Bypassing __jsl_clearance_s Cookie To Scrape CNVDs
CNVD is the Chinese vulnerability enumeration scheme to report the latest cyber threats, very similar to CVEs referenced as the standard in the U.S. Although many CNVDs cross over and map directly to CVE IDs as well, there are high-profile vulnerabilities that are exclusively identified by a CNVD ID, such as Ghostcat CNVD-2020-10487 from March 2020.
The CNVD (China National Vulnerability Database) is an essential data source to gain a broader perspective on reconnaissance. Let’s extract the CNVD data into a more accessible format for further analysis of vulnerabilities special to China.
Scraping the CNVD website (cnvd.org.cn) presents an unexpected barrier. Visiting and clicking around the CNVD website via standard website is fine, but as soon as trying to programmatically access it, the server sends a 521 HTTP response with an odd-looking javascript snippet. WTF?
<script>document.cookie=('_')+('_')+('j')+('s')+('l')+('_')+('c')+('l')+('e')+('a')+('r')+('a')+('n')+('c')+('e')+('_')+('s')+('=')+(-~[]+'')+(6+'')+(~~[]+'')+((1+[4]>>1)+'')+(4+'')+(1+8+'')+(1+3+'')+((1+[4]>>1)+'')+(-~[2]+'')+(-~(3)+'')+('.')+((2<<1)+'')+(3+'')+(0+1+0+1+'')+('|')+('-')+((+true)+'')+('|')+('m')+('t')+('E')+('s')+('I')+('A')+((1|2)+'')+('C')+('O')+('b')+('j')+((1+[2])/[2]+'')+('r')+('g')+('E')+('C')+('Y')+('t')+('L')+('r')+('Z')+('Q')+('t')+(4+'')+('N')+('o')+('U')+('%')+((1+[2]>>2)+'')+('D')+(';')+('m')+('a')+('x')+('-')+('a')+('g')+('e')+('=')+((1|2)+'')+(2+4+'')+(~~{}+'')+((+false)+'')+(';')+('p')+('a')+('t')+('h')+('=')+('/');location.href=location.pathname+location.search</script>
Opening up Chrome Developer Tools on a regular browser, see that two unique cookies are set:
__jsluid_s
_jsl_clearance_s
Now try requesting the cnvd.org.cn URL via curl
and include those cookie parameter values in -H 'Cookie: <parameters>
header flag, and we pass through to the actual response body content with 200 HTTP response and no further drag.
Searching for this _jsl_clearance_s
value on GitHub, it seems that jsl is a common protocol utilized by Chinese government websites to block automated crawlers.
The above snippet is the first of two javascript challenges, which only serves as a redirect to the second, heftier challenge. The true values of the jsl cookie parameters are set by the server on the second challenge. There are three sets of cookie generation methods depending on the incoming ha
parameter: md5, sha1, sha256.
var _0x5a6a = [
'KcKZaQU=',
'w5nCusKUwqE=',
'w4PCulFg',
'RX7Dn8Oo',
'w7g8w4J+',
'wrhjwr91',
'w40GwqQy',
'w6PCiwPDmw==',
'OHjCqcOq',
'w44nOls=',
'w6fCl8KHwoo=',
'w7fDpkwp',
'w5lawqUW',
'w6rDomg/',
'w7zCuMK0wpQ=',
'w6bDs8KVLw==',
'dlDDq1U=',
'w6bDsXUo',
'wqkBw5HClA==',
'w5N4dwk=',
'I8O+aDs=',
'ZsO8esKt',
'wqzDpMKVw7Y=',
'wpzCp8Ofcw==',
'ZEPDt8OE',
'OcOywrJu',
'w4l3w4ge',
'wrxnwrJn',
'a8OLA0Y=',
'woDDg8KCw54=',
'w5XDjXE0',
'KcK/Xhk=',
'w5fDq8KNw4E=',
'w40swowO',
'MFrDgms=',
'AHw/WA==',
'w4fCq35m',
'c8OMITY=',
'w5Bzw5Ic',
'wrdRw48=',
'w5xDwrs4',
'woZmwpw1',
'CDwrw70=',
'CWfDqCo=',
'wr3CsAPDjw==',
'DMKqY8OI',
'PcO7woF7',
'w6Jow4o7',
'w47DrWUw',
'wq3DpMKFw40=',
'w7hAw6x8',
'An7Cq8O4',
'OlTDuW4=',
'w67CgHJu',
'w4cqwokZ',
'Q8O5PGs=',
'woQWw7XClw==',
'BHg7XA==',
'woMlwooZ',
'wpXDsMKxw7U=',
'DkfChk0=',
'wqHChDjCnA==',
'bcK6woFW',
'wrhBwrZI',
'S8OMC0c=',
'UUXDisON',
'I8OKT28=',
'FyYTw54=',
'B3HDrUE=',
'wqBWecKe',
'L33CiMOL',
'w67DqMKyw4o=',
'wp3CsMOReQ==',
'wqrCrxTDhg==',
'L8KkZcO3',
'w5LDpcKOw5E=',
'NcKqcsOf',
'wrzCukw5',
'wp5Ww57DmQ==',
'UADDnsOy',
'w6XDsncp',
'dsOgUjA=',
'NwUew6c=',
'OcODGTs=',
'BsKVeik=',
'wp7CosKqHQ==',
'woLCp8OGfg==',
'w7Mmw4Zq',
'w4vCmsK8wqA=',
'6K+J5rKC6amT6K+f',
'FMO0dSs=',
'w4Uow7Z0',
'w4dmw5U=',
'w67DrcKeEg==',
'SgJJw5U=',
'PVPDpn0=',
'wrTChsKyEg==',
'w4/Ci1th',
'TcKlwr5s',
'w6vCjcKpwoU=',
'XcOvCgY=',
'CMOOFcKY',
'woTCtMOOfQ==',
'wplRw53Dgw==',
'w5LDosK7w7I=',
'GWnDgsOv',
'w4NLw4x2',
'woxNYcKg',
'w7fDi2MB',
'w6rCoVtd',
'w6fCj1Jr',
'w4J8UCY=',
'AcOqe2w=',
'w77DpVox',
'w6rDhcKyFw==',
'wqABw5PCkg==',
'wpjCgAHCpg==',
'wq/DrsKa',
'wrTCtBHDug==',
'w4XClW5j',
'KFzCu8Od',
'w6PDo8KHEA==',
'w500w45K',
'w4XChcKtwoE=',
