Python爬蟲(chóng)高級(jí)案例,JS逆向,某手機(jī)反饋專區(qū)
前言
前段時(shí)間看到有人js逆向了某手機(jī)的反饋專區(qū),我也第一時(shí)間學(xué)習(xí)了一下,學(xué)完后一直想著憑借自己的能力,看能不能單獨(dú)完成一次,拿下js逆向真正第一血,所以就有了今天的受害者,某藍(lán)廠手機(jī)圈子的逆向。
網(wǎng)站分析
既然選定了目標(biāo),那就開(kāi)始抓包,分析網(wǎng)頁(yè)。
這是抓包后的情況,通過(guò)對(duì)多個(gè)包進(jìn)行比較發(fā)現(xiàn),實(shí)際變化的參數(shù)只有l(wèi)astId、nonce、timestamp、pageNum。具體分析了一下,lastId:前一頁(yè)最后一個(gè)發(fā)言用戶的tid;pageNum:當(dāng)前頁(yè)碼;timestamp:13位時(shí)間戳;nonce:不知道是什么,但是看他長(zhǎng)了一副加密的臉。至此,目標(biāo)就很清晰了,重點(diǎn)針對(duì)nonce。
js逆向分析
通過(guò)全局搜過(guò),斷點(diǎn)定位,最終將目標(biāo)鎖定在這一行代碼上。
??e.params.nonce?=?Object(u["md5"])(t?+?""?+?parseInt(1e7?*?Math.random(),?10)?+?1,?32)
通過(guò)觀察發(fā)現(xiàn),這一行代碼的最終輸出結(jié)果正是我們今天的目標(biāo)。
分析一下代碼:
“t”:13位的時(shí)間戳
“+ "" +”:為將時(shí)間戳轉(zhuǎn)為字符串
“1e7” :10000000,固定值
“Math.random()”:隨機(jī)數(shù)
“parseInt”:取整
“t + "" +parseInt(1e7 * Math.random(), 10)+ 1”,這里的意思就很明顯了,時(shí)間戳+取整的隨機(jī)數(shù)+1,最終的結(jié)果是一個(gè)21位數(shù)。
繼續(xù)分析Object(u["md5"])和32發(fā)現(xiàn),這里是調(diào)用了u的[md5]方法,將前面的21位字符串和32作為參數(shù),傳給了MD5,網(wǎng)頁(yè)源代碼如下:
???e.md5?=?function(e,?t)?{
????????????????function?n(e,?t)?{
????????????????????return?e?<>>?32?-?t
????????????????}
????????????????function?i(e,?t)?{
????????????????????var?n,?i,?a,?r,?o;
????????????????????return?a?=?2147483648?&?e,
????????????????????r?=?2147483648?&?t,
????????????????????n?=?1073741824?&?e,
????????????????????i?=?1073741824?&?t,
????????????????????o?=?(1073741823?&?e)?+?(1073741823?&?t),
????????????????????n?&?i???2147483648?^?o?^?a?^?r?:?n?|?i???1073741824?&?o???3221225472?^?o?^?a?^?r?:?1073741824?^?o?^?a?^?r?:?o?^?a?^?r
????????????????}
????…………//此處省略
目前為止,思路已經(jīng)很清晰了,這里我們可以通過(guò)Python實(shí)現(xiàn)MD5加密,也可以摳源代碼改寫(xiě)。為了保證百分百不出錯(cuò),這里我選擇了摳代碼。
js代碼改寫(xiě)
首先是源代碼:
??e.md5?=?function(e,?t)?{
????????????????function?n(e,?t)?{
????????????????????return?e?<>>?32?-?t
????????????????}
????????????????function?i(e,?t)?{
????????????????????var?n,?i,?a,?r,?o;
????????????????????return?a?=?2147483648?&?e,
????????????????????r?=?2147483648?&?t,
????????????????????n?=?1073741824?&?e,
????????????????????i?=?1073741824?&?t,
????????????????????o?=?(1073741823?&?e)?+?(1073741823?&?t),
????????????????????n?&?i???2147483648?^?o?^?a?^?r?:?n?|?i???1073741824?&?o???3221225472?^?o?^?a?^?r?:?1073741824?^?o?^?a?^?r?:?o?^?a?^?r
????????????????}
????????????????function?a(e,?t,?a,?r,?o,?s,?l)?{
????????????????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
????????????????????????return?e?&?t?|?~e?&?n
????????????????????}(t,?a,?r),?o),?l)),
????????????????????i(n(e,?s),?t)
????????????????}
