链接:http://match.yuanrenxue.com/match/2
检查,会自动断点,不会调的可以看我的上一篇文章https://blog.csdn.net/a12355556/article/details/115007824,换页抓包,如图
发现参数没有加密的,题目已经说了是cookie加密了,大家可以自行去查看网址
-
在cookie里,看出m是由时间戳和另外一个东西加密而成的,我们刷新一下页面,
在2里面并没有返回的数据,其实这时候可以用fiddle抓包,因为fiddle可以抓到chrome抓不到的包,会发现返回的是有数据的,
返回的是一段特别乱的JS代码,肯定进行了混淆加密,将script标签去除,将剩下的代码复制到Ob混淆解密工具试试,网站;http://tool.yuanrenxue.com/decode_obfuscator,成功解密,
新建一个文件,用notepad++打开复制进去,并JS格式化代码,结果为
将第一行和最后一行删除掉,因为我们要找的是内部函数,在199行出现了cookie,看到它的参数组成可以锁定cookie加密就是在这里了,我们详细看一下具体组成部分
- M()
会发现M()并没有返回值,而且全部的代码也没有全局变量,就不能通过修改全局变量来影响cookie了,所有可以直接把M()去掉,这部分代码暂且不删,(也可以删除,不过得保留qz参数,后面会用到这个参数)
-
V(Y)
return Z ? a0 ? H(Z, Y) : y(Z, Y) : a0 ? T(Y) : U(Y);这是一个较长的三元运算符,我们可以把它们分开
return Z ? a0 ? H(Z, Y) : y(Z, Y) : a0 ? T(Y) : U(Y);先判断第一句,如果有Z的话执行中间的代码,否则,执行U(Y),很显然V(Y)只有一个参数,只能传给Y,所以返回的就是U(Y),直接改成return U(Y);即可。U(Y)就直接放在那里吧。
加载代码后报错,将let 改成var即可(需要修改多处,直到不报错let …),然后就出现了程序崩溃的结果,再查找一下setInterval(M(), 500);需要把这个删除,末尾需要返回值
再次加载,加载成功,这时候运行get_m_val()函数,说qz不存在,把M()函数里的qz复制一下到需要qz的函数里再次加载执行
成功
代码
JS代码(命名为2.js)
var B = function () {
var Y = true;
return function (Z, a0) {
var a1 = Y ? function () {
if (a0) {
var a2 = a0["apply"](Z, arguments);
a0 = null;
return a2;
}
}
: function () {
};
Y = false;
return a1;
};
}
();
function C(Y, Z) {
var a0 = (65535 & Y) + (65535 & Z);
return (Y >> 16) + (Z >> 16) + (a0 >> 16) << 16 | 65535 & a0;
}
function D(Y, Z) {
return Y << Z | Y >>> 32 - Z;
}
function E(Y, Z, a0, a1, a2, a3) {
return C(D(C(C(Z, Y), C(a1, a3)), a2), a0);
}
function F(Y, Z, a0, a1, a2, a3, a4) {
return E(Z & a0 | ~Z & a1, Y, Z, a2, a3, a4);
}
function G(Y, Z, a0, a1, a2, a3, a4) {
return E(Z & a1 | a0 & ~a1, Y, Z, a2, a3, a4);
}
function H(Y, Z) {
var a0 = [99, 111, 110, 115, 111, 108, 101];
var a1 = "";
for (var a2 = 0; a2 < a0["length"]; a2++) {
a1 += String["fromCharCode"](a0[a2]);
}
return a1;
}
function I(Y, Z, a0, a1, a2, a3, a4) {
return E(Z ^ a0 ^ a1, Y, Z, a2, a3, a4);
}
function J(Y, Z, a0, a1, a2, a3, a4) {
return E(a0 ^ (Z | ~a1), Y, Z, a2, a3, a4);
}
function K(Y, Z) {
if (Z) {
return J(Y);
}
return H(Y);
}
function L(Y, Z) {
var a0 = "";
for (var a1 = 0; a1 < Y["length"]; a1++) {
a0 += String["fromCharCode"](Y[a1]);
}
return a0;
}
function N(Y, Z) {
Y[Z >> 5] |= 128 << Z % 32,
Y[14 + (Z + 64 >>> 9 << 4)] = Z;
qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10];
if (qz) {
var a0,
a1,
a2,
a3,
a4,
a5 = 1732584193,
a6 = -271733879,
a7 = -1732584194,
a8 = 271733878;
} else {
var a0,
a1,
a2,
a3,
a4,
a5 = 0,
a6 = -0,
a7 = -0,
a8 = 0;
}
for (a0 = 0; a0 < Y["length"]; a0 += 16)
