• 明文暴露___JS前台加密,java后台解密实现


    1.前台JS

     1 <script type="text/javascript">  
     2     $(function() {  
     3         $("#btn").click(function() {  
     4             var username = encode64($("#username").val());  //对数据加密  
     5             var password = encode64($("#password").val());  
     6             $("#username").val(username);  
     7             $("#password").val(password);  
     8             document.fm.submit();  //fm为form表单name  
     9         })  
    10     })  
    11       
    12     // base64加密开始  
    13     var keyStr = "ABCDEFGHIJKLMNOP" + "QRSTUVWXYZabcdef" + "ghijklmnopqrstuv"  
    14             + "wxyz0123456789+/" + "=";  
    15       
    16     function encode64(input) {  
    17   
    18         var output = "";  
    19         var chr1, chr2, chr3 = "";  
    20         var enc1, enc2, enc3, enc4 = "";  
    21         var i = 0;  
    22         do {  
    23             chr1 = input.charCodeAt(i++);  
    24             chr2 = input.charCodeAt(i++);  
    25             chr3 = input.charCodeAt(i++);  
    26             enc1 = chr1 >> 2;  
    27             enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);  
    28             enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);  
    29             enc4 = chr3 & 63;  
    30             if (isNaN(chr2)) {  
    31                 enc3 = enc4 = 64;  
    32             } else if (isNaN(chr3)) {  
    33                 enc4 = 64;  
    34             }  
    35             output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2)  
    36                     + keyStr.charAt(enc3) + keyStr.charAt(enc4);  
    37             chr1 = chr2 = chr3 = "";  
    38             enc1 = enc2 = enc3 = enc4 = "";  
    39         } while (i < input.length);  
    40   
    41         return output;  
    42     }  
    43     // base64加密结束  
    44 </script> 


    2、后台java代码

     1 private static char[] base64EncodeChars = new char[] { 'A', 'B', 'C', 'D',  
     2         'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q',  
     3         'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',  
     4         'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q',  
     5         'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3',  
     6         '4', '5', '6', '7', '8', '9', '+', '/', };  
     7   
     8 private static byte[] base64DecodeChars = new byte[] { -1, -1, -1, -1, -1,  
     9         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,  
    10         -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,  
    11         -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59,  
    12         60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,  
    13         10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1,  
    14         -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37,  
    15         38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1,  
    16         -1, -1 };  
    17   
    18 /** 
    19  * 解密 
    20  * @param str 
    21  * @return 
    22  */  
    23 public static byte[] decode(String str) {  
    24     byte[] data = str.getBytes();  
    25     int len = data.length;  
    26     ByteArrayOutputStream buf = new ByteArrayOutputStream(len);  
    27     int i = 0;  
    28     int b1, b2, b3, b4;  
    29   
    30     while (i < len) {  
    31         do {  
    32             b1 = base64DecodeChars[data[i++]];  
    33         } while (i < len && b1 == -1);  
    34         if (b1 == -1) {  
    35             break;  
    36         }  
    37   
    38         do {  
    39             b2 = base64DecodeChars[data[i++]];  
    40         } while (i < len && b2 == -1);  
    41         if (b2 == -1) {  
    42             break;  
    43         }  
    44         buf.write((int) ((b1 << 2) | ((b2 & 0x30) >>> 4)));  
    45   
    46         do {  
    47             b3 = data[i++];  
    48             if (b3 == 61) {  
    49                 return buf.toByteArray();  
    50             }  
    51             b3 = base64DecodeChars[b3];  
    52         } while (i < len && b3 == -1);  
    53         if (b3 == -1) {  
    54             break;  
    55         }  
    56         buf.write((int) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));  
    57   
    58         do {  
    59             b4 = data[i++];  
    60             if (b4 == 61) {  
    61                 return buf.toByteArray();  
    62             }  
    63             b4 = base64DecodeChars[b4];  
    64         } while (i < len && b4 == -1);  
    65         if (b4 == -1) {  
    66             break;  
    67         }  
    68         buf.write((int) (((b3 & 0x03) << 6) | b4));  
    69     }  
    70     return buf.toByteArray();  
    71 }  
    72 
    73 
    74 System.out.println(new String(decode(username)));  // 使用decode()方法进行解密
  • 相关阅读:
    HTML基础
    一次由任意文件漏洞开始的渗透测试过程
    谈一谈信息泄露这件事
    浅谈任意文件下载漏洞的利用
    [原创] 一次渗透测试过程--从外网进内网
    一次绕过360+诺顿的提权过程
    漏洞挖掘高级方法
    新型勒索软件Magniber正瞄准韩国、亚太地区开展攻击
    Microsoft Edge 浏览器远程代码执行漏洞POC及细节(CVE-2017-8641)
    Office远程代码执行漏洞CVE-2017-0199复现
  • 原文地址:https://www.cnblogs.com/651434092qq/p/12014608.html
Copyright © 2020-2023  润新知