js逆向精华

在咸鱼学python的公众号看到的,自己去试了试,记录总结一下学习过程
网站:

aHR0cHMlM0EvL3d3dy5xaW1pbmdwaWFuLmNuL2Zpbm9zZGEvcHJvamVjdC9waW52ZXN0bWVudA==

打开网站后是这样的:

我们要爬的就是红框里的内容
之前说过,数据一般返回的方式有两种:

  • 直接落地页链就返回相关数据
  • ajax返回json数据。

f12打开控制台
切换到network选项卡
重新加载一下页面

明显落地页没有返回数据
往下看,资源链(png,css,js等)一般直接跳过,发现有一个连接会返回json数据。

里面有加密的数据,而且有66.5kb,很大的几率这串东西解密之后就是我们要的数据。
这个参数是encrypt_data
一般我都会全局搜索一下

点进去

可以点左下角{}格式化一下代码,然后在当前文件搜索encrypt_data

发现有6处出现
看了一下,发现这里最有嫌疑。

打个断点,刷新一下页面,停在debugger处

控制台执行 Object(u.a)(e.encrypt_data)输出一下结果
得到的数据好像不是我们想要的
继续下一步debugger,再次停在了这里,说明这里又调用了一次,我们再次控制台执行 Object(u.a)(e.encrypt_data)输出一下结果

这次发现了我们想要的结果
所以可以肯定的是,解密的方法在Object(u.a)(e.encrypt_data)里面

这个是全局搜索的方法,也可以打xhr断点,然后再一步一步调试到这里。
然后一步一步执行,找到加密的方法

然后就是扣代码了
可以在source选项卡里面的snippets新建一个js文件,把我们扣出来的代码放进去,测试一下,缺啥补啥,最终可以在控制台输出解密后的数据。