'WMOyWhA=',
'OXXCqhA=',
'wpBBw57Drw==',
'cQtrLQ==',
'I8OhSSg=',
'wqYSw4DCnQ==',
'w7HDsEgp',
'wqRvw43DnA==',
'DMKZWsK+',
'w4gUw4R6',
'NsOnLcK0',
'w5dQw7V7',
'PVPDjnw=',
'w6zDmWVr',
'LcKiecOD',
'fRZAw4o=',
'XcOOe3I=',
'WmnDiMOv',
'wrnCp1nDmQ==',
'wrdgfsKj',
'Uyh9AA==',
'w4HDmWR7',
'wrrCicOfUg==',
'wqFTw4XDjQ==',
'YcKwwrd/',
'w7UPNlI=',
'wrpuwqUS',
'wovCvzjCgw==',
'w7LDpHh+',
'L8OPS28=',
'wpXCvAvDsQ==',
'w67DuXUr',
'wrYWw4fCvw==',
'w4rCo2dU',
'w4Z6w4cL',
'wrvCjcKrFA==',
'w5h4wqYY',
'woVFX8Kx',
'EMKYfcOJ',
'w4XDpkod',
'wqbCi1tp',
'w6PDlsKiw5M=',
'w6lQaTU=',
'w6TDpMKrDg==',
'w7FJw7Nj',
'w7Mqw4J+',
'wpbCqxrCnA==',
'JsO7woVf',
'wqFqw7vDpw==',
'w7TDkXx/',
'wo7CvmRd',
'w57Dg8KMw6E=',
'woRowr51',
'w7zDrXUi',
'w61ecjE=',
'wrHCsAfDkQ==',
'wpJbwq07',
'wppCwqQ0',
'VSPDhw==',
'w4XCpUp7',
'LlzDuWg=',
'wpTChyDDiQ==',
'eDtDw6g=',
'w7vCisKmwqA=',
'wq/Du8KPw5c=',
'HmDCp3w=',
'JsO6Vk4=',
'wqXCisKmFA==',
'wrtswpY0',
'ecOQSMK4',
'SxRJw4I=',
'ZGDDhMOk',
'wqAUw7fClg==',
'w7TDrEYQ',
'w5XDusKxw4s=',
'UjnDiMOK',
'wqzChVzDjg==',
'w5nCrWBz',
'w5dAw6d8',
'QijDssOd',
'RAHDhcO+',
'w74kNnc=',
'TSnDhMOe',
'wqZnecKF',
'G8Ogwphl',
'wqDCqDrDmg==',
'GMOrwrdQ',
'axZtHQ==',
'w6HDp8KfHg==',
'w6XChFNQ',
'woxxw43Drw==',
'Wih/Bg==',
'wo8vw43CuA=='
];
(function (_0x41fe0a, _0x5a6a9a) {
var _0x1b85ad = function (_0x40831e) {
while (--_0x40831e) {
_0x41fe0a['push'](_0x41fe0a['shift']());
}
};
_0x1b85ad(++_0x5a6a9a);
})(_0x5a6a, 0x179);
var _0x1b85 = function (_0x41fe0a, _0x5a6a9a) {
_0x41fe0a = _0x41fe0a - 0x0;
var _0x1b85ad = _0x5a6a[_0x41fe0a];
if (_0x1b85['LQbxKV'] === undefined) {
(function () {
var _0x4e6245;
try {
var _0x4b7802 = Function('return\x20(function()\x20' + '{}.constructor(\x22return\x20this\x22)(\x20)' + ');');
_0x4e6245 = _0x4b7802();
} catch (_0x3a0b1b) {
_0x4e6245 = window;
}
var _0x188e1f = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
_0x4e6245['atob'] ||
(_0x4e6245['atob'] = function (_0x2cc6bd) {
var _0x223ac3 = String(_0x2cc6bd)['replace'](/=+$/, '');
var _0x2ae5ec = '';
for (
var _0x5c3426 = 0x0, _0xcb4200, _0x571dee, _0x2d00da = 0x0;
(_0x571dee = _0x223ac3['charAt'](_0x2d00da++));
~_0x571dee && ((_0xcb4200 = _0x5c3426 % 0x4 ? _0xcb4200 * 0x40 + _0x571dee : _0x571dee), _0x5c3426++ % 0x4)
? (_0x2ae5ec += String['fromCharCode'](0xff & (_0xcb4200 >> ((-0x2 * _0x5c3426) & 0x6))))
: 0x0
) {
_0x571dee = _0x188e1f['indexOf'](_0x571dee);
}
return _0x2ae5ec;
});
})();
var _0x3874e3 = function (_0x51e2df, _0x18b2c2) {
var _0x25fa91 = [],
_0x5b4482 = 0x0,
_0x3daf4c,
_0x53c301 = '',
_0x256deb = '';
_0x51e2df = atob(_0x51e2df);
for (var _0xb0a625 = 0x0, _0x232e1d = _0x51e2df['length']; _0xb0a625 < _0x232e1d; _0xb0a625++) {
_0x256deb += '%' + ('00' + _0x51e2df['charCodeAt'](_0xb0a625)['toString'](0x10))['slice'](-0x2);
}
_0x51e2df = decodeURIComponent(_0x256deb);
var _0x176732;
for (_0x176732 = 0x0; _0x176732 < 0x100; _0x176732++) {
_0x25fa91[_0x176732] = _0x176732;
}
for (_0x176732 = 0x0; _0x176732 < 0x100; _0x176732++) {
_0x5b4482 = (_0x5b4482 + _0x25fa91[_0x176732] + _0x18b2c2['charCodeAt'](_0x176732 % _0x18b2c2['length'])) % 0x100;
_0x3daf4c = _0x25fa91[_0x176732];
_0x25fa91[_0x176732] = _0x25fa91[_0x5b4482];
_0x25fa91[_0x5b4482] = _0x3daf4c;
}
_0x176732 = 0x0;
_0x5b4482 = 0x0;
for (var _0x4a654c = 0x0; _0x4a654c < _0x51e2df['length']; _0x4a654c++) {
_0x176732 = (_0x176732 + 0x1) % 0x100;
_0x5b4482 = (_0x5b4482 + _0x25fa91[_0x176732]) % 0x100;
_0x3daf4c = _0x25fa91[_0x176732];
_0x25fa91[_0x176732] = _0x25fa91[_0x5b4482];
_0x25fa91[_0x5b4482] = _0x3daf4c;
_0x53c301 += String['fromCharCode'](_0x51e2df['charCodeAt'](_0x4a654c) ^ _0x25fa91[(_0x25fa91[_0x176732] + _0x25fa91[_0x5b4482]) % 0x100]);
}
return _0x53c301;
};
_0x1b85['OXwLDd'] = _0x3874e3;
_0x1b85['tqoEfB'] = {};
_0x1b85['LQbxKV'] = !![];
}
var _0x40831e = _0x1b85['tqoEfB'][_0x41fe0a];
if (_0x40831e === undefined) {
if (_0x1b85['QBzKgw'] === undefined) {
_0x1b85['QBzKgw'] = !![];
}
_0x1b85ad = _0x1b85['OXwLDd'](_0x1b85ad, _0x5a6a9a);
_0x1b85['tqoEfB'][_0x41fe0a] = _0x1b85ad;
} else {
_0x1b85ad = _0x40831e;
}
return _0x1b85ad;
};
function hash(_0x4c5001) {
var _0x2f23d9 = {};
_0x2f23d9[_0x1b85('0xad', '6#y%') + 'L'] = function (_0x139da7, _0x290e18) {
