Yakit热加载

本文最后更新于 2026年6月14日凌晨

官方文档：https://www.yaklang.com/products/Web%20Fuzzer/fuzz-hotpatch

最简单的方法，没有参数，直接返回字符串

// 函数名为handle
handle = func(n) {
    // 返回值
    return "test"
}

{{yak(handle)}}这个实际上就是一个fuzztag，就是在请求中插入的标签

方法参数即使不用也要有，否则会报错

需要传入参数值只需要修改fuzztag，调用时替换形参为要传入的值，

参数可以是其他的fuzztag/标签，如生成整数范围

也可以在方法内直接调用fuzztag，按名字匹配

常用方法

提取GET中的参数

beforeRequest = func(req) {
    method, fullPath, proto = poc.GetHTTPPacketFirstLine(req)
    queryString := ""
    if str.Contains(fullPath, "?") {
        pathParts = str.SplitN(fullPath, "?", 2)
        urlPath = pathParts[0]   //去掉请求参数后的完整路径
        queryString = pathParts[1]
    }

    paramNames := []   //参数名数组
    values :=[]        //参数值数组

        queryPairs = str.Split(queryString, "&") //拆分出键值对
        for pair in queryPairs {  //拆分键和值
            kv = str.Split(pair, "=")
            k,_ = codec.DecodeUrl(kv[0])
            v,_= codec.DecodeUrl(kv[1])
            values = append(values,v)
            paramNames = append(paramNames, k)
            }
    }

提取POST中的参数

一些模板

加密编码相关的包

package codec

const CBC string = "CBC"
const CFB string = "CFB"
const CTR string = "CTR"
const ECB string = "ECB"
const OFB string = "OFB"

func AESCBCDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESCBCDecryptWithPKCS7Padding(key []byte, i any, iv []byte) ([]byte, error)
func AESCBCDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESCBCEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESCBCEncryptWithPKCS7Padding(key []byte, i any, iv []byte) ([]byte, error)
func AESCBCEncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESCFBDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESCFBEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESDecryptBasic(key []byte, data []byte, iv []byte, mode string) ([]byte, error)
func AESDecryptCFBWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESDecryptCFBWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESECBDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESECBDecryptWithPKCS7Padding(key []byte, i any, iv []byte) ([]byte, error)
func AESECBDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESECBEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESECBEncryptWithPKCS7Padding(key []byte, i any, iv []byte) ([]byte, error)
func AESECBEncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func AESEncryptBasic(key []byte, data []byte, iv []byte, mode string) ([]byte, error)
func AESEncryptCFBWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESEncryptCFBWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func AESGCMDecrypt(key []byte, data any, nonce []byte) ([]byte, error)
func AESGCMDecryptWithNonceSize12(key []byte, data any, nonce []byte) ([]byte, error)
func AESGCMDecryptWithNonceSize16(key []byte, data any, nonce []byte) ([]byte, error)
func AESGCMEncrypt(key []byte, data any, nonceRaw []byte) ([]byte, error)
func AESGCMEncryptWithNonceSize12(key []byte, data any, nonceRaw []byte) ([]byte, error)
func AESGCMEncryptWithNonceSize16(key []byte, data any, nonceRaw []byte) ([]byte, error)
func AutoDecode(i any) []*AutoDecodeResult
func CryptoRandBytes(n int) []byte
func DESCBCDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func DESCBCEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func DESDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func DESECBDecrypt(key []byte, data []byte) ([]byte, error)
func DESECBEncrypt(key []byte, data []byte) ([]byte, error)
func DESEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func DecodeASCII(s string) (string, error)
func DecodeBase32(i string) ([]byte, error)
func DecodeBase64(i string) ([]byte, error)
func DecodeBase64Url(i any) ([]byte, error)
func DecodeChunked(raw []byte) ([]byte, error)
func DecodeHex(i string) ([]byte, error)
func DecodeHtml(s string) string
func DecodeUrl(s string) (string, error)
func DoubleDecodeUrl(i string) (string, error)
func DoubleEncodeUrl(i any) string
func EncodeASCII(s string) string
func EncodeBase32(i any) string
func EncodeBase64(i any) string
func EncodeBase64Url(i any) string
func EncodeChunked(raw []byte) []byte
func EncodeHtml(i any) string
func EncodeHtmlHex(i any) string
func EncodeToHex(i any) string
func EncodeToPrintable(s string) string
func EncodeUrl(i any) string
func EscapeHtml(s string) string
func EscapePathUrl(s string) string
func EscapeQueryUrl(s string) string
func EscapeUrl(s string) string
func FixUTF8(s []byte) string
func GB18030ToUTF8(s []byte) ([]byte, error)
func GBKSafe(s []byte) (string, error)
func GBKToUTF8(s []byte) ([]byte, error)
func HTMLChardet(raw any) ([]chardet.Result, error)
func HTMLChardetBest(raw any) (*chardet.Result, error)
func HZGB2312ToUTF8(s []byte) ([]byte, error)
func HmacMD5(key any, data any) []byte
func HmacSM3(key any, data any) []byte
func HmacSha1(key any, data any) []byte
func HmacSha256(key any, data any) []byte
func HmacSha512(key any, data any) []byte
func IsUTF8(i any) (bool, error)
func IsUTF8File(filename string) (bool, error)
func MMH3Hash128(i any) string
func MMH3Hash128x64(i any) string
func MMH3Hash32(i any) int64
func Md5(i any) string
func PBKDF2SHA1Key(password any, salt any, iterations int, keyLen int) ([]byte, error)
func PKCS5Padding(ciphertext []byte, blockSize int) []byte
func PKCS5UnPadding(origData []byte) []byte
func PKCS7Padding(src []byte) []byte
func PKCS7PaddingForDES(src []byte) []byte
func PKCS7UnPadding(src []byte) []byte
func PKCS7UnPaddingForDES(src []byte) []byte
func RC4Decrypt(cipherKey []byte, cipherText []byte) ([]byte, error)
func RC4Encrypt(cipherKey []byte, plainText []byte) ([]byte, error)
func RSADecryptWithJSEncryptStyle(privKeyPem string, ciphertext []byte) ([]byte, error)
func RSADecryptWithOAEP(raw []byte, data any) ([]byte, error)
func RSADecryptWithPKCS1v15(raw []byte, data any) ([]byte, error)
func RSADecryptWithPKCS1v15Block(privKeyPem string, ciphertext []byte) ([]byte, error)
func RSAEncryptWithJSEncryptStyle(pubKeyPem string, data []byte) ([]byte, error)
func RSAEncryptWithOAEP(raw []byte, data any) ([]byte, error)
func RSAEncryptWithPKCS1v15(raw []byte, data any) ([]byte, error)
func RSAEncryptWithPKCS1v15Block(pubKeyPem string, data []byte) ([]byte, error)
func RSASignWithPKCS1v15Digest(privKeyPem string, data []byte, algo string) ([]byte, error)
func RSAVerifyWithPKCS1v15Digest(pubKeyPem string, data []byte, signature []byte, algo string) (bool, error)
func RandBytes(n int) []byte
func Sha1(i any) string
func Sha224(i any) string
func Sha256(i any) string
func Sha384(i any) string
func Sha512(i any) string
func SignSHA256WithRSA(pemBytes []byte, data any) ([]byte, error)
func SignSHA512WithRSA(pemBytes []byte, data any) ([]byte, error)
func SignVerifySHA256WithRSA(pemBytes []byte, originData any, sign []byte) error
func SignVerifySHA512WithRSA(pemBytes []byte, originData any, sign []byte) error
func Sm2Decrypt(priKey []byte, data []byte) ([]byte, error)
func Sm2DecryptAsn1(priKey []byte, data []byte) ([]byte, error)
func Sm2DecryptAsn1WithPassword(priKey []byte, data []byte, password []byte) ([]byte, error)
func Sm2DecryptC1C2C3(priKey []byte, data []byte) ([]byte, error)
func Sm2DecryptC1C2C3WithPassword(priKey []byte, data []byte, password []byte) ([]byte, error)
func Sm2DecryptC1C3C2(priKey []byte, data []byte) ([]byte, error)
func Sm2DecryptC1C3C2WithPassword(priKey []byte, data []byte, password []byte) ([]byte, error)
func Sm2Encrypt(pubKey []byte, data []byte) ([]byte, error)
func Sm2EncryptAsn1(pubKey []byte, data []byte) ([]byte, error)
func Sm2EncryptC1C2C3(pubKey []byte, data []byte) ([]byte, error)
func Sm2EncryptC1C3C2(pubKey []byte, data []byte) ([]byte, error)
func Sm2GenerateHexKeyPair() ([]byte, []byte, error)
func Sm2GeneratePemKeyPair() ([]byte, []byte, error)
func Sm2GenerateTemporaryKeyPair() ([]byte, []byte, error)
func Sm2KeyExchange(keyLength int, idA []byte, idB []byte, priKey []byte, pubKey []byte, tempPriKey []byte, tempPubKey []byte, thisIsA bool) ([]byte, []byte, []byte, error)
func Sm2SignWithSM3(priKeyBytes []byte, data any) ([]byte, error)
func Sm2SignWithSM3WithPassword(priKeyBytes []byte, data any, password []byte) ([]byte, error)
func Sm2VerifyWithSM3(pubKeyBytes []byte, originData any, sign []byte) error
func Sm3(raw any) []byte
func Sm4CBCDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CBCDecryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CBCDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CBCEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CBCEncryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CBCEncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CFBDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CFBDecryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CFBDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CFBEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CFBEncryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CFBEncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CTRDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CTRDecryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CTRDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CTREncrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CTREncryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4CTREncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4Decrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4EBCDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4EBCEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4ECBDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4ECBDecryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4ECBDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4ECBEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4ECBEncryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4ECBEncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4Encrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4GCMDecrypt(key []byte, data any, iv []byte) ([]byte, error)
func Sm4GCMEncrypt(key []byte, data any, iv []byte) ([]byte, error)
func Sm4OFBDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4OFBDecryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4OFBDecryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4OFBEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func Sm4OFBEncryptWithPKCSPadding(key []byte, i any, iv []byte) ([]byte, error)
func Sm4OFBEncryptWithZeroPadding(key []byte, i any, iv []byte) ([]byte, error)
func StrconvQuote(s string) string
func StrconvUnquote(s string) (string, error)
func TripleDESCBCDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func TripleDESCBCEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func TripleDESDecrypt(key []byte, i any, iv []byte) ([]byte, error)
func TripleDESECBDecrypt(key []byte, data []byte) ([]byte, error)
func TripleDESECBEncrypt(key []byte, data []byte) ([]byte, error)
func TripleDESEncrypt(key []byte, i any, iv []byte) ([]byte, error)
func UTF8ToGB18030(s []byte) ([]byte, error)
func UTF8ToGBK(s []byte) ([]byte, error)
func UTF8ToHZGB2312(s []byte) ([]byte, error)
func UnescapePathUrl(s string) (string, error)
func UnescapeQueryUrl(s string) (string, error)
func UnescapeString(s string) (string, error)
func UnicodeDecode(i string) string
func UnicodeEncode(i string) string
func ZeroPadding(origin []byte, blockSize int) []byte
func ZeroUnPadding(originData []byte) []byte

