公众号:uncle39py
V1
2023/01/11阅读:41主题:默认主题
01 web逆向 犀牛数据
需要逆向的网址:https://www.xiniudata.com/industry/newest?from=data
现在步骤就很简单了,首先可以在python中构建要爬取的分页信息,通过js逆向出payload,并且将pyload再次进行处理,得出sig,携带这两个参数就可以得到加密数据了
js改写如下:
const crypto = require('crypto');
var payload = '{"sort": 1, "start": 60, "limit": 20}'
var _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
, _p = "W5D80NFZHAYB8EUI2T649RT2MNRMVE2O";
function _u_e(e) {
if (null == e)
return null;
e = e.replace(/\r\n/g, "\n");
for (var t = "", n = 0; n < e.length; n++) {
var r = e.charCodeAt(n);
r < 128 ? t += String.fromCharCode(r) : r > 127 && r < 2048 ? (t += String.fromCharCode(r >> 6 | 192),
t += String.fromCharCode(63 & r | 128)) : (t += String.fromCharCode(r >> 12 | 224),
t += String.fromCharCode(r >> 6 & 63 | 128),
t += String.fromCharCode(63 & r | 128))
}
return t
}
function e2(e) {
if (null == (e = _u_e(e)))
return null;
for (var t = "", n = 0; n < e.length; n++) {
var r = _p.charCodeAt(n % _p.length);
t += String.fromCharCode(e.charCodeAt(n) ^ r)
}
return t
}
function e1(e) {
if (null == e)
return null;
for (var t, n, r, o, i, a, c, u = "", s = 0; s < e.length;)
o = (t = e.charCodeAt(s++)) >> 2,
i = (3 & t) << 4 | (n = e.charCodeAt(s++)) >> 4,
a = (15 & n) << 2 | (r = e.charCodeAt(s++)) >> 6,
c = 63 & r,
isNaN(n) ? a = c = 64 : isNaN(r) && (c = 64),
u = u + _keyStr.charAt(o) + _keyStr.charAt(i) + _keyStr.charAt(a) + _keyStr.charAt(c);
return u
}
function sig(e) {
return crypto.createHash('md5').update(e+_p).digest('hex').toUpperCase()
}
function main123(){
payload = e1(e2(payload))
sig = sig(payload)
l={
"payload": payload,
"sig": sig,
"v": 1
}
return l
}
紧接着对加密数据进行逆向
注意:请求参数逆向是在请求之前; 而数据逆向是在请求之后,服务器响应之后的
针对数据逆向的常规方法:
-
1.接口自带关键字搜索 -
2.decrypt 标准算法库关键字 -
3.动态渲染方式,类型转换;关键字是:JSON.parse(解密的方法,不能是内置函数)
接着就是js改写了...
作者介绍
公众号:uncle39py
V1