首页 新闻 赞助 找找看

海康前端登陆代码分析

0
悬赏园豆:160 [待解决问题]

登陆页面引用的js:
../script/lib/seajs/config/sea-config.js
../script/lib/seajs/seajs/sea.min.js

按键代码:

<button type="button" class="btn btn-primary login-btn" ng-click="login()"><label ng-bind="oLan.login" class="ng-binding">登录</label></button>
 

ng-click 指令告诉了 AngularJS HTML 元素被点击后需要执行的操作。
login()在本页面搜索不到,chrome的F12开发者工具的源代码选项卡右键左侧导航的所有文件中搜索也没有别的,除了login.js和common.js,common.js是goLogin(),login.js没有声明login()这个函数,用的是c.login()

我想找到按键代码里的login()这个函数在哪,分析点击之后所执行的加密操作,可是就是找不到,请问你们能不能帮我看看是在哪里?

附上相关代码

login.asp

<!doctype html>
<html>
<head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" >
    <meta http-equiv="Pragma" content="no-cache" />
    <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" />
    <meta http-equiv="Expires" content="0" />
    <script>
        document.write("<link type='text/css' href='../ui/css/ui.css?version=" + new Date().getTime() + "' rel='stylesheet' />");
    </script>
</head>
<body ng-keypress="docPress($event)" ng-controller="loginController" ng-cloak class="login-body ng-cloak">
<div class="login" id="login">
    <div class="top">
        <div class="logo"></div>
        <div class="language">
            <div class="language-show" ng-click="showLanguageList($event)"><span class="current-language" id="current_language"></span></div>
            <div class="language-list" id="language_list" ng-click="changeLanguage($event)"></div>
        </div>
    </div>
    <table cellspacing="0" cellpadding="0" border="0" class="middle">
        <tr>
            <td class="login-l"> </td>
            <td class="login-m">
                <div class="login-part">
                    <div class="line"></div>
                    <div class="login-error">
                        <div class="inputValidTip" ng-show="szErrorTip!=''"><i class='error'></i><label>{{szErrorTip}}</label></div>
                    </div>
                    <div class="login-user">
                        <input type="text" class="login-input" id="username" ng-model="username" maxlength="32" autocomplete="off" placeholder="{{oLan.username}}" />
                        <i class="icon-user"></i>
                    </div>
                    <div class="login-item">
                        <input type="password" class="login-input" id="password" ng-model="password" maxlength="16" placeholder="{{oLan.password}}" pigsney />
                        <i class="icon-pass"></i>
                    </div>
                    <div class="login-item bottom">
                        <span class="pwd-link" ng-bind="oLan.forgetPwd" ng-show="oCap.bSptGuidImport || oCap.bSptQAReset || oCap.bSupportWithSecurityEmail" ng-click="forgetPwd()"></span>
                        <button type="button" class="btn btn-primary login-btn" ng-click="login()"><label ng-bind="oLan.login"></label></button>
                    </div>
                    <!--<div class="login-item anonymous" ng-show="anonymous">
                        <span ng-bind="oLan.anonymous" ng-click="login('anonymous')"></span>
                    </div>-->
                </div>
            </td>
            <td class="login-r"> </td>
        </tr>
    </table>
    <div class="footer" id="footer"></div>
</div>
<div id="active" class="msg-content-wrap">
    <div class="msg-content">
        <div class="password">
            <span class="desc"><label ng-bind="oLan.username"></label></span>
            <span><label ng-bind="activeUsername"></label></span>
        </div>
        <div password lan="oLan" o-password="oActivePwd" b-loginpage="true" user-name="activeUsername" spec-char="true" ps-length="16" ps-strength="true" hide-default="true" sz-extend-check="true"></div>
    </div>
</div>
<div id="wifiConfig" class="msg-content-wrap">
    <div class="msg-content">
        <div ng-show="oCap.bSupportActive">
            <!--<div class="item">
                <span><input type="checkbox" class="checkbox" ng-model="oParams.bActivePsw"/><label ng-bind="oLan.useActivePwd"></label></span>
            </div>-->
            <div class="item">
                <span class="channelPwdFirst" ng-bind="oLan.ipcActivePwd" title="{{oLan.ipcActivePwd}}"></span>
                <span>
                    <input id="ipcActivePassword" type="password" ng-disabled="oParams.bActivePsw" class="wifiSelect" ng-model="oParams.szPwd" input-valid="oParamsValid.oPassword" maxlength="16" pigsney />
                </span>
            </div>
            <p class="txt-desc"><span ng-bind="oLan.passwordValidTips"></span></p>
        </div>
        <div class="item title" ng-show="oWifi.bSupportWifiRegion || oWifi.bSupportWifiEnhance">
            <span ng-bind="oLan.wifiConfig"></span>
        </div>
        <div class="password" ng-show="oWifi.bSupportWifiRegion">
            <span class="wifiArea"><label ng-bind="oLan.areaCountry"></label></span>
            <span><select class="wifiSelect" ng-model="oWifi.szWifiRegion" ng-options="oArea.value as oArea.name for oArea in oWifi.aAreaCountryList"></select></span>
        </div>
        <div class="item" ng-show="oWifi.bSupportWifiEnhance">
            <span><input type="checkbox" class="checkbox" ng-model="oWifi.bWifiEnhance"/><label ng-bind="oLan.enableWifiEnhance"></label></span>
        </div>
    </div>
</div>
<div id="main_plugin" class="no-window" ng-show="!bPluginInstalled"></div>
</body>
<script id="seajsnode" src="../script/lib/seajs/seajs/sea.min.js"></script>
<script>
    document.write("<script src='../script/lib/seajs/config/sea-config.js?version=" + new Date().getTime() + "' ></scr" + "ipt>");
</script>
</html>
 