扣出来的代码如下

function s(t, e, i, n, a, s) {
    var o, r, c, l, u, d, h, p, f, v, m, g, b, y, C = new Array(16843776,0,65536,16843780,16842756,66564,4,65536,1024,16843776,16843780,1024,16778244,16842756,16777216,4,1028,16778240,16778240,66560,66560,16842752,16842752,16778244,65540,16777220,16777220,65540,0,1028,66564,16777216,65536,16843780,4,16842752,16843776,16777216,16777216,1024,16842756,65536,66560,16777220,1024,4,16778244,66564,16843780,65540,16842752,16778244,16777220,1028,66564,16843776,1028,16778240,16778240,0,65540,66560,0,16842756), _ = new Array(-2146402272,-2147450880,32768,1081376,1048576,32,-2146435040,-2147450848,-2147483616,-2146402272,-2146402304,-2147483648,-2147450880,1048576,32,-2146435040,1081344,1048608,-2147450848,0,-2147483648,32768,1081376,-2146435072,1048608,-2147483616,0,1081344,32800,-2146402304,-2146435072,32800,0,1081376,-2146435040,1048576,-2147450848,-2146435072,-2146402304,32768,-2146435072,-2147450880,32,-2146402272,1081376,32,32768,-2147483648,32800,-2146402304,1048576,-2147483616,1048608,-2147450848,-2147483616,1048608,1081344,0,-2147450880,32800,-2147483648,-2146435040,-2146402272,1081344), w = new Array(520,134349312,0,134348808,134218240,0,131592,134218240,131080,134217736,134217736,131072,134349320,131080,134348800,520,134217728,8,134349312,512,131584,134348800,134348808,131592,134218248,131584,131072,134218248,8,134349320,512,134217728,134349312,134217728,131080,520,131072,134349312,134218240,0,512,131080,134349320,134218240,134217736,512,0,134348808,134218248,131072,134217728,134349320,8,131592,131584,134217736,134348800,134218248,520,134348800,131592,8,134348808,131584), x = new Array(8396801,8321,8321,128,8396928,8388737,8388609,8193,0,8396800,8396800,8396929,129,0,8388736,8388609,1,8192,8388608,8396801,128,8388608,8193,8320,8388737,1,8320,8388736,8192,8396928,8396929,129,8388736,8388609,8396800,8396929,129,0,0,8396800,8320,8388736,8388737,1,8396801,8321,8321,128,8396929,129,1,8192,8388609,8193,8396928,8388737,8193,8320,8388608,8396801,128,8388608,8192,8396928), k = new Array(256,34078976,34078720,1107296512,524288,256,1073741824,34078720,1074266368,524288,33554688,1074266368,1107296512,1107820544,524544,1073741824,33554432,1074266112,1074266112,0,1073742080,1107820800,1107820800,33554688,1107820544,1073742080,0,1107296256,34078976,33554432,1107296256,524544,524288,1107296512,256,33554432,1073741824,34078720,1107296512,1074266368,33554688,1073741824,1107820544,34078976,1074266368,256,33554432,1107820544,1107820800,524544,1107296256,1107820800,34078720,0,1074266112,1107296256,524544,33554688,1073742080,524288,0,1074266112,34078976,1073742080), A = new Array(536870928,541065216,16384,541081616,541065216,16,541081616,4194304,536887296,4210704,4194304,536870928,4194320,536887296,536870912,16400,0,4194320,536887312,16384,4210688,536887312,16,541065232,541065232,0,4210704,541081600,16400,4210688,541081600,536870912,536887296,16,541065232,4210688,541081616,4194304,16400,536870928,4194304,536887296,536870912,16400,536870928,541081616,4210688,541065216,4210704,541081600,0,541065232,16,16384,541065216,4210704,16384,4194320,536887312,0,541081600,536870912,4194320,536887312), T = new Array(2097152,69206018,67110914,0,2048,67110914,2099202,69208064,69208066,2097152,0,67108866,2,67108864,69206018,2050,67110912,2099202,2097154,67110912,67108866,69206016,69208064,2097154,69206016,2048,2050,69208066,2099200,2,67108864,2099200,67108864,2099200,2097152,67110914,67110914,69206018,69206018,2,2097154,67108864,67110912,2097152,69208064,2050,2099202,69208064,2050,67108866,69208066,69206016,2099200,0,2,69208066,0,2099202,69206016,2048,67108866,67110912,2048,2097154), L = new Array(268439616,4096,262144,268701760,268435456,268439616,64,268435456,262208,268697600,268701760,266240,268701696,266304,4096,64,268697600,268435520,268439552,4160,266240,262208,268697664,268701696,4160,0,0,268697664,268435520,268439552,266304,262144,266304,262144,268701696,4096,64,268697664,4096,266304,268439552,64,268435520,268697600,268697664,268435456,262144,268439616,0,268701760,262208,268435520,268697600,268439552,268439616,0,268701760,266240,266240,4160,4160,262208,268435456,268701696), S = function(t) {
        for (var e, i, n, a = new Array(0,4,536870912,536870916,65536,65540,536936448,536936452,512,516,536871424,536871428,66048,66052,536936960,536936964), s = new Array(0,1,1048576,1048577,67108864,67108865,68157440,68157441,256,257,1048832,1048833,67109120,67109121,68157696,68157697), o = new Array(0,8,2048,2056,16777216,16777224,16779264,16779272,0,8,2048,2056,16777216,16777224,16779264,16779272), r = new Array(0,2097152,134217728,136314880,8192,2105344,134225920,136323072,131072,2228224,134348800,136445952,139264,2236416,134356992,136454144), c = new Array(0,262144,16,262160,0,262144,16,262160,4096,266240,4112,266256,4096,266240,4112,266256), l = new Array(0,1024,32,1056,0,1024,32,1056,33554432,33555456,33554464,33555488,33554432,33555456,33554464,33555488), u = new Array(0,268435456,524288,268959744,2,268435458,524290,268959746,0,268435456,524288,268959744,2,268435458,524290,268959746), d = new