对 Javascript 聊天进行逆向工程
[英]Reverse-engineering a Javascript chat
问题描述
This is the case.
是这样的。
I'm reverse-engineering a chat.我正在对聊天进行逆向工程。 The client runs in a browser, in Javascript.客户端在浏览器中运行,使用 Javascript。 Nothing is documented, but by checking the HTTP requests/responses (using Burp Suite), I've been able to figure out everything.没有任何记录,但通过检查 HTTP 请求/响应(使用 Burp Suite),我已经能够弄清楚一切。
For simplicity, let's say that "everything" means loading the last messages and also sending a message.为简单起见,假设“一切”意味着加载最后一条消息并发送一条消息。
However, the chat client detects "events".然而,聊天客户端检测到“事件”。 Eg, when a new message arrives.例如,当有新消息到达时。 And I'm pretty sure the program is not polling any endpoint for this.而且我很确定该程序不会为此轮询任何端点。
So, there should be an existing active connection receiving these events.因此,应该有一个现有的活动连接接收这些事件。
I am sure it's not WebSockets.我确定这不是 WebSockets。 So I need to look elsewhere, and checking the Javascript code (which is fragmented, obfuscated and minified) seems to be a HUGE task without knowing what to look for.所以我需要寻找其他地方,检查 Javascript 代码(碎片化、混淆和缩小)似乎是一项巨大的任务,而且不知道要寻找什么。
I've used Wireshark / mitmproxy for clues but could not get anything more useful that what I get with Burp.我使用 Wireshark / mitmproxy 作为线索,但无法获得比 Burp 更有用的东西。
What's the cheapest route to find out where is this program connecting to?找出这个程序连接到哪里的最便宜的途径是什么? I'm not much versed in Javascript so I don't know what are the ways of connecting to a given host and receiving events.我不太精通 Javascript,所以我不知道连接到给定主机和接收事件的方式是什么。
Any hints?有什么提示吗?
Thank you very much!非常感谢你!
1 个解决方案
解决方案1
0 2022-12-17 17:08:59
As weird as it may sound, the events were hidden behind a default filter.听起来很奇怪,这些事件隐藏在默认过滤器后面。 They come as text/event-stream , which is strangely recognized as CSS by Burp.它们以text/event-stream的形式出现,Burp 奇怪地将其识别为 CSS。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.