sea.min.js

/*! Sea.js 2.1.1 | seajs.org/LICENSE.md
//# sourceMappingURL=sea.js.map
*/
(function(t, u) {
    function v(b) {
        return function(c) {
            return Object.prototype.toString.call(c) === "[object " + b + "]"
        }
    }
    function Q() {
        return w++
    }
    function I(b, c) {
        var a;
        a = b.charAt(0);
        if (R.test(b))
            a = b;
        else if ("." === a) {
            a = (c ? c.match(E)[0] : h.cwd) + b;
            for (a = a.replace(S, "/"); a.match(J); )
                a = a.replace(J, "/")
        } else
            a = "/" === a ? (a = h.cwd.match(T)) ? a[0] + b.substring(1) : b : h.base + b;
        return a
    }
    function K(b, c) {
        if (!b)
            return "";
        var a = b, d = h.alias, a = b = d && F(d[a]) ? d[a] : a, d = h.paths, g;
        if (d && (g = a.match(U)) && F(d[g[1]]))
            a = d[g[1]] + g[2];
        g = a;
        var e = h.vars;
        e && -1 < g.indexOf("{") && (g = g.replace(V, function(a, b) {
            return F(e[b]) ? e[b] : a
        }));
        a = g.length - 1;
        d = g.charAt(a);
        b = "#" === d ? g.substring(0, a) : ".js" === g.substring(a - 2) || 0 < g.indexOf("?") || ".css" === g.substring(a - 3) || "/" === d ? g : g + ".js";
        g = I(b, c);
        var a = h.map
          , l = g;
        if (a)
            for (var d = 0, f = a.length; d < f && !(l = a[d],
            l = x(l) ? l(g) || g : g.replace(l[0], l[1]),
            l !== g); d++)
                ;
        return l
    }
    function L(b, c) {
        var a = b.sheet, d;
        if (M)
            a && (d = !0);
        else if (a)
            try {
                a.cssRules && (d = !0)
            } catch (g) {
                "NS_ERROR_DOM_SECURITY_ERR" === g.name && (d = !0)
            }
        setTimeout(function() {
            d ? c() : L(b, c)
        }, 20)
    }
    function W() {
        if (y)
            return y;
        if (z && "interactive" === z.readyState)
            return z;
        for (var b = s.getElementsByTagName("script"), c = b.length - 1; 0 <= c; c--) {
            var a = b[c];
            if ("interactive" === a.readyState)
                return z = a
        }
    }
    function e(b, c) {
        this.uri = b;
        this.dependencies = c || [];
        this.exports = null;
        this.status = 0;
        this._waitings = {};
        this._remain = 0
    }
    if (!t.seajs) {
        var f = t.seajs = {
            version: "2.1.1"
        }
          , h = f.data = {}
          , X = v("Object")
          , F = v("String")
          , A = Array.isArray || v("Array")
          , x = v("Function")
          , w = 0
          , p = h.events = {};
        f.on = function(b, c) {
            (p[b] || (p[b] = [])).push(c);
            return f
        }
        ;
        f.off = function(b, c) {
            if (!b && !c)
                return p = h.events = {},
                f;
            var a = p[b];
            if (a)
                if (c)
                    for (var d = a.length - 1; 0 <= d; d--)
                        a[d] === c && a.splice(d, 1);
                else
                    delete p[b];
            return f
        }
        ;
        var m = f.emit = function(b, c) {
            var a = p[b], d;
            if (a)
                for (a = a.slice(); d = a.shift(); )
                    d(c);
            return f
        }
        , E = /[^?#]*\//, S = /\/\.\//g, J = /\/[^/]+\/\.\.\//, U = /^([^/:]+)(\/.+)$/, V = /{([^{]+)}/g, R = /^\/\/.|:\//, T = /^.*?\/\/.*?\//, n = document, q = location, B = q.href.match(E)[0], k = n.getElementsByTagName("script"), k = n.getElementById("seajsnode") || k[k.length - 1], k = ((k.hasAttribute ? k.src : k.getAttribute("src", 4)) || B).match(E)[0], s = n.getElementsByTagName("head")[0] || n.documentElement, N = s.getElementsByTagName("base")[0], O = /\.css(?:\?|$)/i, Y = /^(?:loaded|complete|undefined)$/, y, z, M = 536 > 1 * navigator.userAgent.replace(/.*AppleWebKit\/(\d+)\..*/, "$1"), Z = /"(?:\\"|[^"])*"|'(?:\\'|[^'])*'|\/\*[\S\s]*?\*\/|\/(?:\\\/|[^\/\r\n])+\/(?=[^\/])|\/\/.*|\.\s*require|(?:^|[^$])\brequire\s*\(\s*(["'])(.+?)\1\s*\)/g, $ = /\\\\/g, r = f.cache = {}, C, G = {}, H = {}, D = {}, j = e.STATUS = {