Array(0,65536,2048,67584,536870912,536936448,536872960,536938496,131072,196608,133120,198656,537001984,537067520,537004032,537069568), h = new Array(0,262144,0,262144,2,262146,2,262146,33554432,33816576,33554432,33816576,33554434,33816578,33554434,33816578), p = new Array(0,268435456,8,268435464,0,268435456,8,268435464,1024,268436480,1032,268436488,1024,268436480,1032,268436488), f = new Array(0,32,0,32,1048576,1048608,1048576,1048608,8192,8224,8192,8224,1056768,1056800,1056768,1056800), v = new Array(0,16777216,512,16777728,2097152,18874368,2097664,18874880,67108864,83886080,67109376,83886592,69206016,85983232,69206528,85983744), m = new Array(0,4096,134217728,134221824,524288,528384,134742016,134746112,16,4112,134217744,134221840,524304,528400,134742032,134746128), g = new Array(0,4,256,260,0,4,256,260,1,5,257,261,1,5,257,261), b = t.length > 8 ? 3 : 1, y = new Array(32 * b), C = new Array(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0), _ = 0, w = 0, x = 0; x < b; x++) {
            var k = t.charCodeAt(_++) << 24 | t.charCodeAt(_++) << 16 | t.charCodeAt(_++) << 8 | t.charCodeAt(_++)
              , A = t.charCodeAt(_++) << 24 | t.charCodeAt(_++) << 16 | t.charCodeAt(_++) << 8 | t.charCodeAt(_++);
            k ^= (n = 252645135 & (k >>> 4 ^ A)) << 4,
            k ^= n = 65535 & ((A ^= n) >>> -16 ^ k),
            k ^= (n = 858993459 & (k >>> 2 ^ (A ^= n << -16))) << 2,
            k ^= n = 65535 & ((A ^= n) >>> -16 ^ k),
            k ^= (n = 1431655765 & (k >>> 1 ^ (A ^= n << -16))) << 1,
            k ^= n = 16711935 & ((A ^= n) >>> 8 ^ k),
            n = (k ^= (n = 1431655765 & (k >>> 1 ^ (A ^= n << 8))) << 1) << 8 | (A ^= n) >>> 20 & 240,
            k = A << 24 | A << 8 & 16711680 | A >>> 8 & 65280 | A >>> 24 & 240,
            A = n;
            for (var T = 0; T < C.length; T++)
                C[T] ? (k = k << 2 | k >>> 26,
                A = A << 2 | A >>> 26) : (k = k << 1 | k >>> 27,
                A = A << 1 | A >>> 27),
                A &= -15,
                e = a[(k &= -15) >>> 28] | s[k >>> 24 & 15] | o[k >>> 20 & 15] | r[k >>> 16 & 15] | c[k >>> 12 & 15] | l[k >>> 8 & 15] | u[k >>> 4 & 15],
                i = d[A >>> 28] | h[A >>> 24 & 15] | p[A >>> 20 & 15] | f[A >>> 16 & 15] | v[A >>> 12 & 15] | m[A >>> 8 & 15] | g[A >>> 4 & 15],
                n = 65535 & (i >>> 16 ^ e),
                y[w++] = e ^ n,
                y[w++] = i ^ n << 16
        }
        return y
    }(t), I = 0, j = e.length, z = 0, B = 32 == S.length ? 3 : 9;
    p = 3 == B ? i ? new Array(0,32,2) : new Array(30,-2,-2) : i ? new Array(0,32,2,62,30,-2,64,96,2) : new Array(94,62,-2,32,64,2,30,-2,-2),
    2 == s ? e += "        " : 1 == s ? i && (c = 8 - j % 8,
    e += String.fromCharCode(c, c, c, c, c, c, c, c),
    8 === c && (j += 8)) : s || (e += "\0\0\0\0\0\0\0\0");
    var F = ""
      , E = "";
    for (1 == n && (f = a.charCodeAt(I++) << 24 | a.charCodeAt(I++) << 16 | a.charCodeAt(I++) << 8 | a.charCodeAt(I++),
    m = a.charCodeAt(I++) << 24 | a.charCodeAt(I++) << 16 | a.charCodeAt(I++) << 8 | a.charCodeAt(I++),
    I = 0); I < j; ) {
        for (d = e.charCodeAt(I++) << 24 | e.charCodeAt(I++) << 16 | e.charCodeAt(I++) << 8 | e.charCodeAt(I++),
        h = e.charCodeAt(I++) << 24 | e.charCodeAt(I++) << 16 | e.charCodeAt(I++) << 8 | e.charCodeAt(I++),
        1 == n && (i ? (d ^= f,
        h ^= m) : (v = f,
        g = m,
        f = d,
        m = h)),
        d ^= (c = 252645135 & (d >>> 4 ^ h)) << 4,
        d ^= (c = 65535 & (d >>> 16 ^ (h ^= c))) << 16,
        d ^= c = 858993459 & ((h ^= c) >>> 2 ^ d),
        d ^= c = 16711935 & ((h ^= c << 2) >>> 8 ^ d),
        d = (d ^= (c = 1431655765 & (d >>> 1 ^ (h ^= c << 8))) << 1) << 1 | d >>> 31,
        h = (h ^= c) << 1 | h >>> 31,
        r = 0; r < B; r += 3) {
            for (b = p[r + 1],
            y = p[r + 2],
            o = p[r]; o != b; o += y)
                l = h ^ S[o],
                u = (h >>> 4 | h << 28) ^ S[o + 1],
                c = d,
                d = h,
                h = c ^ (_[l >>> 24 & 63] | x[l >>> 16 & 63] | A[l >>> 8 & 63] | L[63 & l] | C[u >>> 24 & 63] | w[u >>> 16 & 63] | k[u >>> 8 & 63] | T[63 & u]);
            c = d,
            d = h,
            h = c
        }
        h = h >>> 1 | h << 31,
        h ^= c = 1431655765 & ((d = d >>> 1 | d << 31) >>> 1 ^ h),
        h ^= (c = 16711935 & (h >>> 8 ^ (d ^= c << 1))) << 8,
        h ^= (c = 858993459 & (h >>> 2 ^ (d ^= c))) << 2,
        h ^= c = 65535 & ((d ^= c) >>> 16 ^ h),
        h ^= c = 252645135 & ((d ^= c << 16) >>> 4 ^ h),
        d ^= c << 4,
        1 == n && (i ? (f = d,
        m = h) : (d ^= v,
        h ^= g)),
        E += String.fromCharCode(d >>> 24, d >>> 16 & 255, d >>> 8 & 255, 255 & d, h >>> 24, h >>> 16 & 255, h >>> 8 & 255, 255 & h),
        512 == (z += 8) && (F += E,
        E = "",
        z = 0)
    }
    if (F = (F += E).replace(/\0*$/g, ""),
    !i) {
        if (1 === s) {
            var O = 0;
            (j = F.length) && (O = F.charCodeAt(j - 1)),
            O <= 8 && (F = F.substring(0, j - O))
        }
        F = decodeURIComponent(escape(F))
    }
    return F
}

