JS逆向尝试(一)
数据加密
-
html实体编码(动态静态)/ Unicode编码
-
数据接口加密 (密文数据)—— 浏览器做解密
-
静态 or 动态 数据渲染接口
JS混淆(工具网站:https://www.sojson.com/)
PyExecJS
是一个在 Python 中使用外部 JavaScript 运行时(如 Node.js、PhantomJS 等)执行 JavaScript 代码的库。这意味着它依赖于已安装的 JavaScript 引擎。
pip install PyExecJS #安装PyExecJS
import execjs
# 选择一个执行器:可以通过 execjs.get() 方法来选择一个 JavaScript 执行器。例如,选择 Node.js 执行器:
node = execjs.get('Node')
# example 1:
result = node.eval('1 + 2')
print(result)
# example 2:
script = '''
function add(a, b) {
return a + b;
}
'''
# 或者打开文件read
compiled = node.compile(script)
result = compiled.call('add', 2, 3)
print(result) # 输出: 5
js2py
s2py 是一个将 JavaScript 代码转换为 Python 代码的库。这意味着它不需要额外的 JavaScript 运行时环境,因为它会将 JavaScript 代码转化为等效的 Python 代码并执行。这使得它的安装和使用相对简单,而且跨平台性较好。
- 不支持所有的 JavaScript 特性,可能会在执行某些复杂的 JavaScript 代码时遇到问题。
- 由于需要先将 JavaScript 转换为 Python,执行速度可能会受到影响。
pip install js2py #安装 js2py 模块
import js2py
# example 1
result = js2py.eval_js('1 + 2')
print(result) # 输出: 3
# example 2
# 我们将 JavaScript 代码保存在 js_code 变量中,并创建一个 EvalJs 对象 (context)。然后,我们使用 execute() 方法执行 JavaScript 代码,并在 Python 中调用 JavaScript 函数 add()。
js_code = '''
function add(a, b) {
return a + b;
}
'''
context = js2py.EvalJs()
context.execute(js_code)
result = context.add(2, 3)
print(result) # 输出: 5
# example 3
# 上述代码中,我们在 Python 中定义了一个变量 name 并设置其值为 'Alice',然后将其传递给 JavaScript 代码中的 greet() 函数,并在 Python 中调用该函数。
context = js2py.EvalJs()
context.set('name', 'Alice')
js_code = '''
function greet() {
return 'Hello, ' + name + '!';
}
'''
context.execute(js_code)
result = context.greet()
print(result) # 输出: Hello, Alice!
!!! JSON.parse()!!! !!! DES.decrypt() !!! !!!AES.decrypt!!!
前端接受后端的渲染数据(json.parse(解密 or 函数))
encrpt_data(加密)
!函数不能是内置方法
example1(https://www.xiniudata.com/industry/newest?from=data)
/**********************************JS代码****************************************/
/*//解决TextEncoder is not defined
const textencoding = require('text-encoding');
TextEncoder = textencoding.TextEncoder;
TextDecoder = textencoding.TextDecoder;
//解决浏览器环境问题
const jsdom = require("jsdom");
const {JSDOM} = jsdom;
const dom = new JSDOM('<!DOCTYPE html><p>Hello world</p>');
window = dom.window;
document = window.document;
XMLHttpRequest = window.XMLHttpRequest;*/
function d1(t) {
var _keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
var e, r, n, o, i, a, c = "", u = 0;
for (t = t.replace(/[^A-Za-z0-9\+\/\=]/g, ""); u < t.length; )
e = _keyStr.indexOf(t.charAt(u++)) << 2 | (o = _keyStr.indexOf(t.charAt(u++))) >> 4,
r = (15 & o) << 4 | (i = _keyStr.indexOf(t.charAt(u++))) >> 2,
n = (3 & i) << 6 | (a = _keyStr.indexOf(t.charAt(u++))),
c += String.fromCharCode(e),
64 != i && (c += String.fromCharCode(r)),
64 != a && (c += String.fromCharCode(n));
return c
}
function _u_d(t) {
for (var e = "", r = 0, n = 0, o = 0, i = 0; r < t.length; )
(n = t.charCodeAt(r)) < 128 ? (e += String.fromCharCode(n),
r++) : n > 191 && n < 224 ? (o = t.charCodeAt(r + 1),
e += String.fromCharCode((31 & n) << 6 | 63 & o),
r += 2) : (o = t.charCodeAt(r + 1),
i = t.charCodeAt(r + 2),
e += String.fromCharCode((15 & n) << 12 | (63 & o) << 6 | 63 & i),
r += 3);
return e
}
function d2(t) {
var _p = 'W5D80NFZHAYB8EUI2T649RT2MNRMVE2O'
for (var e = "", r = 0; r < t.length; r++) {
var n = _p.charCodeAt(r % _p.length);
e += String.fromCharCode(t.charCodeAt(r) ^ n)
}
return e = _u_d(e)
}
function start(l) {
var d = d1(l)
, y = d2(d)
, v = JSON.parse(y);
return v;
}
'''********************************python脚本************************************'''
import requests
import json
"""
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding='utf-8')
这三句要加不然会报错,详情参考:https://www.cnblogs.com/yusilu-2653144/p/16626661.html
"""
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding='utf-8')
