2026-01-09 23:20:14 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 本文解析了前端SM国密加密报文的逆向过程，详细展示了异或混淆与加解密逻辑。提供了四种修改技巧：重写逻辑开发自动化插件、断点调试修改参数、Hook函数拦截明文及利用JSRPC。建议通过固定密钥降低逆向难度，并指出前端加密可破，可借助AI分析混淆代码。 综合评分： 88 文章分类： WEB安全,逆向分析,实战经验,渗透测试,安全工具

cover_image

告别“抓包即乱码”——深度剖析前端加密与报文修改技巧

原创

onttys000

T00ls安全

2026年1月9日 16:31 山西

随着安全越来越卷，越来越多的站点对报文做了加密处理，不努力下次测试连个包都改不了

以某站点为例，对前端报文加密绕过处理做下总结

通过抓包可以看到网站对报文进行了加密处理

针对这种前端报文加密的场景常考虑以下几种应对措施

1.分析加解密算法，流程，进行重写。密文=>解密=>加密
2.jshook，控制台操作
3.js rpc

以上三种方法，不可绕过的步骤都是前端加密逻辑分析。

加密逻辑分析

打开 F12 /开发者工具

浏览前端目录，一眼发现 security 目录，并且该目录下还存在 encrypt-sm.js /pnc-crypto-min.js 文件

（没法一眼看出来的场景那就只能搜索关键字了）

快速查看两个 js 文件，发现加解密调用逻辑主要就存在jsencrypt-sm.js文件中

在关键位置进行断点，点击网页的扫码登录功能，很明显的发现参数 r 为请求报文体明文，参数 t 为加密密钥

根据堆栈信息可以找到调用加密的位置，可以看到密钥是通过YT.Security.getEncryptKey()获取到的，每次调用getEncryptKey 密钥都会发生改变，跟踪函数发现生成密钥的位置如下

下面分析jsencrypt-sm.js 中的加密过程。

下面是整个请求报文体的加密处理过程

将报文体转换为byte数组

计算byte数组的长度

补齐数组长度到16的倍数，用随机数进行补齐，随机数计算方法

第一位制定为29(做分隔符) 后续Math.round(150 * Math.random()) % 150 + 30;

String.fromCharCode(29)) &nbsp;=〉 \x1D

生成混淆数组Math.round(255 * Math.random()) % 255;

然后将补齐后的字节数组逐位与混淆数组进行异或运算

异或结果+混淆数组进行拼接成新的数组

将拼接结果转换为hex字符串

密钥转换为字节数组

将以上两项进行sm4

将sm4结果从byte转换为hexstr

将sm4密钥进行sm2

拼接明文请求报文+对称密钥+YTGSRCU 然后将拼接结果进行sm3

u：sm3结果byte数组

o：sm4结果hexstr

s：sm2结果

拼接return "#10" + [Code.bytes2hexStr(u), o, s].join(String.fromCharCode(29))

最终请求报文

修改报文方式一（做成工具，自动化操作）

通过上面的加密逻辑分析，可以确定以下几点

1. 对称加密密钥是随机生成的应对方法：固定密钥（修改 js 文件使对称加密密钥保持不变）

   &nbsp;a. 调用加密算法时传入写死的字符串作为密钥

   &nbsp;b. 修改生成密钥的函数，使函数的返回值保持不变

2. 组合加密，数字信封，对称+非对称+摘要 a. 固定对称加密密钥后非对称加密部分不需要操作 b. 对称加密部分，需要根据分析出的加密逻辑进行逆运算，将加密后的报文解密得到明文，修改报文后，再重写加密逻辑将明文加密成密文 c. 将修改后的报文重新算摘要

整体实现难度较大，但实现后将其做成 burp 插件，或者在 burp 上再叠一层 mitmdump 处理加解密，后续可以很方便测试。

修改报文方式二（适用于简单测试，验证，不方便批量操作）

通过调试找到调用加密函数的位置，可以在开发者工具中对指定参数进行修改，大变量需要在 console 窗口中进行修改

修改报文方式三

可以看到报文的格式时 json，并且有调用的 JSON.stringify(r)，可以对JSON.stringify(r)进行 hook

每当调用JSON.stringify(r)时可以走入我们自定义的函数中，我们可以再此对传入的加密前的明文 body 进行修改

但此处不行，因为传入的 r 本身就是 string 类型走不到JSON.stringify(r)

