诸葛某房站点ob混淆js逆向
Js 逆向,混淆
站点分析
我们可以看到cookie中的信息有这几个, 我们来做个具体分析:
- 1、Hmlpvt 和 Hmlvt 这两个是百度联盟或者其他站做统计用的,我们不需要管
- 2、页面的响应头 set-cookie中有acw_tc 和 aliyungf_tc 这是服务端给我们返回来,不需要管
- 3、还剩下csrf-frontend、acw_sc__v2 和 HMACCOUNT_BFESS, 我们可以模拟请求测试,经测试发现只有acw_sc_v2是反爬用的
正常的请求我们看到在Cookies中携带大量的参数值,经过分析可以知道站点的反爬措施主要是cookie中的 acw_sc__v2参数,如图所示
当 cooikes 失效, 需要重新生成 cookies,页面返回 html
- 请求代码
import requests
cookies = {
'acw_tc': '2760777116613927622927306e0c517aab3de078518b8dbf9c416e145adc52',
}
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Pragma': 'no-cache',
'Sec-Fetch-Dest': 'document',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-User': '?1',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36',
'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
}
response = requests.get('https://xn.ershoufang.zhuge.com/page/2/', cookies=cookies, headers=headers,verify=False)
print(response.text)
- 需要通过站点返回的代码重新生成cookies
解决方法
- ob 解混淆 之后的代码,去除部分错误代码之后分析
var arg1 = "3DB81F421FCBF45D2C7C313668180965C230A4EF";
var _0x4818 = ["csKHwqMI", "ZsKJwr8VeAsy", "UcKiN8O/wplwMA==", "JR8CTg==", "YsOnbSEQw7ozwqZKesKUw7kwX8ORIQ==", "w7oVS8OSwoPCl3jChMKhw6HDlsKXw4s/YsOG", "fwVmI1AtwplaY8Otw5cNfSgpw6M=", "OcONwrjCqsKxTGTChsOjEWE8PcOcJ8K6", "U8K5LcOtwpV0EMOkw47DrMOX", "HMO2woHCiMK9SlXClcOoC1k=", "asKIwqMDdgMuPsOKBMKcwrrCtkLDrMKBw64d", "wqImMT0tw6RNw5k=", "DMKcU0JmUwUv", "VjHDlMOHVcONX3fDicKJHQ==", "wqhBH8Knw4TDhSDDgMOdwrjCncOWwphhN8KCGcKqw6dHAU5+wrg2JcKaw4IEJcOcwrRJwoZ0wqF9YgAV", "dzd2w5bDm3jDpsK3wpY=", "w4PDgcKXwo3CkcKLwr5qwrY=", "wrJOTcOQWMOg", "wqTDvcOjw447wr4=", "w5XDqsKhMF1/", "wrAyHsOfwppc", "J3dVPcOxLg==", "wrdHw7p9Zw==", "w4rDo8KmNEw=", "IMKAUkBt", "w6bDrcKQwpVHwpNQwqU=", "d8OsWhAUw7YzwrU=", "wqnCksOeezrDhw==", "UsKnIMKWV8K/", "w4zDocK8NUZv", "c8OxZhAJw6skwqJj", "PcKIw4nCkkVb", "KHgodMO2VQ==", "wpsmwqvDnGFq", "wqLDt8Okw4c=", "w7w1w4PCpsO4wqA=", "wq9FRsOqWMOq", "byBhw7rDm34=", "LHg+S8OtTw==", "wqhOw715dsOH", "U8O7VsO0wqvDvcKuKsOqX8Kr", "Yittw5DDnWnDrA==", "YMKIwqUUfgIk", "aB7DlMODTQ==", "wpfDh8Orw6kk", "w7vCqMOrY8KAVk5OwpnCu8OaXsKZP3DClcKyw6HDrQ==", "wow+w6vDmHpsw7Rtwo98LC7CiG7CksORT8KlW8O5wr3Di8OTHsODeHjDmcKlJsKqVA==", "NwV+", "w7HDrcKtwpJawpZb", "wpQswqvDiHpuw6I=", "YMKUwqMJZQ==", "KH1VKcOqKsK1", "fQ5sFUkkwpI=", "wrvCrcOBR8Kk", "M3w0fQ==", "w6xXwqPDvMOFwo5d"];
var arg3 = null;
var arg4 = null;
var arg5 = null;
var arg6 = null;
var arg7 = null;
var arg8 = null;
var arg9 = null;
var arg10 = null;
var l = function () {
while (window[_0x55f3("0x1", "XMW^")] || window.__phantomas) {
}
;
var _0x5e8b26 = _0x55f3("0x3", "jS1Y");
String[_0x55f3("0x5", "n]fR")][_0x55f3("0x6", "Pg54")] = function (_0x4e08d8) {
var _0x5a5d3b = "";
for (var _0xe89588 = 0; _0xe89588 < this[_0x55f3("0x8", ")hRc")] && _0xe89588 < _0x4e08d8[_0x55f3("0xa", "jE&^")]; _0xe89588 += 2) {
var _0x401af1 = parseInt(this[_0x55f3("0xb", "V2KE")](_0xe89588, _0xe89588 + 2), 16);
var _0x105f59 = parseInt(_0x4e08d8[_0x55f3("0xd", "XMW^")](_0xe89588, _0xe89588 + 2), 16);