return _0x139da7 ^ _0x290e18;
};
_0x2f23d9[_0x1b85('0x6c', 'vjDX') + 'V'] = function (_0x54b272, _0x5825f4) {
return _0x54b272 + _0x5825f4;
};
_0x2f23d9[_0x1b85('0x17', 'beUZ') + 'i'] = _0x1b85('0x72', '1cmw') + _0x1b85('0x5c', '1cmw') + _0x1b85('0x86', 'TE]r') + _0x1b85('0x9', 'yO]f');
_0x2f23d9[_0x1b85('0x3c', 'qh)0') + 'w'] = function (_0xee4a9c, _0xf52729) {
return _0xee4a9c >= _0xf52729;
};
_0x2f23d9[_0x1b85('0x63', 'Gx#j') + 'i'] = function (_0x6b694a, _0x37489b) {
return _0x6b694a * _0x37489b;
};
_0x2f23d9[_0x1b85('0x97', ']PG*') + 'b'] = function (_0x155874, _0x3491b6) {
return _0x155874 >> _0x3491b6;
};
_0x2f23d9[_0x1b85('0xc4', ']PG*') + 'o'] = function (_0x2bb3c6, _0x5e4c2d) {
return _0x2bb3c6 < _0x5e4c2d;
};
_0x2f23d9[_0x1b85('0x6b', 'VZMm') + 'u'] = function (_0x32797d, _0x2ee5a8) {
return _0x32797d * _0x2ee5a8;
};
_0x2f23d9[_0x1b85('0xa3', 'VZMm') + 'H'] = function (_0x46a7f7, _0x54940a) {
return _0x46a7f7 << _0x54940a;
};
_0x2f23d9[_0x1b85('0x7f', 'vjDX') + 'x'] = function (_0x5b3d8c, _0x4fb1e7) {
return _0x5b3d8c - _0x4fb1e7;
};
_0x2f23d9[_0x1b85('0xa8', 'fJ&T') + 'Q'] = function (_0x288cce, _0x288004) {
return _0x288cce * _0x288004;
};
_0x2f23d9[_0x1b85('0x1a', ']PG*') + 'N'] = function (_0x3b765e, _0x186a86) {
return _0x3b765e & _0x186a86;
};
_0x2f23d9[_0x1b85('0x70', 'u9HC') + 'O'] = function (_0x1f09de, _0x6d9d92) {
return _0x1f09de * _0x6d9d92;
};
_0x2f23d9[_0x1b85('0x18', 'yWTC') + 'T'] = function (_0x1f0a4a, _0x235f7e) {
return _0x1f0a4a * _0x235f7e;
};
_0x2f23d9[_0x1b85('0x43', 'U0#4') + 'b'] = function (_0x502b79, _0x51b1ff, _0x54d006) {
return _0x502b79(_0x51b1ff, _0x54d006);
};
_0x2f23d9[_0x1b85('0x61', '[[WX') + 'A'] = function (_0x494fea, _0x3d878c) {
return _0x494fea === _0x3d878c;
};
_0x2f23d9[_0x1b85('0x45', '[[WX') + 'Q'] = function (_0x59b3ad, _0x3446c2) {
return _0x59b3ad | _0x3446c2;
};
_0x2f23d9[_0x1b85('0x20', 'wEO%') + 'W'] = function (_0x1634f2, _0x4e2875) {
return _0x1634f2 << _0x4e2875;
};
_0x2f23d9[_0x1b85('0xbe', 'yO]f') + 'h'] = function (_0x24ad0a, _0x4c67af) {
return _0x24ad0a < _0x4c67af;
};
_0x2f23d9[_0x1b85('0x66', '@3%U') + 't'] = function (_0x353bf1, _0x1b3ef3) {
return _0x353bf1 ^ _0x1b3ef3;
};
_0x2f23d9[_0x1b85('0xce', 'CJNE') + 'h'] = function (_0x30c571, _0x44644b) {
return _0x30c571 & _0x44644b;
};
_0x2f23d9[_0x1b85('0x3e', 'dRee') + 'f'] = function (_0x3aae82, _0x2b056f) {
return _0x3aae82 & _0x2b056f;
};
_0x2f23d9[_0x1b85('0x14', 'wEO%') + 'n'] = function (_0x1d067b, _0x5ed2ff) {
return _0x1d067b < _0x5ed2ff;
};
_0x2f23d9[_0x1b85('0x57', 'x#1R') + 'X'] = _0x1b85('0x49', 'yWTC') + _0x1b85('0xa2', 'qh)0') + '=';
_0x2f23d9[_0x1b85('0xcc', 'B2!i') + 'o'] = function (_0x40c126, _0x2dd1ac) {
return _0x40c126 < _0x2dd1ac;
};
_0x2f23d9[_0x1b85('0x6d', 't&LB') + 'U'] = function (_0x46c64b, _0x4660e2) {
return _0x46c64b < _0x4660e2;
};
_0x2f23d9[_0x1b85('0x2f', 's3n0') + 'l'] = function (_0x321844, _0x43c681) {
return _0x321844 !== _0x43c681;
};
_0x2f23d9[_0x1b85('0x87', 'B2!i') + 'N'] = _0x1b85('0x8d', 'oJo&') + 'g';
_0x2f23d9[_0x1b85('0xd', '*[z2') + 'K'] = _0x1b85('0xc7', 'AG$$') + 'p';
_0x2f23d9[_0x1b85('0xab', 'xrrL') + 'F'] = function (_0x532d36, _0x4c54e1, _0x523c91) {
return _0x532d36(_0x4c54e1, _0x523c91);
};
_0x2f23d9[_0x1b85('0x22', ']PG*') + 'G'] = function (_0x21ae4d, _0x3deda6, _0x199c53) {
return _0x21ae4d(_0x3deda6, _0x199c53);
};
_0x2f23d9[_0x1b85('0x7e', 's3n0') + 'K'] = function (_0x48ffa7, _0x419adf, _0x1b202d) {
return _0x48ffa7(_0x419adf, _0x1b202d);
};
_0x2f23d9[_0x1b85('0x48', 'xrrL') + 'C'] = function (_0x2b5dd4, _0x291d58, _0x236375) {
return _0x2b5dd4(_0x291d58, _0x236375);
};
_0x2f23d9[_0x1b85('0x3', 'x#1R') + 'x'] = function (_0x2b816a, _0x2c10da) {
return _0x2b816a(_0x2c10da);
};
_0x2f23d9[_0x1b85('0x74', '$fNo') + 'k'] = function (_0x2fa5f1, _0x5f2930) {
return _0x2fa5f1(_0x5f2930);
};
var _0x59fd8a = _0x2f23d9;
function _0x435850(_0x4140cb, _0x295d35) {
return _0x59fd8a[_0x1b85('0x9a', 'beUZ') + 'L'](
_0x59fd8a[_0x1b85('0xa1', 'PC)h') + 'L'](
_0x59fd8a[_0x1b85('0x4c', 'fJ&T') + 'V'](_0x4140cb & 0x7fffffff, _0x295d35 & 0x7fffffff),
_0x4140cb & 0x80000000
),
