参考文章:
Python和js实现逆向之加密参数破解_js btoa python_biyezuopinvip的博客-CSDN博客
JS逆向——借助playwright实现逆向_lishuangbo0123的博客-CSDN博客
简单方便的 JavaScript 逆向辅助模拟方法_token
自己整理的代码
from playwright.sync_api import sync_playwright
import time
import requests
def get_token1(offset):
result = page.evaluate('''()=>{
return window.encrypt("%s","%s")
}''' % ( '/api/movie', offset))
#print(result)
return result
def get_token(params):
result = page.evaluate(
'()=>{return window.encrypt("%s")}' % params)
print(result)
return result
BASE_URL = 'https://spa6.scrape.center'
INDEX_URL = BASE_URL + '/api/movie?limit={limit}&offset={offset}&token={token}'
MAX_PAGE = 2
LIMIT = 10
browser = sync_playwright().start().chromium.launch()
page = browser.new_page()
page.route('**/js/chunk-19c920f8.c3a1129d.js', lambda route: route.fulfill(path='./chunk.js'))
#print(BASE_URL)
page.goto(BASE_URL)
#page.wait_for_load_state('networkidle')
print(page.title())
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36',
'Connection':'keep-alive',
#'sec-ch-ua':'"Chromium";v="21", " Not;A Brand";v="99"',
'Accept':'application/json, text/plain, */*',
'sec-ch-ua-mobile':'?0',
#'sec-ch-ua-platform':'"Windows"',
'Sec-Fetch-Site':'same-origin',
'Sec-Fetch-Mode':'cors',
'Sec-Fetch-Dest':'empty',
'Referer':'https://spa6.scrape.center/',
'Host':'spa6.scrape.center',
'Accept-Language':'zh-CN,zh;q=0.9'
}
for i in range(MAX_PAGE):
offset = i * LIMIT
token = get_token(offset)
index_url = INDEX_URL.format(limit=LIMIT, offset=offset, token=token)
print(index_url)
#response = requests.get(index_url)
response = requests.get(index_url, headers=headers)
print( 'response', response.json)
#print(response)
结果
然并卵,虽然解密了,但是还是不行。似乎还是要什么401认证。试了2个文章中的
get_token1(),get_token(),都不行。