登陆页面引用的js:
../script/lib/seajs/config/sea-config.js
../script/lib/seajs/seajs/sea.min.js
按键代码:
<button type="button" class="btn btn-primary login-btn" ng-click="login()"><label ng-bind="oLan.login" class="ng-binding">登录</label></button>
ng-click 指令告诉了 AngularJS HTML 元素被点击后需要执行的操作。
login()在本页面搜索不到,chrome的F12开发者工具的源代码选项卡右键左侧导航的所有文件中搜索也没有别的,除了login.js和common.js,common.js是goLogin(),login.js没有声明login()这个函数,用的是c.login()
我想找到按键代码里的login()这个函数在哪,分析点击之后所执行的加密操作,可是就是找不到,请问你们能不能帮我看看是在哪里?
附上相关代码
login.asp
<!doctype html>
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" >
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Cache-Control" content="no-cache, must-revalidate" />
<meta http-equiv="Expires" content="0" />
<script>
document.write("<link type='text/css' href='../ui/css/ui.css?version=" + new Date().getTime() + "' rel='stylesheet' />");
</script>
</head>
<body ng-keypress="docPress($event)" ng-controller="loginController" ng-cloak class="login-body ng-cloak">
<div class="login" id="login">
<div class="top">
<div class="logo"></div>
<div class="language">
<div class="language-show" ng-click="showLanguageList($event)"><span class="current-language" id="current_language"></span></div>
<div class="language-list" id="language_list" ng-click="changeLanguage($event)"></div>
</div>
</div>
<table cellspacing="0" cellpadding="0" border="0" class="middle">
<tr>
<td class="login-l"> </td>
<td class="login-m">
<div class="login-part">
<div class="line"></div>
<div class="login-error">
<div class="inputValidTip" ng-show="szErrorTip!=''"><i class='error'></i><label>{{szErrorTip}}</label></div>
</div>
<div class="login-user">
<input type="text" class="login-input" id="username" ng-model="username" maxlength="32" autocomplete="off" placeholder="{{oLan.username}}" />
<i class="icon-user"></i>
</div>
<div class="login-item">
<input type="password" class="login-input" id="password" ng-model="password" maxlength="16" placeholder="{{oLan.password}}" pigsney />
<i class="icon-pass"></i>
</div>
<div class="login-item bottom">
<span class="pwd-link" ng-bind="oLan.forgetPwd" ng-show="oCap.bSptGuidImport || oCap.bSptQAReset || oCap.bSupportWithSecurityEmail" ng-click="forgetPwd()"></span>
<button type="button" class="btn btn-primary login-btn" ng-click="login()"><label ng-bind="oLan.login"></label></button>
</div>
<!--<div class="login-item anonymous" ng-show="anonymous">
<span ng-bind="oLan.anonymous" ng-click="login('anonymous')"></span>
</div>-->
</div>
</td>
<td class="login-r"> </td>
</tr>
</table>
<div class="footer" id="footer"></div>
</div>
<div id="active" class="msg-content-wrap">
<div class="msg-content">
<div class="password">
<span class="desc"><label ng-bind="oLan.username"></label></span>
<span><label ng-bind="activeUsername"></label></span>
</div>
<div password lan="oLan" o-password="oActivePwd" b-loginpage="true" user-name="activeUsername" spec-char="true" ps-length="16" ps-strength="true" hide-default="true" sz-extend-check="true"></div>
</div>
</div>
<div id="wifiConfig" class="msg-content-wrap">
<div class="msg-content">
<div ng-show="oCap.bSupportActive">
<!--<div class="item">
<span><input type="checkbox" class="checkbox" ng-model="oParams.bActivePsw"/><label ng-bind="oLan.useActivePwd"></label></span>
</div>-->
<div class="item">
<span class="channelPwdFirst" ng-bind="oLan.ipcActivePwd" title="{{oLan.ipcActivePwd}}"></span>
