注意!!!!某XX网站逆向实例仅作为学习案例,禁止其他个人以及团体做谋利用途!!!
第一步:抓包工具第一次请求页面,得到响应。本次我使用的fiddle进行抓包,可以直接请求得到响应,响应内容一样。发现响应内容是不可直接用的内容,但是有明确的cookie关键词,同时响应里的headers得到了set-cookie的值
第二步:抓包工具第二次请求。将第一次请求拿到的cookie放在请求headers 里再次请求,同时将步骤一里响应内容进行解析。也就是图里的cookie的两个值。(看不懂的等下看代码吧)
第三步:抓包工具第三次请求。可以看到得到了正确的页面响应内容,同时cookie值也和前两次的不一样
第四步:这里将是一段描述梳理一下每次请求的作用
第一次请求:响应内容为混淆后的cookie值,该cookie作用为第二次请求的必要条件;
第二次请求:响应内容为混淆后的cookie值,该cookie作用为最终请求的必要条件;
最终请求:响应内容为我们看到的页面内容。
第五步:解析第一次请求的响应内容。通过正则表达式 将cookie内容取出,利用eval() 函数直接在本地或者浏览器的console 就可以直接解析。
第步六:注意啦!!!!这步开始容易猪猪迷惑了。分析并解析第二次请求的响应内容。根据观察响应内容为ob 混淆加密建议找个工具或者用什么方法进行解密。(可以参考JS逆向 | ob混淆一键还原工具_js反混淆还原工具_丁仔.的博客-CSDN博客和GitHub - DingZaiHub/ob-decrypt: ob混淆还原工具,欢迎star!亲测用着还可以).这里可以使用hook方式进行解析,在浏览器中按照图所示进行操作
第七步:将一大坨响应内容进行ob混淆解密操作,没有工具这部可以忽略。为方便分析,我将第二次响应内容存在本地.html 文件。将ob混淆代码另存在.js 文件,使用工具进行解密,成功后把解密后的js代码替换本地.html中的js 内容。
第八步:在 .html 中补充 debugger 关键词,同时将.html 文件复制到第六步新建的文件夹中 。此时浏览器上会自动识别,按图勾选即可。由于我们分析解析目的是为了找cookie,因此和cookie有关的就是document ,所以在替换文件里 搜索 document ,找到后打上断点。
第九步:清除浏览器上的cookie重新请求,注意清除cookie后会首先断在debugger处,接着按下F8(蓝色的按钮,执行下一个断点)就可以。执行到document['cookie'] 处可以看到已经被赋值,直接看一下被哪些所赋值,可以看到标红处就是我们需要的cooke
第十一步:找cookie出处。
第十二步:cookie生成包含两个参数,均是从同一个对象中获取的,将该对象进行全局所有找到其出处
最后代码展示
# 注意啦!!!!!!!由于go方法传的参数不是固定值且 “ha”加密方式也不一样。因此代码里才有显示三种方式,目前我只遇到三种。后面有的话在补充。
import json
import re
import execjs
import requests
s = requests.session()
url = 'https://XXXXX.gov.cn/#/Integrated/index'
headers = {'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36'}
# 第一次请求
res = s.get(url=url, headers=headers, verify=False)
print(res.text)
n_cookies = requests.utils.dict_from_cookiejar(s.cookies)
res.encoding='utf-8'
jsl = ''.join(re.findall(r'document\.cookie=(.*?);location', res.text))
cookie = execjs.eval(jsl)
n_k = cookie.split(';')[0].split('=')[0]
n_v = cookie.split(';')[0].split('=')[1]
n_cookies.update({n_k:n_v})
coock = ''
for k, v in n_cookies.items():
coock += k+'='+v+';'
headers['Cookie'] = coock.strip(';')
# 第二次请求
res = s.get(url=url, headers=headers, verify=False)
res.encoding='utf-8'
with open('./域名.html', 'w', encoding='utf-8')as f:
f.write(res.text)
f.close()
go_data = json.loads(''.join(re.findall(r';go\((.*)\)', res.text)))
ha = go_data.get('ha','')
if ha == 'md5':
file = '域名_md5.js'
elif ha == 'sha1':
file = '域名_sha1.js'
elif ha == 'sha256':
file = '域名_sha256.js'
else:
file = '域名'
print(res.text)
with open('./{}'.format(file), 'r', encoding='utf-8')as f:
infos = ''.join(f.readlines())
f.close()
ctx = execjs.compile(infos)
cookie = ctx.call("go",go_data)
# 第三次请求
headers['Cookie'] = headers['Cookie'].split(';')[0]+';__jsl_clearance_s='+cookie
url = 'https://XXXXX.gov.cn/'
res = requests.get(url=url, headers=headers)
res.encoding='utf-8'
print(res.text)
附件:生成cookie的js ----- sha1(直接在本地执行即可)
// sha1
function hash(_0x3e501b) {
var _0x1fb4f5 = {};
_0x1fb4f5['vcJIZ'] = function (_0x5e23c5, _0x29f030) {