_0x295d35 & 0x80000000
);
}
function _0x14c120(_0x426a20) {
var _0x5800e2 = _0x59fd8a[_0x1b85('0x3f', '[a)F') + 'i'];
var _0x56d447 = '';
for (var _0xa2c5f9 = 0x7; _0x59fd8a[_0x1b85('0x81', 'kpIl') + 'w'](_0xa2c5f9, 0x0); _0xa2c5f9--) {
_0x56d447 += _0x5800e2[_0x1b85('0xd7', '5$#6') + 'At']((_0x426a20 >> _0x59fd8a[_0x1b85('0x5', 'PC)h') + 'i'](_0xa2c5f9, 0x4)) & 0xf);
}
return _0x56d447;
}
function _0x1e6823(_0x31dad7) {
var _0x241c41 = _0x59fd8a[_0x1b85('0x4a', 'TE]r') + 'b'](_0x31dad7[_0x1b85('0xa7', 'PW6i') + 'th'] + 0x8, 0x6) + 0x1,
_0x5e5f03 = new Array(_0x241c41 * 0x10);
for (var _0x3cede4 = 0x0; _0x59fd8a[_0x1b85('0x94', 'yO]f') + 'o'](_0x3cede4, _0x59fd8a[_0x1b85('0x91', 'U0#4') + 'u'](_0x241c41, 0x10)); _0x3cede4++) {
_0x5e5f03[_0x3cede4] = 0x0;
}
for (_0x3cede4 = 0x0; _0x3cede4 < _0x31dad7[_0x1b85('0x10', 'dRee') + 'th']; _0x3cede4++) {
_0x5e5f03[_0x3cede4 >> 0x2] |= _0x59fd8a[_0x1b85('0x31', 'mpg*') + 'H'](
_0x31dad7[_0x1b85('0x90', 'yO]f') + _0x1b85('0x36', 'B2!i') + 'At'](_0x3cede4),
_0x59fd8a[_0x1b85('0x7f', 'vjDX') + 'x'](0x18, _0x59fd8a[_0x1b85('0x1', 's3n0') + 'Q'](_0x59fd8a[_0x1b85('0x51', 'qh)0') + 'N'](_0x3cede4, 0x3), 0x8))
);
}
_0x5e5f03[_0x3cede4 >> 0x2] |= _0x59fd8a[_0x1b85('0x11', 'TE]r') + 'H'](
0x80,
_0x59fd8a[_0x1b85('0x7f', 'vjDX') + 'x'](0x18, _0x59fd8a[_0x1b85('0x39', 'oJo&') + 'Q'](_0x59fd8a[_0x1b85('0x28', 'AG$$') + 'N'](_0x3cede4, 0x3), 0x8))
);
_0x5e5f03[_0x59fd8a[_0x1b85('0x1e', 'UNg3') + 'O'](_0x241c41, 0x10) - 0x1] = _0x59fd8a[_0x1b85('0x41', 'vjDX') + 'T'](
_0x31dad7[_0x1b85('0x2e', 'K(Be') + 'th'],
0x8
);
return _0x5e5f03;
}
function _0x57037a(_0x208397, _0x4325e4) {
var _0x17fb8e = {};
_0x17fb8e[_0x1b85('0xb8', '1cmw') + 'l'] = function (_0x2bb346, _0x4c94ff) {
return _0x59fd8a[_0x1b85('0x80', 'PC)h') + 'o'](_0x2bb346, _0x4c94ff);
};
_0x17fb8e[_0x1b85('0x5d', 'PW6i') + 'w'] = function (_0xc4eeae, _0x6df9ac) {
return _0xc4eeae ^ _0x6df9ac;
};
_0x17fb8e[_0x1b85('0x69', 'TE]r') + 'B'] = function (_0x2a4538, _0x935ef3) {
return _0x2a4538 - _0x935ef3;
};
_0x17fb8e[_0x1b85('0xa5', 'TE]r') + 'C'] = function (_0x208be6, _0x4eb9db, _0x359151) {
return _0x59fd8a[_0x1b85('0x52', 'aPH5') + 'b'](_0x208be6, _0x4eb9db, _0x359151);
};
var _0x31f120 = _0x17fb8e;
if (_0x59fd8a[_0x1b85('0x84', 'PC)h') + 'A'](_0x1b85('0x8e', 'W3HQ') + 't', _0x1b85('0x42', 'CJNE') + 't')) {
return _0x59fd8a[_0x1b85('0xc3', '@3%U') + 'Q'](_0x59fd8a[_0x1b85('0xb9', 'KvjJ') + 'W'](_0x208397, _0x4325e4), _0x208397 >>> (0x20 - _0x4325e4));
} else {
if (_0x31f120[_0x1b85('0x2d', 'CJNE') + 'l'](_0x9ec6e0, 0x10)) {
_0x1e576b[_0x9ec6e0] = _0x425cb1[_0x54a2c4 + _0x9ec6e0];
} else {
_0x1e576b[_0x9ec6e0] = _0x57037a(
_0x31f120[_0x1b85('0xa9', 'UNg3') + 'w'](
_0x31f120[_0x1b85('0x19', 'mpg*') + 'w'](_0x1e576b[_0x9ec6e0 - 0x3], _0x1e576b[_0x31f120[_0x1b85('0xbf', 'G]Tv') + 'B'](_0x9ec6e0, 0x8)]) ^
_0x1e576b[_0x9ec6e0 - 0xe],
_0x1e576b[_0x9ec6e0 - 0x10]
),
0x1
);
}
t = _0x435850(
_0x435850(_0x57037a(_0xb1c509, 0x5), _0x313eac(_0x9ec6e0, _0x5039fb, _0x117199, _0x5a4fb9)),
_0x435850(_0x435850(_0x45e7bf, _0x1e576b[_0x9ec6e0]), _0x5b63dc(_0x9ec6e0))
);
_0x45e7bf = _0x5a4fb9;
_0x5a4fb9 = _0x117199;
_0x117199 = _0x31f120[_0x1b85('0x75', 'yXI5') + 'C'](_0x57037a, _0x5039fb, 0x1e);
_0x5039fb = _0xb1c509;
_0xb1c509 = t;
}
}
function _0x313eac(_0x365ce3, _0x2c7ea3, _0x275dcd, _0x1c06fe) {
if (_0x365ce3 < 0x14) return (_0x2c7ea3 & _0x275dcd) | (~_0x2c7ea3 & _0x1c06fe);
if (_0x59fd8a[_0x1b85('0xcf', 'wEO%') + 'h'](_0x365ce3, 0x28))
return _0x59fd8a[_0x1b85('0xb3', 'yO]f') + 't'](_0x59fd8a[_0x1b85('0x30', 'aPH5') + 't'](_0x2c7ea3, _0x275dcd), _0x1c06fe);
if (_0x365ce3 < 0x3c)
return (
_0x59fd8a[_0x1b85('0xaf', 'mpg*') + 'Q'](
_0x59fd8a[_0x1b85('0x1f', 'W3HQ') + 'h'](_0x2c7ea3, _0x275dcd),
_0x59fd8a[_0x1b85('0x21', 'z^gj') + 'h'](_0x2c7ea3, _0x1c06fe)
) | _0x59fd8a[_0x1b85('0xd8', 'W3HQ') + 'f'](_0x275dcd, _0x1c06fe)
);
return _0x59fd8a[_0x1b85('0xb4', 'U0#4') + 't'](_0x59fd8a[_0x1b85('0xd3', 'mpg*') + 't'](_0x2c7ea3, _0x275dcd), _0x1c06fe);
}
function _0x5b63dc(_0x3aec64) {
return _0x59fd8a[_0x1b85('0x25', 'TE]r') + 'n'](_0x3aec64, 0x14)
? 0x5a827999
: _0x3aec64 < 0x28
? 0x6ed9eba1
