官方博客
官方博客

Vaptcha JS 代码分析

PART 1 配置获取
  1. https://api.vaptcha.com/v2/config?id=5b5fdfe3fc65119b34514156&type=popup&scene=&callback=VaptchaJsonp1533309536351

返回数据如下

{ "guide":true, "vip":3, "cdn_servers":[ "cdn.vaptcha.com" ], "type":"popup", "challenge":"94f5f6c0042e47439b5f9a3e33fa7a060300bfdddajfdfnmflcbj4uiira7zadctukc41g", "api_server":"api.vaptcha.com/v2", "css_version":"2.0.1", "js_path":"vaptcha-sdk-mobile.2.0.4.js", "logo":"", "msg":"", "code":"0103" }

其中的challenge是之后要用到的参数

PART2 点选图片获取
  1. https://api.vaptcha.com/v2/click?challenge=94f5f6c0042e47439b5f9a3e33fa7a060300bfdddajfdfnmflcbj4uiira7zadctukc41g&id=5b5fdfe3fc65119b34514156&callback=VaptchaJsonp1533309537104

challenge参数为第一个包中提到的

  1. {
  2. "score":95,
  3. "passline":80,
  4. "frequency":0.0416,
  5. "adlinkword":"",
  6. "adlink":"",
  7. "code":"0104",
  8. "msg":"fail",
  9. "img":"vaptcha/ce9fa21fe6af437ca1a68871cec8d354.png",
  10. "coverimg":"default/67a3ab9692a24747a6db89705cbd4f40.jpeg"
  11. }

其中的IMG就是我们需要的图片了

图片完整地址为

  1. https://cdn.vaptcha.com/vaptcha/ce9fa21fe6af437ca1a68871cec8d354.png

例:

PART3 请求验证
  1. https://api.vaptcha.com/v2/verify?v=_u2_wa_w3_xc_x3_xt_xx_yb_ye_y2_y4_yl_yl_yl_y4_yg_yb_xt_x3_xa_w4_uz_ug_tz_t2_n3_na_me_lw_lh_4h_3y_2y_24_2e_hy_hw_hm_h2_hg_hd_ha_gz_gx_gx_n2_nu_ta_t3_tu_uc_uh_ut_uz_wg_wy_xd_xl_xy_yf_y4_yu_yz_zd_zh_zl_zn_zu_zw_zw_zw_zw_zu_zl_zh_zc_yz_yl_yh_ye_xy_xm_xh_wx_wl_wc_un_uh_ua_tl_aa_ew_ft_gl_h2_3a_3y_lm_nd_ty_wm_x2_zabatbc3bebbftbh2b2eb3xbl4bndbtebubbutbwwbx2bzccaucbmcc4cdfcedcfacftchhc2fc3dc3yc4wcllcm2cnfctbcwm&w=&id=5b5fdfe3fc65119b34514156&challenge=2a9bc7f5e1b1499c997f682af5da4d0f0300bfdddajjcchhzld47bcvwodas2hok4ossuepm&drawtime=1278&callback=VaptchaJsonp1533309926693

返回

  1. {
  2. "evs":10,
  3. "score":88,
  4. "passline":80,
  5. "frequency":0.0866,
  6. "token":"00-2a9bc7f5e1b1499c997f682af5da4d0f0300bfdddajjcchhzld47bcvwodas2hok4ossuepm-fc941515e08b592a5dd06f07c0641544",
  7. "code":"0103",
  8. "similarity":"90.7%"
  9. }

 

这个时候很多朋友看到v参数就蒙了

输入轨迹 调用方法

  1. vcaptcha.assemblyCoordData([{'x': 0, 'y': 0, 'time':0}])

即可获得加密参数 (JS在文末)

截止至2018-08-03 23:29 只需传入关键点便可以提交成功

例子中的轨迹

  1. [{"x":303,"y":200,"time":0},{"x":267,"y":120,"time":0},{"x":190,"y":57,"time":149},{"x":86,"y":85,"time":345},{"x":38,"y":157,"time":417}]

请问你们号称的轨迹检测呢 

最开始说被测试者跑死了

今天又说 “我们有20天可以慢慢更新风控模型 这才是对抗” 这不是明摆着忽悠人吗? 试问有这样的悬赏比赛?

官网上提及的指纹采集防破等功能

更是根本不存在的 岂不是欺骗消费者? 

此处为 8月3日 官网快照地址 点击打开

 

  1. var vcaptcha = {
  2. _sample: "abcdefgh234lmntuwxyz",
  3. _convertScale: function(t) {
  4. var e, n, i, a, s = this._sample.length, o = Math.abs(t), r = !1, c = "", l = [];
  5. s <= parseInt(o / s) ? (a = (e = parseInt(t / (s * s))) * s * s,
  6. l.push(e),
  7. n = parseInt((t - a) / s),
  8. l.push(n),
  9. l.push(t - a - n * s)) : (a = (e = parseInt(t / s)) * s,
  10. l.push(e),
  11. l.push(n = t - a),
  12. r = !0),
  13. r && (c = "_"),
  14. i = l.length;
  15. for (var h = 0; h < i; h++)
  16. c += this._sample.charAt(l[h]);
  17. return c
  18. },
  19. assemblyCoordData: function(t) {
  20. for (var e = [], n = [], i = [], a = 0; a < t.length; a++)
  21. e.push(this._convertScale(t[a].x)),
  22. n.push(this._convertScale(t[a].y)),
  23. i.push(this._convertScale(t[a].time));
  24. return e.join("") + n.join("") + i.join("")
  25. }
  26. }

https://lengyue.me/index.php/2018/08/02/vaptcha-js-code/
2018-09-29 13:35:51
2 热度