????????????????function?r(e,?t,?a,?r,?o,?s,?l)?{
????????????????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
????????????????????????return?e?&?n?|?t?&?~n
????????????????????}(t,?a,?r),?o),?l)),
????????????????????i(n(e,?s),?t)
????????????????}
????????????????function?o(e,?t,?a,?r,?o,?s,?l)?{
????????????????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
????????????????????????return?e?^?t?^?n
????????????????????}(t,?a,?r),?o),?l)),
????????????????????i(n(e,?s),?t)
????????????????}
????????????????function?s(e,?t,?a,?r,?o,?s,?l)?{
????????????????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
????????????????????????return?t?^?(e?|?~n)
????????????????????}(t,?a,?r),?o),?l)),
????????????????????i(n(e,?s),?t)
????????????????}
????????????????function?l(e)?{
????????????????????var?t,?n?=?"",?i?=?"";
????????????????????for?(t?=?0;?t?<=?3;?t++)
????????????????????????n?+=?(i?=?"0"?+?(e?>>>?8?*?t?&?255).toString(16)).substr(i.length?-?2,?2);
????????????????????return?n
????????????????}
????????????????var?c,?u,?p,?m,?d,?h,?f,?v,?y,?g?=?e,?b?=?Array();
????????????????for?(b?=?function(e)?{
????????????????????for?(var?t,?n?=?e.length,?i?=?n?+?8,?a?=?16?*?((i?-?i?%?64)?/?64?+?1),?r?=?Array(a?-?1),?o?=?0,?s?=?0;?s?????????????????????????o?=?s?%?4?*?8,
????????????????????????r[t?=?(s?-?s?%?4)?/?4]?=?r[t]?|?e.charCodeAt(s)?<????????????????????????s++;
????????????????????return?t?=?(s?-?s?%?4)?/?4,
????????????????????o?=?s?%?4?*?8,
????????????????????r[t]?=?r[t]?|?128?<????????????????????r[a?-?2]?=?n?<3,
????????????????????r[a?-?1]?=?n?>>>?29,
????????????????????r
????????????????}(g),
????????????????h?=?1732584193,
????????????????f?=?4023233417,
????????????????v?=?2562383102,
????????????????y?=?271733878,
????????????????c?=?0;?c?16)
????????????????????u?=?h,
????????????????????p?=?f,
????????????????????m?=?v,
????????????????????d?=?y,
????????????????????f?=?s(f?=?s(f?=?s(f?=?s(f?=?o(f?=?o(f?=?o(f?=?o(f?=?r(f?=?r(f?=?r(f?=?r(f?=?a(f?=?a(f?=?a(f?=?a(f,?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?0],?7,?3614090360),?f,?v,?b[c?+?1],?12,?3905402710),?h,?f,?b[c?+?2],?17,?606105819),?y,?h,?b[c?+?3],?22,?3250441966),?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?4],?7,?4118548399),?f,?v,?b[c?+?5],?12,?1200080426),?h,?f,?b[c?+?6],?17,?2821735955),?y,?h,?b[c?+?7],?22,?4249261313),?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?8],?7,?1770035416),?f,?v,?b[c?+?9],?12,?2336552879),?h,?f,?b[c?+?10],?17,?4294925233),?y,?h,?b[c?+?11],?22,?2304563134),?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?12],?7,?1804603682),?f,?v,?b[c?