Войти с помощью curl на странице с отправкой javascript - PullRequest
0 голосов
/ 02 июля 2019

Я пытаюсь создать скрипт, который очищает журналы вызовов с некоторых IP-телефонов в нашей локальной сети. Эти телефоны имеют веб-интерфейс, который очень просто запрашивает имя пользователя и пароль (в данном случае это admin: admin для веб-интерфейса http://192.168.25.176/).

Вот код страницы входа в систему:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport">
<link rel="stylesheet" type ="text/css" href="style.css">
<script language="javascript" type="text/javascript" src="comm.js"></script>
<script language="javascript" type="text/javascript" src="xmlUtil.js"></script>
<script language="javascript" type="text/javascript" src="cookieUtil.js"></script>
<title>Logon</title>
</head>

<body onload="refreshpage()" style="width:100%; background-color:#EEF6F8;">
<div class="logon_content">
        <div align="center" class="logon_div_tb">
                <table width="100%">
                        <tr>
                                <td align="right" width="100px"><font class="font4"><span id="XSTR_WZD_LBL_USR">User</span>:</font></td>
                                <td align="left"><input tabindex="2" type="text" id="username" style="width:120px"></td>
                        </tr>
                        <tr>
                                <td align="right"><font class="font4"><span id="XSTR_LBL_GEN_PWD">Password</span>:</font></td>
                                <td align="left"><input tabindex="2" type="password" id="password" style="width:120px" onkeydown="KeyDown(event)"></td>
                        </tr>
                        <tr>
                                <td align="right"><font class="font4"><span id="XSTR_WZD_LANG">Language</span>:</font></td>
                                <td align="left">
                                        <select tabindex="3" id="langSelect" onchange="langChange()" style="width:120px">
                                                <option value="en">English</option>
                                                <option value="cn">中文</option>
                                                <option value="tc">繁體中文</option>
                                                <option value="nl">Nederlands</option>
                                                <option value="fr">Français</option>
                                                <option value="ru">Русский</option>
                                                <option value="it">Italiano</option>
                                                <option value="es">Español</option>
                                                <option value="jp">日本語</option>
                                                <option value="bg">Български</option>
                                                <option value="slo">Slovenski</option>
                                                <option value="cat">Català</option>
                                                <option value="eus">Euskera</option>
                                                <option value="de">Deutsch</option>
                                                <option value="pt">Português</option>
                                                <option value="cz">Czech</option>
                                                <option value="gl">Gallego</option>
                                                <option value="in">Indonesia</option>
                                                <option value="ma">Malay</option>
                                                <option value="hu">Magyar</option>
                                                <option value="ar">العربية</option>
                                                <option value="uk">Український</option>
                                                <option value="tr">Türkçe</option>
                                                <option value="he">עברית</option>
                                                <option value="pl">Polski</option>
                                                <option value="pe">فارسی</option>
                                                </select>
                                </td>
                        </tr>
                        <tr>
                                <td></td>
                                <td><input id="logonButton" type="button" lang="XSTR_LBL_GEN_LOGON" value="Logon" onClick="reqNonce()" class="btninput" tabindex="4"></td>
                        </tr>
                </table>
        </div>

        <form method="POST" id="login">
        <input type="hidden" id="encoded" name="encoded">
        <input type="hidden" name="ReturnPage" value="/">
        </form>

        <br /><br /><br /><br />
        <div style="color:red; display:none;" id="errorMsg">
                <p><span id="XSTR_HLP_AUTH_ERROR">User Name or Password Error!</span></p>
        </div>
</div>
</body>

