Need Help With Script



  • Hello
    I tried to make config of some site but i failed because i could not send Script properly.
    Site uses script which changes inputted password in password box once i click on login button and sends new changed password in POST Request.
    In browser i used this login credentials

     user123:password123
    

    But in post request it appears like this

    user123:hFXYcJkJNlK9PKVsy13Feg==
    

    I thought it was base64 encoding but when i checked it's not.
    Then i checked source of the page and found this script in it, which i think is source of that magic

    <script type="text/javascript">
    
            pswOnBlur = function () {
                var psw = document.getElementById('Password');
    
                if (psw.value == '') {
                    psw.value = 'Password...';
                    psw.type = 'text';
                }
            }
    
            pswOnKeyPress = function () {
                var psw = document.getElementById('Password');
    
                if (psw.value == 'Password...') {
                    psw.value = '';
                    psw.type = 'password';
                }
            }
    
            pswOnClick = function () {
                var psw = document.getElementById('Password');
                psw.value = '';
                psw.type = 'password';
            }
    
            function getQRValue(key) {
                var result;
    
                $.ajax({
                    dataType: "json",
                    url: "qrcode/getqrcode?key=" + key,
                    context: document.body,
                    async: false,
                    contentType: "application/json",
                    success: function (data) {
                        result = data;
                    },
                    error: function (xhr, ajaxOptions, thrownError) {
                        console.log(xhr.status); console.log(thrownError);
                    }
                });
    
                return result;
            }
    
        </script>
    

    I tried to run this script via BEGIN SCRIPT, but i could not make it work.
    PS: I know selenium will do that automatically but because of the slowness of selenium i don't want to use it, want to make without selenium if its possible.


  • Donator

    nope thats not the script which encrypts the password

    its probably base64 with some sort of salt.
    please check the javascripts which are loaded when you visit the site there should be the encryption method



  • @Itamai Yeah u were right just found right one i think,

                $(document).ready(function () {
    
                    //domainUi = "url" + "(" + "//" + document.getElementById("domainUI").value + "/img/nav-bg.jpg" + ")";
                    //document.getElementById("navSite").style.background = domainUi;
    
                    $("#loginForm").submit(function () {
    
                        var p = $("#Password").val();
                        $("#Password").val(Encrypt(p));
                    });
    

  • Donator

    @Phantom search for the "Encrypt" method



  • @Itamai well i did but i could not make use of it in this case. can you take a look if i send you config or the site?


  • Donator

    @Phantom i dont want the config send me the script where it encrypts the password



  • @Itamai Maybe this is that encrypts password

            function Encrypt(value) {
                var key = CryptoJS.enc.Utf8.parse('8080808080808080');
                var iv = CryptoJS.enc.Utf8.parse('8080808080808080');
    
                var encryptedlogin = CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(value), key,
                {
                    keySize: 128 / 8,
                    iv: iv,
                    mode: CryptoJS.mode.CBC,
                    padding: CryptoJS.pad.Pkcs7
                });
                return encryptedlogin;
            }
    


  • @Itamai am i doing anything wrong?
    c2e1daea-fd52-4727-89f4-a9f1c5fb4c63-image.png


  • Donator

    @Phantom if i am not mistaken you cant do that with openbullet it says in the bottom that it uses 256 key size but you need 128

    just send a post request to this site and get your encrypted key from there
    https://www.devglan.com/online-tools/aes-encryption-decryption

    c513046b-1991-470e-829f-28e55611873b-image.png



  • @Itamai was checking that site too, thx ill try



  • @Itamai once again thx for help, using that site now everything works, would be better if OB's AESEncrypt function worked properly but ehhh... ruri has no time 😞
    Solved!


  • Admin

    Thanks @Itamai nice job


Log in to reply