网站:aHR0cDovL3d3dy5mYW5nZGkuY29tLmNuLw==
先讲讲rs4特征:
1、打开控制台立刻进入无限debugger,混淆代码格式_$xx
会有两次无限debugger,直接在对应位置鼠标右键》Never pause here即可。当然这种方法比较耗资源,也可以提前打上Script断点,注入hook代码过掉无限debugger,代码网上找很多就不贴了。
2、会请求两次html页面,第一次响应码202,(也有412的),并且返回一个cookie值,还有生成加密cookie所需的js代码。如下图:
上面圈出来的就是后面生成cookie所需要的代码以及参数。第二次请求html就会携带上生成的cookie并且返回正确的数据。
3、通过cookie可以确定是rs几代。首先第一次服务器返回的cookie跟本地生成的cookie键名类似,其次生成的cookie值第一个数字就代表了rs的版本
由于rs每次请求页面返回的代码都是动态变化的,所以要分析记得提前做好本地替换。
rs扣代码还是比较麻烦的,本着结果导向的原则,我们选择了补环境的方式来解决问题。首先把第一次html页面返回的js代码部分全部扣出,还有就是html中携带的外链js,如下图:
这个ts的代码文件,也是rs的特征之一
全部扣出后本地执行,肯定会有环境缺失错误,挂上代理(代理代码网上也很多,找不到的话可以d我)。
详细的补环境过程就不说了,反正是缺什么补什么,需要注意的是第一次返回的html中有不少标签内容都是补环境要加上的,下面直接提供我补完的环境,网站源码就不贴了,需要的自己去网站抠
delete __dirname
delete __filename
window = global;
window.top = window;
window.DOMParser = function () {
}
window.addEventListener = function () {
}
document = {
createElement: function (args) {
console.log('createElement传参:', args)
return {
getElementsByTagName: function (args) {
console.log('createElement.getElementsByTagName传参:', args)
return []
}
}
},
getElementsByTagName: function (args) {
console.log('getElementsByTagName传参', args)
if (args == 'meta') {
return [
{},
{
content: "{qqqqqqq!x7z,aac,amr,asm,avi,bak,bat,bmp,bin,c,cab,css,csv,com,cpp,dat,dll,doc,dot,docx,exe,eot,fla,flc,fon,fot,font,gdb,gif,gz,gho,hlp,hpp,htc,ico,ini,inf,ins,iso,js,jar,jpg,jpeg,json,java,lib,log,mid,mp4,mpa,m4a,mp3,mpg,mkv,mod,mov,mim,mpp,msi,mpeg,obj,ocx,ogg,olb,ole,otf,py,pyc,pas,pgm,ppm,pps,ppt,pdf,pptx,png,pic,pli,psd,qif,qtx,ra,rm,ram,rmvb,reg,res,rtf,rar,so,sbl,sfx,swa,swf,svg,sys,tar,taz,tif,tiff,torrent,txt,ttf,vsd,vss,vsw,vxd,woff,woff2,wmv,wma,wav,wps,xbm,xpm,xls,xlsx,xsl,xml,z,zip,apk,plist,ipaqr1r4k162h_.brqmBUU2bQtxAINf_2ojER.SbLlFL3jfXBo_0M|lABJanUBm8J079uUUrgLa2Ok1FeV7P15IxgSP6vge36AzRPR2tbLb3KJ_HnQzMsANrvGSRkl9FPWa8Px7tk2OJCVnJClCQ1Wv81xnh1SCJ63C81z5hUGOh69vQcVzpsArq9l61OYrDCLfscRlJar98PzmElq0ssYErVEPUc78lm97V1flE9EbQneUWme9lKT5x9gYKOmYE2ZBKC73Ru3bWuq.hcT9MK0CWnLjWCzB3CyjlUEKHWsLqcaAJrGgEcqWqqqqqqq}!wKYxkr7KqrJYoqaRlmwUqSaElAGMsmVDlVTUhPLwDSZFmpljt2pYDpAYllpUHPSiouABWPaDDGSWukPaoQGkaA67x79sjlUGk4ZuaOHZkdlW5svDkILzufP5kQgbZVsgmBrDdkhkEw9BSaMtoJQJurPXiFaJ5nh6HNAH_PsLA8l__O1oYwqVnakJ1E70SlkdEQZvgADMHNG8SPoqiZ7D6k6uYg7qVVfxOxKqv3PmfxCAbR1rPr0t1074790432YJcI49taZZf3wp2a5vTxUI 