a1 = a5, a2 = a6, a3 = a7, a4 = a8, a5 = F(a5, a6, a7, a8, Y[a0], 7, -680876936), a8 = F(a8, a5, a6, a7, Y[a0 + 1], 12, -389564586), a7 = F(a7, a8, a5, a6, Y[a0 + 2], 17, 606105819), a6 = F(a6, a7, a8, a5, Y[a0 + 3], 22, -1044525330), a5 = F(a5, a6, a7, a8, Y[a0 + 4], 7, -176418897), a8 = F(a8, a5, a6, a7, Y[a0 + 5], 12, 1200080426), a7 = F(a7, a8, a5, a6, Y[a0 + 6], 17, -1473231341), a6 = F(a6, a7, a8, a5, Y[a0 + 7], 22, -45705983), a5 = F(a5, a6, a7, a8, Y[a0 + 8], 7, 1770010416), a8 = F(a8, a5, a6, a7, Y[a0 + 9], 12, -1958414417), a7 = F(a7, a8, a5, a6, Y[a0 + 10], 17, -42063), a6 = F(a6, a7, a8, a5, Y[a0 + 11], 22, -1990404162), a5 = F(a5, a6, a7, a8, Y[a0 + 12], 7, 1804603682), a8 = F(a8, a5, a6, a7, Y[a0 + 13], 12, -40341101), a7 = F(a7, a8, a5, a6, Y[a0 + 14], 17, -1502882290), a6 = F(a6, a7, a8, a5, Y[a0 + 15], 22, 1236535329), a5 = G(a5, a6, a7, a8, Y[a0 + 1], 5, -165796510), a8 = G(a8, a5, a6, a7, Y[a0 + 6], 9, -1069501632), a7 = G(a7, a8, a5, a6, Y[a0 + 11], 14, 643717713), a6 = G(a6, a7, a8, a5, Y[a0], 20, -373897302), a5 = G(a5, a6, a7, a8, Y[a0 + 5], 5, -701558691), a8 = G(a8, a5, a6, a7, Y[a0 + 10], 9, 38016083), a7 = G(a7, a8, a5, a6, Y[a0 + 15], 14, -660478335), a6 = G(a6, a7, a8, a5, Y[a0 + 4], 20, -405537848), a5 = G(a5, a6, a7, a8, Y[a0 + 9], 5, 568446438), a8 = G(a8, a5, a6, a7, Y[a0 + 14], 9, -1019803690), a7 = G(a7, a8, a5, a6, Y[a0 + 3], 14, -187363961), a6 = G(a6, a7, a8, a5, Y[a0 + 8], 20, 1163531501), a5 = G(a5, a6, a7, a8, Y[a0 + 13], 5, -1444681467), a8 = G(a8, a5, a6, a7, Y[a0 + 2], 9, -51403784), a7 = G(a7, a8, a5, a6, Y[a0 + 7], 14, 1735328473), a6 = G(a6, a7, a8, a5, Y[a0 + 12], 20, -1926607734), a5 = I(a5, a6, a7, a8, Y[a0 + 5], 4, -378558), a8 = I(a8, a5, a6, a7, Y[a0 + 8], 11, -2022574463), a7 = I(a7, a8, a5, a6, Y[a0 + 11], 16, 1839030562), a6 = I(a6, a7, a8, a5, Y[a0 + 14], 23, -35309556), a5 = I(a5, a6, a7, a8, Y[a0 + 1], 4, -1530992060), a8 = I(a8, a5, a6, a7, Y[a0 + 4], 11, 1272893353), a7 = I(a7, a8, a5, a6, Y[a0 + 7], 16, -155497632), a6 = I(a6, a7, a8, a5, Y[a0 + 10], 23, -1094730640), a5 = I(a5, a6, a7, a8, Y[a0 + 13], 4, 681279174), a8 = I(a8, a5, a6, a7, Y[a0], 11, -358537222), a7 = I(a7, a8, a5, a6, Y[a0 + 3], 16, -722521979), a6 = I(a6, a7, a8, a5, Y[a0 + 6], 23, 76029189), a5 = I(a5, a6, a7, a8, Y[a0 + 9], 4, -640364487), a8 = I(a8, a5, a6, a7, Y[a0 + 12], 11, -421815835), a7 = I(a7, a8, a5, a6, Y[a0 + 15], 16, 530742520), a6 = I(a6, a7, a8, a5, Y[a0 + 2], 23, -995338651), a5 = J(a5, a6, a7, a8, Y[a0], 6, -198630844), a8 = J(a8, a5, a6, a7, Y[a0 + 7], 10, 1126891415), a7 = J(a7, a8, a5, a6, Y[a0 + 