+?13],?12,?4254626195),?h,?f,?b[c?+?14],?17,?2792965006),?y,?h,?b[c?+?15],?22,?1236535329),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?1],?5,?4129170786),?f,?v,?b[c?+?6],?9,?3225465664),?h,?f,?b[c?+?11],?14,?643717713),?y,?h,?b[c?+?0],?20,?3921069994),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?5],?5,?3593408605),?f,?v,?b[c?+?10],?9,?38016083),?h,?f,?b[c?+?15],?14,?3634488961),?y,?h,?b[c?+?4],?20,?3889429448),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?9],?5,?568446438),?f,?v,?b[c?+?14],?9,?3275163606),?h,?f,?b[c?+?3],?14,?4107603335),?y,?h,?b[c?+?8],?20,?1163531501),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?13],?5,?2850285829),?f,?v,?b[c?+?2],?9,?4243563512),?h,?f,?b[c?+?7],?14,?1735328473),?y,?h,?b[c?+?12],?20,?2368359562),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?5],?4,?4294588738),?f,?v,?b[c?+?8],?11,?2272392833),?h,?f,?b[c?+?11],?16,?1839030562),?y,?h,?b[c?+?14],?23,?4259657740),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?1],?4,?2763975236),?f,?v,?b[c?+?4],?11,?1272893353),?h,?f,?b[c?+?7],?16,?4139469664),?y,?h,?b[c?+?10],?23,?3200236656),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?13],?4,?681279174),?f,?v,?b[c?+?0],?11,?3936430074),?h,?f,?b[c?+?3],?16,?3572445317),?y,?h,?b[c?+?6],?23,?76029189),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?9],?4,?3654602809),?f,?v,?b[c?+?12],?11,?3873151461),?h,?f,?b[c?+?15],?16,?530742520),?y,?h,?b[c?+?2],?23,?3299628645),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?0],?6,?4096336452),?f,?v,?b[c?+?7],?10,?1126891415),?h,?f,?b[c?+?14],?15,?2878612391),?y,?h,?b[c?+?5],?21,?4237533241),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?12],?6,?1700485571),?f,?v,?b[c?+?3],?10,?2399980690),?h,?f,?b[c?+?10],?15,?4293915773),?y,?h,?b[c?+?1],?21,?2240044497),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?8],?6,?1873313359),?f,?v,?b[c?+?15],?10,?4264355552),?h,?f,?b[c?+?6],?15,?2734768916),?y,?h,?b[c?+?13],?21,?1309151649),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?4],?6,?4149444226),?f,?v,?b[c?+?11],?10,?3174756917),?h,?f,?b[c?+?2],?15,?718787259),?y,?h,?b[c?+?9],?21,?3951481745),
????????????????????h?=?i(h,?u),
????????????????????f?=?i(f,?p),
????????????????????v?=?i(v,?m),
????????????????????y?=?i(y,?d);
????????????????return?32?==?t???l(h)?+?l(f)?+?l(v)?+?l(y)?:?l(f)?+?l(v)
????????????}
其次是改寫(xiě)后的代碼,這里遵循的是改的越少越好的原則:
???function?MD5?(e,?t)?{
?????function?n(e,?t)?{
?????????return?e?<>>?32?-?t
?????}
?????function?i(e,?t)?{
?????????var?n,?i,?a,?r,?o;
?????????return?a?=?2147483648?&?e,