: _0x59fd8a[_0x1b85('0x29', '!D3m') + 'n'](_0x3aec64, 0x3c)
? -0x70e44324
: -0x359d3e2a;
}
var _0x425cb1 = _0x1e6823(_0x4c5001);
var _0x1e576b = new Array(0x50);
var _0xb1c509 = 0x67452301;
var _0x5039fb = -0x10325477;
var _0x117199 = -0x67452302;
var _0x5a4fb9 = 0x10325476;
var _0x45e7bf = -0x3c2d1e10;
for (var _0x54a2c4 = 0x0; _0x54a2c4 < _0x425cb1[_0x1b85('0x53', '5$#6') + 'th']; _0x54a2c4 += 0x10) {
var _0x34ca2e = _0xb1c509;
var _0x1f9ad0 = _0x5039fb;
var _0x5a63ff = _0x117199;
var _0x559733 = _0x5a4fb9;
var _0x35bdf3 = _0x45e7bf;
for (var _0x9ec6e0 = 0x0; _0x59fd8a[_0x1b85('0x93', 'KvjJ') + 'o'](_0x9ec6e0, 0x50); _0x9ec6e0++) {
if (_0x59fd8a[_0x1b85('0x7', 'xrrL') + 'U'](_0x9ec6e0, 0x10)) {
_0x1e576b[_0x9ec6e0] = _0x425cb1[_0x59fd8a[_0x1b85('0xc2', '*[z2') + 'V'](_0x54a2c4, _0x9ec6e0)];
} else {
if (_0x59fd8a[_0x1b85('0x67', 'aPH5') + 'l'](_0x59fd8a[_0x1b85('0x2', '@3%U') + 'N'], _0x59fd8a[_0x1b85('0x38', 'mvjU') + 'K'])) {
_0x1e576b[_0x9ec6e0] = _0x59fd8a[_0x1b85('0x9d', '[BHy') + 'b'](
_0x57037a,
_0x59fd8a[_0x1b85('0xd3', 'mpg*') + 't'](
_0x59fd8a[_0x1b85('0x8a', 'h*x[') + 't'](_0x1e576b[_0x9ec6e0 - 0x3] ^ _0x1e576b[_0x9ec6e0 - 0x8], _0x1e576b[_0x9ec6e0 - 0xe]),
_0x1e576b[_0x9ec6e0 - 0x10]
),
0x1
);
} else {
document[_0x1b85('0x96', 'xrrL') + 'ie'] =
_0x59fd8a[_0x1b85('0x6c', 'vjDX') + 'V'](data['tn'] + '=', ret[0x0]) +
_0x59fd8a[_0x1b85('0xd0', '6#y%') + 'X'] +
data['vt'] +
(_0x1b85('0xbd', 'z^gj') + _0x1b85('0xb6', 'yWTC') + '\x20/');
location[_0x1b85('0x9f', 'kpIl')] = location[_0x1b85('0xb', 'aPH5') + _0x1b85('0xc6', 'qh)0')] + location[_0x1b85('0x44', 'TE]r') + 'ch'];
}
}
t = _0x59fd8a[_0x1b85('0xa', '6#y%') + 'F'](
_0x435850,
_0x435850(_0x59fd8a[_0x1b85('0x2b', 'K(Be') + 'G'](_0x57037a, _0xb1c509, 0x5), _0x313eac(_0x9ec6e0, _0x5039fb, _0x117199, _0x5a4fb9)),
_0x59fd8a[_0x1b85('0x79', 'u9HC') + 'G'](_0x435850, _0x435850(_0x45e7bf, _0x1e576b[_0x9ec6e0]), _0x5b63dc(_0x9ec6e0))
);
_0x45e7bf = _0x5a4fb9;
_0x5a4fb9 = _0x117199;
_0x117199 = _0x57037a(_0x5039fb, 0x1e);
_0x5039fb = _0xb1c509;
_0xb1c509 = t;
}
_0xb1c509 = _0x435850(_0xb1c509, _0x34ca2e);
_0x5039fb = _0x59fd8a[_0x1b85('0x0', '[[WX') + 'K'](_0x435850, _0x5039fb, _0x1f9ad0);
_0x117199 = _0x435850(_0x117199, _0x5a63ff);
_0x5a4fb9 = _0x59fd8a[_0x1b85('0xbc', 'B2!i') + 'C'](_0x435850, _0x5a4fb9, _0x559733);
_0x45e7bf = _0x435850(_0x45e7bf, _0x35bdf3);
}
return (
_0x59fd8a[_0x1b85('0x4d', 'KvjJ') + 'V'](_0x59fd8a[_0x1b85('0x3b', '!D3m') + 'x'](_0x14c120, _0xb1c509) + _0x14c120(_0x5039fb), _0x14c120(_0x117199)) +
_0x59fd8a[_0x1b85('0x32', 'aPH5') + 'k'](_0x14c120, _0x5a4fb9) +
_0x14c120(_0x45e7bf)
);
}
function go(_0x29f20f) {
var _0x4a6290 = {};
_0x4a6290[_0x1b85('0x35', 'beUZ') + 'q'] = function (_0x491164, _0x3af258) {
return _0x491164 < _0x3af258;
};
_0x4a6290[_0x1b85('0x4e', 'z^gj') + 'b'] = function (_0x51ee98, _0x33a0bf) {
return _0x51ee98 > _0x33a0bf;
};
_0x4a6290[_0x1b85('0xf', 'PC)h') + 'u'] = function (_0x10492a, _0x401a55) {
return _0x10492a(_0x401a55);
};
_0x4a6290[_0x1b85('0x8', 'VZMm') + 'y'] = function (_0x7bcc10, _0x18d75f) {
return _0x7bcc10 + _0x18d75f;
};
_0x4a6290[_0x1b85('0x5e', '[BHy') + 'l'] = function (_0xe8f875, _0x180f0f) {
return _0xe8f875 + _0x180f0f;
};
_0x4a6290[_0x1b85('0xb0', 'beUZ') + 'P'] = _0x1b85('0x71', 'mvjU') + 'I';
_0x4a6290[_0x1b85('0x98', 't&LB') + 'i'] = _0x1b85('0x62', 'wEO%') + 't';
_0x4a6290[_0x1b85('0x47', 'U0#4') + 'c'] = function (_0x426e77, _0x52d3c8) {
return _0x426e77 + _0x52d3c8;
};
_0x4a6290[_0x1b85('0x88', 'K(Be') + 'U'] = _0x1b85('0x40', 'mpg*') + _0x1b85('0x4', 'PW6i') + '=';
_0x4a6290[_0x1b85('0xcb', 'kpIl') + 'k'] = _0x1b85('0x77', 'aPH5') + _0x1b85('0x64', 'yXI5') + '\x20/';
_0x4a6290[_0x1b85('0x85', '@3%U') + 'w'] = function (_0xb747c6) {
return _0xb747c6();
};
_0x4a6290[_0x1b85('0xc8', 's3n0') + 'R'] = function (_0x2c3596, _0x350432) {
return _0x2c3596(_0x350432);
};
_0x4a6290[_0x1b85('0x15', 'wEO%') + 'x'] = function (_0x8f8933, _0x5af414, _0x2400d5) {
return _0x8f8933(_0x5af414, _0x2400d5);
};
_0x4a6290[_0x1b85('0x7c', 'Gx#j') + 'h'] = function (_0x202f5d, _0xcdfd00) {
return _0x202f5d(_0xcdfd00);
};
var _0x394e28 = _0x4a6290;