<script language="javascript" type="text/javascript" defer="defer">
var xmlHttp = null;
var langCookie = new xCookie();
var langSel = document.getElementById("langSelect");
var scrnlang = "it";
var selLang;
var cookLang = langCookie.getCookie("CUR_LANG");

if(cookLang != null && cookLang == scrnlang)
{
        selLang =  cookLang;
}
else
{
        selLang = scrnlang;
        langCookie.setCookie("CUR_LANG", selLang, 365);
}

if (!(selLang) >= 0) {
        for (i=0; i<langSel.options.length; i++) {
                if (langSel.options[i].value == selLang) {
                        langSel.options[i].selected  = true;
                        break;
                }
        }
}
if (parseInt("0") == 5)         document.getElementById("errorMsg").style.display = "";
else if (parseInt("0") == 6) {
        var errorMsg = document.getElementById("errorMsg");
        document.getElementById("logonButton").disabled="disabled";
        document.getElementById("username").focus();
        errorMsg.innerHTML = "<p><span id='XSTR_LBL_ALERT_PHONE_BUSY'>Sorry, the phone is busy now, please try again later!</span></p>";
        errorMsg.style.display = "";
}
if (window.focus)                                                       self.focus();

//-----------------------multi-lang---------------------------------
var gStrList = new Array();
var gStrId   = new xJSon();
var gLangId  = new xJSon();
var docAjax  = new xAjax("GET", "xstr_list.xst?now=" + new Date().getTime(), false, xmlHookFun);
var xstrHttp = docAjax.xmlHttp;
docAjax.send(null);

function xmlHookFun() {
        if (xstrHttp != null) {
                if (4 == xstrHttp.readyState) {
                        if (200 == xstrHttp.status) {
                                var rows = xstrHttp.responseText.split("\r\n");
                                var colsLen = rows[0].split("\t").length;

                                gLangId.addItem("MAX_COLS", colsLen - 1);
                                for (var i=0; i<rows.length; i++) {
                                        if (rows[i]) {
                                                var cols = rows[i].split("\t");
                                                if (i != 0) gStrList[i - 1] = new Array();
                                                for (var j=0; j<colsLen; j++) {
                                                        if (i == 0 && j != 0) {
                                                                gLangId.addItem(cols[j], j - 1);
                                                        } else {
                                                                if (j == 0) gStrId.addItem(cols[j], i - 1);
                                                                else            gStrList[i - 1][j - 1] = cols[j];
                                                        }
                                                }
                                        }
                                }
                                if (selLang >= 0) {
                                        for (var i=0; i<langSel.options.length; i++) {
                                                if (gLangId.getItem(langSel.options[i].value) == selLang) {
                                                        langSel.options[i].selected  = true;
                                                        flag = true;
                                                        break;
                                                }
                                        }
                                        langChange();
                                }
                                gTranslate(selLang);
                        }
                }
        }
}

function gTranslate(langId) {
        var spans = document.getElementsByTagName("span");
        var inps  = document.getElementsByTagName("input");

        for (var i=0; i<spans.length; i++) {
                var id = spans[i].id;
                if (id.length > 0) {
                        var rowIdx = gStrId.getItem(id);
                        if (rowIdx != null) {
                                var content = gStrList[rowIdx][gLangId.getItem(langId)];
                                if (content != null && typeof(content) != "undefined" && content.length > 0) spans[i].innerHTML = content;
                        }
                }
        }

        for (var i=0; i<inps.length; i++) {
                var type = inps[i].getAttribute("type");
                if (type == "submit" || type == "button") {
                        var lang = inps[i].lang;
                        if (lang.length > 0) {
                                var rowIdx = gStrId.getItem(lang);
                                if (rowIdx != null) {
                                        var content = gStrList[rowIdx][gLangId.getItem(langId)];
                                        if (content != null && typeof(content) != "undefined" && content.length > 0) inps[i].value = content;
                                }
                        }
                }
        }
}
//-----------------------end of multi-lang--------------------------

function reqNonce() {
        var ajax = new xAjax("GET", "key==nonce?now=" + new Date().getTime(), true, getNonce);
        ajax.send(null);
        xmlHttp = ajax.xmlHttp;
}