0wR7HvJ6IsUC410DntKRngA;QyqA82EGtIB6ePNEeYo9NG;iEm6gdSTTpYiqU10OlvsnG;yMG8gk5okQ97gP4eb.IadA;T8F36FaS9AtR4sXBkRr0iG;RTlM3IYjAzboXbIiNSIFRA;t7_svh3Kc3.VU9jOjAJgdq;.8D9Zx78FrKF.Zn4xbfmIG;IMhCM7gXESIqShs5TNMo9A;pvBPF7OtrK6trS5vZYizwa;9qxqLXuEeDQeAlNfAL_l.A;VNeyFcNDtQZhV2sfCxyHqA;kT4JL2WRSOhvUIEcOjSrva;LpFhLGWYI8eFx_X999MLEq;NqssQaVItFB0TevtNxJrkG;AI3RN3R7lP0BBnYsoCO5KG;xrYRhwM6FYW7zCsPL.iecq;0kOXzZzt1eXLrlPo.QQ4xG;ApKNqLIRoybF5rIxSnabBG;hfgZrtz_KscdFC6a3f1wKA;m266491Y1m_1kzDWmz4scmEiA|gp_Rudn.UQNyddq5sEyWTvP44oZ90uA5ExXgtTn4klLACu68DE5ZpOasaxJGknAv8kZG94PdnhRrdfUKXERWEeAnTWgQtBf_Hh.0BGbbJFRZ0g6FQwNVGyGtIJE7BGAXRqiWLNPtpWxlxLqujmt9sv6UXxNEuyOcxQtahf65RE4wT0aUsrtGn01BRmEZjLnc5Qt936u5lh_9zjcD6kLEJbAK9hLp0fSCvJMQqjqK7mNJN9pshmW02wGz1qY7DWfl6WOVMwcm5tv9SQ12_kb0PIaeORbLc11pmDb7oqqqqqqqq.DtxNuOgNQfoatE_P9C.tynQGsQFg66HJ4N1VW8Xiu6Er0l4096hXU1Mt2VKQAz|[lWpNZ6tUQN3.BP8jAjzGZUDmtIeRbcXkI3NvvYsjQ5JMyb1kEtEbP1X0ERW2.KIjR5THyTbg34xyyobm3gTyCYsFAhx9L2uwp3q292Cptg2NOm.UKjmNNVjkpywxbCcb84xO7KsWUxfpuoXhQRJCvC8V8RN_2D8Mt42cVTJkKDgGYvR5Q07b1cLuADNoIYriQCYwK2fXt9wV8oTO8oybtUEeYCSMMT3OEYldIowZEcabhOeC3PRTWmwvKTNKmcm9H0w6A1qsxfWdsKEs86gPl6ppQ6zrUnLF3CYUY1wMU6g9qKlHp9TlV1pJRUSZVcLc80qKS62GMF32mwzed96.5EQz1Aqqqqqqqqql3650hZxoj3b_H5Ikr0qDdfe167khTllmT3g",
parentNode:{
removeChild:function(){}
}
}
]
};
if (args == "script"){
return [
{
getAttribute:function(args){
}
},
{
getAttribute:function(args){
if (args == 'r'){
return 'm'
}
},
parentElement: {
removeChild: function () {
console.log('document的getElementsByTagName的removeChild接受的参数:', args)
}
}
}
]
}
},
addEventListener:function (){
},
charset:'UTF-8'
}
window.localStorage = {
"FSSBB3": "478904:5Kml7RYL79Be0QU9HVBllG",
"FSSBB21": "478904:ILOV3E4rNEXNLI2pc_7Ziq",
"$_fh0": "ME8CVTpv2TBOiYLWNZts6ucTlM0",
"FSSBB92": "478904:1",
"$_fb": "i7x2ihV0GV0YRrWTlWux3YUNdRtGqkRk1AzXVjLFSEzWsWYQos7AgoD6xo7AoG43",
"FSSBB17": "478904:LUDV_JcV9BV8vB8w5oohfG",
"$_YWTU": "BTWC1mo2TwCDo.ZVtQR
qk_azmqE6PykNZvaaaTk5Q1q",
"$_f1": "Dw3Au.0k5f2nKwZPxHMUiHhe47Q",
"$_f0": "mopFNz_SuIZske4DaKdaohmDAm7",
"__#classType": "localStorage",
"$_nd": "19496",
"FSSBB2": "478904:mvCiCo950utmY0SDwMv3ha",
"FSSBB18": "478904:WCaXmJIhM_ptB9k4GtGgDa",
"$_cDro": "0",
"$_ck": "g5oQEMKZDWENZvnG1W0G2a"
}
window.name = ''
window.sessionStorage ={
"$_cDro": "0",
"$_YWTU": "BTWC1mo2TwCDo.ZVtQRqk_azmqE6PykNZvaaaTk5Q1q"
}
location = {
location内容暴露原网址就不贴了,大家自行去网站提吧
}
setTimeout = function (){}
setInterval = function (){}
要补的环境不多,代码也是全抠,由于我们需要的是生成的cookie,cookie最后一定会赋值给document,所以我们连导出都不需要,直接在最后调用console.log(document.cookie)就可以了。
需要注意出来的cookie会比网站上生成的短,原因是有环境缺失,但是不影响拿数据,就不纠结了,感兴趣的可以自行去研究
水完了,收工~
个人逆向公众号,感兴趣的朋友可以关注下,不定期更新大厂逆向干货!!!wx搜索:当爬虫遇到逆向