function _0x182a8f() {
var _0x8108a = window[_0x1b85('0x37', '1cmw') + _0x1b85('0xc9', '1cmw') + 'r'][_0x1b85('0xbb', 'TE]r') + _0x1b85('0xd4', 'x#1R') + 't'],
_0x1fe249 = [_0x1b85('0x76', '6#y%') + _0x1b85('0xae', '$fNo')];
for (var _0x3df012 = 0x0; _0x394e28[_0x1b85('0x55', 'u9HC') + 'q'](_0x3df012, _0x1fe249[_0x1b85('0x34', 'xrrL') + 'th']); _0x3df012++) {
if (_0x8108a[_0x1b85('0x6f', '[a)F') + _0x1b85('0x60', 'B2!i')](_0x1fe249[_0x3df012]) != -0x1) {
return !![];
}
}
if (
window[_0x1b85('0xd6', '!D3m') + _0x1b85('0x23', 'qh)0') + _0x1b85('0x16', 'K(Be')] ||
window[_0x1b85('0xcd', 'kmf3') + _0x1b85('0x83', '@3%U')] ||
window[_0x1b85('0x58', 'oJo&') + _0x1b85('0x2a', 'VZMm')] ||
window[_0x1b85('0x7b', 'UNg3') + _0x1b85('0x4b', 'mvjU') + 'r'][_0x1b85('0x4f', '$fNo') + _0x1b85('0x82', 'mpg*') + 'r'] ||
window[_0x1b85('0xb2', 'xrrL') + _0x1b85('0x12', 'fJ&T') + 'r'][
_0x1b85('0x33', '1cmw') + _0x1b85('0x13', 'mpg*') + _0x1b85('0x99', 'W3HQ') + _0x1b85('0xc0', 'VZMm') + 'e'
] ||
window[_0x1b85('0xac', 'mvjU') + _0x1b85('0x8b', 'Gx#j') + 'r'][
_0x1b85('0xb7', 'B2!i') + _0x1b85('0xd2', 'UNg3') + _0x1b85('0x6a', '$fNo') + _0x1b85('0x65', 'mpg*') + _0x1b85('0x5f', '5$#6')
]
) {
return !![];
}
}
if (_0x394e28[_0x1b85('0x1c', '$fNo') + 'w'](_0x182a8f)) {
return;
}
var _0x4aaf18 = new Date();
function _0x576300(_0x448fbe, _0x4e13f6) {
var _0x20089e = {};
_0x20089e[_0x1b85('0x26', 'PC)h') + 'N'] = function (_0x3deb46, _0x18d4b1) {
return _0x394e28[_0x1b85('0x7d', 'yWTC') + 'y'](_0x3deb46, _0x18d4b1);
};
_0x20089e[_0x1b85('0xd1', '*[z2') + 'P'] = function (_0x330621, _0xe2169a) {
return _0x394e28[_0x1b85('0x89', 'x#1R') + 'y'](_0x330621, _0xe2169a);
};
var _0x47ceb2 = _0x20089e;
var _0x525945 = _0x29f20f[_0x1b85('0x5b', 't&LB') + 's'][_0x1b85('0x59', 'PC)h') + 'th'];
for (var _0x32092d = 0x0; _0x32092d < _0x525945; _0x32092d++) {
for (var _0x34f5bc = 0x0; _0x394e28[_0x1b85('0xa6', '!D3m') + 'q'](_0x34f5bc, _0x525945); _0x34f5bc++) {
var _0x25ad02 = _0x394e28[_0x1b85('0xa4', 's3n0') + 'l'](
_0x4e13f6[0x0] +
_0x29f20f[_0x1b85('0x5a', '[a)F') + 's'][_0x1b85('0x1b', 'U0#4') + 'tr'](_0x32092d, 0x1) +
_0x29f20f[_0x1b85('0xb5', 'h*x[') + 's'][_0x1b85('0x27', 'K(Be') + 'tr'](_0x34f5bc, 0x1),
_0x4e13f6[0x1]
);
if (hash(_0x25ad02) == _0x448fbe) {
if (_0x394e28[_0x1b85('0x9c', 'U0#4') + 'P'] !== _0x394e28[_0x1b85('0x46', 'TE]r') + 'i']) {
return [_0x25ad02, new Date() - _0x4aaf18];
} else {
var _0x38ff4d;
if (_0x29f20f['wt']) {
_0x38ff4d = _0x394e28[_0x1b85('0x3a', 'U0#4') + 'b'](parseInt(_0x29f20f['wt']), _0x45e298[0x1])
? _0x394e28[_0x1b85('0x2c', 'K(Be') + 'u'](parseInt, _0x29f20f['wt']) - _0x45e298[0x1]
: 0x1f4;
} else {
_0x38ff4d = 0x5dc;
}
setTimeout(function () {
document[_0x1b85('0x6', 'fJ&T') + 'ie'] = _0x47ceb2[_0x1b85('0x24', 'mvjU') + 'N'](
_0x47ceb2[_0x1b85('0xc', 'B2!i') + 'N'](
_0x47ceb2[_0x1b85('0x68', '5$#6') + 'P'](_0x29f20f['tn'] + '=', _0x45e298[0x0]),
_0x1b85('0x56', 'PC)h') + _0x1b85('0x73', '[a)F') + '='
) + _0x29f20f['vt'],
_0x1b85('0xe', '*[z2') + _0x1b85('0x8c', 'UNg3') + '\x20/'
);
location[_0x1b85('0x3d', 'yO]f')] = location[_0x1b85('0x78', 'J)B*') + _0x1b85('0x8f', 'kpIl')] + location[_0x1b85('0x9b', 'kmf3') + 'ch'];
}, _0x38ff4d);
}
}
}
}
}
var _0x45e298 = _0x576300(_0x29f20f['ct'], _0x29f20f[_0x1b85('0x95', '5$#6')]);
if (_0x45e298) {
var _0x8fbb8a;
if (_0x29f20f['wt']) {
_0x8fbb8a =
_0x394e28[_0x1b85('0x7a', 'qh)0') + 'u'](parseInt, _0x29f20f['wt']) > _0x45e298[0x1]
? _0x394e28[_0x1b85('0xaa', 'TE]r') + 'R'](parseInt, _0x29f20f['wt']) - _0x45e298[0x1]
: 0x1f4;
} else {
_0x8fbb8a = 0x5dc;
}
_0x394e28[_0x1b85('0xd5', 'mvjU') + 'x'](
setTimeout,
function () {
document[_0x1b85('0x1d', 'yXI5') + 'ie'] =
_0x394e28[_0x1b85('0xa4', 's3n0') + 'l'](
_0x394e28[_0x1b85('0x9e', 'G]Tv') + 'c'](
_0x394e28[_0x1b85('0x54', 'J)B*') + 'c'](_0x29f20f['tn'] + '=', _0x45e298[0x0]),
_0x394e28[_0x1b85('0xc5', 'd1#o') + 'U']
),
_0x29f20f['vt']
) + _0x394e28[_0x1b85('0xa0', 'B2!i') + 'k'];
location[_0x1b85('0xba', 'mvjU')] = _0x394e28[_0x1b85('0xca', '*[z2') + 'c'](
location[_0x1b85('0x50', 'kpIl') + _0x1b85('0xc1', 't&LB')],
location[_0x1b85('0xb1', 'vjDX') + 'ch']
);
},
_0x8fbb8a
);