return _0x5e23c5 ^ _0x29f030;
};
_0x1fb4f5['nnILZ'] = function (_0x589c24, _0x27233f) {
return _0x589c24 + _0x27233f;
};
_0x1fb4f5['tTwDl'] = function (_0x3cfed1, _0x22a05a) {
return _0x3cfed1 & _0x22a05a;
};
_0x1fb4f5['MfRVd'] = function (_0x3fc96c, _0x32c2a5) {
return _0x3fc96c >= _0x32c2a5;
};
_0x1fb4f5['fDweB'] = function (_0x808b4c, _0x45d31f) {
return _0x808b4c * _0x45d31f;
};
_0x1fb4f5['tUtAf'] = function (_0x2b4b54, _0x47bf25) {
return _0x2b4b54 >> _0x47bf25;
};
_0x1fb4f5['GlcUf'] = function (_0x56ff28, _0x51f0d9) {
return _0x56ff28 << _0x51f0d9;
};
_0x1fb4f5['Egxmp'] = function (_0x17e4a7, _0x154189) {
return _0x17e4a7 - _0x154189;
};
_0x1fb4f5['WtxKA'] = function (_0x13f1da, _0xcedb20) {
return _0x13f1da * _0xcedb20;
};
_0x1fb4f5['AUjcG'] = function (_0x56ede6, _0xce5419) {
return _0x56ede6 << _0xce5419;
};
_0x1fb4f5['aImhj'] = function (_0x15103f, _0x4d991e) {
return _0x15103f * _0x4d991e;
};
_0x1fb4f5['LZbSM'] = function (_0xbc81cb, _0x673e4) {
return _0xbc81cb - _0x673e4;
};
_0x1fb4f5['PCjCU'] = function (_0x30f142, _0x3add8c) {
return _0x30f142 < _0x3add8c;
};
_0x1fb4f5['uQyRR'] = function (_0x1bb4b9, _0xbd0d67) {
return _0x1bb4b9 | _0xbd0d67;
};
_0x1fb4f5['rBwUP'] = function (_0x50526a, _0x1b9c16) {
return _0x50526a & _0x1b9c16;
};
_0x1fb4f5['CVCuK'] = function (_0x1474de, _0x5433e8) {
return _0x1474de ^ _0x5433e8;
};
_0x1fb4f5['hMtHv'] = function (_0x144411, _0x566ba2) {
return _0x144411 < _0x566ba2;
};
_0x1fb4f5['OjxgU'] = function (_0x32770d, _0x584a87) {
return _0x32770d + _0x584a87;
};
_0x1fb4f5['kxupd'] = function (_0x5a63ba, _0x1a75ca, _0x11cb71) {
return _0x5a63ba(_0x1a75ca, _0x11cb71);
};
_0x1fb4f5['QZBIa'] = function (_0x36d06d, _0x573dc0) {
return _0x36d06d - _0x573dc0;
};
_0x1fb4f5['ahQNH'] = function (_0x521c6a, _0x44faed, _0x975942) {
return _0x521c6a(_0x44faed, _0x975942);
};
_0x1fb4f5['gZCtm'] = function (_0x3ecc1d, _0x683115, _0x26b6fb, _0x30262f, _0x3a4a9e) {
return _0x3ecc1d(_0x683115, _0x26b6fb, _0x30262f, _0x3a4a9e);
};
_0x1fb4f5['rXdRR'] = function (_0xd234a, _0x90bdc3, _0x433aa7) {
return _0xd234a(_0x90bdc3, _0x433aa7);
};
_0x1fb4f5['QTmzZ'] = function (_0x187211, _0x490abd) {
return _0x187211(_0x490abd);
};
_0x1fb4f5['RnoGt'] = function (_0x2e7670, _0x3f1cd3) {
return _0x2e7670(_0x3f1cd3);
};
var _0x43e73a = _0x1fb4f5;
function _0x2b41b9(_0x533e58, _0x74964d) {
return _0x43e73a['vcJIZ'](_0x43e73a['nnILZ'](_0x43e73a['tTwDl'](_0x533e58, 0x7fffffff), _0x43e73a['tTwDl'](_0x74964d, 0x7fffffff)), _0x43e73a['tTwDl'](_0x533e58, 0x80000000)) ^ _0x74964d & 0x80000000;
}
function _0x537251(_0x4c333c) {
var _0x52058c = '0123456789abcdef';
var _0x4661a5 = '';
for (var _0x3c067f = 0x7; _0x43e73a['MfRVd'](_0x3c067f, 0x0); _0x3c067f--) {
_0x4661a5 += _0x52058c['charAt'](_0x43e73a['tTwDl'](_0x4c333c >> _0x43e73a['fDweB'](_0x3c067f, 0x4), 0xf));
