JSRPC实现前端加密破解与自动化加密教学文档<\/h1>

一、前言<\/h2>
前端加密是网站安全防护的重要手段，传统破解方法需要逆向JS代码、提取加密函数并补全运行环境。JSRPC（JavaScript Remote Procedure Call）提供了一种更高效的解决方案，通过远程调用浏览器中的JS加密函数，无需深入分析加密逻辑。<\/p>

二、JSRPC核心原理<\/h2>

远程调用协议<\/strong>：本地代码通过WebSocket与浏览器建立连接<\/li>
函数调用机制<\/strong>：直接调用浏览器中已加载的加密函数<\/li>

环境优势<\/strong>：利用浏览器完整的JS执行环境，避免补环境问题<\/li> <\/ol>
三、实现流程详解<\/h2>
1. 准备工作<\/h3>

识别加密参数（以人人网为例）：

appKey：固定值<\/li>
password：MD5加密<\/li>
callId：时间戳<\/li>
sig：需要破解的主要加密参数<\/li> <\/ul> <\/li> <\/ul>
2. 服务端实现<\/h3>
基础版本服务端代码<\/h4>
import<\/span> sys <\/span><\/span>import<\/span> asyncio <\/span><\/span>import<\/span> websockets <\/span><\/span> <\/span><\/span>async<\/span> def<\/span> receive_message<\/span>(websocket): <\/span><\/span> while<\/span> True<\/span>: <\/span><\/span> send_text =<\/span> input("请输入要加密的字符串:"<\/span>) <\/span><\/span> if<\/span> send_text ==<\/span> "exit"<\/span>: <\/span><\/span> print("退出!"<\/span>) <\/span><\/span> await<\/span> websocket.<\/span>send(send_text) <\/span><\/span> await<\/span> websocket.<\/span>close() <\/span><\/span> sys.<\/span>exit() <\/span><\/span> else<\/span>: <\/span><\/span> await<\/span> websocket.<\/span>send(send_text) <\/span><\/span> response_text =<\/span> await<\/span> websocket.<\/span>recv() <\/span><\/span> print("加密结果:"<\/span>, response_text) <\/span><\/span> <\/span><\/span>start_server =<\/span> websockets.<\/span>serve(receive_message, "127.0.0.1"<\/span>, 8088<\/span>) <\/span><\/span>asyncio.<\/span>get_event_loop().<\/span>run_until_complete(start_server) <\/span><\/span>asyncio.<\/span>get_event_loop().<\/span>run_forever() <\/span><\/span><\/code><\/pre>改进版服务端代码（支持多连接）<\/h4> import<\/span> asyncio <\/span><\/span>import<\/span> websockets <\/span><\/span> <\/span><\/span>connected =<\/span> set() <\/span><\/span> <\/span><\/span>async<\/span> def<\/span> server<\/span>(websocket): <\/span><\/span> connected.<\/span>add(websocket) <\/span><\/span> try<\/span>: <\/span><\/span> async<\/span> for<\/span> message in<\/span> websocket: <\/span><\/span> for<\/span> conn in<\/span> connected: <\/span><\/span> if<\/span> conn !=<\/span> websocket: <\/span><\/span> await<\/span> conn.<\/span>send(message) <\/span><\/span> finally<\/span>: <\/span><\/span> connected.<\/span>remove(websocket) <\/span><\/span> <\/span><\/span>start_server =<\/span> websockets.<\/span>serve(server, "127.0.0.1"<\/span>, 8088<\/span>) <\/span><\/span>asyncio.<\/span>get_event_loop().<\/span>run_until_complete(start_server) <\/span><\/span>asyncio.<\/span>get_event_loop().<\/span>run_forever() <\/span><\/span><\/code><\/pre>3. 浏览器端JS改写<\/h3> 打开Chrome开发者工具(F12)<\/li> 选择Sources → Overrides → Select folder for Overrides<\/li> 创建并选择用于存放改写JS的文件夹<\/li> 找到目标JS文件，右键选择Override content<\/li> 添加WebSocket客户端代码：<\/li> <\/ol> (function<\/span> () { <\/span><\/span> var<\/span> ws<\/span> =<\/span> new<\/span> WebSocket<\/span>("ws:\/\/127.0.0.1:8088"<\/span>) <\/span><\/span> var<\/span> secretKey<\/span> =<\/span> "bcceb522717c2c49f895b561fa913d10"<\/span> \/\/ 关键密钥 <\/span><\/span><\/span><\/span> <\/span><\/span> ws<\/span>.onmessage<\/span> =<\/span> function<\/span>(evt<\/span>) { <\/span><\/span> console<\/span>.log<\/span>("收到消息:"<\/span> +<\/span> evt<\/span>.data<\/span>); <\/span><\/span> var<\/span> dataObject<\/span> =<\/span> JSON<\/span>.parse<\/span>(evt<\/span>.data<\/span>); <\/span><\/span> if<\/span> (evt<\/span>.data<\/span> ==<\/span> "exit"<\/span>){ <\/span><\/span> ws<\/span>.close<\/span>(); <\/span><\/span> }else<\/span>{ <\/span><\/span> ws<\/span>.send<\/span>(ze<\/span>.getSign<\/span>(dataObject<\/span>,secretKey<\/span>)); \/\/ 调用加密函数 <\/span><\/span><\/span><\/span> } <\/span><\/span> } <\/span><\/span>})(); <\/span><\/span><\/code><\/pre>4. 