?????????r?=?2147483648?&?t,
?????????n?=?1073741824?&?e,
?????????i?=?1073741824?&?t,
?????????o?=?(1073741823?&?e)?+?(1073741823?&?t),
?????????n?&?i???2147483648?^?o?^?a?^?r?:?n?|?i???1073741824?&?o???3221225472?^?o?^?a?^?r?:?1073741824?^?o?^?a?^?r?:?o?^?a?^?r
?????}
?????function?a(e,?t,?a,?r,?o,?s,?l)?{
?????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
?????????????return?e?&?t?|?~e?&?n
?????????}(t,?a,?r),?o),?l)),
?????????i(n(e,?s),?t)
?????}
?????function?r(e,?t,?a,?r,?o,?s,?l)?{
?????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
?????????????return?e?&?n?|?t?&?~n
?????????}(t,?a,?r),?o),?l)),
?????????i(n(e,?s),?t)
?????}
?????function?o(e,?t,?a,?r,?o,?s,?l)?{
?????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
?????????????return?e?^?t?^?n
?????????}(t,?a,?r),?o),?l)),
?????????i(n(e,?s),?t)
?????}
?????function?s(e,?t,?a,?r,?o,?s,?l)?{
?????????return?e?=?i(e,?i(i(function(e,?t,?n)?{
?????????????return?t?^?(e?|?~n)
?????????}(t,?a,?r),?o),?l)),
?????????i(n(e,?s),?t)
?????}
?????function?l(e)?{
?????????var?t,?n?=?"",
?????????????i?=?"";
?????????for?(t?=?0;?t?<=?3;?t++)
?????????n?+=?(i?=?"0"?+?(e?>>>?8?*?t?&?255).toString(16)).substr(i.length?-?2,?2);
?????????return?n
?????}
?????var?c,?u,?p,?m,?d,?h,?f,?v,?y,?g?=?e,
?????????b?=?Array();
?????for?(b?=?function(e)?{
?????????for?(var?t,?n?=?e.length,?i?=?n?+?8,?a?=?16?*?((i?-?i?%?64)?/?64?+?1),?r?=?Array(a?-?1),?o?=?0,?s?=?0;?s??????????o?=?s?%?4?*?8,
?????????r[t?=?(s?-?s?%?4)?/?4]?=?r[t]?|?e.charCodeAt(s)?<?????????s++;
?????????return?t?=?(s?-?s?%?4)?/?4,
?????????o?=?s?%?4?*?8,
?????????r[t]?=?r[t]?|?128?<?????????r[a?-?2]?=?n?<3,
?????????r[a?-?1]?=?n?>>>?29,
?????????r
?????}(g),
?????h?=?1732584193,
?????f?=?4023233417,
?????v?=?2562383102,
?????y?=?271733878,
?????c?=?0;?c?16)
?????u?=?h,
?????p?=?f,
?????m?=?v,
?????d?=?y,
?????f?=?s(f?=?s(f?=?s(f?=?s(f?=?o(f?=?o(f?=?o(f?=?o(f?=?r(f?=?r(f?=?r(f?=?r(f?=?a(f?=?a(f?=?a(f?=?a(f,?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?0],?7,?3614090360),?f,?v,?b[c?+?1],?12,?3905402710),?h,?f,?b[c?+?2],?17,?606105819),?y,?h,?b[c?+?3],?22,?3250441966),?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?4],?7,?4118548399),?f,?v,?b[c?+?5],?12,?1200080426),?h,?f,?b[c?+?6],?17,?2821735955),?y,?h,?b[c?+?7],?22,?4249261313),?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?8],?7,?1770035416),?f,?v,?b[c?+?9],?12,?2336552879),?h,?f,?b[c?+?10],?17,?4294925233),?y,?h,?b[c?+?11],?22,?2304563134),?v?=?a(v,?y?=?a(y,?h?=?a(h,?f,?v,?y,?b[c?+?12],?7,?1804603682),?f,?v,?b[c?+?13],?12,?4254626195),?h,?f,?b[c?+?14],?17,?2792965006),?y,?h,?b[c?