import execjs
cookies = {
'btoken': 'HPN99G59B65KPOHUMDYSZEVO5AXE1E20',
'hy_data_2020_id': '1893578df18b2e-0b74e2a5c10e0b-26031d51-1328640-1893578df191a83',
'hy_data_2020_js_sdk': '%7B%22distinct_id%22%3A%221893578df18b2e-0b74e2a5c10e0b-26031d51-1328640-1893578df191a83%22%2C%22site_id%22%3A211%2C%22user_company%22%3A105%2C%22props%22%3A%7B%7D%2C%22device_id%22%3A%221893578df18b2e-0b74e2a5c10e0b-26031d51-1328640-1893578df191a83%22%7D',
'Hm_lvt_42317524c1662a500d12d3784dbea0f8': '1688819261,1688819438,1688819462,1688835696',
'Hm_lpvt_42317524c1662a500d12d3784dbea0f8': '1688839049',
}
headers = {
'authority': 'www.xiniudata.com',
'accept': 'application/json',
'accept-language': 'zh-CN,zh;q=0.9',
'cache-control': 'no-cache',
'content-type': 'application/json',
# 'cookie': 'btoken=HPN99G59B65KPOHUMDYSZEVO5AXE1E20; hy_data_2020_id=1893578df18b2e-0b74e2a5c10e0b-26031d51-1328640-1893578df191a83; hy_data_2020_js_sdk=%7B%22distinct_id%22%3A%221893578df18b2e-0b74e2a5c10e0b-26031d51-1328640-1893578df191a83%22%2C%22site_id%22%3A211%2C%22user_company%22%3A105%2C%22props%22%3A%7B%7D%2C%22device_id%22%3A%221893578df18b2e-0b74e2a5c10e0b-26031d51-1328640-1893578df191a83%22%7D; Hm_lvt_42317524c1662a500d12d3784dbea0f8=1688819261,1688819438,1688819462,1688835696; Hm_lpvt_42317524c1662a500d12d3784dbea0f8=1688839049',
'origin': 'https://www.xiniudata.com',
'pragma': 'no-cache',
'referer': 'https://www.xiniudata.com/industry/newest?from=data',
'sec-ch-ua': '"Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-origin',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36',
}
json_data = {
'payload': 'LBc3V0I6ZGB5bXsxTCQnPRBuBwQJfnZeJCM7OXR/AH8q',
'sig': 'C1143E2BFE9D998FFC875F4BADF239D6',
'v': 1,
}
response = requests.post(
'https://www.xiniudata.com/api2/service/x_service/person_industry_list/list_industries_by_sort',
cookies=cookies,
headers=headers,
json=json_data,
)
data = json.loads(response.text)
data = data["d"]
# print(data)
runtime = execjs.get()
# script = """
# function d1(t) {
# var _keyStr = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='
# var e, r, n, o, i, a, c = "", u = 0;
# for (t = t.replace(/[^A-Za-z0-9\+\/\=]/g, ""); u < t.length; )
# e = _keyStr.indexOf(t.charAt(u++)) << 2 | (o = _keyStr.indexOf(t.charAt(u++))) >> 4,
# r = (15 & o) << 4 | (i = _keyStr.indexOf(t.charAt(u++))) >> 2,
# n = (3 & i) << 6 | (a = _keyStr.indexOf(t.charAt(u++))),
# c += String.fromCharCode(e),
# 64 != i && (c += String.fromCharCode(r)),
# 64 != a && (c += String.fromCharCode(n));
# return c
# }
#
# function _u_d(t) {
# for (var e = "", r = 0, n = 0, o = 0, i = 0; r < t.length; )
# (n = t.charCodeAt(r)) < 128 ? (e += String.fromCharCode(n),
# r++) : n > 191 && n < 224 ? (o = t.charCodeAt(r + 1),
# e += String.fromCharCode((31 & n) << 6 | 63 & o),
# r += 2) : (o = t.charCodeAt(r + 1),
# i = t.charCodeAt(r + 2),
# e += String.fromCharCode((15 & n) << 12 | (63 & o) << 6 | 63 & i),
# r += 3);
# return e
# }
#
# function d2(t) {
# var _p = 'W5D80NFZHAYB8EUI2T649RT2MNRMVE2O'
# for (var e = "", r = 0; r < t.length; r++) {
# var n = _p.charCodeAt(r % _p.length);
# e += String.fromCharCode(t.charCodeAt(r) ^ n)
# }
# return e = _u_d(e)
# }
#
#
#
# function start(l) {
# var d = d1(l)
# , y = d2(d)
# , v = JSON.parse(y);
#
# return v;
# }
# """
# 上面是直接写,下面读取文件,两种方法都可以
with open("re1.js", "r", encoding="utf-8") as file:
script = file.read()
compiled = runtime.compile(script)
result = compiled.call("start", data)
print(result)
还没找到拉取刷新数据的方法,不想用selenium半自动化,又找不到刷新的数据包
example2 (https://www.swhysc.com/swhysc/financial/marginTrading?channel=00010017000300020001)
所以
我的选择是!
摆烂!!!!
摆子的快乐 ————软件部部长
阅读建议
评论
隐私政策
你无需删除空行,直接评论以获取最佳展示效果
最新评论
SZUEA /
