Thread: [See Bugtracker] Host plugin for
View Single Post
Old 05.03.2021, 01:14
rocketfeller rocketfeller is offline
Modem User
Join Date: Feb 2021
Posts: 3

I see, I meant when viewing the source code via "Inspect Element", I presume there's some Javascript that populates the page. Perhaps that's the formerly encrypted payload that I'm seeing, and since I'm looking through a browser the decryption has already happened. Here's an image:

If the above doesn't help (i'm not sure if JDownloader is able to "fake load" a page as part of the crawling) then that sucks, as I haven't been able to work out the encryption. I can just see that the request is sent with a JWT token in the javhubcookie
that decrypted gives
  "iv": "WdCEM8YC4/OSDZJ/zEDhAA==",
  "value": "ehLFmsLciHycFlOwh893cvNGCtHMV/UeOv9UMI7Dl675anWISp9EJFAbGQtjSCIQ/VkJ30qD4M5HE7AqoIiba1GtgqKQfoIcdhWj6RUKgn6uaLmZP50mj3ToG1jEw68U",
  "mac": "86c07cc4ea524dfa6a11003a857d770cad0365aaaebecf6adcbdfa4865362c9d"
The response back comes with a different token but in a similar format.
that decrypted gives
  "iv": "OyAsCmIvzOhSCKVC7BHilg==",
  "value": "VOq2EJar04QK5vFanEriHD+nupDLuuOs7MIfe5ElQ1RvaEV4OVp8P2lbUWuS9mccdXu4xEtYhVzb2hhEtxc1zk8/7bxW9OlMIh3uq4AwF18clYJDRdMx2hns7e8UPAIP",
  "mac": "da68d5a4ac2d1415bca070dee192e980b81f470c34f0ca5df8f285a2920e443c"
Searching the key names brings up references to Laravel PHP framework, I presume iv refers to initialisation vector (which itself looks like it's base64 encoded but that doesn't seem to be the case), so it looks like proper server side encryption not some simple handrolled stuff.
Posting the above in case you have a eureka moment based off of past experiences (long shot, I know).

Last edited by rocketfeller; 05.03.2021 at 04:16.
Reply With Quote