<span>
<input id="ipcActivePassword" type="password" ng-disabled="oParams.bActivePsw" class="wifiSelect" ng-model="oParams.szPwd" input-valid="oParamsValid.oPassword" maxlength="16" pigsney />
</span>
</div>
<p class="txt-desc"><span ng-bind="oLan.passwordValidTips"></span></p>
</div>
<div class="item title" ng-show="oWifi.bSupportWifiRegion || oWifi.bSupportWifiEnhance">
<span ng-bind="oLan.wifiConfig"></span>
</div>
<div class="password" ng-show="oWifi.bSupportWifiRegion">
<span class="wifiArea"><label ng-bind="oLan.areaCountry"></label></span>
<span><select class="wifiSelect" ng-model="oWifi.szWifiRegion" ng-options="oArea.value as oArea.name for oArea in oWifi.aAreaCountryList"></select></span>
</div>
<div class="item" ng-show="oWifi.bSupportWifiEnhance">
<span><input type="checkbox" class="checkbox" ng-model="oWifi.bWifiEnhance"/><label ng-bind="oLan.enableWifiEnhance"></label></span>
</div>
</div>
</div>
<div id="main_plugin" class="no-window" ng-show="!bPluginInstalled"></div>
</body>
<script id="seajsnode" src="../script/lib/seajs/seajs/sea.min.js"></script>
<script>
document.write("<script src='../script/lib/seajs/config/sea-config.js?version=" + new Date().getTime() + "' ></scr" + "ipt>");
</script>
</html>
sea.min.js
/*! Sea.js 2.1.1 | seajs.org/LICENSE.md
//# sourceMappingURL=sea.js.map
*/
(function(t, u) {
function v(b) {
return function(c) {
return Object.prototype.toString.call(c) === "[object " + b + "]"
}
}
function Q() {
return w++
}
function I(b, c) {
var a;
a = b.charAt(0);
if (R.test(b))
a = b;
else if ("." === a) {
a = (c ? c.match(E)[0] : h.cwd) + b;
for (a = a.replace(S, "/"); a.match(J); )
a = a.replace(J, "/")
} else
a = "/" === a ? (a = h.cwd.match(T)) ? a[0] + b.substring(1) : b : h.base + b;
return a
}
function K(b, c) {
if (!b)
return "";
var a = b, d = h.alias, a = b = d && F(d[a]) ? d[a] : a, d = h.paths, g;
if (d && (g = a.match(U)) && F(d[g[1]]))
a = d[g[1]] + g[2];
g = a;
var e = h.vars;
e && -1 < g.indexOf("{") && (g = g.replace(V, function(a, b) {
return F(e[b]) ? e[b] : a
}));
a = g.length - 1;
d = g.charAt(a);
b = "#" === d ? g.substring(0, a) : ".js" === g.substring(a - 2) || 0 < g.indexOf("?") || ".css" === g.substring(a - 3) || "/" === d ? g : g + ".js";
g = I(b, c);
var a = h.map
, l = g;
if (a)
for (var d = 0, f = a.length; d < f && !(l = a[d],
l = x(l) ? l(g) || g : g.replace(l[0], l[1]),
l !== g); d++)
;
return l
}
function L(b, c) {
var a = b.sheet, d;
if (M)
a && (d = !0);
else if (a)
try {
a.cssRules && (d = !0)
} catch (g) {
"NS_ERROR_DOM_SECURITY_ERR" === g.name && (d = !0)
}
setTimeout(function() {
d ? c() : L(b, c)
}, 20)
}
function W() {
if (y)
return y;
if (z && "interactive" === z.readyState)
return z;
for (var b = s.getElementsByTagName("script"), c = b.length - 1; 0 <= c; c--) {
var a = b[c];
if ("interactive" === a.readyState)
return z = a
}
}
function e(b, c) {
this.uri = b;
this.dependencies = c || [];
this.exports = null;
this.status = 0;
this._waitings = {};
this._remain = 0
}
if (!t.seajs) {
var f = t.seajs = {
version: "2.1.1"
}
, h = f.data = {}
, X = v("Object")
, F = v("String")
, A = Array.isArray || v("Array")
, x = v("Function")
, w = 0
, p = h.events = {};
f.on = function(b, c) {
(p[b] || (p[b] = [])).push(c);
return f
}
;
f.off = function(b, c) {
if (!b && !c)
return p = h.events = {},
f;
var a = p[b];
