声明:本文只作学习研究,禁止用于非法用途,否则后果自负,如有侵权,请告知删除,谢谢!
前言
最近是迷上了滑块了,搞了云片和数美的滑块,难度一般吧,先分享下云片的,比较简单
地址:自己搜哈
一、页面分析
请求图片的时候这几个参数都写死没毛病哈
验证的时候需要用到请求验证码时拿到的token,然后cb、i、k这几个参数都是加密的,下面来慢慢搞他
二、参数破解
1.参数定位
加密位置在下图,直接打断点 先看下e里面的参数,address、fp都是定值,points是滑块轨迹、distanceX是缺口距离、yp_riddler_id这玩意看起来是uuid,废话不多说,直接扣他加密代码就行了
2.加密函数获取
这里t就是json转字符,st.getRandomStr这个方法进去看看 16位的随机值
i值的
tt.a.encrypt方法,这玩意要么是AES要么是DES,全局搜搜看,那应该是AES了,没毛病哈,可以自己去试试 k值的
rsaEncrypt不多说吧,就是RSA加密,公钥已经有了
三、总结
然后没有的参数补一补就ok了!
import json
import re
import execjs
import requests
import time
from 云片滑块.img_distance import SlideCrack
headers = {
'Connection': 'keep-alive',
'sec-ch-ua': '"Google Chrome";v="87", " Not;A Brand";v="99", "Chromium";v="87"',
'Accept': 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Dest': 'empty',
'Referer': 'https://www.yunpian.com/product/captcha',
'Accept-Language': 'zh-CN,zh;q=0.9',
}
session = requests.session()
session.get('https://www.yunpian.com/product/captcha', headers=headers)
params = (
('cb', '153bsvkom2'),
('i', '425scgnw4seSF0BKIug9aJhPG+wLCmHuJYFVUV+hWq3TgZSjj3AYADGVPF7P30CxGW7QGtonm1lJnIkKQDlsW2V8ete0QPHHlWRCAJIDneIq2hSfxyDUJMmNMt8ppcQJcN8w42nwX4ZyZzTRU3HBXaRwvOpDjrIfrDfJ24Cd36F6vsUIaosATQdUcnfL2pM8fmnrEz5Ql7kV6L3WhgRVutAbDF+WWpuMlpWWh/9nWO42Tc5qUOo0NtGG2ivBrYLCBdr+7YRNEbBwlYeeEtp153YTiQFQrbl8j/ZnuAWQWhJcctxXa/NBUSSIzASkSPM5e7ZCSHH4cK9lvPaz6WiTkhhsOeDcF+dBs77PiB8FO4EUqmb2MamK7X+7ZPUEGpv2vTVTdyj9cbihuWYvqNQaFP6f8qp5lDtrS+YXt/PHuq3lXx1fY56ge/Mt4Mk8ripvW5CwaKzr7em4El2SAZPE3YygRQKNTRykpR9uhfm6+DwUX3FbA3ERNMHT5ZTSri63pJXQ62wg7VSAX/8G9MJynxx0fi7PxLRccUBrxF1Yh7vOQn7eTXwRyrd6azC8tkn+Oqu5/PBYgkgpAXqFkO/QT0bbb4HkSCHq/y+2bnQ5cEIMgaPY2i3H2tPAOpByNXnIeJRUFR9FJ/Y+7+1Cj8vRnGNElKcEjQ3MVDpXddYhWH0UmOtR3MDzu3qt9DhFz2zF7S11VI8la3GB0pmDeq3g1kdjCnvBYwGWEpseRVoIuxRtmEBPbDbwAU/WSbCk5xp6IFqLhn5NGdHvAFlwhooGZA=='),
('k', 'c37ZKj9uCncUdQdTqpwjzPSn6/fj+5D2BXIGjMcHYdsuQ16Jtd/4eIT/97Yhx2hcoiurbBhlcH6J1TgWq2ti1FKcq80sHFxA7vHdBcdkPhEbFV/zQHSp8219k+3TPnn0jWRBQduKz0QTveY3gvS2SAXxClu+aamSjhS23VMbM9w='),
('captchaId', '974cd565f11545b6a5006d10dc324281'),
)
response = session.get('https://captcha.yunpian.com/v1/jsonp/captcha/get', headers=headers, params=params)
js_data = json.loads(re.compile("ypjsonp((.*?))") .findall(response.text)[0])
print(js_data)
with open('./code.js',encoding='utf8') as f:
js_func = execjs.compile(f.read())
image = js_data['data']['front']
imageback = js_data['data']['bg']
print(image,imageback)
sc = SlideCrack(image,imageback)
distance = int(sc.discern()//1.548387) # 缩小像素 480/310 ≈ 1.548387
print('滑块位置',distance)
data = js_func.call('get_data',distance)
print(data)
params = (
('cb', data['cb']),
('i', data['i']),
('k', data['k']),
('token', js_data['data']['token']),
('captchaId', '974cd565f11545b6a5006d10dc324281'),
)
time.sleep(1.5)
response = requests.get('https://captcha.yunpian.com/v1/jsonp/captcha/verify', headers=headers, params=params)
print(response.text)
复制代码