浏览器级别的加密
Encryption at browser level
我调用了一个外部 javascript 文件。请在下面找到我在 JSR223 采样器中的代码:
load('EncryptionLogic.js');
var result1 = encrypt("1087679107122020","password");
var result2 = encrypt("433702216042014","password1");
log.info("encrypted value is "+result1);
log.info("encrypted value is "+result2);
var result3 = encrypt("CONOPSFD1","password2");
log.info("encrypted value is "+result3);
此外,在下面找到收到的回复:
2021-01-25 12:52:00,952 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc6
2021-01-25 12:52:00,953 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f
2021-01-25 12:52:00,955 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f6a7aede54d846f7bf805d7423b
基本上这些值正在串联起来。即 result2 也有 result1 字符串。 result3 有 result1 和 result2。看起来有些地方需要清除。
下面是javascript文件内容
//Encrypt is done using the following Javascript function, the key is 'password'. It is passed as pwd variable in the below function (2nd argument below):
var enc_str = "";
function encrypt(str, pwd) {
if(pwd == null || pwd.length <= 0) {
//alert("Please enter a password with which to encrypt the message.");
return null;
}
var prand = "";
for(var i=0; i<pwd.length; i++) {
prand += pwd.charCodeAt(i).toString();
//alert(prand);
}
var sPos = Math.floor(prand.length / 5);
//var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos*2) + prand.charAt(sPos*3) + prand.charAt(sPos*4) + prand.charAt(sPos*5));
var mult = parseInt( prand.charAt(sPos*2) + prand.charAt(sPos*3));
var incr = Math.ceil(pwd.length / 2);
var modu = Math.pow(2, 31) - 1;
if(mult < 2) {
//alert("Algorithm cannot find a suitable hash. Please choose a different password. \nPossible considerations are to choose a more complex or longer password.");
showNewErrDiv('1',getConvertedErrorString('Algorithm cannot find a suitable hash. Please choose a different password.')+ '\n'+ getConvertedErrorString('Possible considerations are to choose a more complex or longer password.'),'','1','');
return null;
}
var salt = Math.round(Math.random() * 1000000000) % 100000000;
//var salt = Math.round(Math.random() * 100000) % 10000;
prand += salt;
while(prand.length > 15) {
prand = (parseInt(prand.substring(0, 15)) + parseInt(prand.substring(15, prand.length))).toString();
}
prand = (mult * prand + incr) % modu;
var enc_chr = "";
for(var i=0; i<str.length; i++) {
enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255));
if(enc_chr < 16) {
enc_str += "0" + enc_chr.toString(16);
} else enc_str += enc_chr.toString(16);
prand = (mult * prand + incr) % modu;
}
salt = salt.toString(16);
while(salt.length < 8)salt = "0" + salt;
enc_str += salt;
return enc_str;
}
将您的 var enc_str = ""; 移动到 函数中,例如:
function encrypt(str, pwd) {
var enc_str = "";
//your other code
目前它是 global 因此在后续调用中新值被连接起来,如果您需要清除旧值 - 它需要在函数内部完成
另请注意,根据 JMeter Best Practices you should be using Groovy language for scripting so it worth considering migrating to Groovy for the optimal performance. More information: Apache Groovy - Why and How You Should Use It
我调用了一个外部 javascript 文件。请在下面找到我在 JSR223 采样器中的代码:
load('EncryptionLogic.js');
var result1 = encrypt("1087679107122020","password");
var result2 = encrypt("433702216042014","password1");
log.info("encrypted value is "+result1);
log.info("encrypted value is "+result2);
var result3 = encrypt("CONOPSFD1","password2");
log.info("encrypted value is "+result3);
此外,在下面找到收到的回复:
2021-01-25 12:52:00,952 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc6
2021-01-25 12:52:00,953 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f
2021-01-25 12:52:00,955 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f6a7aede54d846f7bf805d7423b
基本上这些值正在串联起来。即 result2 也有 result1 字符串。 result3 有 result1 和 result2。看起来有些地方需要清除。
下面是javascript文件内容
//Encrypt is done using the following Javascript function, the key is 'password'. It is passed as pwd variable in the below function (2nd argument below):
var enc_str = "";
function encrypt(str, pwd) {
if(pwd == null || pwd.length <= 0) {
//alert("Please enter a password with which to encrypt the message.");
return null;
}
var prand = "";
for(var i=0; i<pwd.length; i++) {
prand += pwd.charCodeAt(i).toString();
//alert(prand);
}
var sPos = Math.floor(prand.length / 5);
//var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos*2) + prand.charAt(sPos*3) + prand.charAt(sPos*4) + prand.charAt(sPos*5));
var mult = parseInt( prand.charAt(sPos*2) + prand.charAt(sPos*3));
var incr = Math.ceil(pwd.length / 2);
var modu = Math.pow(2, 31) - 1;
if(mult < 2) {
//alert("Algorithm cannot find a suitable hash. Please choose a different password. \nPossible considerations are to choose a more complex or longer password.");
showNewErrDiv('1',getConvertedErrorString('Algorithm cannot find a suitable hash. Please choose a different password.')+ '\n'+ getConvertedErrorString('Possible considerations are to choose a more complex or longer password.'),'','1','');
return null;
}
var salt = Math.round(Math.random() * 1000000000) % 100000000;
//var salt = Math.round(Math.random() * 100000) % 10000;
prand += salt;
while(prand.length > 15) {
prand = (parseInt(prand.substring(0, 15)) + parseInt(prand.substring(15, prand.length))).toString();
}
prand = (mult * prand + incr) % modu;
var enc_chr = "";
for(var i=0; i<str.length; i++) {
enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255));
if(enc_chr < 16) {
enc_str += "0" + enc_chr.toString(16);
} else enc_str += enc_chr.toString(16);
prand = (mult * prand + incr) % modu;
}
salt = salt.toString(16);
while(salt.length < 8)salt = "0" + salt;
enc_str += salt;
return enc_str;
}
将您的 var enc_str = ""; 移动到 函数中,例如:
function encrypt(str, pwd) {
var enc_str = "";
//your other code
目前它是 global 因此在后续调用中新值被连接起来,如果您需要清除旧值 - 它需要在函数内部完成
另请注意,根据 JMeter Best Practices you should be using Groovy language for scripting so it worth considering migrating to Groovy for the optimal performance. More information: Apache Groovy - Why and How You Should Use It