http请求响应相关包

package poc


func AppendHTTPPacketCookie(packet []byte, key string, value any) []byte
func AppendHTTPPacketFormEncoded(packet []byte, key string, value string) []byte
func AppendHTTPPacketHeader(packet []byte, headerKey string, headerValue any) []byte
func AppendHTTPPacketPath(packet []byte, p string) []byte
func AppendHTTPPacketPostParam(packet []byte, key string, value string) []byte
func AppendHTTPPacketQueryParam(packet []byte, key string, value string) []byte
func AppendHTTPPacketUploadFile(packet []byte, fieldName string, fileName string, fileContent any, contentType ...string) []byte
func AutoUnzipPacketEncoding(raw []byte) (plain []byte, state *PacketEncodingState, ok bool)
func BasicRequest() []byte
func BasicResponse() []byte
func BuildRequest(i any, opts ...PocConfigOption) []byte
func CurlToHTTPRequest(command string) (req []byte)
func Delete(urlStr string, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func DeleteHTTPPacketCookie(packet []byte, key string) []byte
func DeleteHTTPPacketForm(packet []byte, key string) []byte
func DeleteHTTPPacketHeader(packet []byte, headerKey string) []byte
func DeleteHTTPPacketPostParam(packet []byte, key string) []byte
func DeleteHTTPPacketQueryParam(packet []byte, key string) []byte
func Do(method string, urlStr string, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func Download(urlStr string, opts ...PocConfigOption) (string, error)
func DownloadWithMethod(method string, urlStr string, opts ...PocConfigOption) (string, error)
func ExtractPostParams(raw []byte) (map[string]string, error)
func FixHTTPPacketCRLF(raw []byte, noFixLength bool) []byte
func FixHTTPRequest(raw []byte) []byte
func FixHTTPResponse(r []byte) []byte
func Get(urlStr string, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func GetAllHTTPPacketPostParams(packet []byte) (params map[string]string)
func GetAllHTTPPacketPostParamsFull(packet []byte) (params map[string][]string)
func GetAllHTTPPacketQueryParams(packet []byte) (params map[string]string)
func GetAllHTTPPacketQueryParamsFull(packet []byte) (params map[string][]string)
func GetHTTPPacketBody(packet []byte) (body []byte)
func GetHTTPPacketContentType(packet []byte) (contentType string)
func GetHTTPPacketCookie(packet []byte, key string) (cookieValue string)
func GetHTTPPacketCookieFirst(packet []byte, key string) (cookieValue string)
func GetHTTPPacketCookieValues(packet []byte, key string) (cookieValues []string)
func GetHTTPPacketCookies(packet []byte) (cookies map[string]string)
func GetHTTPPacketCookiesFull(packet []byte) (cookies map[string][]string)
func GetHTTPPacketFirstLine(packet []byte) (string, string, string)
func GetHTTPPacketHeader(packet []byte, key string) (header string)
func GetHTTPPacketHeaders(packet []byte) (headers map[string]string)
func GetHTTPPacketHeadersFull(packet []byte) (headers map[string][]string)
func GetHTTPPacketPostParam(packet []byte, key string) (paramValue string)
func GetHTTPPacketQueryParam(packet []byte, key string) (paramValue string)
func GetHTTPRequestMethod(packet []byte) (method string)
func GetHTTPRequestPath(packet []byte) (path string)
func GetHTTPRequestPathWithoutQuery(packet []byte) (path string)
func GetStatusCodeFromResponse(packet []byte) (statusCode int)
func GetUrlFromHTTPRequest(scheme string, packet []byte) (url string)
func HTTP(i any, opts ...PocConfigOption) (rsp []byte, req []byte, err error)
func HTTPEx(i any, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func HTTPPacketForceChunked(raw []byte) []byte
func HTTPRequestToCurl(https bool, raw any) (curlCommand string)
func Head(urlStr string, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func IsResponse(raw any) (isHTTPResponse bool)
func Options(urlStr string, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func ParseBytesToHTTPRequest(raw []byte) (reqInst *http.Request, err error)
func ParseBytesToHTTPResponse(res []byte) (rspInst *http.Response, err error)
func ParseMultiPartFormWithCallback(req []byte, callback func(part *multipart.Part)) (err error)
func ParseUrlToHTTPRequestRaw(method string, i any) (isHttps bool, req []byte, err error)
func Post(urlStr string, opts ...PocConfigOption) (rspInst *lowhttp.LowhttpResponse, reqInst *http.Request, err error)
func RemoveSession(session string)
func ReplaceAllHTTPPacketPostParams(packet []byte, values map[string]string) []byte
func ReplaceAllHTTPPacketPostParamsWithoutEscape(packet []byte, values map[string]string) []byte
func ReplaceAllHTTPPacketQueryParams(packet []byte, values map[string]string) []byte
func ReplaceAllHTTPPacketQueryParamsWithoutEscape(packet []byte, values map[string]string) []byte
func ReplaceBody(raw []byte, body []byte, chunk bool) (newHTTPRequest []byte)
func ReplaceHTTPPacketBasicAuth(packet []byte, username string, password string) []byte
func ReplaceHTTPPacketBody(packet []byte, body []byte) []byte
func ReplaceHTTPPacketCookie(packet []byte, key string, value any) []byte
func ReplaceHTTPPacketCookies(packet []byte, m any) []byte
func ReplaceHTTPPacketFirstLine(packet []byte, firstLine string) []byte
func ReplaceHTTPPacketFormEncoded(packet []byte, key string, value string) []byte
func ReplaceHTTPPacketHeader(packet []byte, headerKey string, headerValue any) []byte
func ReplaceHTTPPacketHost(packet []byte, host string) []byte
func ReplaceHTTPPacketJsonBody(packet []byte, jsonMap map[string]any) []byte
func ReplaceHTTPPacketMethod(packet []byte, newMethod string) []byte
func ReplaceHTTPPacketPath(packet []byte, p string) []byte
func ReplaceHTTPPacketPathFunc(packet []byte, callback func(originPath string) string) []byte
func ReplaceHTTPPacketPostParam(packet []byte, key string, value string) []byte
func ReplaceHTTPPacketQueryParam(packet []byte, key string, value string) []byte
func ReplaceHTTPPacketQueryParamWithoutEscape(packet []byte, key string, value string) []byte
func ReplaceHTTPPacketUploadFile(packet []byte, fieldName string, fileName string, fileContent any, contentType ...string) []byte
func Split(raw []byte, hook ...func(line string)) (headers string, body []byte)
func Websocket(raw any, opts ...PocConfigOption) (rsp []byte, req []byte, err error)
func afterSaveHandler(f ...func(flow *schema.HTTPFlow)) PocConfigOption
func appendCookie(key string, value string) PocConfigOption
func appendFormEncoded(key string, value string) PocConfigOption
func appendHeader(key string, value string) PocConfigOption
func appendHeaders(headers map[string]string) PocConfigOption
func appendPath(path string) PocConfigOption
func appendPostParam(key string, value string) PocConfigOption
func appendQueryParam(key string, value string) PocConfigOption
func appendUploadFile(fieldName string, fileName string, fileContent any, contentType ...string) PocConfigOption
func body(i any) PocConfigOption
func bodyStreamHandler(i func(r []byte, closer io.ReadCloser)) PocConfigOption
func connPool(b bool) PocConfigOption
func connectTimeout(f float64) PocConfigOption
func context(ctx context.Context) PocConfigOption
func cookie(c string, values ...any) PocConfigOption
func deleteCookie(key string) PocConfigOption
func deleteForm(key string) PocConfigOption
func deleteHeader(key string) PocConfigOption
func deletePostParam(key string) PocConfigOption
func deleteQueryParam(key string) PocConfigOption
func disableSession(b bool) PocConfigOption
func dnsNoCache(b bool) PocConfigOption
func dnsServer(servers ...string) PocConfigOption
func downloadDir(dir string) PocConfigOption
func downloadFilename(filename string) PocConfigOption
func downloadFinished(callback func(filePath string)) PocConfigOption
func downloadProgress(callback func(downloaded int64, total int64, percent float64)) PocConfigOption
func fakeua() PocConfigOption
func fixQueryEscape(b bool) PocConfigOption
func fromPlugin(b string) PocConfigOption
func gmTLSCipherSuite(suites ...int) PocConfigOption
func gmTLSDisableCompatMode(disable ...bool) PocConfigOption
func gmTLSPrefer() PocConfigOption
func gmTls() PocConfigOption
func gmTlsOnly() PocConfigOption
func header(key string, value string) PocConfigOption
func host(h string) PocConfigOption
func http2(isHttp2 bool) PocConfigOption
func https(isHttps bool) PocConfigOption
func jsRedirect(b bool) PocConfigOption
func json(i any) PocConfigOption
func noBodyBuffer(b bool) PocConfigOption
func noFixContentLength(b bool) PocConfigOption
func noRedirect(b bool) PocConfigOption
func noredirect(b bool) PocConfigOption
func params(i any) PocConfigOption
func password(password string) PocConfigOption
func port(port int) PocConfigOption
func postData(i string) PocConfigOption
func postParams(i any) PocConfigOption
func postparams(i any) PocConfigOption
func proxy(proxies ...string) PocConfigOption
func query(i any) PocConfigOption
func randomChunked(b bool) PocConfigOption
func randomChunkedDelay(min int, max int) PocConfigOption
func randomChunkedLength(min int, max int) PocConfigOption
func randomChunkedResultHandler(f func(id int, chunkRaw []byte, totalTime time.Duration, chunkSendTime time.Duration)) PocConfigOption
func randomJA3(b bool) PocConfigOption
func redirect(i func(current *http.Request, vias []*http.Request) bool) PocConfigOption
func redirectHandler(i func(isHttps bool, req, rsp []byte) bool) PocConfigOption
func redirectTimes(t int) PocConfigOption
func replaceAllPostParams(values map[string]string) PocConfigOption
func replaceAllPostParamsWithoutEscape(values map[string]string) PocConfigOption
func replaceAllQueryParams(values map[string]string) PocConfigOption
func replaceAllQueryParamsWithoutEscape(values map[string]string) PocConfigOption
func replaceBasicAuth(username string, password string) PocConfigOption
func replaceBody(body []byte, chunk bool) PocConfigOption
func replaceCookie(key string, value string) PocConfigOption
func replaceCookies(cookies any) PocConfigOption
func replaceFirstLine(firstLine string) PocConfigOption
func replaceFormEncoded(key string, value string) PocConfigOption
func replaceHeader(key string, value string) PocConfigOption
func replaceHost(host string) PocConfigOption
func replaceMethod(method string) PocConfigOption
func replacePath(path string) PocConfigOption
func replacePathFunc(handle func(string) string) PocConfigOption
func replacePostParam(key string, value string) PocConfigOption
func replaceQueryParam(key string, value string) PocConfigOption
func replaceRandomUserAgent() PocConfigOption
func replaceUploadFile(formName string, fileName string, fileContent []byte, contentType ...string) PocConfigOption
func replaceUserAgent(ua string) PocConfigOption
func retryInStatusCode(codes ...int) PocConfigOption
func retryMaxWaitTime(f float64) PocConfigOption
func retryNotInStatusCode(codes ...int) PocConfigOption
func retryTimes(t int) PocConfigOption
func retryWaitTime(f float64) PocConfigOption
func runtimeID(r string) PocConfigOption
func save(b bool) PocConfigOption
func saveHandler(f ...func(response *lowhttp.LowhttpResponse)) PocConfigOption
func saveSync(b bool) PocConfigOption
func session(session string) PocConfigOption
func sni(sni string) PocConfigOption
func source(i string) PocConfigOption
func timeout(f float64) PocConfigOption
func ua(ua string) PocConfigOption
func uarand() PocConfigOption
func useMitmRule(b bool) PocConfigOption
func useragent(ua string) PocConfigOption
func username(username string) PocConfigOption
func websocket(w bool) PocConfigOption
func websocketFromServer(w func(i []byte, cancel func())) PocConfigOption
func websocketOnClient(w func(c *lowhttp.WebsocketClient)) PocConfigOption
func websocketStrictMode(b bool) PocConfigOption