+?15],?22,?1236535329),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?1],?5,?4129170786),?f,?v,?b[c?+?6],?9,?3225465664),?h,?f,?b[c?+?11],?14,?643717713),?y,?h,?b[c?+?0],?20,?3921069994),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?5],?5,?3593408605),?f,?v,?b[c?+?10],?9,?38016083),?h,?f,?b[c?+?15],?14,?3634488961),?y,?h,?b[c?+?4],?20,?3889429448),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?9],?5,?568446438),?f,?v,?b[c?+?14],?9,?3275163606),?h,?f,?b[c?+?3],?14,?4107603335),?y,?h,?b[c?+?8],?20,?1163531501),?v?=?r(v,?y?=?r(y,?h?=?r(h,?f,?v,?y,?b[c?+?13],?5,?2850285829),?f,?v,?b[c?+?2],?9,?4243563512),?h,?f,?b[c?+?7],?14,?1735328473),?y,?h,?b[c?+?12],?20,?2368359562),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?5],?4,?4294588738),?f,?v,?b[c?+?8],?11,?2272392833),?h,?f,?b[c?+?11],?16,?1839030562),?y,?h,?b[c?+?14],?23,?4259657740),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?1],?4,?2763975236),?f,?v,?b[c?+?4],?11,?1272893353),?h,?f,?b[c?+?7],?16,?4139469664),?y,?h,?b[c?+?10],?23,?3200236656),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?13],?4,?681279174),?f,?v,?b[c?+?0],?11,?3936430074),?h,?f,?b[c?+?3],?16,?3572445317),?y,?h,?b[c?+?6],?23,?76029189),?v?=?o(v,?y?=?o(y,?h?=?o(h,?f,?v,?y,?b[c?+?9],?4,?3654602809),?f,?v,?b[c?+?12],?11,?3873151461),?h,?f,?b[c?+?15],?16,?530742520),?y,?h,?b[c?+?2],?23,?3299628645),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?0],?6,?4096336452),?f,?v,?b[c?+?7],?10,?1126891415),?h,?f,?b[c?+?14],?15,?2878612391),?y,?h,?b[c?+?5],?21,?4237533241),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?12],?6,?1700485571),?f,?v,?b[c?+?3],?10,?2399980690),?h,?f,?b[c?+?10],?15,?4293915773),?y,?h,?b[c?+?1],?21,?2240044497),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?8],?6,?1873313359),?f,?v,?b[c?+?15],?10,?4264355552),?h,?f,?b[c?+?6],?15,?2734768916),?y,?h,?b[c?+?13],?21,?1309151649),?v?=?s(v,?y?=?s(y,?h?=?s(h,?f,?v,?y,?b[c?+?4],?6,?4149444226),?f,?v,?b[c?+?11],?10,?3174756917),?h,?f,?b[c?+?2],?15,?718787259),?y,?h,?b[c?+?9],?21,?3951481745),
?????h?=?i(h,?u),
?????f?=?i(f,?p),
?????v?=?i(v,?m),
?????y?=?i(y,?d);
?????return?32?==?t???l(h)?+?l(f)?+?l(v)?+?l(y)?:?l(f)?+?l(v)
?}
經(jīng)過(guò)測(cè)試,代碼能完美實(shí)現(xiàn)我想要的功能,
然后將代碼保存為.js文件。
Python代碼編寫(xiě)
常規(guī)操作
import?requests
import?random
import?execjs
import?json
import?pandas?as?pd
import?time
url?=?'https://bbs.vivo.com.cn/api/community/forum/threads'
headers?=?{
????'accept':?'application/json,?text/plain,?*/*',
????'content-type':?'application/json;charset=UTF-8',