function getNonce() {
        if (xmlHttp != null) {
                if (4 == xmlHttp.readyState) {
                        if (200 == xmlHttp.status) {
                                var cookie = new xCookie();
                                var nonce = xmlHttp.responseText.substring(0, 16);
                                cookie.setCookie("auth", nonce, 1);
                                encode(nonce);
                        } else {
                                var errorMsg = document.getElementById("errorMsg");
                                document.getElementById("username").focus();
                                errorMsg.innerHTML = "<p><span id='XSTR_LBL_GEN_BAD_SVR'>Server Too Busy!</span></p>";
                                errorMsg.style.display = "";
                        }
                }
        }
}

function KeyDown(event) {
        if (event.keyCode == 13) {
                event.returnValue = false;
                event.cancel = true;
                reqNonce();
        }
}

function langChange() {
        var langNewCookie = new xCookie();
        langCookie.setCookie("CUR_LANG", langSel.value, 365);
        langNewCookie.setCookie("CUR_NEW_LANG", langSel.value, 365);
        gTranslate(langSel.value);
}

function refreshpage() {
        if (window.top.parent.frames["main"] != null) {
                parent.location.href = parent.location.href;
        }
        document.getElementById("username").focus();
}
//---------------------------------------------------
function array(n) {
        for (i=0; i<n; i++) this[i] = 0;
        this.length = n;
}

function integer(n) { return n % (0xffffffff + 1); }

function shr(a, b) {
        a = integer(a);
        b = integer(b);
        if (a - 0x80000000 >= 0) {
                a = a % 0x80000000;
                a >>= b;
                a += 0x40000000 >> (b - 1);
        } else {
                a >>= b;
        }
        return a;
}

function shl1(a) {
        a = a % 0x80000000;
        if (a & 0x40000000 == 0x40000000) {
                a -= 0x40000000;
                a *= 2;
                a += 0x80000000;
        } else {
                a*=2;
        }
        return a;
}

function shl(a, b) {
        a = integer(a);
        b = integer(b);
        for (var i=0; i<b; i++) a=shl1(a);
        return a;
}

function and(a, b) {
        a = integer(a);
        b = integer(b);
        var t1 = (a - 0x80000000);
        var t2 = (b - 0x80000000);
        if (t1 >= 0) {
                if (t2 >= 0)    return ((t1 & t2) + 0x80000000);
                else                    return (t1 & b);
        } else {
                if (t2 >= 0)    return (a & t2);
                else                    return (a & b);
        }
}

function or(a, b) {
        a = integer(a);
        b = integer(b);
        var t1 = (a - 0x80000000);
        var t2 = (b - 0x80000000);
        if (t1 >= 0) {
                if (t2 >= 0)    return ((t1 | t2) + 0x80000000);
                else                    return ((t1 | b) + 0x80000000);
        } else {
                if (t2 >= 0)    return ((a | t2) + 0x80000000);
                else                    return (a | b);
        }
}

function xor(a, b) {
        a = integer(a);
        b = integer(b);
        var t1 = (a-0x80000000);
        var t2 = (b-0x80000000);
        if (t1>=0) {
                if (t2 >= 0)    return (t1 ^ t2);
                else                    return ((t1 ^ b) + 0x80000000);
        } else {
                if (t2 >= 0)    return ((a ^ t2) + 0x80000000);
                else                    return (a ^ b);
        }
}

function not(a) {
        a = integer(a);
        return (0xffffffff - a);
}

/* Here begin the real algorithm */
var state = new array(4);
var count = new array(2);
        count[0] = 0;
        count[1] = 0;
var buffer = new array(64);
var transformBuffer = new array(16);
var digestBits = new array(16);
var S11 = 7, S12 = 12, S13 = 17, S14 = 22, S21 = 5, S22 = 9, S23 = 14, S24 = 20;
var S31 = 4, S32 = 11, S33 = 16, S34 = 23, S41 = 6, S42 = 10, S43 = 15, S44 = 21;