请求值AES加密

调用底层的AESEncryptBasic，自定义方法来实现[None,PKCS7,Zero,ISO10126,ANSIX923]padding，支持"CBC", "ECB", "CFB", "OFB", "CTR"模式

调用方式{{yak(aesencrypt|n)}}

热加载代码

/*nonepadding，密文长度需要为16的整数倍字节 */
nonePadding = func(data) {
    if len(data) % 16 != 0 {
        panic("NonePadding Error: Data length must be a multiple of 16")
    }
    return []byte(data)
}

/** */
iso10126Padding = func(data) {
    blockSize := 16
    paddingLen := blockSize - (len(data) % blockSize)

    totalLen := len(data) + paddingLen
    paddedData := make([]byte, totalLen)
    copy(paddedData, data)

    // 逐个生成真正的随机字节
    // randn(0, 256) 生成开区间 [0, 256) 也就是闭区间 [0, 255] 的标准字节范围
    for i := 0; i < paddingLen-1; i++ {
        paddedData[len(data)+i] = byte(randn(0, 256))
    }

    // 最后一个字节严格写入填充长度
    paddedData[totalLen-1] = byte(paddingLen)

    return paddedData
}

/** */
ansiX923Padding = func(data) {
    blockSize := 16
    paddingLen := blockSize - (len(data) % blockSize)

    totalLen := len(data) + paddingLen
    paddedData := make([]byte, totalLen)
    copy(paddedData, data)

    // 尾部前 N-1 默认为 0x00（make出来的默认就是0），只需修改最后一个字节
    paddedData[totalLen-1] = byte(paddingLen)
    return paddedData
}

/*选择padding[None,PKCS7,Zero,ISO10126,ANSIX923] */
selectPadding = func(padding,data){
    switch padding{
        case "None":
        return nonePadding(data)
        case "PKCS7":
        return codec.PKCS7Padding(data)
        case "Zero":
        return codec.ZeroPadding(data , 16 )
        case "ISO10126":
        return iso10126Padding(data)
        case "ANSIX923":
        return ansiX923Padding(data)
    }
}

selectMod = func(mode){
    switch mode {
        case "CBC":
        return codec.CBC
        case "ECB":
        return codec.ECB
        case "CFB":
        return codec.CFB
        case "OFB":
        return codec.OFB
        case "CTR":
        return codec.CTR
    }
}

aesencrypt = func(n) {
    // ==========================================
    // 配置硬编码区：修改这里即可切换所有模式与填充
    // ==========================================
    mode := "CTR"       // 可选: "CBC", "ECB", "CFB", "OFB", "CTR"
    padding := "Zero" // 可选: "None", "PKCS7", "Zero", "ISO10126", "ANSIX923"
    // ==========================================

    /*内置方法key和iv都需要传入hex*/ 
    key = codec.DecodeHex(codec.EncodeToHex("1234123412341234"))~ 
    iv = codec.DecodeHex("03395d68979ed8632646813f4c0bbdb3")~ 

    // 1. 根据硬编码的 padding 执行对应填充
    paddedData := selectPadding(padding, n)

    // 2. 根据硬编码的 mode 匹配底层常量
    modeConst=selectMod(mode)

    // 3. 执行基础 AES 加密
    result = codec.AESEncryptBasic(key, paddedData, iv, modeConst)~

    // 4. 编码转换
    base64Result = codec.EncodeBase64(result)  
    hexResult = codec.EncodeToHex(result)  
    //hexResult = codec.EncodeToHex(result).Upper()  

    return hexResult
}

AES-GCM加密，内置了AESGCMEncryptWithNonceSize16和AESGCMEncryptWithNonceSize12，直接调用

aesgcmencrypt = func(n) {
    /* 内置方法 key 和 iv 均传入硬编码的十六进制 */ 
    key = codec.DecodeHex(codec.EncodeToHex("1234123412341234"))~ 
    iv  = codec.DecodeHex("03395d68979ed8632646813f4c0bbdb3")~ // 16 字节 IV
    plainBytes := []byte(n)

    // 调用 16 字节 Nonce 的加密方法，返回的字节数组 = 纯密文 + 16字节Tag
    ciphertext := codec.AESGCMEncryptWithNonceSize16(key, plainBytes, iv)~
    //ciphertext := codec.AESGCMEncryptWithNonceSize12(key, plainBytes, iv)~

    hexResult = codec.EncodeToHex(ciphertext)  

    return hexResult
}

响应body整体AES解密

调用底层的AESDecryptBasic方法，实现[None,PKCS7,Zero,ISO10126,ANSIX923]unpadding，支持"CBC", "ECB", "CFB", "OFB", "CTR"模式

