参考文章JS逆向中常见的window.webpackJsonp分析,网址JS逆向中常见的window.webpackJsonp分析_Zzzzzzzzzzzaa2的博客-CSDN博客_webpackjsonp

xhr下断点的话,直接输入网址,重新刷新,下断点方法如下图:

用栈堆追溯上去,找到cookie加密的位置

 扣出js,这里碰见了(window.webpackJsonp = window.webpackJsonp || [])这种压缩代码,处理方法参考:JS逆向中常见的window.webpackJsonp分析_Zzzzzzzzzzzaa2的博客-CSDN博客_webpackjsonp

抠出来的js如下:

var window;
var global = {};
var getdata;
(function(n) {
    var o = {};
    function r(e) {
        if (o[e]) return o[e].exports;
        var t = o[e] = {
            i: e,
            l: !1,
            exports: {}
        };
        return n[e].call(t.exports, t, t.exports, r),
        t.l = !0,
        t.exports
    }
    r.m = n;
    r.c = o;
    r.d = function(e, t, n) {
        r.o(e, t) || Object.defineProperty(e, t, {
            enumerable: !0,
            get: n
        })
    };
    r.r = function(e) {
        "undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, {
            value: "Module"
        }),
        Object.defineProperty(e, "__esModule", {
            value: !0
        })
    };
    r.t = function(t, e) {
        if (1 & e && (t = r(t)),
        8 & e) return t;
        if (4 & e && "object" == typeof t && t && t.__esModule) return t;
        var n = Object.create(null);
        if (r.r(n),
        Object.defineProperty(n, "default", {
            enumerable: !0,
            value: t
        }),
        2 & e && "string" != typeof t) for (var o in t)
        r.d(n, o, function(e) {
            return t[e]
        }.bind(null, o));
        return n
    };
    r.n = function(e) {
        var t = e && e.__esModule ? function() {
                return e.
                default
            } : function() {
                return e
            };
        return r.d(t, "a", t),
        t
    };
    r.o = function(e, t) {
        return Object.prototype.hasOwnProperty.call(e, t)
    };
    r.p = "";
    getdata = r;
})([])

'[]"里边的就是抠出来的push数组的函数,这里需要做的处理如下:

        global.jakepat = G[C(522)] = function(a, f) {
            var s = C;
            I[s(624)](f, null) && (f = a, a = {});
            G[s(891)](a, function(n) {
                for (var r = s, t = [], e = 0; I[r(1548)](e, n[r(1691)]); e++) {
                    var o = n[e];
                    if (I[r(1286)](o[r(850)], a[r(1255)] || I[r(783)])) t.push({
                        key: o.key,
                        value: I.FDTDF
                    });
                    else if (I[r(462)](o[r(1661)], r(1700))) t[r(452)]({
                        key: I[r(521)],
                        value: I[r(742)](b, o.value, function(n) {
                            var t = r,
                                e = b(n[2], function(n) {
                                    return n.join ? n.join("~") : n
                                })[t(1539)](",");
                            return [n[0], n[1], e].join("::")
                        })
                    });
                    else if (I[r(507)]([I[r(1530)]][r(1149)](o.key), -1) && H()(o[r(850)])) t[r(452)]({
                        key: o[r(1661)],
                        value: o[r(850)][r(1539)]("~")
                    });
                    else if (-1 !== [I.sddir][r(1149)](o[r(1661)]) && H()(o.value)) t.push({
                        key: o[r(1661)],
                        value: I.IULpW(p, o[r(850)].join("~"), 31)
                    });
                    else if (-1 !== [I[r(1595)], "localStorage", I[r(478)], I.hfzvw, I[r(1676)]][r(1149)](o[r(1661)])) {
                        if (!o.value) continue;
                        t[r(452)]({
                            key: o[r(1661)],
                            value: 1
                        })
                    } else o.value ? t.push(o[r(850)][r(1539)] ? {
                        key: o[r(1661)],
                        value: o[r(850)][r(1539)](";")
                    } : o) : t[r(452)]({
                        key: o[r(1661)],
                        value: o.value
                    })
                }
                var i = {};
                Z()(t).call(t, function(n) {
                    var t = r;
                    i[n.key] = n[t(850)]
                });
                var u = I.qrTqB(l, I.PNXDL, JSON[r(1347)](i)),
                    c = I[r(570)](v, I[r(791)](u, I[r(222)]));
                global.jjs = u;
                global.jjl = c;
            })
        }

出口函数如下:

function getid() {
    getdata(278);
    global.jakepat();
    return global.jjl;
}
function getsign() {
    getdata(278);
    global.jakepat();
    return global.jjs;
}
module.exports = {
    getid
}
module.exports = {
    getsign
}

这里用noodjs代码如下:

const express = require('express');
// 对网站首页的访问返回 "Hello World!" 字样
const app = express();
const test = require('./routes/test');
app.get('/', function (req, res) {
    result=test.getid();
    res.send(result);
});
app.get('/test',function (req, res) {
    result=test.getsign();
    res.send(result);
});
app.listen(3000, function () {
    console.log('Example app listening on port 3000!')
});
app.listen(3000, () => {
    console.log('开启服务,端口3000')
});

使用py文件去爬取自己搭建的客户端:

import time
import requests
url1 = "http://localhost:3000"
url2="http://localhost:3000/test"
gotid = requests.get(url1)
gotsign=requests.get(url2)
print(response.text)

相关文章:

猜你喜欢
热门标签