跟对堆栈往前找

可以对YT.Security.encrypt 进行 hook，此时代码走入了我们的自定义逻辑中，同样可以修改加密前的明文 body

修改报文方式四

通过 jsrpc 的方式，主动调用 js 中的报文加密和解密函数，对报文进行加密或解密

但是此处可以响应报文的解密适用该方法，加密逻辑复杂，网站 js 代码中未提供可以解密请求报文的函数

此处同样需要提前对密钥进行固定

总结

其实针对用web端系统的前端加解密还是比较好解决的，可能难点在于js混淆，就是需要慢慢调试，理清逻辑后还是很好操作的，实在不行，前端代码都给了，直接上手改呗。

另：现在进入ai时代了，大不了扔给ai分析呗。

这里贴一段jsencrypt-sm.js 代码

define(function(require) {
&nbsp; &nbsp;&nbsp;require("js/security/pnc-crypto-min");
&nbsp; &nbsp;&nbsp;var&nbsp;r =&nbsp;YT.Security&nbsp;= {
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;encrypt:&nbsp;function(r, t) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;"string"&nbsp;!=&nbsp;typeof&nbsp;r && (r =&nbsp;JSON.stringify(r));
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;n =&nbsp;function(r, t) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;n = r.length, e = t.length, o =&nbsp;newArray, s =&nbsp;function(r, t) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;n = r.length, e =&nbsp;newArray, o = n /&nbsp;16, s =&nbsp;0; s < o; s++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;u =&nbsp;16&nbsp;* s, i =&nbsp;0; i <&nbsp;16; i++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; e[u + i] = r[u + i] ^ t[i];
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;e
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }(r, t), u =&nbsp;0; u < s.length; u++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; u < n && o.push(s[u]);
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;u =&nbsp;0; u < t.length; u++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; u < e && o.push(t[u]);
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;o
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }(function(r) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;t = r.length
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , n = t %&nbsp;16;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n =&nbsp;16&nbsp;- n;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;e =&nbsp;newArray;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; e[0] =&nbsp;29;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;o =&nbsp;1; o < n; o++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; e[o] =&nbsp;Math.round(150&nbsp;*&nbsp;Math.random()) %&nbsp;150&nbsp;+&nbsp;30;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;s =&nbsp;newArray;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s = [].concat(r);
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;o =&nbsp;0; o < e.length; o++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; o < n && s.push(e[o]);
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;s
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }(Code.str2bytes(r)),&nbsp;function(r) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;t =&nbsp;newArray, n =&nbsp;0; n <&nbsp;16; n++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; t[n] =&nbsp;Math.round(255&nbsp;*&nbsp;Math.random()) %&nbsp;255;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;t
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }())
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , e = _Sm4.encode(Code.bytes2hexStr(n),&nbsp;Code.str2bytes(t))
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , o =&nbsp;Code.bytes2hexStr(e)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , s = _Sm2.encode(t)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , u = _Sm3.hash(Code.str2bytes(r + t +&nbsp;"YTGSRCU"));
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return"#10"&nbsp;+ [Code.bytes2hexStr(u), o, s].join(String.fromCharCode(29))
&nbsp; &nbsp; &nbsp; &nbsp; },
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;decrypt:&nbsp;function(r, t) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;n = r.substr(14)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , e =&nbsp;parseInt(r.substring(3,&nbsp;5),&nbsp;16)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , o =&nbsp;parseInt(r.substring(5,&nbsp;7),&nbsp;16)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , s =&nbsp;parseInt(r.substring(7,&nbsp;8),&nbsp;16)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , u =&nbsp;parseInt(r.substring(8,&nbsp;14),&nbsp;16)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , i = n.substring(e, e + o)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , a = i.length
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; , h = [];
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;switch&nbsp;(h.push(n.substring(0, e)),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;case1:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; h.push(i.charAt(a -&nbsp;1)),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; h.push(i.substring(1, a -&nbsp;1)),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; h.push(i.charAt(0));
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;break;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;case2:
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;f =&nbsp;2; f <= a; ++f)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; f %&nbsp;2&nbsp;==&nbsp;0&nbsp;&& (h.push(i.charAt(f -&nbsp;1)),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; h.push(i.charAt(f -&nbsp;2)));