/* noneUnpadding：验证密文长度是否为16的整数倍 */
noneUnpadding = func(data) {
    if len(data) % 16 != 0 {
        panic("NoneUnpadding Error: Ciphertext length must be a multiple of 16")
    }
    return []byte(data)
}

/* iso10126Unpadding 和 ansiX923Unpadding 的末尾字节代表填充长度 */
customUnpadding = func(padding, decryptedData) {
    if len(decryptedData) == 0 {
        return decryptedData
    }
    paddingLen := int(decryptedData[len(decryptedData)-1])
    if paddingLen > 16 || paddingLen < 1 {
        return decryptedData
    }
    return decryptedData[:len(decryptedData)-paddingLen]
}

/* 统一解密后的去填充路由 */
unselectPadding = func(padding, decryptedData) {
    switch padding {
        case "None":
        return noneUnpadding(decryptedData)
        case "PKCS7":
        // 使用内置的 PKCS7 解包方法
        return codec.PKCS7UnPadding(decryptedData)
        case "Zero":
        // 使用内置的 Zero 解包方法
        return codec.ZeroUnPadding(decryptedData)
        case "ISO10126", "ANSIX923":
        // 这两种模式的底层裁剪逻辑与 PKCS7 类似，都是依据最后一个字节的值
        return customUnpadding(padding, decryptedData)
        default:
        return decryptedData
    }
}

selectMod = func(mode){
    switch mode {
        case "CBC":
        return codec.CBC
        case "ECB":
        return codec.ECB
        case "CFB":
        return codec.CFB
        case "OFB":
        return codec.OFB
        case "CTR":
        return codec.CTR
    }
}

aesdecrypt = func(req, rsp) {
    // ==========================================
    // 配置硬编码区：修改这里即可切换所有模式与填充
    // ==========================================
    mode := "CBC"       // 可选: "CBC", "ECB", "CFB", "OFB", "CTR"
    padding := "PKCS7"  // 可选: "None", "PKCS7", "Zero", "ISO10126", "ANSIX923"
    // ==========================================

    /* 内置方法key和iv都需要传入hex */ 
    key = codec.DecodeHex(codec.EncodeToHex("1234123412341234"))~ 
    iv = codec.DecodeHex("03395d68979ed8632646813f4c0bbdb3")~ 

    // 1. 获取响应
    hostFilter = ""  /* 仅解密指定 Host 的响应，留空则解密所有 */
    if hostFilter != "" {
        host = poc.GetHTTPPacketHeader(req, "Host")
        if host != hostFilter {
            return rsp
        }
    }
    body = poc.GetHTTPPacketBody(rsp)
    ciphertext := codec.DecodeHex(body)~ // 响应 body 为 Hex 密文

    // 2. 根据硬编码的 mode 匹配底层常量
    modeConst := selectMod(mode)

    // 3. 执行底层解密
    result = codec.AESDecryptBasic(key, ciphertext, iv, modeConst)~

    // 4. 调用对应的 Unpadding 剥离填充字节
    plainText := unselectPadding(padding, result)

    // 5. 替换解密并去除填充后的响应值
    rsp = poc.ReplaceHTTPPacketBody(rsp, plainText)
    return rsp
}

// 替换解密后的响应值入口
afterRequest = func(https, originReq, req, originRsp, rsp) {
    return aesdecrypt(req, rsp)
}

无需调用，直接启动就能处理响应

请求值SM4加密

codec没有底层SM4加密的方法，只支持PKCS和Zero的padding

sm4encrypt = func(n) {
    // ==========================================
    // 配置硬编码区：修改这里即可切换所有内置模式与填充
    // ==========================================
    mode := "CBC"       // 可选: "CBC", "ECB", "CFB", "OFB", "CTR", "GCM"
    padding := "PKCS7"   // 可选: "PKCS7", "Zero" (GCM模式下不填)
    // ==========================================

    key = codec.DecodeHex(codec.EncodeToHex("1234123412341234"))~ 
    iv = codec.DecodeHex("03395d68979ed8632646813f4c0bbdb3")~ 

    selectmod = func(mode,key,n,iv){
        switch mode {
            case "CBC":
            if padding == "PKCS7" {
                return codec.Sm4CBCEncryptWithPKCSPadding(key, n, iv)~
            } else if padding == "Zero" {
                return codec.Sm4CBCEncryptWithZeroPadding(key, n, iv)~
            }

            case "ECB", "EBC": // 兼容库中可能存在的 EBC 拼写错误
            if padding == "PKCS7" {
                return codec.Sm4ECBEncryptWithPKCSPadding(key, n, iv)~
            } else if padding == "Zero" {
                return codec.Sm4ECBEncryptWithZeroPadding(key, n, iv)~
            }

            case "CFB":
            if padding == "PKCS7" {
                return codec.Sm4CFBEncryptWithPKCSPadding(key, n, iv)~
            } else if padding == "Zero" {
                return codec.Sm4CFBEncryptWithZeroPadding(key, n, iv)~
            }

            case "OFB":
            if padding == "PKCS7" {
                return codec.Sm4OFBEncryptWithPKCSPadding(key, n, iv)~
            } else if padding == "Zero" {
                return codec.Sm4OFBEncryptWithZeroPadding(key, n, iv)~
            }

            case "CTR":
            if padding == "PKCS7" {
                return codec.Sm4CTREncryptWithPKCSPadding(key, n, iv)~
            } else if padding == "Zero" {
                return codec.Sm4CTREncryptWithZeroPadding(key, n, iv)~
            }

            case "GCM":
            // GCM 是流加密认证模式，不需要传统块填充
            return codec.Sm4GCMEncrypt(key, n, iv)~
        }

    }

    return codec.EncodeToHex(selectmod(mode, key, n, iv))
}

响应body整体SM4解密

/* noneUnpadding：验证密文长度是否为 16 的整数倍 */
noneUnpadding = func(data) {
    if len(data) % 16 != 0 {
        panic("NoneUnpadding Error: Ciphertext length must be a multiple of 16")
    }
    return []byte(data)
}

/* iso10126Unpadding 和 ansiX923Unpadding 的末尾字节代表填充长度 */
customUnpadding = func(padding, decryptedData) {
    if len(decryptedData) == 0 {
        return decryptedData
    }
    paddingLen := int(decryptedData[len(decryptedData)-1])
    if paddingLen > 16 || paddingLen < 1 {
        return decryptedData
    }
    return decryptedData[:len(decryptedData)-paddingLen]
}

/* SM4 核心解密动态路由 */
sm4DecryptCore = func(mode, padding, key, ciphertext, iv) {
    // 1. 优先使用自带明确后缀的内置解密函数（自动剔除填充）
    if padding == "PKCS7" {
        switch mode {
            case "CBC": return codec.Sm4CBCDecryptWithPKCSPadding(key, ciphertext, iv)~
        case "ECB": return codec.Sm4ECBDecryptWithPKCSPadding(key, ciphertext,iv)~
        case "CFB": return codec.Sm4CFBDecryptWithPKCSPadding(key, ciphertext, iv)~
        case "OFB": return codec.Sm4OFBDecryptWithPKCSPadding(key, ciphertext, iv)~
        case "CTR": return codec.Sm4CTRDecryptWithPKCSPadding(key, ciphertext, iv)~
            }
    }
    if padding == "Zero" {
        switch mode {
            case "CBC": return codec.Sm4CBCDecryptWithZeroPadding(key, ciphertext, iv)~
        case "ECB": return codec.Sm4ECBDecryptWithZeroPadding(key, ciphertext,iv)~
        case "CFB": return codec.Sm4CFBDecryptWithZeroPadding(key, ciphertext, iv)~
        case "OFB": return codec.Sm4OFBDecryptWithZeroPadding(key, ciphertext, iv)~
        case "CTR": return codec.Sm4CTRDecryptWithZeroPadding(key, ciphertext, iv)~
            }
    }

    // 2. 针对 None, ISO10126, ANSIX923：移除 var 关键字，直接利用 := 隐式推导初始化
    decryptedData := []byte("")
    switch mode {
        case "CBC": decryptedData = codec.Sm4CBCDecrypt(key, ciphertext, iv)~
    case "ECB": decryptedData = codec.Sm4ECBDecrypt(key, ciphertext,iv)~
    case "CFB": decryptedData = codec.Sm4CFBDecrypt(key, ciphertext, iv)~
    case "OFB": decryptedData = codec.Sm4OFBDecrypt(key, ciphertext, iv)~
    case "CTR": decryptedData = codec.Sm4CTRDecrypt(key, ciphertext, iv)~
    case "GCM": decryptedData = codec.Sm4GCMDecrypt(key, ciphertext, iv)~
    default:    panic("Unsupported SM4 Mode: " + mode)
        }

    switch padding {
        case "None":
        return noneUnpadding(decryptedData)
        case "ISO10126", "ANSIX923":
        return customUnpadding(padding, decryptedData)
        default:
        return decryptedData
    }
}

sm4decrypt = func(req, rsp) {
    // ==========================================
    // 配置硬编码区：修改这里即可切换所有模式与填充
    // ==========================================
    mode := "CBC"       // 可选: "CBC", "ECB", "CFB", "OFB", "CTR", "GCM"
    padding := "PKCS7"  // 可选: "None", "PKCS7", "Zero", "ISO10126", "ANSIX923"
    // ==========================================

    key = codec.DecodeHex(codec.EncodeToHex("1234123412341234"))~ 
    iv = codec.DecodeHex("03395d68979ed8632646813f4c0bbdb3")~ 

    hostFilter = ""  
    if hostFilter != "" {
        host = poc.GetHTTPPacketHeader(req, "Host")
        if host != hostFilter {
            return rsp
        }
    }
    body = poc.GetHTTPPacketBody(rsp)
    ciphertext := codec.DecodeHex(body)~ 

    plainText := sm4DecryptCore(mode, padding, key, ciphertext, iv)

    rsp = poc.ReplaceHTTPPacketBody(rsp, plainText)
    return rsp
}

afterRequest = func(https, originReq, req, originRsp, rsp) {
    return sm4decrypt(req, rsp)
}

