本文应始自2018-04-22,不保证最新/更新/有效

前言

请勿用于非法及商业用途

本文仅作学习记录和研究参考

抓包

用歪儿鲨(Wireshark)抓EsurfingClient老版本的协议

歪儿鲨抓包,保存为.pcap格式,右键用Fiddler打开 不还是因为没文化不会用歪儿鲨……

从前到后可以获得4个协议,分别是Challenge、Login、HBService(心跳包)、Logout

Challenge(2019-04-??,据传无需Challenge即可Login)

Challenge是Login的前置条件,对Login传参中有一个Challenge的返回

Challenge 协议头:
POST地址够明显了吧……

1
2
3
4
5
6
7
8
POST http://enet.10000.gd.cn:10001/client/challenge HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Content-Type: application/json
Host: enet.10000.gd.cn:10001
Connection: Keep-Alive
Cache-Control: no-cache
Accept-Language: zh-cn

Challenge Post数据:

1
{"username":"账号","clientip":"用户IP地址","nasip":"服务器IP地址","mac":"本机mac地址","timestamp":"十三位时间戳","authenticator":"32位MD5加密"}

authenticator分析:

1
MD5("用户IP地址" + "服务器IP地址" + "本机mac地址" + "十三位时间戳" + "[email protected]#")

获得的MD5加密中字母请转为大写

Challenge 返回数据:
成功示例

1
{"challenge":"四个大写字母","rescode":"0","resinfo":"this user is ok!"}

获得的四个大写字母在Login中用到

Login

Login 协议头:

1
2
3
4
5
6
7
8
POST http://enet.10000.gd.cn:10001/client/login HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Content-Type: application/json
Host: enet.10000.gd.cn:10001
Connection: Keep-Alive
Cache-Control: no-cache
Accept-Language: zh-cn

Login Post数据:

1
{"username":"账号","password":"密码","clientip":"用户IP地址","nasip":"服务器IP地址","mac":"本机mac地址","timestamp":"十三位时间戳","authenticator":"32位MD5加密","iswifi":"1050"}

authenticator分析:

1
MD5("用户IP地址" + "服务器IP地址" + "本机mac地址" + "十三位时间戳" + "Challenge返回的四个大写字母" + "[email protected]#")

获得的MD5加密中字母请转为大写

Login 返回数据:
登录成功示例,其他不演示

1
{"rescode":"0","resinfo":"login success"}

HBService

HBService 协议头:
尝试过HBService心跳包并非强制条件,可加可不加
查询抓包间隔,心跳包每5分钟执行一次
这是个GET!!!

1
2
3
4
5
6
7
GET http://enet.10000.gd.cn:8001/hbservice/client/active?username=账号&clientip=用户IP地址&nasip=服务器IP地址&mac=本机mac地址&timestamp=十三位时间戳&authenticator=32位MD5加密 HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Host: enet.10000.gd.cn:8001
Cache-Control: no-cache
Accept-Language: zh-cn
Connection: Close

HBService 返回数据:
不在线示例;若在线,则rescode值为0

1
{"rescode":"1","resinfo":"不在线"}

Logout

Logout 协议头:

1
2
3
4
5
6
7
8
POST http://enet.10000.gd.cn:10001/client/logout HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Content-Type: application/json
Host: enet.10000.gd.cn:10001
Connection: Keep-Alive
Cache-Control: no-cache
Accept-Language: zh-cn

Logout Post数据:

1
{"clientip":"用户IP地址","nasip":"服务器IP地址","mac":"本机mac地址","timestamp":"十三位时间戳","authenticator":"32位MD5加密"}

authenticator分析:

1
MD5("用户IP地址" + "服务器IP地址" + "本机mac地址" + "十三位时间戳" + "[email protected]#")

获得的MD5加密中字母请转为大写

Logout 返回数据:
登出成功示例

1
{"rescode":"0","resinfo":"logout success"}

警告

请勿用于非法及商业用途

本文仅作学习记录和研究参考

至此完结