if (a)
if (c)
for (var d = a.length - 1; 0 <= d; d--)
a[d] === c && a.splice(d, 1);
else
delete p[b];
return f
}
;
var m = f.emit = function(b, c) {
var a = p[b], d;
if (a)
for (a = a.slice(); d = a.shift(); )
d(c);
return f
}
, E = /[^?#]*\//, S = /\/\.\//g, J = /\/[^/]+\/\.\.\//, U = /^([^/:]+)(\/.+)$/, V = /{([^{]+)}/g, R = /^\/\/.|:\//, T = /^.*?\/\/.*?\//, n = document, q = location, B = q.href.match(E)[0], k = n.getElementsByTagName("script"), k = n.getElementById("seajsnode") || k[k.length - 1], k = ((k.hasAttribute ? k.src : k.getAttribute("src", 4)) || B).match(E)[0], s = n.getElementsByTagName("head")[0] || n.documentElement, N = s.getElementsByTagName("base")[0], O = /\.css(?:\?|$)/i, Y = /^(?:loaded|complete|undefined)$/, y, z, M = 536 > 1 * navigator.userAgent.replace(/.*AppleWebKit\/(\d+)\..*/, "$1"), Z = /"(?:\\"|[^"])*"|'(?:\\'|[^'])*'|\/\*[\S\s]*?\*\/|\/(?:\\\/|[^\/\r\n])+\/(?=[^\/])|\/\/.*|\.\s*require|(?:^|[^$])\brequire\s*\(\s*(["'])(.+?)\1\s*\)/g, $ = /\\\\/g, r = f.cache = {}, C, G = {}, H = {}, D = {}, j = e.STATUS = {
FETCHING: 1,
SAVED: 2,
LOADING: 3,
LOADED: 4,
EXECUTING: 5,
EXECUTED: 6
};
e.prototype.resolve = function() {
for (var b = this.dependencies, c = [], a = 0, d = b.length; a < d; a++)
c[a] = e.resolve(b[a], this.uri);
return c
}
;
e.prototype.load = function() {
if (!(this.status >= j.LOADING)) {
this.status = j.LOADING;
var b = this.resolve();
m("load", b);
for (var c = this._remain = b.length, a, d = 0; d < c; d++)
a = e.get(b[d]),
a.status < j.LOADED ? a._waitings[this.uri] = (a._waitings[this.uri] || 0) + 1 : this._remain--;
if (0 === this._remain)
this.onload();
else {
for (var g = {}, d = 0; d < c; d++)
a = r[b[d]],
a.status < j.FETCHING ? a.fetch(g) : a.status === j.SAVED && a.load();
for (var h in g)
if (g.hasOwnProperty(h))
g[h]()
}
}
}
;
e.prototype.onload = function() {
this.status = j.LOADED;
this.callback && this.callback();
var b = this._waitings, c, a;
for (c in b)
if (b.hasOwnProperty(c) && (a = r[c],
a._remain -= b[c],
0 === a._remain))
a.onload();
delete this._waitings;
delete this._remain
}
;
e.prototype.fetch = function(b) {
function c() {
var a = g.requestUri
, b = g.onRequest
, c = g.charset
, d = O.test(a)
, e = n.createElement(d ? "link" : "script");
if (c && (c = x(c) ? c(a) : c))
e.charset = c;
var f = e;
d && (M || !("onload"in f)) ? setTimeout(function() {
L(f, b)
}, 1) : f.onload = f.onerror = f.onreadystatechange = function() {
Y.test(f.readyState) && (f.onload = f.onerror = f.onreadystatechange = null,
!d && !h.debug && s.removeChild(f),
f = null,
b())
}
;
d ? (e.rel = "stylesheet",
e.href = a) : (e.async = !0,
e.src = a);
y = e;
N ? s.insertBefore(e, N) : s.appendChild(e);
y = null
}
function a() {
delete G[f];
H[f] = !0;
C && (e.save(d, C),
C = null);
var a, b = D[f];
for (delete D[f]; a = b.shift(); )
a.load()
}
var d = this.uri;
this.status = j.FETCHING;
var g = {
uri: d
};
m("fetch", g);
var f = g.requestUri || d;
!f || H[f] ? this.load() : G[f] ? D[f].push(this) : (G[f] = !0,
D[f] = [this],
m("request", g = {
uri: d,
requestUri: f,
onRequest: a,
charset: h.charset
}),
g.requested || (b ? b[g.requestUri] = c : c()))
}
;
e.prototype.exec = function() {
function b(a) {
return e.get(b.resolve(a)).exec()
}
if (this.status >= j.EXECUTING)
return this.exports;
this.status = j.EXECUTING;
var c = this.uri;
b.resolve = function(a) {