function F(x, y, z) { return or(and(x, y), and(not(x), z)); }

function G(x, y, z) { return or(and(x, z), and(y, not(z))); }

function H(x, y, z) { return xor(xor(x, y), z); }

function I(x, y, z) { return xor(y, or(x, not(z))); }

function rotateLeft(a, n) { return or(shl(a, n), (shr(a, (32-n)))); }

function FF(a, b, c, d, x, s, ac) {
        a = a + F(b, c, d) + x + ac;
        a = rotateLeft(a, s);
        a = a + b;
        return a;
}

function GG(a, b, c, d, x, s, ac) {
        a = a + G(b, c, d) + x + ac;
        a = rotateLeft(a, s);
        a = a + b;
        return a;
}

function HH(a, b, c, d, x, s, ac) {
        a = a + H(b, c, d) + x + ac;
        a = rotateLeft(a, s);
        a = a + b;
        return a;
}

function II(a, b, c, d, x, s, ac) {
        a = a + I(b, c, d) + x + ac;
        a = rotateLeft(a, s);
        a = a + b;
        return a;
}

function transform(buf, offset) {
        var a=0, b=0, c=0, d=0;
        var x = transformBuffer;
        a = state[0];
        b = state[1];
        c = state[2];
        d = state[3];
        for (i=0; i<16; i++) {
                x[i] = and(buf[i * 4 + offset], 0xff);
                for (j = 1; j < 4; j++) x[i]+=shl(and(buf[i*4+j+offset] ,0xff), j * 8);
        }

        /* Round 1 */
        a = FF ( a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
        d = FF ( d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
        c = FF ( c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
        b = FF ( b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
        a = FF ( a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
        d = FF ( d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
        c = FF ( c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
        b = FF ( b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
        a = FF ( a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
        d = FF ( d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
        c = FF ( c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
        b = FF ( b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
        a = FF ( a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
        d = FF ( d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
        c = FF ( c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
        b = FF ( b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
        /* Round 2 */
        a = GG ( a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
        d = GG ( d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
        c = GG ( c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
        b = GG ( b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
        a = GG ( a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
        d = GG ( d, a, b, c, x[10], S22, 0x2441453); /* 22 */
        c = GG ( c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
        b = GG ( b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
        a = GG ( a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
        d = GG ( d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
        c = GG ( c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
        b = GG ( b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
        a = GG ( a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
        d = GG ( d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
        c = GG ( c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
        b = GG ( b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
        /* Round 3 */
        a = HH ( a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
        d = HH ( d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
        c = HH ( c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
        b = HH ( b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
        a = HH ( a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
        d = HH ( d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
        c = HH ( c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
        b = HH ( b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
        a = HH ( a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
        d = HH ( d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
        c = HH ( c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
        b = HH ( b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
        a = HH ( a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
        d = HH ( d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
        c = HH ( c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
        b = HH ( b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
        /* Round 4 */
        a = II ( a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
        d = II ( d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
        c = II ( c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
        b = II ( b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
        a = II ( a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
        d = II ( d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
        c = II ( c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
        b = II ( b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
        a = II ( a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
        d = II ( d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
        c = II ( c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
        b = II ( b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
        a = II ( a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
        d = II ( d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
        c = II ( c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
        b = II ( b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
        state[0] += a;
        state[1] += b;
        state[2] += c;
        state[3] += d;
}

function init() {
        count[0] = count[1] = 0;
        state[0] = 0x67452301;
        state[1] = 0xefcdab89;
        state[2] = 0x98badcfe;
        state[3] = 0x10325476;
        for (i=0; i<digestBits.length; i++) digestBits[i] = 0;
}

function update(b) {
        var index, i;
        index = and(shr(count[0], 3), 0x3f);
        if (count[0] < 0xffffffff-7) {
                count[0] += 8;
        } else {
                count[1]++;
                count[0] -= 0xffffffff + 1;
                count[0] += 8;
        }
        buffer[index] = and(b, 0xff);
        if (index >= 63) {
                transform(buffer, 0);
        }
}