请求值DES加密

/* nonePadding：DES 密文长度需要为 8 的整数倍字节 */
nonePadding = func(data) {
    if len(data) % 8 != 0 {
        panic("NonePadding Error: Data length must be a multiple of 8")
    }
    return []byte(data)
}

/* iso10126Padding：针对 DES (8字节块)，尾部填充安全随机数，最后一个字节写入填充长度 */
iso10126Padding = func(data) {
    blockSize := 8
    paddingLen := blockSize - (len(data) % blockSize)

    totalLen := len(data) + paddingLen
    paddedData := make([]byte, totalLen)
    copy(paddedData, data)

    // 使用内置的 CryptoRandBytes 安全生成所需的随机字节
    if paddingLen > 1 {
        randomBytes := codec.CryptoRandBytes(paddingLen - 1)
        for i := 0; i < paddingLen-1; i++ {
            paddedData[len(data)+i] = randomBytes[i]
        }
    }

    // 最后一个字节严格写入填充长度
    paddedData[totalLen-1] = byte(paddingLen)

    return paddedData
}

/* ansiX923Padding：针对 DES (8字节块)，尾部前 N-1 默认为 0x00，最后一个字节写入填充长度 */
ansiX923Padding = func(data) {
    blockSize := 8
    paddingLen := blockSize - (len(data) % blockSize)

    totalLen := len(data) + paddingLen
    paddedData := make([]byte, totalLen)
    copy(paddedData, data)

    // 尾部前 N-1 默认为 0x00，只需修改最后一个字节
    paddedData[totalLen-1] = byte(paddingLen)
    return paddedData
}

/* 选择 padding [None, PKCS7, Zero, ISO10126, ANSIX923] */
selectPadding = func(padding, data){
    switch padding {
        case "None":
        return nonePadding(data)
        case "PKCS7":
        return codec.PKCS7PaddingForDES(data)
        case "Zero":
        return codec.ZeroPadding(data, 8) // 块大小调整为 8
        case "ISO10126":
        return iso10126Padding(data)
        case "ANSIX923":
        return ansiX923Padding(data)
    }
}

/* DES 核心加密路由 */
desEncryptCore = func(mode, key, paddedData, iv) {
    switch mode {
        case "CBC":
        // 调用包含 iv 的 CBC 加密
        return codec.DESCBCEncrypt(key, paddedData, iv)~
        case "ECB":
        // ECB 模式不需要传 iv
        return codec.DESECBEncrypt(key, paddedData)~
        default:
        panic("Unsupported DES Mode: " + mode)
    }
}

desencrypt = func(n) {
    // ==========================================
    // 配置硬编码区：修改这里即可切换模式与填充
    // ==========================================
    mode := "CBC"       // 可选: "CBC", "ECB"
    padding := "None"  // 可选: "None", "PKCS7", "Zero", "ISO10126", "ANSIX923"
    // ==========================================

    /* DES 密钥必须为 8 字节，IV 必须为 8 字节（Hex 解码后） */ 
    key = codec.DecodeHex(codec.EncodeToHex("12341234"))~ 
    iv = codec.DecodeHex("03395d68979ed863")~ 

    // 1. 根据硬编码的 padding 执行对应填充
    paddedData := selectPadding(padding, n)

    // 2. 执行底层的 DES 加密
    result = desEncryptCore(mode, key, paddedData, iv)

    // 3. 编码转换
    hexResult = codec.EncodeToHex(result)  
    // hexResult = codec.EncodeToHex(result).Upper()  

    return hexResult
}

响应body整体DES解密

/* noneUnpadding：验证密文长度是否为 8 的整数倍 */
noneUnpadding = func(data) {
    if len(data) % 8 != 0 {
        panic("NoneUnpadding Error: Ciphertext length must be a multiple of 8")
    }
    return []byte(data)
}

/* iso10126Unpadding 和 ansiX923Unpadding 的末尾字节代表填充长度 */
customUnpadding = func(padding, decryptedData) {
    if len(decryptedData) == 0 {
        return decryptedData
    }
    // 针对 DES，合法的填充长度最大只可能是 8 字节
    paddingLen := int(decryptedData[len(decryptedData)-1])
    if paddingLen > 8 || paddingLen < 1 {
        return decryptedData
    }
    return decryptedData[:len(decryptedData)-paddingLen]
}

/* 统一解密后的去填充路由 */
unselectPadding = func(padding, decryptedData) {
    switch padding {
        case "None":
        return noneUnpadding(decryptedData)
        case "PKCS7":
        // 使用内置的 PKCS7 解包方法
        return codec.PKCS7UnPadding(decryptedData)
        case "Zero":
        // 使用内置的 Zero 解包方法
        return codec.ZeroUnPadding(decryptedData)
        case "ISO10126", "ANSIX923":
        // 依据最后一个字节的值进行裁剪
        return customUnpadding(padding, decryptedData)
        default:
        return decryptedData
    }
}

/* DES 解密核心路由 */
desDecryptCore = func(mode, key, ciphertext, iv) {
    switch mode {
        case "CBC":
        return codec.DESCBCDecrypt(key, ciphertext, iv)~
        case "ECB":
        // ECB 模式不需要传 iv
        return codec.DESECBDecrypt(key, ciphertext)~
        default:
        panic("Unsupported DES Mode: " + mode)
    }
}

desdecrypt = func(req, rsp) {
    // ==========================================
    // 配置硬编码区：修改这里即可切换所有模式与填充
    // ==========================================
    mode := "CBC"       // 可选: "CBC", "ECB"
    padding := "None"  // 可选: "None", "PKCS7", "Zero", "ISO10126", "ANSIX923"
    // ==========================================

    /* 内置方法key和iv都需要传入hex。注意：DES 的 Key 和 IV 为 8 字节 */ 
    key = codec.DecodeHex(codec.EncodeToHex("12341234"))~ 
    iv = codec.DecodeHex("03395d68979ed863")~ 

    // 1. 获取响应
    hostFilter = ""  /* 仅解密指定 Host 的响应，留空则解密所有 */
    if hostFilter != "" {
        host = poc.GetHTTPPacketHeader(req, "Host")
        if host != hostFilter {
            return rsp
        }
    }
    body = poc.GetHTTPPacketBody(rsp)
    ciphertext := codec.DecodeHex(body)~ // 响应 body 为 Hex 密文

    // 2. 执行底层解密
    result := desDecryptCore(mode, key, ciphertext, iv)

    // 3. 调用对应的 Unpadding 剥离填充字节
    plainText := unselectPadding(padding, result)

    // 4. 替换解密并去除填充后的响应值
    rsp = poc.ReplaceHTTPPacketBody(rsp, plainText)
    return rsp
}

// 替换解密后的响应值入口
afterRequest = func(https, originReq, req, originRsp, rsp) {
    return desdecrypt(req, rsp)
}

请求参数签名Hmac

支持"MD5"、"SM3"、"SHA1"、"SHA256"、"SHA512"的签名算法


encryptData = (packet) => {
    body = poc.GetHTTPPacketBody(packet)
    params = json.loads(body)

    name = params.username
    pass = params.password
    key  = "31323334313233343132333431323334" // 十六进制密钥
    ALGO = "SHA256" 

    select = func(algo){
        switch ALGO {
            case "MD5":
            hmacFunc = codec.HmacMD5
            return  codec.EncodeToHex(hmacFunc(f`${codec.DecodeHex(key)~}`, signText))
            case "SM3":
            hmacFunc = codec.HmacSM3
            return  codec.EncodeToHex(hmacFunc(f`${codec.DecodeHex(key)~}`, signText))
            case "SHA1":
            hmacFunc = codec.HmacSha1
            return  codec.EncodeToHex(hmacFunc(f`${codec.DecodeHex(key)~}`, signText))
            case "SHA512":
            hmacFunc = codec.HmacSha512
            return  codec.EncodeToHex(hmacFunc(f`${codec.DecodeHex(key)~}`, signText))
            case "SHA256":
            hmacFunc = codec.HmacSha256
            return  codec.EncodeToHex(hmacFunc(f`${codec.DecodeHex(key)~}`, signText))
        }
    }

    // 签名格式为 username=xx&password=xx，按需修改
    signText = f`username=${name}&password=${pass}`

    // 动态调用选中的 hmacFunc
    sign = select(ALGO)

