Skip to content

Commit 3fa580f

Browse files
authored
Add files via upload
1 parent 3d15ee7 commit 3fa580f

File tree

5 files changed

+76
-0
lines changed

5 files changed

+76
-0
lines changed
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
---
2+
created: 2024-03-06T14:49:08+08:00
3+
updated: 2024-03-06T14:51:06+08:00
4+
---
5+
原数据包如下
6+
![](photo/Pasted%20image%2020240306144644.png)
7+
8+
请求包为加密、响应包为明文,且需要对请求包的内容进行解密
9+
10+
脚本原理为在解密的时候,判断密文的来源,如果密文从请求包里来,则是真正的密文,需要解密;如果密文从响应包里来,则是明文,原样返回即可
11+
12+
13+
脚本如下
14+
```python
15+
from flask import Flask, request
16+
from Crypto.Cipher import AES
17+
from Crypto.Util.Padding import pad,unpad
18+
import base64
19+
from urllib.parse import parse_qs,quote
20+
import hashlib
21+
22+
def aes_encrypt(key, data):
23+
cipher = AES.new(key, AES.MODE_ECB)
24+
padded_data = pad(data.encode(), AES.block_size)
25+
cipher_text = cipher.encrypt(padded_data)
26+
return base64.b64encode(cipher_text).decode()
27+
28+
def aes_decrypt(key, data):
29+
cipher = AES.new(key, AES.MODE_ECB)
30+
decrypted_data = cipher.decrypt(base64.b64decode(data))
31+
unpadded_data = unpad(decrypted_data, AES.block_size)
32+
return unpadded_data.decode()
33+
34+
app = Flask(__name__)
35+
36+
@app.route('/encode', methods=["POST"])
37+
def encrypt():
38+
key = b'xxxxxxxxxxxxxxxx' # 16 bytes key
39+
str1 = 'xxxxxxxxxxxxxxxx'
40+
param = request.form.get('dataBody') # Get POST parameter
41+
md5value = param + str1
42+
param1 = quote(aes_encrypt(key,param))
43+
param2 = hashlib.md5(md5value.encode()).hexdigest()
44+
return f"Param={param1}&Autograph={param2}"
45+
'''
46+
data = json.loads(param)
47+
encrypted_id = aes_encrypt(key, data["id"])
48+
encry_param = param.replace(data["id"], encrypted_id)
49+
return base64.b64decode(encry_param.encode()).decode()
50+
'''
51+
52+
@app.route('/decode', methods=["POST"]) # No decryption
53+
def decrypt():
54+
key = b'xxxxxxxxxxxxxxxx' # 16 bytes key
55+
param = request.form.get('dataBody') # Get POST parameter
56+
reqresp = request.form.get('requestorresponse')
57+
if reqresp == "request": # 判断传入的参数来源,如果是请求,则解密,否则,原样返回
58+
parsed_params = parse_qs(param)
59+
return aes_decrypt(key,parsed_params["Param"][0])
60+
else:
61+
return param
62+
63+
if __name__ == '__main__':
64+
app.debug = True # Set debug mode, remember to turn it off in production
65+
app.run(host="0.0.0.0", port=8888)
66+
```
67+
68+
配置如下
69+
![](photo/Pasted%20image%2020240306144836.png)
70+
71+
正常解密
72+
![](photo/Pasted%20image%2020240306144916.png)
73+
74+
发送明文的请求,也自动进行加密
75+
76+
![](photo/Pasted%20image%2020240306144953.png)

0 commit comments

Comments
 (0)