Record the various pits encountered on the crawler road 02

2020.04.16

Record the first js encountered to determine whether the code is formatted.
On the target website , click Search and open the debug panel to find the page code in the doc. The section in the second script tag will not report an error if taken out and run directly in the console. After running, _pt_ is printed in the console. If there is a value, the operation is completed. However, if the code is formatted and then run, the browser is stuck. After formatting the code, make a breakpoint at _0xxxxxx ['updateCookie'] in the first self-executing function.

Stuck because the function setCookie is an endless loop, which has been looping to increase the length of the string. If the time is too long, the memory is insufficient and an error is reported. The reason for entering this method is:

var _0x17db3c = function() {
    var _0x20a2de = new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');
    return _0x20a2de['test'](_0x5f0fa3['removeCookie']['toString']());
};
_0x5f0fa3['updateCookie'] = _0x17db3c;
var _0x35cc0c = '';
//执行正则判断，若未匹配上，说明代码被打开或者更改，进入setCookie导致代码执行卡死
var _0x2aff92 = _0x5f0fa3['updateCookie']();
if (!_0x2aff92) {
	_0x5f0fa3['setCookie'](['*'], 'counter', 0x1);
} else if (_0x2aff92) {
    _0x35cc0c = _0x5f0fa3['getCookie'](null, 'counter');
} else {
    _0x5f0fa3['removeCookie']();
}
  

When the code is formatted:

_0x5f0fa3['removeCookie'].toString()
"function() {
                return 'dev';
            }"

When the code is not open:

_0x5f0fa3['removeCookie'].toString()
"function(){return 'dev';}"

At this time, the regular match is passed, and the setCookie method is not entered.
It is estimated that there are other ways to judge whether the code is opened.