    // 构造请求体
    result = f`{"username":"${name}","password":"${pass}","signature":"${sign}","key":"${key}"}`

    return string(poc.ReplaceBody(packet, result, false))
}

beforeRequest = func(req){
    return encryptData(req)
}

自动更新请求，无需调用

请求HMAC签名+RSA加密

RSA公钥固定

// ==================== 硬编码配置区 ====================
ALGO = "SHA256"         // HMAC 算法可选: "MD5", "SM3", "SHA1", "SHA256", "SHA512"
RSA_PADDING = "PKCS1"   // RSA 填充模式可选: "PKCS1", "JSEncrypt", "OAEP", "PKCS1Block"


getPubkey = func() {
    //通过请求动态获取公钥
    rsp, req = poc.HTTP(`GET /crypto/js/rsa/public/key HTTP/1.1
Host: 127.0.0.1:8787

    `)~
    body = poc.GetHTTPPacketBody(rsp) // 响应体
    return body
}

//getPubkey()每次请求都会多一个获取公钥的请求，如果公钥固定，最好硬编码到下面

RSA_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Oz+NIGDBPV6YYCbDeCk
Ad5V029ZOVuKKX+NZnNiq1+AVxVDhW/T1HNW3wSAsVJHwDLgQ7AwVsTE0FJ9Sg3b
C8/V80y3661wDKeI1Zgz9mTw0aXWFo5aXacF7FUKYnaEkGaZHLT3cmUYI3fBZLO9
5/TIC4foe9zsP6tBL87fWGMUt3nET6BSlReRM2Dvqu1pzrrpUtNI7v2RbKqH3hEJ
LedOYYz1NY+Nj4oIrz1to6yhWz/ZXM9gLYsIA8P9BSdiD1lrmhRBzgz8L86xs/Tx
kPjdlSk1/zcspOghxQixTtg18Ov1w73RbBtBf/bTB2N/p1YlUkSyCEIOLbH5ShXx
EQIDAQAB
-----END PUBLIC KEY-----`
// ======================================================

//RSA_PUBLIC_KEY = getPubkey()

encryptData = func(packet) {
    body = poc.GetHTTPPacketBody(packet)
    params = json.loads(body)

    name = params.username
    pass = params.password
    key  = "31323334313233343132333431323334" // 十六进制密钥

    signText = f"username=${name}&password=${pass}"

    // 1. 内部选择：HMAC 算法
    selectHmac = func(algo, text){
        switch algo {
            case "MD5":
            hmacFunc = codec.HmacMD5
            return codec.EncodeToHex(hmacFunc(f"${codec.DecodeHex(key)~}", text))
            case "SM3":
            hmacFunc = codec.HmacSM3
            return codec.EncodeToHex(hmacFunc(f"${codec.DecodeHex(key)~}", text))
            case "SHA1":
            hmacFunc = codec.HmacSha1
            return codec.EncodeToHex(hmacFunc(f"${codec.DecodeHex(key)~}", text))
            case "SHA512":
            hmacFunc = codec.HmacSha512
            return codec.EncodeToHex(hmacFunc(f"${codec.DecodeHex(key)~}", text))
            case "SHA256":
            hmacFunc = codec.HmacSha256
            return codec.EncodeToHex(hmacFunc(f"${codec.DecodeHex(key)~}", text))
            default:
            hmacFunc = codec.HmacSha256
            return codec.EncodeToHex(hmacFunc(f"${codec.DecodeHex(key)~}", text))
        }
    }

    // 计算 HMAC 签名并构造明文 JSON
    sign = selectHmac(ALGO, signText)
    //plainResult = f`{"username":"${name}","password":"${pass}","signature":"${sign}","key":"${key}"}`

    // 2. 内部选择：RSA 填充模式加密
    selectRsaEncrypt = func(padding, pubKey, dataStr) {
        // 由于 Yaklang 不同的 RSA 函数入参类型有些许差异（any 或 []byte）
        // 这里统一将 dataStr 转换为 []byte 传入，以保证最好的兼容性
        dataBytes = []byte(dataStr)

        switch padding {
            case "PKCS1":
            // func RSAEncryptWithPKCS1v15(raw []byte, data any) ([]byte, error)
            return codec.RSAEncryptWithPKCS1v15([]byte(pubKey), dataBytes)

            case "JSEncrypt":
            // func RSAEncryptWithJSEncryptStyle(pubKeyPem string, data []byte) ([]byte, error)
            return codec.RSAEncryptWithJSEncryptStyle(pubKey, dataBytes)

        case "OAEP":
            // func RSAEncryptWithOAEP(raw []byte, data any) ([]byte, error)
            return codec.RSAEncryptWithOAEP([]byte(pubKey), dataBytes)
        
        case "PKCS1Block":
            // func RSAEncryptWithPKCS1v15Block(pubKeyPem string, data []byte) ([]byte, error)
            return codec.RSAEncryptWithPKCS1v15Block(pubKey, dataBytes)
        
        default:
            // 默认兜底使用 PKCS1v15
            return codec.RSAEncryptWithPKCS1v15([]byte(pubKey), dataBytes)
        }
    }

    // 执行 RSA 加密
    cipherBytes = selectRsaEncrypt(RSA_PADDING, RSA_PUBLIC_KEY, sign)

    // 3. 将加密后的字节流转换为可见的 Base64 字符串
    encryptedResult = codec.EncodeToHex(cipherBytes)

 // 构造请求体
    result = f`{"username":"${name}","password":"${pass}","signature":"${encryptedResult}","key":"${key}"}`
    // 4. 将最终密文替换回请求体
    return string(poc.ReplaceBody(packet, result, false))
}

beforeRequest = func(req){
    return encryptData(req)
}

请求RSA签名

RSA公钥固定，填充方式可选"PKCS1", "JSEncrypt", "OAEP", "PKCS1Block"

// ==================== 硬编码配置区 ====================
RSA_PADDING = "OAEP"   // RSA 填充模式可选: "PKCS1", "JSEncrypt", "OAEP", "PKCS1Block"

getPubkey = func() {
    // 通过请求动态获取公钥,根据实际实现
    rsp, req = poc.HTTP(`GET /crypto/js/rsa/public/key HTTP/1.1
Host: 127.0.0.1:8787

    `)~
    body = poc.GetHTTPPacketBody(rsp) // 响应体
    return body
}

// getPubkey()每次请求都会多一个获取公钥的请求，如果公钥固定，最好硬编码到下面

RSA_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcfIEokuhV4rIR5QrwrL\nACkRtXnF5SghsofJ8QvY0akcsze1U6jKhEArU1KLuG3c+fiPxtq8Cffvycb1w8TP\n8w8jpSK8LJ/CMI9RCGOYVNcy87Ode7u+NEsYsyiVp4wfHW3mYlh93/YleApUl1GJ\nP5OANGJmRbL5AvyJb23Vq2ZvQwon6wzctHPyasiGjuTZvisXC87Oc93UvFNAyP87\nyJHgJOgBI8Vupfx5m6XvOV0c9hNzkKU6qSZULikkxne/nUEwl+nIINXk7FUL3i50\nfBrjyktFKd45orsDhVLpuzD75gqbCOPmcccNuFfbAtZWJ6GcPvupFwP7MqH4dE0X\nowIDAQAB\n-----END PUBLIC KEY-----\n`.Replace("\\n", "\n")
// ======================================================

// RSA_PUBLIC_KEY = getPubkey()

encryptData = func(packet) {
    body = poc.GetHTTPPacketBody(packet)
    params = json.loads(body)

    name = params.username
    pass = params.password
    age = params.age
    key  = "31323334313233343132333431323334" // 十六进制密钥

    // 拼接需要直接进行 RSA 加密的明文文本
    plainText = f`{"username":"${name}","password":"${pass}","age":"${age}"}`

    // 1. 内部选择：RSA 填充模式加密
    selectRsaEncrypt = func(padding, pubKey, dataStr) {
        dataBytes = []byte(dataStr)

        switch padding {
        case "PKCS1":
            // func RSAEncryptWithPKCS1v15(raw []byte, data any) ([]byte, error)
            return codec.RSAEncryptWithPKCS1v15([]byte(pubKey), dataBytes)

        case "JSEncrypt":
            // func RSAEncryptWithJSEncryptStyle(pubKeyPem string, data []byte) ([]byte, error)
            return codec.RSAEncryptWithJSEncryptStyle(pubKey, dataBytes)

        case "OAEP":
            // func RSAEncryptWithOAEP(raw []byte, data any) ([]byte, error)
            return codec.RSAEncryptWithOAEP([]byte(pubKey), dataBytes)
            
        case "PKCS1Block":
            // func RSAEncryptWithPKCS1v15Block(pubKeyPem string, data []byte) ([]byte, error)
            return codec.RSAEncryptWithPKCS1v15Block(pubKey, dataBytes)
            
        default:
            // 默认兜底使用 PKCS1v15
            return codec.RSAEncryptWithPKCS1v15([]byte(pubKey), dataBytes)
        }
    }

    // 执行 RSA 加密（直接对明文字符串进行加密）
    cipherBytes = selectRsaEncrypt(RSA_PADDING, RSA_PUBLIC_KEY, plainText)

    // 2. 将加密后的字节流转换为可见的base64字符串
    encryptedResult = codec.EncodeBase64(cipherBytes)

    // 3. 构造最终的请求体 JSON
    result = f`{"data":"${encryptedResult}"}`
    
    // 4. 将最终密文替换回请求体
    return string(poc.ReplaceBody(packet, result, false))
}

beforeRequest = func(req){
    return encryptData(req)
}

RSA请求签名&响应RSA解密

// ==================== 硬编码配置区 ====================
RSA_PADDING = "OAEP"   // RSA 填充模式可选: "PKCS1", "JSEncrypt", "OAEP", "PKCS1Block"

getPubkey = func() {
    // 通过请求动态获取公钥
    rsp, req = poc.HTTP(`GET /crypto/js/rsa/public/key HTTP/1.1
Host: 127.0.0.1:8787