var _0x189e2c = (_0x401af1 ^ _0x105f59)[_0x55f3("0xf", "W1FE")](16);
if (_0x189e2c[_0x55f3("0x11", "MGrv")] == 1) {
_0x189e2c = "0" + _0x189e2c;
}
_0x5a5d3b += _0x189e2c;
}
return _0x5a5d3b;
};
String.prototype[_0x55f3("0x14", "Z*DM")] = function () {
var _0x4b082b = [15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36];
var _0x4da0dc = [];
var _0x12605e = "";
for (var _0x20a7bf = 0; _0x20a7bf < this.length; _0x20a7bf++) {
var _0x385ee3 = this[_0x20a7bf];
for (var _0x217721 = 0; _0x217721 < _0x4b082b[_0x55f3("0x16", "aH*N")]; _0x217721++) {
if (_0x4b082b[_0x217721] == _0x20a7bf + 1) {
_0x4da0dc[_0x217721] = _0x385ee3;
}
}
}
_0x12605e = _0x4da0dc.join("");
return _0x12605e;
};
var _0x23a392 = arg1[_0x55f3("0x19", "Pg54")]();
arg2 = _0x23a392[_0x55f3("0x1b", "z5O&")](_0x5e8b26);
setTimeout("reload(arg2)", 2);
};
var _0x4db1c = function () {
function _0x355d23(_0x450614) {
if (("" + _0x450614 / _0x450614)[_0x55f3("0x1c", "V2KE")] !== 1 || _0x450614 % 20 === 0) {
(function () {
})[_0x55f3("0x1d", "CNUY")]((undefined + "")[2] + (!![] + "")[3] + ([][_0x55f3("0x1e", "w8PR")]() + "")[2] + (undefined + "")[0] + (![] + [0] + String)[20] + (![] + [0] + String)[20] + (!![] + "")[3] + (!![] + "")[1])();
} else {
(function () {
}).constructor((undefined + "")[2] + (!![] + "")[3] + ([][_0x55f3("0x1f", "L$(D")]() + "")[2] + (undefined + "")[0] + (![] + [0] + String)[20] + (![] + [0] + String)[20] + (!![] + "")[3] + (!![] + "")[1])();
}
_0x355d23(++_0x450614);
}
try {
_0x355d23(0);
} catch (_0x54c483) {
console.log(_0x54c483);
}
};
if (function () {
var _0x470d8f = function () {
var _0x4c97f0 = !![];
return function (_0x1742fd, _0x4db1c) {
if (_0x4c97f0) {
var _0x48181e = function () {
if (_0x4db1c) {
var _0x55f3be = _0x4db1c.apply(_0x1742fd, arguments);
_0x4db1c = null;
return _0x55f3be;
}
};
} else {
var _0x48181e = function () {
};
}
_0x4c97f0 = ![];
return _0x48181e;
};
}();
var _0x501fd7 = _0x470d8f(this, function () {
var _0x4c97f0 = function () {
return "dev";
};
var _0x1742fd = function () {
return "window";
};
var _0x55f3be = function () {
var _0x3ad9a1 = new RegExp("\w+ *\(\) *{\w+ *['|\"].+['|\"];? *}");
return !_0x3ad9a1.test(_0x4c97f0.toString());
};
var _0x1b93ad = function () {
var _0x20bf34 = new RegExp("(\\[x|u](\w){2,4})+");
return _0x20bf34.test(_0x1742fd.toString());
};
var _0x5afe31 = function (_0x178627) {
var _0x1a0f04 = ~-1 >> NaN;
if (_0x178627.indexOf("i" === _0x1a0f04)) {
_0xd79219(_0x178627);
}
};
var _0xd79219 = function (_0x5792f7) {
var _0x4e08d8 = ~-4 >> NaN;
if (_0x5792f7.indexOf((!![] + "")[3]) !== _0x4e08d8) {
_0x5afe31(_0x5792f7);
}
};
if (!_0x55f3be()) {
if (!_0x1b93ad()) {
_0x5afe31("indеxOf");
} else {
_0x5afe31("indexOf");
}
} else {
_0x5afe31("indеxOf");
}
});
_0x501fd7();
var _0x3a394d = function () {
var _0x1ab151 = !![];
return function (_0x372617, _0x42d229) {
if (_0x1ab151) {