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(a %&nbsp;2&nbsp;!=&nbsp;0&nbsp;&&&nbsp;0&nbsp;< a) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; h.push(i.charAt(a -&nbsp;1));
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;break
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return0&nbsp;!= s && (h.push(n.substring(e + o)),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n = h.join("")),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n = n.substring(0, u),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;function(r) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;t = [], n =&nbsp;0, e = r.length; n < e; n++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;240&nbsp;<= r[n] && r[n] <=&nbsp;247&nbsp;? (t.push(String.fromCodePoint(((7&nbsp;& r[n]) <<&nbsp;18) + ((63&nbsp;& r[n +&nbsp;1]) <<&nbsp;12) + ((63&nbsp;& r[n +&nbsp;2]) <<&nbsp;6) + (63&nbsp;& r[n +&nbsp;3]))),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n +=&nbsp;3) :&nbsp;224&nbsp;<= r[n] && r[n] <=&nbsp;239&nbsp;? (t.push(String.fromCodePoint(((15&nbsp;& r[n]) <<&nbsp;12) + ((63&nbsp;& r[n +&nbsp;1]) <<&nbsp;6) + (63&nbsp;& r[n +&nbsp;2]))),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n +=&nbsp;2) :&nbsp;192&nbsp;<= r[n] && r[n] <=&nbsp;223&nbsp;? (t.push(String.fromCodePoint(((31&nbsp;& r[n]) <<&nbsp;6) + (63&nbsp;& r[n +&nbsp;1]))),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n++) : t.push(String.fromCodePoint(r[n]));
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;t.join("")
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }(_Sm4.crypt(Code.hexStr2bytes(n),&nbsp;Code.str2bytes(t),&nbsp;0))
&nbsp; &nbsp; &nbsp; &nbsp; },
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;getEncryptKey:&nbsp;function() {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;r.uuid(32,&nbsp;16)
&nbsp; &nbsp; &nbsp; &nbsp; },
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;uuid:&nbsp;function(r, t) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;n, e, o =&nbsp;"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz".split(""), s = [];
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(t = t || o.length,
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; r)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(n =&nbsp;0; n < r; n++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s[n] = o[0&nbsp;|&nbsp;Math.random() * t];
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;else
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(s[8] = s[13] = s[18] = s[23] =&nbsp;"-",
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s[14] =&nbsp;"4",
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n =&nbsp;0; n <&nbsp;36; n++)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s[n] || (e =&nbsp;0&nbsp;|&nbsp;16&nbsp;*&nbsp;Math.random(),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; s[n] = o[19&nbsp;== n ?&nbsp;3&nbsp;& e |&nbsp;8&nbsp;: e]);
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;s.join("")
&nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; };
&nbsp; &nbsp;&nbsp;String.fromCodePoint&nbsp;||&nbsp;function(u) {
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;t =&nbsp;function(r) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;for&nbsp;(var&nbsp;t = [], n =&nbsp;"", e =&nbsp;0, o =&nbsp;arguments.length; e !== o; ++e) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;var&nbsp;s = +arguments[e];
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(!(s <&nbsp;1114111&nbsp;&& s >>>&nbsp;0&nbsp;=== s))
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;throwRangeError("Invalid code point: "&nbsp;+ s);
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;16383&nbsp;<= (s <=&nbsp;65535&nbsp;? t.push(s) : (s -=&nbsp;65536,
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; t.push(55296&nbsp;+ (s >>&nbsp;10), s %&nbsp;1024&nbsp;+&nbsp;56320))) && (n += u.apply(null, t),
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; t.length&nbsp;=&nbsp;0)
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return&nbsp;n + u.apply(null, t)
&nbsp; &nbsp; &nbsp; &nbsp; };
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;try&nbsp;{
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;Object.defineProperty(String,&nbsp;"fromCodePoint", {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;value: t,
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;configurable: !0,
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;writable: !0
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; })
&nbsp; &nbsp; &nbsp; &nbsp; }&nbsp;catch&nbsp;(r) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;String.fromCodePoint&nbsp;= t
&nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; }(String.fromCharCode)
});

原文链接

https://www.t00ls.com/articles-73345.html

#

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：T00ls安全 onttys000《告别“抓包即乱码”——深度剖析前端加密与报文修改技巧》