最近开发网站监测平台的时候,发现被监测的网站可能存在webpack的打包情况,如http://xxxx/#/login,类似这种由路由处理时直接由request无法判定需要借助无头浏览器进行URL采集,所以这里提供一个JS方案来实现webpack的判定。
01
JavaScript代码-判断是否为webpack打包
functionisWebpackUsed() {// 检查全局变量 __webpack_require__if (typeof __webpack_require__ !== 'undefined') {console.log('Webpack detected: __webpack_require__ is defined.');returntrue;}// 检查 script 标签中是否包含 webpack 相关的特征const scripts = document.getElementsByTagName('script');for (let script of scripts) {if (script.src && script.src.includes('webpack')) {console.log('Webpack detected: script src contains "webpack".');returntrue;}}// 检查页面中是否包含 webpack 打包的 chunk 文件const resources = performance.getEntriesByType('resource');for (let resource of resources) {if (resource.name.includes('webpack') || resource.name.includes('chunk')) {console.log('Webpack detected: resource name contains "webpack" or "chunk".');returntrue;}}console.log('No Webpack detected.');returnfalse;}// 调用函数检测console.log(isWebpackUsed());
02
JavaScript代码-获取路由
此js代码来自于志远大佬的开源项目。
functionfindVueRoot(root) {const queue = [root];while (queue.length > 0) {const currentNode = queue.shift();if (currentNode.__vue__ || currentNode.__vue_app__ || currentNode._vnode) {console.log("vue detected on root element:", currentNode);return currentNode}for (let i = 0; i < currentNode.childNodes.length; i++) {queue.push(currentNode.childNodes[i]);}}returnnull;}functionfindVueRouter(vueRoot) {let router;try {if (vueRoot.__vue_app__) {router = vueRoot.__vue_app__.config.globalProperties.$router.options.routesconsole.log("find router in Vue object", vueRoot.__vue_app__)} elseif (vueRoot.__vue__) {router = vueRoot.__vue__.$root.$options.router.options.routesconsole.log("find router in Vue object", vueRoot.__vue__)}} catch (e) {}try {if (vueRoot.__vue__ && !router) {router = vueRoot.__vue__._router.options.routesconsole.log("find router in Vue object", vueRoot.__vue__)}} catch (e) {}return router}functionwalkRouter(rootNode, callback) {const stack = [{node: rootNode, path: ''}];while (stack.length) {const { node, path} = stack.pop();if (node && typeof node === 'object') {if (Array.isArray(node)) {for (const key in node) {stack.push({node: node[key], path: mergePath(path, node[key].path)})}} elseif (node.hasOwnProperty("children")) {stack.push({node: node.children, path: path});}}callback(path, node);}}functionmergePath(parent, path) {if (path.indexOf(parent) === 0) {return path}return (parent ? parent + '/' : '') + path}functionmain() {const vueRoot = findVueRoot(document.body);if (!vueRoot) {console.error("This website is not developed by Vue")return}let vueVersion;if (vueRoot.__vue__) {vueVersion = vueRoot.__vue__.$options._base.version;} else {vueVersion = vueRoot.__vue_app__.version;}console.log("Vue version is ", vueVersion)const routers = [];const vueRouter = findVueRouter(vueRoot)if (!vueRouter) {console.error("No Vue-Router detected")return}console.log(vueRouter)walkRouter(vueRouter, function (path, node) {if (node.path) {routers.push({name: node.name, path})}})return routers}console.table(main())
03
效果
01
存在Webpack打包情况
获取路由也是可以直接获取的。
02
不存在Webpack打包情况
04
开发思路
通过拉起一个selenium对页面插入webpack监测代码获取执行结果,而后进行判断是否进行路由拼接,若可以获取路由结果,在页面加载过程中可能采集到更多的URL。
原文始发于微信公众号(阿呆攻防):开发Tips|用JS判断并采集webpack路由
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论