????'user-agent':?'Mozilla/5.0?(Windows?NT?10.0;?Win64;?x64)?AppleWebKit/537.36?(KHTML,?like?Gecko)?Chrome/95.0.4621.0?Safari/537.36',
????'sec-ch-ua':?'"Chromium";v="21",?"?Not;A?Brand";v="99"',
????'sec-ch-ua-mobile':?'?0',
????'sec-ch-ua-platform':?'"Windows"',
????'origin':?'https://bbs.vivo.com.cn',
????'referer':?'https://bbs.vivo.com.cn/newbbs/forum/9',
????'cookie':?'cookieId=e1c6727a-9b29-1c13-a417-1b74440b9d521639290997482;?KL9d_2132_saltkey=pU2Rr4AV;?KL9d_2132_lastvisit=1639287439;?Hm_lvt_9ef7debb81babe8b94af7f2c274869fd=1639291140,1639713347;?Hm_lvt_a7471116b9007c038d41873ab9121a9e=1639291040,1639713440;?sessionId=b6c66b37-b88e-f74d-fa6b-b7e526d5e5f7'
}
這里雖然導(dǎo)入了好多包,但其實(shí)都是根據(jù)使用需要一個(gè)個(gè)導(dǎo)入的。
Python生成js需要的參數(shù)
def?get_timestamp():
????timestamp?=?int(time.time()?*?1000)??#?獲取13位時(shí)間戳
????return?timestamp
def?get_str_():
????num?=?int(float(str(random.random()?*?10000000)[:10]))??#?獲取隨機(jī)數(shù)
????str_?=?str(get_timestamp())?+?str(num)?+?'1'??#?獲取21位隨機(jī)數(shù)
????return?str_
這里分別生成時(shí)間戳和21位拼接字符串
導(dǎo)入js文件,獲取最重要的參數(shù)nonce
def?get_cxt():
????with?open("1.js")?as?file:??#?打開(kāi)js文件
????????cxt?=?execjs.compile(file.read())??#?導(dǎo)入js文件
????????return?cxt
def?get_nonce():
????nonce?=?get_cxt().call('md5',?get_str_(),?'32')??#?調(diào)用js文件md5函數(shù)加密,獲取nonce
????return?nonce
獲取data 萬(wàn)事具備,下一步生成data,這里我選擇了第一頁(yè)作為測(cè)試。
def?get_data():??#?獲取第一頁(yè)data
????data?=?{
????????'forumId':?"9",
????????'imgSpecs':?["t577x324",?"t577x4096"],
????????'lastId':?"",
????????'nonce':?get_nonce(),
????????'order':?'1',
????????'pageNum':?'1',
????????'pageSize':?'10',
????????'timestamp':?get_timestamp(),
????????'topicId':?""
????}
????return?data
發(fā)起請(qǐng)求,拿到數(shù)據(jù)
def?main():
????res?=?requests.post(url,?headers=headers,?data=json.dumps(get_data())).text??#?請(qǐng)求第一頁(yè)數(shù)據(jù)
????datss?=?json.loads(res)['data']['list']
????data_list?=?[]
????for?data?in?datss:
????????bbsname?=?data['author']['bbsName']
????????name?=?data['forum']['name']
????????summary?=?data['summary']
????????tid?=?data['tid']
????????data_list.append({
????????????'bbsname':?bbsname,
????????????'name':?name,
????????????'summary':?summary,
????????????'tid':?tid
????????})
????return?data_list
if?__name__?==?'__main__':
????df?=?pd.DataFrame(main())
????#?df.index?=?df.index?+?1
????print(df)
????df.to_excel('手機(jī)圈子0.xlsx')
全部代碼展示
import?requests
import?random
import?execjs
import?json
import?pandas?as?pd
import?time
url?=?'https://bbs.vivo.com.cn/api/community/forum/threads'
headers?=?{
????'accept':?'application/json,?text/plain,?*/*',
????'content-type':?'application/json;charset=UTF-8',