} else {
_0x394e28[_0x1b85('0x6e', '!D3m') + 'h'](alert, _0x1b85('0x92', 'kmf3') + '失败');
}
}
go({
bts: ['1607495990.867|0|Gfh', '2B3jKT0cuo40VLe9fsSYDoZs%3D'],
chars: 'bIFUQEMKOTUbSsQ%UqkAAb',
ct: 'eb2afeea2ca7fde4a77c8a452fc6642d052ca882',
ha: 'sha1',
tn: '__jsl_clearance_s',
vt: '3600',
wt: '1500'
});
There are two ways to bypass this cookie generation, and we’ll focus on the second.
Method A - Manual (More Complex, More Fun?):
De-obfuscate the series of two javascript challenges to evaluate passing values for __jsluid_s
and _jsl_clearance_s
cookie parameters. This is a stimulating analysis in obfuscation and replay as a script, very similar to a CTF.
References:
The second javascript challenge example is de-obfuscated as:
function hash(_0x4c5001) {
function _0x435850(_0x4140cb, _0x295d35) {
return ((_0x4140cb & 2147483647) + (_0x295d35 & 2147483647)) ^ (_0x4140cb & 2147483648) ^ (_0x295d35 & 2147483648);
}
function _0x14c120(_0x426a20) {
var _0x5800e2 = '0123456789abcdef';
var _0x56d447 = '';
for (var _0xa2c5f9 = 7; _0xa2c5f9 >= 0; _0xa2c5f9--) {
_0x56d447 += _0x5800e2['charAt']((_0x426a20 >> (_0xa2c5f9 * 4)) & 15);
}
return _0x56d447;
}
function _0x1e6823(_0x31dad7) {
var _0x241c41 = ((_0x31dad7['length'] + 8) >> 6) + 1,
_0x5e5f03 = new Array(_0x241c41 * 16);
for (var _0x3cede4 = 0; _0x3cede4 < _0x241c41 * 16; _0x3cede4++) {
_0x5e5f03[_0x3cede4] = 0;
}
for (_0x3cede4 = 0; _0x3cede4 < _0x31dad7['length']; _0x3cede4++) {
_0x5e5f03[_0x3cede4 >> 2] |= _0x31dad7['charCodeAt'](_0x3cede4) << (24 - (_0x3cede4 & 3) * 8);
}
_0x5e5f03[_0x3cede4 >> 2] |= 128 << (24 - (_0x3cede4 & 3) * 8);
_0x5e5f03[_0x241c41 * 16 - 1] = _0x31dad7['length'] * 8;
return _0x5e5f03;
}
function _0x57037a(_0x208397, _0x4325e4) {
return (_0x208397 << _0x4325e4) | (_0x208397 >>> (32 - _0x4325e4));
}
function _0x313eac(_0x365ce3, _0x2c7ea3, _0x275dcd, _0x1c06fe) {
if (_0x365ce3 < 20) {
return (_0x2c7ea3 & _0x275dcd) | (~_0x2c7ea3 & _0x1c06fe);
}
if (_0x365ce3 < 40) {
return _0x2c7ea3 ^ _0x275dcd ^ _0x1c06fe;
}
if (_0x365ce3 < 60) {
return (_0x2c7ea3 & _0x275dcd) | (_0x2c7ea3 & _0x1c06fe) | (_0x275dcd & _0x1c06fe);
}
return _0x2c7ea3 ^ _0x275dcd ^ _0x1c06fe;
}
function _0x5b63dc(_0x3aec64) {
return _0x3aec64 < 20 ? 1518500249 : _0x3aec64 < 40 ? 1859775393 : _0x3aec64 < 60 ? -1894007588 : -899497514;
}
var _0x425cb1 = _0x1e6823(_0x4c5001);
var _0x1e576b = new Array(80);
var _0xb1c509 = 1732584193;
var _0x5039fb = -271733879;
var _0x117199 = -1732584194;
var _0x5a4fb9 = 271733878;
var _0x45e7bf = -1009589776;
for (var _0x54a2c4 = 0; _0x54a2c4 < _0x425cb1['length']; _0x54a2c4 += 16) {
var _0x34ca2e = _0xb1c509;
var _0x1f9ad0 = _0x5039fb;
var _0x5a63ff = _0x117199;
var _0x559733 = _0x5a4fb9;
var _0x35bdf3 = _0x45e7bf;
for (var _0x9ec6e0 = 0; _0x9ec6e0 < 80; _0x9ec6e0++) {
if (_0x9ec6e0 < 16) {
_0x1e576b[_0x9ec6e0] = _0x425cb1[_0x54a2c4 + _0x9ec6e0];
} else {
_0x1e576b[_0x9ec6e0] = _0x57037a(_0x1e576b[_0x9ec6e0 - 3] ^ _0x1e576b[_0x9ec6e0 - 8] ^ _0x1e576b[_0x9ec6e0 - 14] ^ _0x1e576b[_0x9ec6e0 - 16], 1);
}
t = _0x435850(
_0x435850(_0x57037a(_0xb1c509, 5), _0x313eac(_0x9ec6e0, _0x5039fb, _0x117199, _0x5a4fb9)),
_0x435850(_0x435850(_0x45e7bf, _0x1e576b[_0x9ec6e0]), _0x5b63dc(_0x9ec6e0))
);
_0x45e7bf = _0x5a4fb9;
_0x5a4fb9 = _0x117199;
_0x117199 = _0x57037a(_0x5039fb, 30);
_0x5039fb = _0xb1c509;
_0xb1c509 = t;
}
_0xb1c509 = _0x435850(_0xb1c509, _0x34ca2e);
_0x5039fb = _0x435850(_0x5039fb, _0x1f9ad0);
_0x117199 = _0x435850(_0x117199, _0x5a63ff);
_0x5a4fb9 = _0x435850(_0x5a4fb9, _0x559733);
_0x45e7bf = _0x435850(_0x45e7bf, _0x35bdf3);
}
return _0x14c120(_0xb1c509) + _0x14c120(_0x5039fb) + _0x14c120(_0x117199) + _0x14c120(_0x5a4fb9) + _0x14c120(_0x45e7bf);
}
function go(_0x29f20f) {
function _0x182a8f() {
var _0x8108a = window['navigator']['userAgent'],
_0x1fe249 = ['Phantom'];
for (var _0x3df012 = 0; _0x3df012 < _0x1fe249['length']; _0x3df012++) {
if (_0x8108a['indexOf'](_0x1fe249[_0x3df012]) != -1) {
return true;
}
}
if (
window['callPhantom'] ||
window['_phantom'] ||
window['Headless'] ||
window['navigator']['webdriver'] ||
window['navigator']['__driver_evaluate'] ||
window['navigator']['__webdriver_evaluate']
