有个问题想不通,睡不着,请教一下各位高手:
我看站长工具查看搜索引擎收录时页面源码有个参数enkey=fktML5cmg553byTMZgrJNc3191ypptPD,enkey后面的值好像是动态的,每次查询不一样,我请教下,这个属于什么加密,用什么函数加密,这个加密后ajax是怎么验证这个参数正确的,或者说说这个原理吧,谢谢
http://tool.chinaz.com/ajax.aspx?at=seo&type=Google&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com<script type='text/javascript'>ajaxget('/ajax.aspx?at=seo&type=Baidu&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Baidu');ajaxget('/ajax.aspx?at=seo&type=Google&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Google');ajaxget('/ajax.aspx?at=seo&type=Yahoo&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Yahoo');ajaxget('/ajax.aspx?at=seo&type=Soso&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Soso');ajaxget('/ajax.aspx?at=seo&type=Yodao&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Yodao');ajaxget('/ajax.aspx?at=seo&type=Bing&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Bing');</script>
我看站长工具查看搜索引擎收录时页面源码有个参数enkey=fktML5cmg553byTMZgrJNc3191ypptPD,enkey后面的值好像是动态的,每次查询不一样,我请教下,这个属于什么加密,用什么函数加密,这个加密后ajax是怎么验证这个参数正确的,或者说说这个原理吧,谢谢
http://tool.chinaz.com/ajax.aspx?at=seo&type=Google&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com<script type='text/javascript'>ajaxget('/ajax.aspx?at=seo&type=Baidu&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Baidu');ajaxget('/ajax.aspx?at=seo&type=Google&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Google');ajaxget('/ajax.aspx?at=seo&type=Yahoo&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Yahoo');ajaxget('/ajax.aspx?at=seo&type=Soso&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Soso');ajaxget('/ajax.aspx?at=seo&type=Yodao&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Yodao');ajaxget('/ajax.aspx?at=seo&type=Bing&enkey=fktML5cmg553byTMZgrJNc3191ypptPD&dn=www.chinaz.com','seo_Bing');</script>
同意也有可能是这种思路:生成网页的时候放一个随机数到网页中,然后脚本根据这个随机种子生成你看到的enkey,Ajax请求的处理中先验证这个enkey,看和Session中保存的随机种子是否匹配,如果不匹配,则说明是攻击或者非法访问。
mengxj85
我在看下一个
前面这几个不变fktML5cmg5后面变化 48/Tntofbw4GtdbgghexYc
那他是每查询次就失效了