return e.resolve(a, c)
}
;
b.async = function(a, g) {
e.use(a, g, c + "_async_" + w++);
return b
}
;
var a = this.factory
, a = x(a) ? a(b, this.exports = {}, this) : a;
a === u && (a = this.exports);
null === a && !O.test(c) && m("error", this);
delete this.factory;
this.exports = a;
this.status = j.EXECUTED;
m("exec", this);
return a
}
;
e.resolve = function(b, c) {
var a = {
id: b,
refUri: c
};
m("resolve", a);
return a.uri || K(a.id, c)
}
;
e.define = function(b, c, a) {
var d = arguments.length;
1 === d ? (a = b,
b = u) : 2 === d && (a = c,
A(b) ? (c = b,
b = u) : c = u);
if (!A(c) && x(a)) {
var g = [];
a.toString().replace($, "").replace(Z, function(a, b, c) {
c && g.push(c)
});
c = g
}
d = {
id: b,
uri: e.resolve(b),
deps: c,
factory: a
};
if (!d.uri && n.attachEvent) {
var f = W();
f && (d.uri = f.src)
}
m("define", d);
d.uri ? e.save(d.uri, d) : C = d
}
;
e.save = function(b, c) {
var a = e.get(b);
a.status < j.SAVED && (a.id = c.id || b,
a.dependencies = c.deps || [],
a.factory = c.factory,
a.status = j.SAVED)
}
;
e.get = function(b, c) {
return r[b] || (r[b] = new e(b,c))
}
;
e.use = function(b, c, a) {
var d = e.get(a, A(b) ? b : [b]);
d.callback = function() {
for (var a = [], b = d.resolve(), e = 0, f = b.length; e < f; e++)
a[e] = r[b[e]].exec();
c && c.apply(t, a);
delete d.callback
}
;
d.load()
}
;
e.preload = function(b) {
var c = h.preload
, a = c.length;
a ? e.use(c, function() {
c.splice(0, a);
e.preload(b)
}, h.cwd + "_preload_" + w++) : b()
}
;
f.use = function(b, c) {
e.preload(function() {
e.use(b, c, h.cwd + "_use_" + w++)
});
return f
}
;
e.define.cmd = {};
t.define = e.define;
f.Module = e;
h.fetchedList = H;
h.cid = Q;
f.resolve = K;
f.require = function(b) {
return (r[e.resolve(b)] || {}).exports
}
;
h.base = (k.match(/^(.+?\/)(\?\?)?(seajs\/)+/) || ["", k])[1];
h.dir = k;
h.cwd = B;
h.charset = "utf-8";
var B = h
, P = []
, q = q.search.replace(/(seajs-\w+)(&|$)/g, "$1=1$2")
, q = q + (" " + n.cookie);
q.replace(/(seajs-\w+)=1/g, function(b, c) {
P.push(c)
});
B.preload = P;
f.config = function(b) {
for (var c in b) {
var a = b[c]
, d = h[c];
if (d && X(d))
for (var e in a)
d[e] = a[e];
else
A(d) ? a = d.concat(a) : "base" === c && ("/" === a.slice(-1) || (a += "/"),
a = I(a)),
h[c] = a
}
m("config", b);
return f
}
}
}
)(this);
貌似它好像是密码明文, 用
谢谢,有个很奇怪的点,在浏览器发出去的时候貌似是明文,但是在arpspoof+wireshark抓到的包却是这样的:
Digest username="admin", realm="DVRNVRDVS", nonce="dfb1a26b538c68f1eb3c5c51b6a212f2:5189369005", uri="/ISAPI/Security/userCheck?timeStamp=1640170939086", algorithm=MD5, response="ab53f8b90a6d0041a57934ba74e01723", qop=auth, nc=00000001, cnonce="7a952e13bc4c3512"
需要完整的包的话跟我说一声
这是浏览器里网络的情况:
▼常规
请求网址: http:/ /admin: admin@178. 23.119.227/ ISAPI/
Security/ sess ionLogin/ capabi lities ?username= admin
&r andom= 25454743
请求方法: GET
状态代码: D 200 OK
远程地址: 178 .23.119.227 :80
引荐来源网址政策: strict - origin- when-cross- origin
v响应标头
查看源代码
Cache-Control: no- store
Connection: keep- alive
Content-Length: 544
Content-Type: application/ xml; charset="UTF-8"
Date: Sun, 06 Mar 2022 07 :39:20 GMT
Keep-Alive: timeout=60, max=91
Server: Webs
X-Content- Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
@敲代码挣彩礼: 您说的接口是指什么?我不太理解。
@敲代码挣彩礼: 你是说pc客户端是吗?我记得像这种监控,客户端是rtsp协议用的是544端口。这个链接像是一个xml文件,应该是配置数据的吧。
把网址丢出来
– 孔雀为什么东南方 2年前@孔雀为什么东南方: http://178.23.119.227/doc/page/login.asp?_1646535900186
– 大鸡腿呀 2年前