目标QN网pre参数。
第一步,先抓包:
果然之前遇到过这个套路,那就是检测换行呗,又想让我爆内存是吧。不会上当了。我们先把这个地方的代码挖出来分析分析:
var _0xa5ad5c = _0x2444db(this, function () {
var _0x35d02e = function () {
return "dev";
},
_0x18cced = function () {
return "window";
};
var _0x364152 = function () {
var _0x1d4f26 = new RegExp("\\w+ *\\(\\) *{\\w+ *['|\"].+['|\"];? *}");
return !_0x1d4f26.test(_0x35d02e.toString());
};
var _0xcfd92 = function () {
var _0x55eb7e = new RegExp("(\\\\[x|u](\\w){2,4})+");
return _0x55eb7e.test(_0x18cced.toString());
};
var _0x34c898 = function (_0x31b9ac) {
var _0x35b4e0 = 0;
if (_0x31b9ac.indexOf(false)) {
_0x3217e1(_0x31b9ac);
}
};
var _0x3217e1 = function (_0x4a8870) {
var _0xbd3fa8 = 3;
if (_0x4a8870.indexOf("true"[3]) !== 3) {
_0x34c898(_0x4a8870);
}
};
if (!_0x364152()) {
if (!_0xcfd92()) {
_0x34c898("indеxOf");
} else {
_0x34c898("indexOf");
}
} else {
_0x34c898("indеxOf");
}
});
local_storeage = {}
var location = {
href: "https://flight.qunar.com/site/oneway_list.htm?searchDepartureAirport=%E5%8C%97%E4%BA%AC&searchArrivalAirport=%E6%98%86%E6%98%8E&searchDepartureTime=2020-09-17&searchArrivalTime=2020-09-15&nextNDays=0&startSearch=true&fromCode=BJS&toCode=KMG&from=tejia_d_search&lowestPrice=null",
host: "flight.qunar.com",
hostname: "flight.qunar.com"
};
var localStorage = {
setItem: function (key, value) {
local_storeage[key] = value;
},
getItem: function (key) {
return local_storeage[key]
},
removeItem: function (key) {
delete local_storeage[key]
}
}
var window = {
location: location,
localStorage: localStorage
};
var document = {
createElement: function (ele) {
var element = {
src: ""
}
return element
},
head: {
getElementsByTagName: function(ele) {
if (ele == 'script') {
return [
{src:"https://rmcsdf.qunar.com/api/device/answer.json?callback=callback_1600070190853&sessionId=c922434c-d559-41e3-9cd8-18a493694dcd&answer=cv3I1H8GFcflk_IfUTmRSv6L-h0klNJrF0SPmn80HJvlkR4qFyTDyP87A4OilQprGfjSsHs8IFr15J5rQejSwKc9JF-llFpuQGyVw39LT_L2qd1bVrnIcixPSoK2g5I_7OyIEjh0x1-ku5HqLy2GceBPUsK3q91bMn3IjzRPXEgjdA4dKryUnyBOTEw2aUYuVrCUyOrRWsa1wBVbGnnG1ihPFoq2sJlaF2zUtn8HKwK2r9ldLvnGc2c8B50kA4Ix7aSNq-c90BRdLcG5OzXJg2x07VhiaYnuIujYOzROKha3lgIyMv3I7L6-ZF-jlgIyMb3UzTc9MFPdgd5wQzzJwfA0Y5Kjqxob77zX1Pc9V5OjtoJt7r3JcihRTwq3v91bOrXEm2RPKk623RYa0miGyqR6ZsP1gQIaQ7WIheMP-_KidcldBe3V"},
{src:"https://rmcsdf.qunar.com/api/device/challenge.json?callback=callback_1600070190262&sessionId=c922434c-d559-41e3-9cd8-18a493694dcd&domain=qunar.com&orgId=ucenter.login"},
{src:"https://webresource.c-ctrip.com/resaresonline/risk/ubtrms/latest/default/chlorofp.js?siteId=c7e55b219200&v=120-8-14"},
{src:"https://ws.qunar.com/rt_recommend?count=3&fromCity=%E5%8C%97%E4%BA%AC&toCity=%E6%98%86%E6%98%8E&depDate=2020-09-17&includeTax=0&callback=jsonp_1417whnctfho9p1"},
{src:"https://gw.flight.qunar.com/api/f/priceCalendar?dep=%E5%8C%97%E4%BA%AC&arr=%E6%98%86%E6%98%8E&days=&priceType=1&callback=jsonp_93vaq0viqu3rssh"},
{src:"https://lp.flight.qunar.com/api/dom/recommend/nearby_route?from=%E5%8C%97%E4%BA%AC&to=%E6%98%86%E6%98%8E&start_date=2020-09-17&callback=jsonp_qjqv30fbv34guzw"},
{src:"https://flightopdata.qunar.com/vataplan?&id=41&callback=jsonp_p5udnewvxw1uvfq"},
{src:""},
{src:""},
{src:""},
{src:"https://a.qunar.com/vataplan?framId=a_listBannerTop&vataposition=QNR_OQ==_CN&tag=0&rows=3&cur_page_num=0&rep=1&f=s&callback=QNR._AD.a_listBannerTop&ab=b&tile=16000701898246186355&vatafrom=%E5%8C%97%E4%BA%AC&vatato=%E6%98%86%E6%98%8E"}
]
}
}
},
getElementsByTagName: function(ele) {
if (ele == 'meta') {
return {
description: {
content: "去哪儿(Qunar.com)作为全球最大的中文旅游搜索引擎,通过对机票,酒店,旅游线路的整合与发布,提供专业、实时、可信的旅游产品价格比较与服务比较系统,帮助消费者轻松进行充分选择,是您预订机票、酒店、旅游线路的最佳选择!"
}
}
}
}
}
这里有些方法比如getElementsByTagName、localStorage.setItem等是Node里没有的,这些可以用一些巧妙的方法处理,说到底他不就是要验证浏览器环境吗,离不开一句话,他要什么,我们给什么。
浏览器运行结果:
一样,通关!