}
return _0x4661a5;
}
function _0xb227e2(_0x55acf7) {
var _0x59cbf2 = (_0x43e73a['nnILZ'](_0x55acf7['length'], 0x8) >> 0x6) + 0x1,
_0x1cf031 = new Array(_0x43e73a['fDweB'](_0x59cbf2, 0x10));
for (var _0x30e700 = 0x0; _0x30e700 < _0x59cbf2 * 0x10; _0x30e700++) {
_0x1cf031[_0x30e700] = 0x0;
}
for (_0x30e700 = 0x0; _0x30e700 < _0x55acf7['length']; _0x30e700++) {
_0x1cf031[_0x43e73a['tUtAf'](_0x30e700, 0x2)] |= _0x43e73a['GlcUf'](_0x55acf7['charCodeAt'](_0x30e700), _0x43e73a['Egxmp'](0x18, _0x43e73a['WtxKA'](_0x30e700 & 0x3, 0x8)));
}
_0x1cf031[_0x43e73a['tUtAf'](_0x30e700, 0x2)] |= _0x43e73a['AUjcG'](0x80, 0x18 - _0x43e73a['aImhj'](_0x30e700 & 0x3, 0x8));
_0x1cf031[_0x43e73a['LZbSM'](_0x59cbf2 * 0x10, 0x1)] = _0x43e73a['aImhj'](_0x55acf7['length'], 0x8);
return _0x1cf031;
}
function _0x3a304e(_0x5a8556, _0x130fdf) {
return _0x5a8556 << _0x130fdf | _0x5a8556 >>> 0x20 - _0x130fdf;
}
function _0x520671(_0x2d8c1c, _0x40483b, _0x15ba0f, _0x38aa47) {
if (_0x2d8c1c < 0x14) return _0x40483b & _0x15ba0f | _0x43e73a['tTwDl'](~_0x40483b, _0x38aa47);
if (_0x43e73a['PCjCU'](_0x2d8c1c, 0x28)) return _0x43e73a['vcJIZ'](_0x40483b ^ _0x15ba0f, _0x38aa47);
if (_0x2d8c1c < 0x3c) return _0x43e73a['uQyRR'](_0x40483b & _0x15ba0f, _0x40483b & _0x38aa47) | _0x43e73a['rBwUP'](_0x15ba0f, _0x38aa47);
return _0x43e73a['CVCuK'](_0x40483b, _0x15ba0f) ^ _0x38aa47;
}
function _0x29ed(_0x3d4ecb) {
return _0x3d4ecb < 0x14 ? 0x5a827999 : _0x3d4ecb < 0x28 ? 0x6ed9eba1 : _0x3d4ecb < 0x3c ? -0x70e44324 : -0x359d3e2a;
}
var _0x35db9f = _0xb227e2(_0x3e501b);
var _0xa676a2 = new Array(0x50);
var _0x1fe9ed = 0x67452301;
var _0x30040d = -0x10325477;
var _0x15967b = -0x67452302;
var _0x184d43 = 0x10325476;
var _0x441ea8 = -0x3c2d1e10;
for (var _0x2527e = 0x0; _0x43e73a['hMtHv'](_0x2527e, _0x35db9f['length']); _0x2527e += 0x10) {
var _0x242d65 = _0x1fe9ed;
var _0x111547 = _0x30040d;
var _0x570546 = _0x15967b;
var _0x36025e = _0x184d43;
var _0x56cb39 = _0x441ea8;
for (var _0x56c656 = 0x0; _0x56c656 < 0x50; _0x56c656++) {
if (_0x56c656 < 0x10) {
_0xa676a2[_0x56c656] = _0x35db9f[_0x43e73a['OjxgU'](_0x2527e, _0x56c656)];
} else {
_0xa676a2[_0x56c656] = _0x43e73a['kxupd'](_0x3a304e, _0x43e73a['CVCuK'](_0xa676a2[_0x43e73a['LZbSM'](_0x56c656, 0x3)] ^ _0xa676a2[_0x43e73a['LZbSM'](_0x56c656, 0x8)], _0xa676a2[_0x56c656 - 0xe]) ^ _0xa676a2[_0x43e73a['QZBIa'](_0x56c656, 0x10)], 0x1);
}
t = _0x43e73a['ahQNH'](_0x2b41b9, _0x2b41b9(_0x43e73a['ahQNH'](_0x3a304e, _0x1fe9ed, 0x5), _0x43e73a['gZCtm'](_0x520671, _0x56c656, _0x30040d, _0x15967b, _0x184d43)), _0x2b41b9(_0x43e73a['rXdRR'](_0x2b41b9, _0x441ea8, _0xa676a2[_0x56c656]), _0x29ed(_0x56c656)));
_0x441ea8 = _0x184d43;
_0x184d43 = _0x15967b;
_0x15967b = _0x3a304e(_0x30040d, 0x1e);
_0x30040d = _0x1fe9ed;
_0x1fe9ed = t;
}
_0x1fe9ed = _0x2b41b9(_0x1fe9ed, _0x242d65);