            FETCHING: 1,
            SAVED: 2,
            LOADING: 3,
            LOADED: 4,
            EXECUTING: 5,
            EXECUTED: 6
        };
        e.prototype.resolve = function() {
            for (var b = this.dependencies, c = [], a = 0, d = b.length; a < d; a++)
                c[a] = e.resolve(b[a], this.uri);
            return c
        }
        ;
        e.prototype.load = function() {
            if (!(this.status >= j.LOADING)) {
                this.status = j.LOADING;
                var b = this.resolve();
                m("load", b);
                for (var c = this._remain = b.length, a, d = 0; d < c; d++)
                    a = e.get(b[d]),
                    a.status < j.LOADED ? a._waitings[this.uri] = (a._waitings[this.uri] || 0) + 1 : this._remain--;
                if (0 === this._remain)
                    this.onload();
                else {
                    for (var g = {}, d = 0; d < c; d++)
                        a = r[b[d]],
                        a.status < j.FETCHING ? a.fetch(g) : a.status === j.SAVED && a.load();
                    for (var h in g)
                        if (g.hasOwnProperty(h))
                            g[h]()
                }
            }
        }
        ;
        e.prototype.onload = function() {
            this.status = j.LOADED;
            this.callback && this.callback();
            var b = this._waitings, c, a;
            for (c in b)
                if (b.hasOwnProperty(c) && (a = r[c],
                a._remain -= b[c],
                0 === a._remain))
                    a.onload();
            delete this._waitings;
            delete this._remain
        }
        ;
        e.prototype.fetch = function(b) {
            function c() {
                var a = g.requestUri
                  , b = g.onRequest
                  , c = g.charset
                  , d = O.test(a)
                  , e = n.createElement(d ? "link" : "script");
                if (c && (c = x(c) ? c(a) : c))
                    e.charset = c;
                var f = e;
                d && (M || !("onload"in f)) ? setTimeout(function() {
                    L(f, b)
                }, 1) : f.onload = f.onerror = f.onreadystatechange = function() {
                    Y.test(f.readyState) && (f.onload = f.onerror = f.onreadystatechange = null,
                    !d && !h.debug && s.removeChild(f),
                    f = null,
                    b())
                }
                ;
                d ? (e.rel = "stylesheet",
                e.href = a) : (e.async = !0,
                e.src = a);
                y = e;
                N ? s.insertBefore(e, N) : s.appendChild(e);
                y = null
            }
            function a() {
                delete G[f];
                H[f] = !0;
                C && (e.save(d, C),
                C = null);
                var a, b = D[f];
                for (delete D[f]; a = b.shift(); )
                    a.load()
            }
            var d = this.uri;
            this.status = j.FETCHING;
            var g = {
                uri: d
            };
            m("fetch", g);
            var f = g.requestUri || d;
            !f || H[f] ? this.load() : G[f] ? D[f].push(this) : (G[f] = !0,
            D[f] = [this],
            m("request", g = {
                uri: d,
                requestUri: f,
                onRequest: a,
                charset: h.charset
            }),
            g.requested || (b ? b[g.requestUri] = c : c()))
        }
        ;
        e.prototype.exec = function() {
            function b(a) {
                return e.get(b.resolve(a)).exec()
            }
            if (this.status >= j.EXECUTING)