14], 15, -1416354905), a6 = J(a6, a7, a8, a5, Y[a0 + 5], 21, -57434055), a5 = J(a5, a6, a7, a8, Y[a0 + 12], 6, 1700485571), a8 = J(a8, a5, a6, a7, Y[a0 + 3], 10, -1894986606), a7 = J(a7, a8, a5, a6, Y[a0 + 10], 15, -1051523), a6 = J(a6, a7, a8, a5, Y[a0 + 1], 21, -2054922799), a5 = J(a5, a6, a7, a8, Y[a0 + 8], 6, 1873313359), a8 = J(a8, a5, a6, a7, Y[a0 + 15], 10, -30611744), a7 = J(a7, a8, a5, a6, Y[a0 + 6], 15, -1560198380), a6 = J(a6, a7, a8, a5, Y[a0 + 13], 21, 1309151649), a5 = J(a5, a6, a7, a8, Y[a0 + 4], 6, -145523070), a8 = J(a8, a5, a6, a7, Y[a0 + 11], 10, -1120210379), a7 = J(a7, a8, a5, a6, Y[a0 + 2], 15, 718787259), a6 = J(a6, a7, a8, a5, Y[a0 + 9], 21, -343485441), a5 = C(a5, a1), a6 = C(a6, a2), a7 = C(a7, a3), a8 = C(a8, a4);
return [a5, a6, a7, a8];
}
function O(Y) {
var Z,
a0 = "",
a1 = 32 * Y["length"];
for (Z = 0; Z < a1; Z += 8)
a0 += String["fromCharCode"](Y[Z >> 5] >>> Z % 32 & 255);
return a0;
}
function P(Y) {
var Z,
a0 = [];
for (a0[(Y["length"] >> 2) - 1] = undefined, Z = 0; Z < a0["length"]; Z += 1)
a0[Z] = 0;
var a1 = 8 * Y["length"];
for (Z = 0; Z < a1; Z += 8)
a0[Z >> 5] |= (255 & Y["charCodeAt"](Z / 8)) << Z % 32;
return a0;
}
function Q(Y) {
return O(N(P(Y), 8 * Y["length"]));
}
function R(Y) {
var Z,
a0,
a1 = "0123456789abcdef",
a2 = "";
for (a0 = 0; a0 < Y["length"]; a0 += 1)
Z = Y["charCodeAt"](a0), a2 += a1["charAt"](Z >>> 4 & 15) + a1["charAt"](15 & Z);
return a2;
}
function S(Y) {
return unescape(encodeURIComponent(Y));
}
function T(Y) {
return Q(S(Y));
}
function U(Y) {
return R(T(Y));
}
function V(Y, Z, a0) {
return U(Y);
}
function W(Y) {
return "m" + "=" + V(Y) + "|" + Y;
}
function X() {
return Date["parse"](new Date());
}
function get_m_val(){
return W(X());
}
python代码
import requests,execjs,json
all_data=[]
headers = {
'Cookie':'',
'Host':'match.yuanrenxue.com',
'Pragma':'no-cache',
'Proxy-Connection':'keep-alive',
'Referer':'http://match.yuanrenxue.com/match/2',
'User-Agent':'yuanrenxue.project',
'X-Requested-With':'XMLHttpRequest'
}
def get_m_value():
with open('2.js','r',encoding='utf-8')as f:
JSdata = f.read()
f.close()
m_val = execjs.compile(JSdata).call('get_m_value')
return m_val
def parse_page(url):
m_val = get_m_value()
print(m_val)
headers.update({
'Cookie':m_val})
r = requests.get(url,headers=headers)
data = json.loads(r.text)['data']
[all_data.append(int(one['value'])) for one in data]
def main():
for i in range(1,6):
url = f'http://match.yuanrenxue.com/api/match/2?page={i}'
parse_page(url)
if __name__ == '__main__':
main()
print(all_data)
print(sum(all_data))
运行结果