_0x30040d = _0x43e73a['rXdRR'](_0x2b41b9, _0x30040d, _0x111547);
_0x15967b = _0x2b41b9(_0x15967b, _0x570546);
_0x184d43 = _0x2b41b9(_0x184d43, _0x36025e);
_0x441ea8 = _0x43e73a['rXdRR'](_0x2b41b9, _0x441ea8, _0x56cb39);
}
return _0x43e73a['OjxgU'](_0x43e73a['OjxgU'](_0x43e73a['OjxgU'](_0x43e73a['QTmzZ'](_0x537251, _0x1fe9ed) + _0x43e73a['RnoGt'](_0x537251, _0x30040d), _0x43e73a['RnoGt'](_0x537251, _0x15967b)), _0x537251(_0x184d43)), _0x43e73a['RnoGt'](_0x537251, _0x441ea8));
}
function go(_0x268948) {
var _0x225662 = {};
_0x225662['yYDkD'] = function (_0x5126f0, _0x3b3575) {
return _0x5126f0 < _0x3b3575;
};
_0x225662['kvFwD'] = function (_0x16a4ff, _0x530f7e) {
return _0x16a4ff != _0x530f7e;
};
_0x225662['frrXH'] = function (_0x32c21a, _0x14e517) {
return _0x32c21a < _0x14e517;
};
_0x225662['SpsfD'] = function (_0x3e7e11, _0x1d6dba) {
return _0x3e7e11 == _0x1d6dba;
};
_0x225662['CoTAd'] = function (_0x31c498, _0x2b21b3) {
return _0x31c498(_0x2b21b3);
};
_0x225662['qvRxI'] = function (_0x489d0c, _0x2103a3) {
return _0x489d0c + _0x2103a3;
};
_0x225662['XOBkW'] = function (_0xd7f68f, _0x449d27) {
return _0xd7f68f + _0x449d27;
};
_0x225662['jjOHZ'] = function (_0x362da3) {
return _0x362da3();
};
_0x225662['KtJNL'] = function (_0x5a35c5, _0x102625, _0x42b3f4) {
return _0x5a35c5(_0x102625, _0x42b3f4);
};
_0x225662['sRcCE'] = function (_0x45e436, _0x1a4b8a) {
return _0x45e436 > _0x1a4b8a;
};
_0x225662['fjvps'] = function (_0xcd3d09, _0x797f52) {
return _0xcd3d09 - _0x797f52;
};
_0x225662['RFwHe'] = '请求验证失败';
var _0x55796d = _0x225662;
function _0x21c0a0() {
var _0x8c81c5 = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36',
_0x4f9c34 = ['Phantom'];
for (var _0x663d22 = 0x0; _0x55796d['yYDkD'](_0x663d22, _0x4f9c34['length']); _0x663d22++) {
if (_0x55796d['kvFwD'](_0x8c81c5['indexOf'](_0x4f9c34[_0x663d22]), -0x1)) {
return !![];
}
}
if (undefined) {
return !![];
}
};
if (_0x55796d['jjOHZ'](_0x21c0a0)) {
return;
}
var _0x5eb57d = new Date();
function _0x6c8612(_0x46fd88, _0xdc1245) {
var _0x3fca5a = _0x268948['chars']['length'];
for (var _0x35b219 = 0x0; _0x55796d['frrXH'](_0x35b219, _0x3fca5a); _0x35b219++) {
for (var _0x252718 = 0x0; _0x252718 < _0x3fca5a; _0x252718++) {
var _0x236c3d = _0xdc1245[0x0] + _0x268948['chars']['substr'](_0x35b219, 0x1) + _0x268948['chars']['substr'](_0x252718, 0x1) + _0xdc1245[0x1];
if (_0x55796d['SpsfD'](_0x55796d['CoTAd'](hash, _0x236c3d), _0x46fd88)) {
return [_0x236c3d, new Date() - _0x5eb57d];
}
}
}
};
var _0x375f7d = _0x55796d['KtJNL'](_0x6c8612, _0x268948['ct'], _0x268948['bts']);
return _0x375f7d[0]
};
cookie = go({
"bts": ["1690516426.653|0|rRT", "DKS8EVDzKevNzhePIdloyU%3D"],
"chars": "pycPPMayT9bXKYdZdnURpd",
"ct": "1073cc6066c93a07c810a5451165a7654310858a",
"ha": "sha1",
"tn": "__jsl_clearance_s",
"vt": "3600",
"wt": "1500"
})
console.log(cookie)