                return this.exports;
            this.status = j.EXECUTING;
            var c = this.uri;
            b.resolve = function(a) {
                return e.resolve(a, c)
            }
            ;
            b.async = function(a, g) {
                e.use(a, g, c + "_async_" + w++);
                return b
            }
            ;
            var a = this.factory
              , a = x(a) ? a(b, this.exports = {}, this) : a;
            a === u && (a = this.exports);
            null === a && !O.test(c) && m("error", this);
            delete this.factory;
            this.exports = a;
            this.status = j.EXECUTED;
            m("exec", this);
            return a
        }
        ;
        e.resolve = function(b, c) {
            var a = {
                id: b,
                refUri: c
            };
            m("resolve", a);
            return a.uri || K(a.id, c)
        }
        ;
        e.define = function(b, c, a) {
            var d = arguments.length;
            1 === d ? (a = b,
            b = u) : 2 === d && (a = c,
            A(b) ? (c = b,
            b = u) : c = u);
            if (!A(c) && x(a)) {
                var g = [];
                a.toString().replace($, "").replace(Z, function(a, b, c) {
                    c && g.push(c)
                });
                c = g
            }
            d = {
                id: b,
                uri: e.resolve(b),
                deps: c,
                factory: a
            };
            if (!d.uri && n.attachEvent) {
                var f = W();
                f && (d.uri = f.src)
            }
            m("define", d);
            d.uri ? e.save(d.uri, d) : C = d
        }
        ;
        e.save = function(b, c) {
            var a = e.get(b);
            a.status < j.SAVED && (a.id = c.id || b,
            a.dependencies = c.deps || [],
            a.factory = c.factory,
            a.status = j.SAVED)
        }
        ;
        e.get = function(b, c) {
            return r[b] || (r[b] = new e(b,c))
        }
        ;
        e.use = function(b, c, a) {
            var d = e.get(a, A(b) ? b : [b]);
            d.callback = function() {
                for (var a = [], b = d.resolve(), e = 0, f = b.length; e < f; e++)
                    a[e] = r[b[e]].exec();
                c && c.apply(t, a);
                delete d.callback
            }
            ;
            d.load()
        }
        ;
        e.preload = function(b) {
            var c = h.preload
              , a = c.length;
            a ? e.use(c, function() {
                c.splice(0, a);
                e.preload(b)
            }, h.cwd + "_preload_" + w++) : b()
        }
        ;
        f.use = function(b, c) {
            e.preload(function() {
                e.use(b, c, h.cwd + "_use_" + w++)
            });
            return f
        }
        ;
        e.define.cmd = {};
        t.define = e.define;
        f.Module = e;
        h.fetchedList = H;
        h.cid = Q;
        f.resolve = K;
        f.require = function(b) {
            return (r[e.resolve(b)] || {}).exports
        }
        ;
        h.base = (k.match(/^(.+?\/)(\?\?)?(seajs\/)+/) || ["", k])[1];
        h.dir = k;
        h.cwd = B;
        h.charset = "utf-8";
        var B = h
          , P = []
          , q = q.search.replace(/(seajs-\w+)(&|$)/g, "$1=1$2")
          , q = q + (" " + n.cookie);
        q.replace(/(seajs-\w+)=1/g, function(b, c) {
            P.push(c)
        });
        B.preload = P;
        f.config = function(b) {
            for (var c in b) {
                var a = b[c]
                  , d = h[c];
                if (d && X(d))
                    for (var e in a)
                        d[e] = a[e];
                else
                    A(d) ? a = d.concat(a) : "base" === c && ("/" === a.slice(-1) || (a += "/"),
                    a = I(a)),
                    h[c] = a
            }
            m("config", b);
            return f
        }
    }
}
)(this);
 