var _0x3b3503 = function () {
if (_0x42d229) {
var _0x7086d9 = _0x42d229[_0x55f3("0x21", "KN)F")](_0x372617, arguments);
_0x42d229 = null;
return _0x7086d9;
}
};
} else {
var _0x3b3503 = function () {
};
}
_0x1ab151 = ![];
return _0x3b3503;
};
}();
var _0x5b6351 = _0x3a394d(this, function () {
var _0x46cbaa = Function(_0x55f3("0x22", "&hZY") + _0x55f3("0x23", "aH*N") + ");");
var _0x1766ff = function () {
};
var _0x9b5e29 = _0x46cbaa();
_0x9b5e29[_0x55f3("0x26", "aH*N")].log = _0x1766ff;
_0x9b5e29[_0x55f3("0x29", "V%YR")][_0x55f3("0x2a", "P^Eq")] = _0x1766ff;
_0x9b5e29[_0x55f3("0x2c", "lgM0")][_0x55f3("0x2d", "L$(D")] = _0x1766ff;
_0x9b5e29[_0x55f3("0x2f", "CZc8")][_0x55f3("0x30", "Wu6%")] = _0x1766ff;
});
_0x5b6351();
try {
return !!window.addEventListener;
} catch (_0x35538d) {
console.log(_0x35538d);
return ![];
}
}()) {
document[_0x55f3("0x33", "V%YR")](_0x55f3("0x34", "yApz"), l, ![]);
} else {
document[_0x55f3("0x36", "yApz")](_0x55f3("0x37", "L$(D"), l);
}
_0x4db1c();
setInterval(function () {
_0x4db1c();
}, 4000);
function setCookie(name, value) {
var expiredate = new Date();
expiredate.setTime(expiredate.getTime() + 3600000);
document.cookie = name + "=" + value + ";expires=" + expiredate.toGMTString() + ";max-age=3600;path=/";
}
function reload(x) {
setCookie("acw_sc__v2", x);
document.location.reload();
}
- 如图所示,通过关键位置找相关js函数
结果展示
- 最后的js文件
window=global;
// var arg1 = "C08B6EF37F4C295BA4515DF8DAD377DBB311B353";
var arg3 = null;
var arg4 = null;
var arg5 = null;
var arg6 = null;
var arg7 = null;
var arg8 = null;
var arg9 = null;
var arg10 = null;
var l = function (arg1) {
while (window["_phantom"] || window["__phantomas"]) {}
var _0x5e8b26 = "3000176000856006061501533003690027800375";
String["prototype"]["hexXor"] = function (_0x4e08d8) {
var _0x5a5d3b = "";
for (var _0xe89588 = 0; _0xe89588 < this["length"] && _0xe89588 < _0x4e08d8["length"]; _0xe89588 += 2) {
var _0x401af1 = parseInt(this["slice"](_0xe89588, _0xe89588 + 2), 16);
var _0x105f59 = parseInt(_0x4e08d8["slice"](_0xe89588, _0xe89588 + 2), 16);
var _0x189e2c = (_0x401af1 ^ _0x105f59)["toString"](16);
if (_0x189e2c["length"] == 1) {
_0x189e2c = "0" + _0x189e2c;
}
_0x5a5d3b += _0x189e2c;
}
return _0x5a5d3b;
};
String["prototype"]["unsbox"] = function () {
var _0x4b082b = [15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36];
var _0x4da0dc = [];
var _0x12605e = "";
for (var _0x20a7bf = 0; _0x20a7bf < this["length"]; _0x20a7bf++) {
var _0x385ee3 = this[_0x20a7bf];
for (var _0x217721 = 0; _0x217721 < _0x4b082b["length"]; _0x217721++) {
if (_0x4b082b[_0x217721] == _0x20a7bf + 1) {
_0x4da0dc[_0x217721] = _0x385ee3;
}
}
}
_0x12605e = _0x4da0dc["join"]("");
return _0x12605e;
};
var _0x23a392 = arg1["unsbox"]();
arg2 = _0x23a392["hexXor"](_0x5e8b26);
return arg2
};
console.log(l('C08B6EF37F4C295BA4515DF8DAD377DBB311B353'))
本文来自博客园,作者:愺様,转载请注明原文链接:https://www.cnblogs.com/wyh0923/p/16625398.html