function finish() {
        var bits = new array(8);
        var padding;
        var i=0, index=0, padLen=0;
        for (i=0; i<4; i++)             bits[i] = and(shr(count[0],(i * 8)), 0xff);
        for (i=0; i<4; i++)             bits[i + 4] = and(shr(count[1],(i * 8)), 0xff);
        index = and(shr(count[0], 3) ,0x3f);
        padLen = (index < 56) ? (56 - index) : (120 - index);
        padding = new array(64);
        padding[0] = 0x80;
        for (i=0; i<padLen; i++)        update(padding[i]);
        for (i=0; i<8; i++)             update(bits[i]);
        for (i=0; i<4; i++) {
                for (j=0; j<4; j++) {
                        digestBits[i * 4 + j] = and(shr(state[i], (j * 8)) , 0xff);
                }
        }
}
/* End of the MD5 algorithm */

function hexa(n) {
        var hexa_h = "0123456789abcdef";
        var hexa_c = "";
        var hexa_m = n;
        for (hexa_i=0; hexa_i<8; hexa_i++) {
                hexa_c = hexa_h.charAt(Math.abs(hexa_m) % 16) + hexa_c;
                hexa_m = Math.floor(hexa_m / 16);
        }
        return hexa_c;
}

var ascii = "01234567890123456789012345678901"
                  + " !\"#" + '\$'
                  + "%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                  + "[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";

function md5(entree) {
        var l,s,k,ka,kb,kc,kd;
        init();
        for (k=0; k<entree.length; k++) {
                l = entree.charAt(k);
                update(ascii.lastIndexOf(l));
        }
        finish();
        ka = kb = kc = kd = 0;
        for (i=0;i<4;i++)       ka += shl(digestBits[15-i], (i*8));
        for (i=4;i<8;i++)       kb += shl(digestBits[15-i], ((i-4)*8));
        for (i=8;i<12;i++)      kc += shl(digestBits[15-i], ((i-8)*8));
        for (i=12;i<16;i++) kd += shl(digestBits[15-i], ((i-12)*8));
        s = hexa(kd) + hexa(kc) + hexa(kb) + hexa(ka);
        return s;
}

function encode(nonce) {
        document.getElementById("encoded").value = document.getElementById("username").value + ":"
                + md5(document.getElementById("username").value + ":" + document.getElementById("password").value + ":" + nonce);
        document.getElementById("login").submit();
}
</script>
</html>

Как вы можете видеть после закрывающего тега body, есть javascript, который преобразует введенные данные, используя своего рода "основанный на времени хеш" для безопасности, я думаю, что он начинается после строки комментария

 /* Here begin the real algorithm */

Так что если попытаться скопировать из инспектора Chrome команду curl, я получу что-то вроде этого:

curl 'http://192.168.25.176/' -H 'Connection: keep-alive' -H 'Cache-Control: max-age=0' -H 'Origin: http://192.168.25.176' -H 'Upgrade-Insecure-Requests: 1' -H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3' -H 'Referer: http://192.168.25.176/' -H 'Accept-Encoding: gzip, deflate' -H 'Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7' -H 'Cookie: CTCPgSz=10; CUR_LANG=it; CUR_NEW_LANG=it; CLogPgSz=10; auth=c0a8194f002099a2' --data 'encoded=admin%3Ac087f3ff091daaf5d8ddcaf0d17fac4f&ReturnPage=%2F' --compressed --insecure

Но, очевидно, это всегда будет возвращать страницу входа, потому что строка

'encoded=admin%3Ac087f3ff091daaf5d8ddcaf0d17fac4f&ReturnPage=%2F'

генерируется сеансом chrome, а не командой curl. Любое предложение отправить входные данные в javascript до команды curl из моей командной строки? Большое спасибо

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...