function decode(t) {
    f = /[\t\n\f\r ]/g
    c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
    var e = (t = String(t).replace(f, "")).length;
    e % 4 == 0 && (e = (t = t.replace(/==?$/, "")).length),
    (e % 4 == 1 || /[^+a-zA-Z0-9/]/.test(t)) && l("Invalid character: the string to be decoded is not correctly encoded.");
    for (var n, r, i = 0, o = "", a = -1; ++a < e; )
        r = c.indexOf(t.charAt(a)),
        n = i % 4 ? 64 * n + r : r,
        i++ % 4 && (o += String.fromCharCode(255 & n >> (-2 * i & 6)));
    return o
}

t = ""

a = s("5e5062e82f15fe4ca9d24bc5", decode(t), 0, 0, "012345677890123", 1)
console.log(a)




// function myDecode(t){
//     a = s("5e5062e82f15fe4ca9d24bc5", decode(t), 0, 0, "012345677890123", 1)
//     return a
// }

因为要python调用,所以修改一下后面的内容。把它放在一个函数里

function myDecode(t){
    a = s("5e5062e82f15fe4ca9d24bc5", decode(t), 0, 0, "012345677890123", 1)
    return a
}

然后我们用python访问网站,并解密数据。

import execjs
import json
import requests
import time



# 执行本地的js
def getJsCode():
    f = open("main.js", 'r', encoding='UTF-8')
    line = f.readline()
    htmlstr = ''
    while line:
        htmlstr = htmlstr + line
        line = f.readline()
    return htmlstr


def headersStringtoHeaders(headersString):
    headers = '{\n'
    arrayS = headersString.split("\n")
    for array in arrayS:
        headers = headers + '\t"' + array.split(":")[0] + '": "' + array.split(":")[1].strip() + '",\n'
    headers = headers + "}"
    print(headers)

def spider():
    # 读取js文件
    js_content = getJsCode()
    # 编译js文件
    ctx = execjs.compile(js_content)
    url = 'https://vipapi.qimingpian.com/DataList/productListVip'
    header = {
        "Accept": "application/json, text/plain, */*",
        "Accept-Encoding": "gzip, deflate, br",
        "Accept-Language": "zh-CN,zh;q=0.9",
        "Cache-Control": "no-cache",
        "Connection": "keep-alive",
        "Content-Length": "69",
        "Content-Type": "application/x-www-form-urlencoded",
        "Host": "vipapi.qimingpian.com",
        "Origin": "https",
        "Pragma": "no-cache",
        "Sec-Fetch-Mode": "cors",
        "Sec-Fetch-Site": "cross-site",
        "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36",
    }

    postData = {
        "time_interval": None,
        "tag": None,
        "tag_type": None,
        "province": None,
        "lunci": None,
        "page": 1,
        "num": 20,
        "unionid": None,

    }

    r = requests.post(url, headers= header, data= postData)
    print(r.text)
    # 得到encrypt_data即是加密返回的数据
    t = json.loads(r.text).get("encrypt_data")

    # 调用方法得到解密数据
    decodeResult = ctx.call('myDecode',t)
    # 数据json化
    decodeResultJson = json.loads(decodeResult)
    # print(decodeResultJson)
    # 用来存储一条json数据
    dataJson = {}
    for d in decodeResultJson:
        myList = decodeResultJson["list"]
        for m in myList:
            for n in m:
                dataJson[n] = m[n]
            print(dataJson)
        dataJson = {}



spider()


运行结果

本来想批量爬取的
但未登录用户只能看一页的数据
登录的只能看两页
其他的要money
就没有继续下去了

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,657评论 6 492
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,662评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 158,143评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,732评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,837评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,036评论 1 291
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,126评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,868评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,315评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,641评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,773评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,470评论 4 333
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,126评论 3 317
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,859评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,095评论 1 267
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,584评论 2 362
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,676评论 2 351