    `)~
    body = poc.GetHTTPPacketBody(rsp) // 响应体
    return body
}

// getPubkey()每次请求都会多一个获取公钥的请求，如果公钥固定，最好硬编码到下面

RSA_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcfIEokuhV4rIR5QrwrL\nACkRtXnF5SghsofJ8QvY0akcsze1U6jKhEArU1KLuG3c+fiPxtq8Cffvycb1w8TP\n8w8jpSK8LJ/CMI9RCGOYVNcy87Ode7u+NEsYsyiVp4wfHW3mYlh93/YleApUl1GJ\nP5OANGJmRbL5AvyJb23Vq2ZvQwon6wzctHPyasiGjuTZvisXC87Oc93UvFNAyP87\nyJHgJOgBI8Vupfx5m6XvOV0c9hNzkKU6qSZULikkxne/nUEwl+nIINXk7FUL3i50\nfBrjyktFKd45orsDhVLpuzD75gqbCOPmcccNuFfbAtZWJ6GcPvupFwP7MqH4dE0X\nowIDAQAB\n-----END PUBLIC KEY-----\n`.Replace("\\n", "\n")
// ======================================================

// RSA_PUBLIC_KEY = getPubkey()

// [如果你有固定的私钥，请直接硬编码在这里，注意要与公钥配对]
RSA_PRIVATE_KEY = `-----BEGIN RSA PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC1x8gSiS6FXish\nHlCvCssAKRG1ecXlKCGyh8nxC9jRqRyzN7VTqMqEQCtTUou4bdz5+I/G2rwJ9+/J\nxvXDxM/zDyOlIrwsn8Iwj1EIY5hU1zLzs517u740SxizKJWnjB8dbeZiWH3f9iV4\nClSXUYk/k4A0YmZFsvkC/IlvbdWrZm9DCifrDNy0c/JqyIaO5Nm+KxcLzs5z3dS8\nU0DI/zvIkeAk6AEjxW6l/Hmbpe85XRz2E3OQpTqpJlQuKSTGd7+dQTCX6cgg1eTs\nVQveLnR8GuPKS0Up3jmiuwOFUum7MPvmCpsI4+Zxxw24V9sC1lYnoZw++6kXA/sy\nofh0TRejAgMBAAECggEAWY3+HFunJp9ZAizsNQBNOFwDVHOUsivORiUtsOpUPB5j\nfEuisn+Cnhr6/Ua6fPbrGd+B/ca/Qu36HV8+rt7kT+uSdQWizR07zy6cDlT6tDl8\n6aEAoffBYgPpPEJvUCbxIU+GY8cS5GZg2T3FpPLPehnR3Hzpw8bDdNwzXUkwLgsp\nhP7AkHCkiS74HrEJcToBYL5Zai+ar8zssAA43hStXmpHsN77rnpCwcTXg2L7SOTF\nWxoKaiEpsL8/msIG8y3WvIL5fmjRDyIat3UobgjRkCYOfXlC4F8NKqUT3cg7EZ7j\nrUAvX3stqtYUByo05xhiqcL3dR46r1EJbTBq0WcRoQKBgQDTMcBhC2x6c7Yy3f4s\nqPEeLPcUAY2uOLjE8Ku2JxJ73iJSpzhBgvjrtTpYoOnDYcufnR+w4nY+AVlv3nP/\nbyUtIsfmRuHwhx6K+xWtsOy5Ux+M3tWvH+KBFqId4uRacg6rsbnsaE/XkiSYyLmk\nZ5rX4PlKj2IU0zLabQ11+YMBkwKBgQDcWITn84rPOpmpVf4eKPCQc6+jSVw6VGjH\nSVP64ybFC4aZ4/rMjG4VofC/mlsBXjVUh9Ma7309Ego+J04OiTZ5Dj0kR1K+IBX1\nw6xb+JVL/Uno5PGZWy8AK9q/D8M1rrginLU/SNdBFkxhwQy/2FiSBpRD45WNh2my\nnSz9dUebsQKBgGuBqu17lDftSTUxnh57zWnP9+JePBIQ27Wc0bwCvb0CQbSTXOa0\nViQed9n/559G3BGfOS+gyBIeO7nfomrH2EPWra2CLad0EM8sq0dkhcx9DNV35Yyl\nDXcq31GZWybTYrZx3TQDkYkp4qlHnICdIMx9wEj9Hi99pyhbVPvWDKMzAoGBAKWu\nMZEvQMp9J5l6PW90HR6gvgorWRvK6FYgvvLA5h/3gKgqEiTH2uaNM7b+Wzt2GOeM\nkaGJPkQzUlxVtY2cgscXe8XRk1e+TITVMr6c9bWDqJVjwH4tX/PjBcHwGjo9O9ta\ntbX2EVSxbZF7VRjTlhWGuOkrMQKQNVvGb1PNYaChAoGAPXvl0eWrOVoitLUJeo0F\ngRMGb29FGfdC5uqhfi+7jGplnV5j9l6rbA1R7WDxJbXtzMiMr+bSgT1t9E06kxjz\nWntLdiYNVyZZW3l3M2uOh3OH3Gmnb6/eeOKdlx1Q1WBI75J413NyGZQOdYE/H8Z8\nJCecAyb8HfGmy4dctTEV8KU=\n-----END RSA PRIVATE KEY-----\n`.Replace("\\n", "\n")

encryptData = func(packet) {
    body = poc.GetHTTPPacketBody(packet)
    params = json.loads(body)

    name = params.username
    pass = params.password
    age = params.age
    key  = "31323334313233343132333431323334" // 十六进制密钥

    // 拼接需要直接进行 RSA 加密的明文文本
    plainText = f`{"username":"${name}","password":"${pass}","age":"${age}"}`

    // 1. 内部选择：RSA 填充模式加密
    selectRsaEncrypt = func(padding, pubKey, dataStr) {
        dataBytes = []byte(dataStr)

        switch padding {
        case "PKCS1":
            // func RSAEncryptWithPKCS1v15(raw []byte, data any) ([]byte, error)
            return codec.RSAEncryptWithPKCS1v15([]byte(pubKey), dataBytes)

        case "JSEncrypt":
            // func RSAEncryptWithJSEncryptStyle(pubKeyPem string, data []byte) ([]byte, error)
            return codec.RSAEncryptWithJSEncryptStyle(pubKey, dataBytes)

        case "OAEP":
            // func RSAEncryptWithOAEP(raw []byte, data any) ([]byte, error)
            return codec.RSAEncryptWithOAEP([]byte(pubKey), dataBytes)
            
        case "PKCS1Block":
            // func RSAEncryptWithPKCS1v15Block(pubKeyPem string, data []byte) ([]byte, error)
            return codec.RSAEncryptWithPKCS1v15Block(pubKey, dataBytes)
            
        default:
            // 默认兜底使用 PKCS1v15
            return codec.RSAEncryptWithPKCS1v15([]byte(pubKey), dataBytes)
        }
    }

    // 执行 RSA 加密（直接对明文字符串进行加密）
    cipherBytes = selectRsaEncrypt(RSA_PADDING, RSA_PUBLIC_KEY, plainText)

    // 2. 将加密后的字节流转换为可见的base64字符串
    encryptedResult = codec.EncodeBase64(cipherBytes)

    // 3. 构造最终的请求体 JSON
    result = f`{"data":"${encryptedResult}"}`
    
    // 4. 将最终密文替换回请求体
    return string(poc.ReplaceBody(packet, result, false))
}

beforeRequest = func(req){
    return encryptData(req)
}

/**响应解密 */
selectRsaDecrypt = func(padding, priKey, cipherBytes) {
    switch padding {
    case "PKCS1":
        return codec.RSADecryptWithPKCS1v15([]byte(priKey), cipherBytes)
    case "OAEP":
        return codec.RSADecryptWithOAEP([]byte(priKey), cipherBytes)
    case "PKCS1Block":
        return codec.RSADecryptWithPKCS1v15Block(priKey, cipherBytes)
    default:
        return codec.RSADecryptWithPKCS1v15([]byte(priKey), cipherBytes)
    }
}

// 响应后置解密拦截 
decryptData = func(rsp) {
    // 获取响应体内容
    body = poc.GetHTTPPacketBody(rsp)
    if body == "" {
        return rsp
    }
    
    // 解析响应体 JSON
    resParams = json.loads(body)
    cipherBase64 = resParams.data
    if cipherBase64 == "" {
        return rsp // 如果响应里没有 data 字段，原样返回
    }

