惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

W
WeLiveSecurity
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
Stack Overflow Blog
Stack Overflow Blog
博客园 - 三生石上(FineUI控件)
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
V2EX - 技术
V2EX - 技术
Hacker News: Ask HN
Hacker News: Ask HN
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Proofpoint News Feed
J
Java Code Geeks
Microsoft Security Blog
Microsoft Security Blog
M
MIT News - Artificial intelligence
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Proofpoint News Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
B
Blog
N
News and Events Feed by Topic
N
News | PayPal Newsroom
Google DeepMind News
Google DeepMind News
酷 壳 – CoolShell
酷 壳 – CoolShell
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
WordPress大学
WordPress大学
C
Cybersecurity and Infrastructure Security Agency CISA
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园 - 【当耐特】
U
Unit 42
腾讯CDC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
H
Help Net Security
Recent Announcements
Recent Announcements
P
Privacy & Cybersecurity Law Blog
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
L
LINUX DO - 热门话题
Martin Fowler
Martin Fowler
MongoDB | Blog
MongoDB | Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
H
Heimdal Security Blog
博客园 - 聂微东
S
Securelist
大猫的无限游戏
大猫的无限游戏
Cloudbric
Cloudbric
Cisco Talos Blog
Cisco Talos Blog

冰峰博客

Windows 管理员获取所有权 ESXI 不识别 ISCSI 挂载盘解决方案 Mellanox ConnectX-4 Lx (MCX4421A-ACQ_Ax) 固件升级 VPS 通过OpenVPN访问家中存储服务 Proxmox Virtual Environment(PVE)使用 LXC 容器安装 AdGuard Home 博科 SAN 交换机 Zone 配置 VMware vSphere 小版本更新简要步骤 CentOS7 安装 MongoDB CentOS7 安装 Docker Hello Halo
JumpServer 资产代填配置
标签 · 2026-06-10 · via 冰峰博客

JumpServer 的 Web 资产代填功能通过 Selenium 自动化填写登录表单,支持三种模式:禁用基本脚本

  • 基本代填:适用于用户名、密码、登录按钮在同一页面的简单表单

  • 脚本代填:适用于多步骤登录、AJAX 异步、SPA、Shadow DOM 等复杂场景

一、基本代填即可的系统

1. 路由器/网关(仅密码登录)

部分设备登录页只有密码框(ReyeeOS 系统),没有用户名输入框。

字段

选择器

密码选择器

id=password 或 name=loginPass

确认按钮

id=login

用户名选择器留空,资产账号用户名随意填占位值。

2. NVIDIA SN2700交换机

标准 HTML 表单 POST 提交。

字段

选择器

用户名

name=f_user_id

密码

id=pass_input

登录按钮

id=submit_id


二、脚本代填的系统

3. 群晖 DSM(两步登录)

先用户名→下一步→再密码→登录,必须脚本模式。

[
  {
    "step": 1,
    "value": "{USERNAME}",
    "target": "name=username",
    "command": "type"
  },
  {
    "step": 2,
    "value": "",
    "target": "css=.login-btn",
    "command": "click"
  },
  {
    "step": 3,
    "value": "",
    "target": "2",
    "command": "sleep"
  },
  {
    "step": 4,
    "value": "{SECRET}",
    "target": "name=current-password",
    "command": "type"
  },
  {
    "step": 5,
    "value": "",
    "target": "css=.login-btn",
    "command": "click"
  }
]

4. 雷池 WAF 管理面板

React SPA,可能跳 TOTP 验证。

[
  {
    "step": 1,
    "value": "{USERNAME}",
    "target": "name=username",
    "command": "type"
  },
  {
    "step": 2,
    "value": "{SECRET}",
    "target": "name=password",
    "command": "type"
  },
  {
    "step": 3,
    "value": "",
    "target": "css=button[type='submit']",
    "command": "click"
  },
  {
    "step": 4,
    "value": "",
    "target": "2",
    "command": "sleep"
  },
  {
    "step": 5,
    "value": "",
    "target": "css=button[type='submit']",
    "command": "click"
  }
]

5. TrueNAS

最大坑点。Angular 组件使用了 ViewEncapsulation.ShadowDom,Selenium 默认无法定位 Shadow DOM 内部的元素。

[
  {
    "step": 1,
    "value": "",
    "target": "4",
    "command": "sleep"
  },
  {
    "step": 2,
    "value": "{USERNAME}",
    "target": "css=.username-input input",
    "command": "type"
  },
  {
    "step": 3,
    "value": "{SECRET}",
    "target": "css=input[type='password']",
    "command": "type"
  },
  {
    "step": 4,
    "value": "",
    "target": "css=.submit-button",
    "command": "click"
  }
]

💡

  1. name=username 在 Shadow DOM 内定位不到,需 css=.username-input input 穿透

  2. 密码框不能用 formControlName 属性选择器,改标准 type='password'

  3. 首次访问需 sleep 等 Angular 加载

6. Technitium DNS 管理面板(AJAX + 自动登录干扰)

页面加载时会自动尝试 admin/admin 登录,干扰代填。

[
  {
    "step": 1,
    "value": "",
    "target": "2",
    "command": "sleep"
  },
  {
    "step": 2,
    "value": "{USERNAME}",
    "target": "id=txtUser",
    "command": "type"
  },
  {
    "step": 3,
    "value": "{SECRET}",
    "target": "id=txtPass",
    "command": "type"
  },
  {
    "step": 4,
    "value": "",
    "target": "id=btnLogin",
    "command": "click"
  },
  {
    "step": 5,
    "value": "",
    "target": "3",
    "command": "sleep"
  }
]

💡 :必须先 sleep 等自动登录请求失败完,否则填的值会被覆盖。

7. 服务器 BMC(Dell iDRAC8)

<a> 链接作登录按钮,AJAX 提交。

[
  {
    "step": 1,
    "value": "",
    "target": "2",
    "command": "sleep"
  },
  {
    "step": 2,
    "value": "{USERNAME}",
    "target": "id=user",
    "command": "type"
  },
  {
    "step": 3,
    "value": "{SECRET}",
    "target": "id=password",
    "command": "type"
  },
  {
    "step": 4,
    "value": "",
    "target": "id=btnOK",
    "command": "click"
  },
  {
    "step": 5,
    "value": "",
    "target": "3",
    "command": "sleep"
  }
]

8. ESXI 虚拟化

id=username(全小写)。

[
  {
    "step": 1,
    "value": "{USERNAME}",
    "target": "id=username",
    "command": "type"
  },
  {
    "step": 2,
    "value": "{SECRET}",
    "target": "id=password",
    "command": "type"
  },
  {
    "step": 3,
    "value": "",
    "target": "css=button[data-test-id='login-action-button']",
    "command": "click"
  }
]