自动化加密接口实现<\/h3> import<\/span> asyncio <\/span><\/span>import<\/span> json <\/span><\/span>import<\/span> websockets <\/span><\/span>from<\/span> flask import<\/span> Flask,request <\/span><\/span> <\/span><\/span>app =<\/span> Flask(__name__) <\/span><\/span>loop =<\/span> asyncio.<\/span>get_event_loop() <\/span><\/span> <\/span><\/span>async<\/span> def<\/span> encode<\/span>(message): <\/span><\/span> async<\/span> with<\/span> websockets.<\/span>connect("ws:\/\/127.0.0.1:8088"<\/span>) as<\/span> websocket: <\/span><\/span> await<\/span> websocket.<\/span>send(message) <\/span><\/span> return<\/span> await<\/span> websocket.<\/span>recv() <\/span><\/span> <\/span><\/span>def<\/span> get_encrypt<\/span>(message): <\/span><\/span> return<\/span> str(loop.<\/span>run_until_complete(encode(message))) <\/span><\/span> <\/span><\/span>@app<\/span>.<\/span>route('\/encrypt'<\/span>, methods=<\/span>['POST'<\/span>]) <\/span><\/span>def<\/span> encode_str<\/span>(): <\/span><\/span> if<\/span> request.<\/span>is_json: <\/span><\/span> data_dict =<\/span> {} <\/span><\/span> data =<\/span> request.<\/span>get_json() <\/span><\/span> data_dict['user'<\/span>] =<\/span> data.<\/span>get('user'<\/span>) <\/span><\/span> data_dict['password'<\/span>] =<\/span> data.<\/span>get('password'<\/span>) <\/span><\/span> data_dict['appKey'<\/span>] =<\/span> data.<\/span>get('appKey'<\/span>) <\/span><\/span> data_dict['sessionKey'<\/span>] =<\/span> data.<\/span>get('sessionKey'<\/span>) <\/span><\/span> data_dict['callId'<\/span>] =<\/span> data.<\/span>get('callId'<\/span>) <\/span><\/span> dataobject =<\/span> json.<\/span>dumps(data_dict) <\/span><\/span> return<\/span> get_encrypt(dataobject) <\/span><\/span> <\/span><\/span>if<\/span> __name__ ==<\/span> '__main__'<\/span>: <\/span><\/span> app.<\/span>run(port=<\/span>5001<\/span>) <\/span><\/span><\/code><\/pre>四、实际应用流程<\/h2> 启动WebSocket服务端<\/li> 启动Flask加密接口服务<\/li> 在浏览器中加载目标网站并覆盖JS文件<\/li> 通过Burp Suite构造请求：将加密参数提交到本地加密接口(http:\/\/127.0.0.1:5001\/encrypt)<\/li> 接口返回加密结果<\/li> <\/ul> <\/li> 使用加密结果完成请求<\/li> <\/ol> 五、相关工具推荐<\/h2> Sekiro RPC框架<\/strong><\/p> 多语言支持<\/li> 分布式架构<\/li> 网络拓扑无关<\/li> GitHub: https:\/\/github.com\/yint-tech\/sekiro-open<\/li> <\/ul> <\/li> JsRPC项目<\/strong><\/p> 专门用于JS远程调用<\/li> GitHub: https:\/\/github.com\/jxhczhl\/JsRpc<\/li> <\/ul> <\/li> <\/ol> 六、关键注意事项<\/h2> 密钥处理<\/strong>：确保浏览器端JS中正确设置了secretKey等关键参数<\/li> 函数调用<\/strong>：准确识别并调用目标加密函数(如示例中的ze.getSign)<\/li> WebSocket连接<\/strong>：保持服务端和客户端的端口一致<\/li> 跨域问题<\/strong>：所有服务建议在localhost环境下运行以避免跨域限制<\/li> 加密参数结构<\/strong>：确保传递给加密函数的数据结构与原网站一致<\/li> <\/ol> 七、扩展应用<\/h2> 批量自动化测试：结合爬虫实现大规模数据加密<\/li> 动态参数处理：处理时间戳等动态变化的参数<\/li> 多站点适配：通过配置不同的加密函数和参数适应不同网站<\/li> <\/ol> 通过以上方法，可以高效地破解前端加密而无需深入分析加密算法，显著提高渗透测试效率。<\/p>