大鸡腿呀的主页 大鸡腿呀 | 初学一级 | 园豆:6
提问于:2022-03-03 13:59

把网址丢出来

孔雀为什么东南方 2年前
< >
分享
所有回答(1)
1

貌似它好像是密码明文, 用

永远跟党走i | 园豆:1517 (小虾三级) | 2022-03-06 13:33

谢谢,有个很奇怪的点,在浏览器发出去的时候貌似是明文,但是在arpspoof+wireshark抓到的包却是这样的:
Digest username="admin", realm="DVRNVRDVS", nonce="dfb1a26b538c68f1eb3c5c51b6a212f2:5189369005", uri="/ISAPI/Security/userCheck?timeStamp=1640170939086", algorithm=MD5, response="ab53f8b90a6d0041a57934ba74e01723", qop=auth, nc=00000001, cnonce="7a952e13bc4c3512"
需要完整的包的话跟我说一声

这是浏览器里网络的情况:

▼常规
请求网址: http:/ /admin: admin@178. 23.119.227/ ISAPI/
Security/ sess ionLogin/ capabi lities ?username= admin
&r andom= 25454743
请求方法: GET
状态代码: D 200 OK
远程地址: 178 .23.119.227 :80
引荐来源网址政策: strict - origin- when-cross- origin
v响应标头
查看源代码
Cache-Control: no- store
Connection: keep- alive
Content-Length: 544
Content-Type: application/ xml; charset="UTF-8"
Date: Sun, 06 Mar 2022 07 :39:20 GMT
Keep-Alive: timeout=60, max=91
Server: Webs
X-Content- Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block

支持(0) 反对(0) 大鸡腿呀 | 园豆:6 (初学一级) | 2022-03-06 13:47
支持(0) 反对(0) 永远跟党走i | 园豆:1517 (小虾三级) | 2022-03-06 14:34

@敲代码挣彩礼: 您说的接口是指什么?我不太理解。

支持(0) 反对(0) 大鸡腿呀 | 园豆:6 (初学一级) | 2022-03-06 14:35

@敲代码挣彩礼: 你是说pc客户端是吗?我记得像这种监控,客户端是rtsp协议用的是544端口。这个链接像是一个xml文件,应该是配置数据的吧。

支持(0) 反对(0) 大鸡腿呀 | 园豆:6 (初学一级) | 2022-03-06 17:00
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册