    // 1. 将密文从 Base64 还原为原始字节流
    cipherBytes = codec.DecodeBase64(cipherBase64)~

    // 2. 使用私钥与对应的填充模式进行解密
    decryptedBytes = selectRsaDecrypt(RSA_PADDING, RSA_PRIVATE_KEY, cipherBytes)
    plainText = string(decryptedBytes[0])
    //rsps = codec.DecodeBase64(decryptedBytes[0])~
    // 3. 将解密后的明文替换
    //resParams.data = rsps
    return poc.ReplaceBody(rsp, plainText, true)
}

afterRequest = func(rsp){
    return decryptData(rsp)
}

path+参数值+timestamp+secret_key拼接请求签名

SECRET_KEY = "BhYT@JEBwN6AsH8zDPffPVLq8d!y!hMzo"

beforeRequest = func(req) {
    method, fullPath, proto = poc.GetHTTPPacketFirstLine(req)
    if method == "" || fullPath == "" {
        return req
    }
    urlPath = fullPath
    
    queryString := ""
    if str.Contains(fullPath, "?") {
        pathParts = str.SplitN(fullPath, "?", 2)
        urlPath = pathParts[0]
        queryString = pathParts[1]
    }

    paramNames := []
    values :=[]

            queryPairs = str.Split(queryString, "&") //拆分出键值对
            for pair in queryPairs {  //拆分键和值
                    kv = str.Split(pair, "=")
                    k,_ = codec.DecodeUrl(kv[0])
                    v,_= codec.DecodeUrl(kv[1])
                    values = append(values,v)
                    paramNames = append(paramNames, k)
                }
    /**paramNames请求头 */
    parmstr:=str.Join(paramNames, ",")
    req = poc.ReplaceHTTPPacketHeader(req, "paramNames", parmstr)

    /**时间戳 */
    timestampInt = time.Now().UnixMilli() 
    req = poc.ReplaceHTTPPacketHeader(req,"dateHeader", string(timestampInt))


    /**签名md5(url,val1,val2,...,timestamp,SECRET_KEY) */
    signstr :=urlPath.Replace("/prod-api","")+","+str.Join(values,",")+","+string(timestampInt)+","+SECRET_KEY
    sign = codec.Md5(signstr)
    req = poc.ReplaceHTTPPacketHeader(req,"parameSign", sign)

    //body = "s="+string(sign)
    //req = poc.ReplaceHTTPPacketBody(req, body)
    return req
}

来自zhaopin.powerchina.cn

根据parameSign直接定位到

在这行下断点，刷新页面，跟进

var m = ["join", "BhYT@JEBwN6AsH8zDPffPVLq8d!y!hMzo", "string", "values", "trace", "exception", "getTime", "url", "toString", "debug", "parse", "headers", "prototype", "push", "paramNames", "[object String]", "params", "error", "apply", "info", "stringify", "warn", "&lt;", "replaceAll", "indexOf", "&gt;", "split", '{}.constructor("return this")( )', "[object Object]", "call", "return (function() ", "data", "isArray", "log", "console", "table", "parameSign", "constructor"];

这个v方法调用了数组m

var v = function(e, t) {
    e -= 0;
    var n = m[e];
    return n
}

继续跟进

找到明显的 Axios请求处理

跟进g方法，找方法定义，得到

function g(e) {
    var t, n = e[v("0xb")] || {}, i = e[v("0x1a")] ? JSON[v("0x5")](JSON[v("0xf")](e[v("0x1a")])) : {}, r = e[v("0x2")], c = [r[v("0x13")]("?") > -1 ? r["split"]("?")[0] : r], o = r[v("0x13")]("?") > -1 ? r[v("0x15")]("?")[1][v("0x15")]("&") : [], a = [], s = d(o);
    try {
        for (s.s(); !(t = s.n()).done; ) {
            var l = t.value
              , h = l[v("0x15")]("=");
            n[h[0]] = h[1],
            a[v("0x8")](h[0])
        }
    } catch (S) {
        s.e(S)
    } finally {
        s.f()
    }
    var f = p(i) == v("0x23") && i[v("0x20")] === String && Object[v("0x7")]["toString"][v("0x18")](i) == v("0xa");
    if (null != e[v("0x1a")] && e[v("0x1a")]instanceof FormData) {
        var m, y = d(e["data"][v("0x24")]());
        try {
            for (y.s(); !(m = y.n()).done; ) {
                var b = m.value;
                c[v("0x8")](b)
            }
        } catch (S) {
            y.e(S)
        } finally {
            y.f()
        }
    } else
        f ? c[v("0x8")](i) : "{}" != JSON["stringify"](i) && "[]" != JSON[v("0xf")](i) && c["push"](JSON[v("0xf")](i)[v("0x12")](v("0x14"), ">")["replaceAll"](v("0x11"), "<"));
    for (var g in n) {
        b = n[g];
        w(b) && (c["push"](b),
        a[v("0x8")](g))
    }
    var x = (new Date)[v("0x1")]();
    c[v("0x8")](x);
    var k = v("0x22");
    c[v("0x8")](k),
    e["headers"][v("0x1f")] = u()(c[v("0x21")](",")),
    e[v("0x6")][v("0x9")] = a[v("0x21")](","),
    e["headers"]["dateHeader"] = x
}

如v("0xb")，实际上就是数据m的映射

替换一下混淆，得到

function g(e) {
    var t;
    // 1. 获取 Axios 请求对象中的核心数据
    var n = e["params"] || {};   // n：GET 请求参数对象 (原 e[v("0xb")])
    // i：深拷贝一份请求体 data，防止污染 (原 e[v("0x1a")])
    var i = e["data"] ? JSON["parse"](JSON["stringify"](e["data"])) : {}; 
    var r = e["url"];            // r：当前请求的 URL 路径 (原 e[v("0x2")])
    
    // 2. 初始化签名物料数组 c
    // c[0] 存放切掉问号 "?" 的纯路径。例如: "/api/user/list?id=1" 切成 "/api/user/list"
    var c = [r["indexOf"]("?") > -1 ? r["split"]("?")[0] : r]; 
    
    // 3. 解析并提取 URL 中自带的 Query 参数 (如 /api?a=1&b=2)
    var o = r["indexOf"]("?") > -1 ? r["split"]("?")[1]["split"]("&") : [];
    var a = [];                  // a：用来按顺序记录所有参与签名的参数名 (Key)
    var s = d(o);                // ES6 的 for-of 循环降级，遍历 url 参数
    try {
        for (s.s(); !(t = s.n()).done; ) {
            var l = t.value;
            var h = l["split"]("="); // 用等号切开键值对
            n[h[0]] = h[1],          // 把参数和值存入 n 对象
            a["push"](h[0])          // 将参数名推入 a 数组
        }
    } catch (S) {
        s.e(S)
    } finally {
        s.f()
    }
    
    // 4. 判断请求体 i 是否为纯字符串类型
    var f = p(i) == "string" && i["constructor"] === String && Object["prototype"]["toString"]["call"](i) == "[object String]";
    
    // 5. 将请求体（Body）数据压入签名物料数组 c
    if (null != e["data"] && e["data"] instanceof FormData) {
        // 如果是 FormData 表单数据，提取它所有的 value
        var m_val, y = d(e["data"]["values"]()); 
        try {
            for (y.s(); !(m_val = y.n()).done; ) {
                var b = m_val.value;
                c["push"](b) // 将表单每一项的值压入 c
            }
        } catch (S) {
            y.e(S)
        } finally {
            y.f()
        }
    } else {
        // 如果是普通 JSON 数据
        if (f) {
            c["push"](i); // 如果本来就是字符串直接压入
        } else if ("{}" != JSON["stringify"](i) && "[]" != JSON["stringify"](i)) {
            // 将 JSON 字符串序列化，并且安全地把一些转义符（如 HTML 实体）替换还原，防止前后端计算不一致
            var dataStr = JSON["stringify"](i)["replaceAll"]("&gt;", ">")["replaceAll"]("&lt;", "<");
            c["push"](dataStr); // 压入处理后的 Body 字符串
        }
    }
    
    // 6. 遍历所有的请求参数值（n 字典），并压入签名物料数组 c
    for (var g_key in n) {
        b = n[g_key];
        w(b) && (c["push"](b), a["push"](g_key))
    }
    
    // 7. 引入动态时间戳，防重放攻击
    var x = (new Date)["getTime"](); 
    c["push"](x); // 时间戳压入 c
    
    // 8. 引入硬编码的前端密钥盐值（Salt）
    var k = "BhYT@JEBwN6AsH8zDPffPVLq8d!y!hMzo"; 
    c["push"](k); // 盐值压入 c
    
    // 9. 执行核心 MD5 签名并挂载到请求头 (重点关注这里)
    // c["join"](",")：将数组里所有的 [URL路径, Body内容, 参数值1, 参数值2, 时间戳, 盐值] 用逗号连成一根长字符串
    // u()：Webpack 引入的 MD5 函数。对长字符串计算 32 位 MD5
    e["headers"]["parameSign"] = u()(c["join"](",")); 
    
    // 10. 挂载辅助请求头给后端校验
    e["headers"]["paramNames"] = a["join"](","); // 告诉后端参数键名参与签名的顺序
    e["headers"]["dateHeader"] = x;             // 告诉后端前端生成签名时的时间戳
}

控制台查看u方法定义

至此得到签名的方式为md5(urlpath,val1,val...,时间戳,secret_key)，并且这里的urlpath没有/prod-api

直接在加密这行下断点调试即可验证，点击搜索触发断点，这个接口请求是GET /prod-api/apply/recruitInfo/list?pageNum=1&pageSize=10&startTime=2026-6-13

研究 > 笔记

#笔记

Yakit热加载

http://example.com/2026/06/13/Yakit热加载/

作者

J_0k3r

发布于

2026年6月13日

许可协议

BY J_0K3R

绕过CDN获取真实IP 下一篇