=",")')
60+
61+
out = ''
62+
for item in plain_text.findall(body)[0]:
63+
out += dec.get(item, item)
64+
65+
return plain_text.sub(out, body)
66+
67+
68+
if __name__ == '__main__':
69+
app.debug = True # 设置调试模式,生产模式的时候要关掉debug
70+
app.run(host="0.0.0.0", port=8888)
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
# -*- coding:utf-8 -*-
2+
# author:f0ngf0ng
3+
# @Date: 2022/5/15 下午10:25
4+
5+
6+
# 3des加密实现
7+
# 明文为
8+
# {'username':'admin'}
9+
#
10+
# 密文为
11+
# 5Pne6rhiOkxfngbJMpSc+aBCaNE/09HW
12+
13+
import re
14+
15+
16+
def encrypt(body):
17+
enc = {
18+
"0": "7", "1": "1", "2": "u", "3": "N", "4": "K", "5": "J", "6": "M", "7": "9", "8": "'", "9": "m", "!": "P",
19+
"%": "/", "'": "n", "(": "A", ")": "E", "*": "s", "+": "+", "-": "f", ".": "q", "A": "O", "B": "V", "C": "t",
20+
"D": "T", "E": "a", "F": "x", "G": "H", "H": "r", "I": "c", "J": "v", "K": "l", "L": "8", "M": "F", "N": "3",
21+
"O": "o", "P": "L", "Q": "Y", "R": "j", "S": "W", "T": "*", "U": "z", "V": "Z", "W": "!", "X": "B", "Y": ")",
22+
"Z": "U", "a": "(", "b": "~", "c": "i", "d": "h", "e": "p", "f": "_", "g": "-", "h": "I", "i": "R", "j": ".",
23+
"k": "G", "l": "S", "m": "d", "n": "6", "o": "w", "p": "5", "q": "0", "r": "4", "s": "D", "t": "k", "u": "Q",
24+
"v": "g", "w": "b", "x": "C", "y": "2", "z": "X", "~": "e", "_": "y",
25+
}
26+
27+
plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body) is False else re.compile(r'(?<="data":")(.*?)(?=",")')
28+
29+
print(plain_text)
30+
31+
out = ''
32+
for item in plain_text.findall(body):
33+
out += enc.get(item, item)
34+
35+
return plain_text.sub(out, body)
36+
37+
38+
def decrypt(body):
39+
dec = {
40+
"7": "0", "1": "1", "u": "2", "N": "3", "K": "4", "J": "5", "M": "6", "9": "7", "'": "8", "m": "9", "P": "!",
41+
"/": "%", "n": "'", "A": "(", "E": ")", "s": "*", "+": "+", "f": "-", "q": ".", "O": "A", "V": "B", "t": "C",
42+
"T": "D", "a": "E", "x": "F", "H": "G", "r": "H", "c": "I", "v": "J", "l": "K", "8": "L", "F": "M", "3": "N",
43+
"o": "O", "L": "P", "Y": "Q", "j": "R", "W": "S", "*": "T", "z": "U", "Z": "V", "!": "W", "B": "X", ")": "Y",
44+
"U": "Z", "(": "a", "~": "b", "i": "c", "h": "d", "p": "e", "_": "f", "-": "g", "I": "h", "R": "i", ".": "j",
45+
"G": "k", "S": "l", "d": "m", "6": "n", "w": "o", "5": "p", "0": "q", "4": "r", "D": "s", "k": "t", "Q": "u",
46+
"g": "v", "b": "w", "C": "x", "2": "y", "X": "z", "e": "~", "y": "_",
47+
}
48+
49+
# plain_text = re.compile(r'(?<="encode":")(.*?)(?=",")') if len(re.compile(r'(?<="encode":")(.*?)(?=",")').findall(body)) != 0 else re.compile(r'(?<="data":")(.*?)(?=",")')
50+
#
51+
# print(plain_text)
52+
#
53+
# out = ''
54+
# for item in plain_text.findall(body)[0]:
55+
# out += dec.get(item, item)
56+
#
57+
# print(out)
58+
#
59+
# return plain_text.sub(out, body)
60+
61+
out = ''
62+
for item in body:
63+
out += dec.get(item, item)
64+
65+
return out
66+
67+
68+
if __name__ == '__main__':
69+
# body='{"encode":"D2Dtw6_Wp4gRipq4p6pb(SWpDDRw6+/JV/uuQyK1979mMK~7MMKJKu~9\'Npi(Nu_N1mpJ_f11/uu/JT","r":0.7287782339312623}'
70+
# body = '{\"code\":0,\"data\":\"{\"IOm~\":q,\"9*v\":\"\",\"~9*v\":\"\",\"mECE\":{\"eEv~lcU~\":1q,\"eEv~329w~H\":q,\"COCEK!Ev~*\":1,\"COCEK)K~9~\'C*\":q,\"*cU~\":1q,\"\'29w~H\":q,\"\'29w~HA-)K~9~\'C*\":q,\"KE*C\":CH2~,\"-cH*C\":CH2~,\"IO'C~'C\":[]},\"Cc9~\":np}\",\"time\":0}'
71+
body = input()
72+
print(decrypt(body))
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
[TOC]
2+
3+
# 使用burp插件autoDecoder实现对smartbi请求包自动加解密
4+
5+
# 安装autoDecoder插件
6+
7+
github下载的在新版burp会有bug,请使用压缩包中的插件安装
8+
9+
# 编写针对smartbi的加解密脚本
10+
11+
因为它的加解密都是一对一替换,所以很简单,就实现加解密两个函数就行了,脚本也在压缩包里。
12+
13+
# 启动加解密脚本
14+
15+
插件里写的是8888端口,怎么改启动端口自己去百度。
16+
17+
# 选择使用接口进行加解密
18+
19+
如图
20+
![1](photo/1.png)
21+
22+
# 设置监控域名及明密文关键词
23+
24+
smartbi特征比较明显
25+
![image.png](photo/2.png)
26+
27+
# 然后就实现自动加解密了
28+
29+
脚本见

0 commit comments

Comments
 (0)