|
| 1 | +--- |
| 2 | +created: 2024-03-06T14:49:08+08:00 |
| 3 | +updated: 2024-03-06T14:51:06+08:00 |
| 4 | +--- |
| 5 | +原数据包如下 |
| 6 | + |
| 7 | + |
| 8 | +请求包为加密、响应包为明文,且需要对请求包的内容进行解密 |
| 9 | + |
| 10 | +脚本原理为在解密的时候,判断密文的来源,如果密文从请求包里来,则是真正的密文,需要解密;如果密文从响应包里来,则是明文,原样返回即可 |
| 11 | + |
| 12 | + |
| 13 | +脚本如下 |
| 14 | +```python |
| 15 | +from flask import Flask, request |
| 16 | +from Crypto.Cipher import AES |
| 17 | +from Crypto.Util.Padding import pad,unpad |
| 18 | +import base64 |
| 19 | +from urllib.parse import parse_qs,quote |
| 20 | +import hashlib |
| 21 | + |
| 22 | +def aes_encrypt(key, data): |
| 23 | + cipher = AES.new(key, AES.MODE_ECB) |
| 24 | + padded_data = pad(data.encode(), AES.block_size) |
| 25 | + cipher_text = cipher.encrypt(padded_data) |
| 26 | + return base64.b64encode(cipher_text).decode() |
| 27 | + |
| 28 | +def aes_decrypt(key, data): |
| 29 | + cipher = AES.new(key, AES.MODE_ECB) |
| 30 | + decrypted_data = cipher.decrypt(base64.b64decode(data)) |
| 31 | + unpadded_data = unpad(decrypted_data, AES.block_size) |
| 32 | + return unpadded_data.decode() |
| 33 | + |
| 34 | +app = Flask(__name__) |
| 35 | + |
| 36 | +@app.route('/encode', methods=["POST"]) |
| 37 | +def encrypt(): |
| 38 | + key = b'xxxxxxxxxxxxxxxx' # 16 bytes key |
| 39 | + str1 = 'xxxxxxxxxxxxxxxx' |
| 40 | + param = request.form.get('dataBody') # Get POST parameter |
| 41 | + md5value = param + str1 |
| 42 | + param1 = quote(aes_encrypt(key,param)) |
| 43 | + param2 = hashlib.md5(md5value.encode()).hexdigest() |
| 44 | + return f"Param={param1}&Autograph={param2}" |
| 45 | + ''' |
| 46 | + data = json.loads(param) |
| 47 | + encrypted_id = aes_encrypt(key, data["id"]) |
| 48 | + encry_param = param.replace(data["id"], encrypted_id) |
| 49 | + return base64.b64decode(encry_param.encode()).decode() |
| 50 | + ''' |
| 51 | + |
| 52 | +@app.route('/decode', methods=["POST"]) # No decryption |
| 53 | +def decrypt(): |
| 54 | + key = b'xxxxxxxxxxxxxxxx' # 16 bytes key |
| 55 | + param = request.form.get('dataBody') # Get POST parameter |
| 56 | + reqresp = request.form.get('requestorresponse') |
| 57 | + if reqresp == "request": # 判断传入的参数来源,如果是请求,则解密,否则,原样返回 |
| 58 | + parsed_params = parse_qs(param) |
| 59 | + return aes_decrypt(key,parsed_params["Param"][0]) |
| 60 | + else: |
| 61 | + return param |
| 62 | + |
| 63 | +if __name__ == '__main__': |
| 64 | + app.debug = True # Set debug mode, remember to turn it off in production |
| 65 | + app.run(host="0.0.0.0", port=8888) |
| 66 | +``` |
| 67 | + |
| 68 | +配置如下 |
| 69 | + |
| 70 | + |
| 71 | +正常解密 |
| 72 | + |
| 73 | + |
| 74 | +发送明文的请求,也自动进行加密 |
| 75 | + |
| 76 | + |
0 commit comments