????'user-agent':?'Mozilla/5.0?(Windows?NT?10.0;?Win64;?x64)?AppleWebKit/537.36?(KHTML,?like?Gecko)?Chrome/95.0.4621.0?Safari/537.36',
????'sec-ch-ua':?'"Chromium";v="21",?"?Not;A?Brand";v="99"',
????'sec-ch-ua-mobile':?'?0',
????'sec-ch-ua-platform':?'"Windows"',
????'origin':?'https://bbs.vivo.com.cn',
????'referer':?'https://bbs.vivo.com.cn/newbbs/forum/9',
????'cookie':?'cookieId=e1c6727a-9b29-1c13-a417-1b74440b9d521639290997482;?KL9d_2132_saltkey=pU2Rr4AV;?KL9d_2132_lastvisit=1639287439;?Hm_lvt_9ef7debb81babe8b94af7f2c274869fd=1639291140,1639713347;?Hm_lvt_a7471116b9007c038d41873ab9121a9e=1639291040,1639713440;?sessionId=b6c66b37-b88e-f74d-fa6b-b7e526d5e5f7'
}
def?get_timestamp():
????timestamp?=?int(time.time()?*?1000)??#?獲取13位時(shí)間戳
????return?timestamp
def?get_str_():
????num?=?int(float(str(random.random()?*?10000000)[:10]))??#?獲取隨機(jī)數(shù)
????str_?=?str(get_timestamp())?+?str(num)?+?'1'??#?獲取21位隨機(jī)數(shù)
????return?str_
def?get_cxt():
????with?open("1.js")?as?file:??#?打開(kāi)js文件
????????cxt?=?execjs.compile(file.read())??#?導(dǎo)入js文件
????????return?cxt
def?get_nonce():
????nonce?=?get_cxt().call('md5',?get_str_(),?'32')??#?調(diào)用js文件md5函數(shù)加密,獲取nonce
????return?nonce
def?get_data():??#?獲取第一頁(yè)data
????data?=?{
????????'forumId':?"9",
????????'imgSpecs':?["t577x324",?"t577x4096"],
????????'lastId':?"",
????????'nonce':?get_nonce(),
????????'order':?'1',
????????'pageNum':?'1',
????????'pageSize':?'10',
????????'timestamp':?get_timestamp(),
????????'topicId':?""
????}
????return?data
def?main():
????res?=?requests.post(url,?headers=headers,?data=json.dumps(get_data())).text??#?請(qǐng)求第一頁(yè)數(shù)據(jù)
????datss?=?json.loads(res)['data']['list']
????data_list?=?[]
????for?data?in?datss:
????????bbsname?=?data['author']['bbsName']
????????name?=?data['forum']['name']
????????summary?=?data['summary']
????????tid?=?data['tid']
????????data_list.append({
????????????'bbsname':?bbsname,
????????????'name':?name,
????????????'summary':?summary,
????????????'tid':?tid
????????})
????return?data_list
if?__name__?==?'__main__':
????df?=?pd.DataFrame(main())
????#?df.index?=?df.index?+?1
????print(df)
????df.to_excel('手機(jī)圈子0.xlsx')
成果展示
寫(xiě)在最后
1 這是我自己真正意義上第一次單獨(dú)完成的js逆向,過(guò)程也很曲折,至此成功,發(fā)個(gè)文章,紀(jì)念一下,心里不由得WK一聲。 2 特別感謝饅頭哥的幫助,所有代碼完成后,只要請(qǐng)求就報(bào)“客戶端參數(shù)錯(cuò)誤”,被這個(gè)問(wèn)題困擾了很久,后來(lái)還是饅頭哥發(fā)現(xiàn),data的格式不對(duì),需要用json.dumps()將數(shù)據(jù)編碼,在這里再一次感謝。 3 至此雖然js逆向的工作已經(jīng)結(jié)束了,但是這個(gè)網(wǎng)站的data里面還有一個(gè)lastid,要獲取前一頁(yè)最后一位用戶的tid,但也不是什么難事,后續(xù)有時(shí)間再寫(xiě)個(gè)循環(huán)。
評(píng)論
圖片
表情