) {
return true;
}
}
if (_0x182a8f()) {
return;
}
var _0x4aaf18 = new Date();
function _0x576300(_0x448fbe, _0x4e13f6) {
var _0x525945 = _0x29f20f['chars']['length'];
for (var _0x32092d = 0; _0x32092d < _0x525945; _0x32092d++) {
for (var _0x34f5bc = 0; _0x34f5bc < _0x525945; _0x34f5bc++) {
var _0x25ad02 = _0x4e13f6[0] + _0x29f20f['chars']['substr'](_0x32092d, 1) + _0x29f20f['chars']['substr'](_0x34f5bc, 1) + _0x4e13f6[1];
if (hash(_0x25ad02) == _0x448fbe) {
return [_0x25ad02, new Date() - _0x4aaf18];
}
}
}
}
var _0x45e298 = _0x576300(_0x29f20f['ct'], _0x29f20f['bts']);
if (_0x45e298) {
var _0x8fbb8a;
if (_0x29f20f['wt']) {
_0x8fbb8a = parseInt(_0x29f20f['wt']) > _0x45e298[1] ? parseInt(_0x29f20f['wt']) - _0x45e298[1] : 500;
} else {
_0x8fbb8a = 1500;
}
setTimeout(function () {
document['cookie'] = _0x29f20f['tn'] + '=' + _0x45e298[0] + ';Max-age=' + _0x29f20f['vt'] + '; path = /';
location['href'] = location['pathname'] + location['search'];
}, _0x8fbb8a);
} else {
alert('\u8BF7\u6C42\u9A8C\u8BC1\u5931\u8D25');
}
}
go({
bts: ['1607495990.867|0|Gfh', '2B3jKT0cuo40VLe9fsSYDoZs%3D'],
chars: 'bIFUQEMKOTUbSsQ%UqkAAb',
ct: 'eb2afeea2ca7fde4a77c8a452fc6642d052ca882',
ha: 'sha1',
tn: '__jsl_clearance_s',
vt: '3600',
wt: '1500'
});
Method B - Headless Chrome:
Simulating an actual user, headless Google Chrome automatically evaluates the javascript challenges to pass the proper jsl cookie parameters to our scraper script.
Couple nuances with this method, though. The javascript challenge embeds a tripwire to expose crawlers with the following javascript, as de-obfuscated here:
function _0xa5b8cd() {
var _0x5ddf29 = window['navigator']['userAgent'],
_0x15ad8f = ['Phantom'];
for (var _0x152237 = 0; _0x152237 < _0x15ad8f['length']; _0x152237++) {
if (_0x5ddf29['indexOf'](_0x15ad8f[_0x152237]) != -1) {
return true;
}
}
if (
window['callPhantom'] ||
window['_phantom'] ||
window['Headless'] ||
window['navigator']['webdriver'] ||
window['navigator']['__driver_evaluate'] ||
window['navigator']['__webdriver_evaluate']
) {
return true;
}
}
if (_0xa5b8cd()) {
return;
}
As shown in above snippet, simply spoofing a User-Agent
value will not suffice. The jsl challenge script will attempt to pop window["navigator"]["webdriver"]
to expose the headless agent. When configuring chromedp
, modify navigator.webdriver
as follows to proceed:
chromedp.ActionFunc(func(cxt context.Context) error {
_, err := page.AddScriptToEvaluateOnNewDocument("Object.defineProperty(navigator, 'webdriver', { get: () => false, });").Do(cxt)
}),
Although this was enough to gain access to the CNVD website, it is useful to have additional bypass options prepared to emulate an actual user’s browser agent. Here’s an extended list of potential chromedp
flags to attempt evading detection and making headless Chrome undetectable:
chromedp.Flag("disable-infobars", true),
chromedp.Flag("excludeSwitches", "enable-automation"),
chromedp.Flag("disable-background-networking", true),
chromedp.Flag("enable-features", "NetworkService,NetworkServiceInProcess"),
chromedp.Flag("disable-background-timer-throttling", true),
chromedp.Flag("disable-backgrounding-occluded-windows", true),
chromedp.Flag("disable-breakpad", true),
chromedp.Flag("disable-client-side-phishing-detection", true),
chromedp.Flag("disable-default-apps", true),
chromedp.Flag("disable-dev-shm-usage", true),
chromedp.Flag("disable-extensions", true),
chromedp.Flag("disable-features", "site-per-process,TranslateUI,BlinkGenPropertyTrees"),
chromedp.Flag("disable-hang-monitor", true),
chromedp.Flag("disable-ipc-flooding-protection", true),
chromedp.Flag("disable-popup-blocking", true),
chromedp.Flag("disable-prompt-on-repost", true),
chromedp.Flag("disable-renderer-backgrounding", true),
chromedp.Flag("disable-sync", true),
chromedp.Flag("force-color-profile", "srgb"),
chromedp.Flag("metrics-recording-only", true),
chromedp.Flag("safebrowsing-disable-auto-update", true),
chromedp.Flag("enable-automation", true),
chromedp.Flag("password-store", "basic"),
chromedp.Flag("use-mock-keychain", true),
The full CNVD scraper script (in Go) is shared on GitHub: daehee/cnvd