9-爬虫高级实战【js逆向】

js逆向步骤

  • js调试工具
  • PyExecJs
    • 实现使用python执行js代码
    • 安装环境
      • 安装node.js开发环境
      • pip install PyExecJs
  • js算法改写初探
    • 打断点
    • 代码调试时,如果发现了相关变量的缺失,一般给其定义成空字典即可。
    • 代码调试时,如果js内置对象确实,直接将该内置对象赋值为this。例如:window = this;

js反混淆

  • 相关概念
    • js混淆:对核心的js代码进行加密
    • js反混淆:对js加密代码进行解密
  • 破解
    • 使用浏览器自带的反混淆工具【推荐】:打开开发者工具 ----> 点击小齿轮 ----> 找到Souces选项卡 ----> 勾选Search in anonymous and scripts框 ----> 刷新页面
    • 暴力破解【迫不得已】:暴力破解网站

1. 微信公众号平台js算法逆向【MD5算法】

import execjs
# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件./wechat.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{}")'.format('123123123')
pwd = ctx.eval(funcName)
print(pwd)

2. Steam游戏平台js算法逆向【RSA算法】

import requests
import execjs
import time

# 动态获取mod和exp串
url = 'https://store.steampowered.com/login/getrsakey/'
data = {
    'donotcache': str(int(time.time() * 1000)), # 时间戳
    'username': '123@qq.com',
}
headers = {
    'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
}
response_json = requests.post(url=url,headers=headers,data=data).json()
mod = response_json['publickey_mod']
exp = response_json['publickey_exp']

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件./steam.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{0}","{1}","{2}")'.format('123123123',mod,exp)
pwd = ctx.eval(funcName)
print(pwd)

3. 凡科网js算法逆向【MD5算法】

  • 注意:如果需要逆向的js函数的实现时出现在一个闭包中,那么直接将闭包的整个代码拷贝出进行调试即可
  • url:https://i.fkw.com/
import execjs

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/fanke.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'md5("{0}")'.format('123123123')
pwd = ctx.eval(funcName)
print(pwd)

4. 完美世界游戏js算法逆向【RSA算法】

import requests
from lxml import etree
import execjs

# 获取公钥串
url = 'https://passport.wanmei.com/sso/login?service=passport&isiframe=1&location=2f736166652f'
headers = {
    'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
}
response_text = requests.post(url=url,headers=headers).text
tree = etree.HTML(response_text)
publicKey = tree.xpath('//input[@id="e"]/@value')[0]

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/wanmei.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{0}","{1}")'.format('123123123',publicKey)
pwd = ctx.eval(funcName)
print(pwd)

5. 试客联盟js算法逆向【RSA算法】

import requests
from lxml import etree
import execjs
import re
# 获取rsa_n串
url = 'http://login.shikee.com/getkey?v=19b53e441bc51f28a9e6afead8e665ea'
headers = {
    'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
}
response_text = requests.get(url=url,headers=headers).text
ex = 'var rsa_n = "(.*?)";'
rsa_n = re.findall(ex,response_text)[0]

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/shike.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{}","{}")'.format('123123123',rsa_n)
pwd = ctx.eval(funcName)
print(pwd)

6. 空中网js算法逆向【RSA算法】

import requests
import execjs
import re
import json

# 获取j_data['dc']串
url = 'https://sso.kongzhong.com/ajaxLogin?j=j&jsonp=j&service=https://passport.kongzhong.com/&_=1626875097213'
headers = {
    'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
    'Referer': 'https://passport.kongzhong.com/'
}
response_text = requests.get(url=url,headers=headers).text
ex = "KZLoginHandler.jsonpCallbackKongZ\((.*?)\)"
data = re.findall(ex,response_text)[0]
dc = json.loads(data)['dc']

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/kongzhong.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{}","{}")'.format('123123123',dc)
pwd = ctx.eval(funcName)
print(pwd)

7. 长房网js算法逆向【DES算法】

import execjs

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/changfang.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{}")'.format('123123123')
pwd = ctx.eval(funcName)
print(pwd)

8. 有道翻译js算法逆向【MD5算法】

import time
import random
import execjs
import requests

word = input("Please input a English word:")
r = str(int(time.time() * 1000))
i = r + str(random.randint(0,9))

# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/youdao.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getSign("{}","{}")'.format(word,i)
sign = ctx.eval(funcName)

url = 'https://fanyi.youdao.com/translate_o?smartresult=dict&smartresult=rule'
headers = {
    'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
    'Referer': 'https://fanyi.youdao.com/',
    'Cookie': 'OUTFOX_SEARCH_USER_ID_NCOO=512615467.85577774; OUTFOX_SEARCH_USER_ID="-673357154@10.169.0.82"; _ga=GA1.2.446310143.1622377950; _ntes_nnid=4ef5ec83bdbbbe870ec8f8c735810336,1622941677257; JSESSIONID=aaa-vW4aILneN-aFSiiRx; ___rl__test__cookies=1626879075736',
}
data = {
    'i': word,
    'from': 'AUTO',
    'to': 'AUTO',
    'smartresult': 'dict',
    'client': 'fanyideskweb',
    'salt': i,
    'sign': sign,
    'lts': r,
    'bv': '24ecb70ba6203e4453baed50aa26b78e',
    'doctype': 'json',
    'version': '2.1',
    'keyfrom': 'fanyi.web',
    'action': 'FY_BY_REALTlME',
}
response_json = requests.post(url=url,headers=headers,data=data).json()
print(response_json)

9. CTE四六级js算法逆向【DES算法】

import execjs
# 1. 实例化一个node对象
node = execjs.get()

# 2. js源文件编译
ctx = node.compile(open('./js源文件/CTE.js',encoding='utf-8').read())

# 3. 执行js函数
funcName = 'getPwd("{}")'.format('123123123')
pwd = ctx.eval(funcName)print(pwd)
posted @ 2021-07-22 09:38  今天捡到一百块钱  阅读(2964)  评论(0编辑  收藏  举报