目录
前提
目标:抓取的目标站点的各个地区的文章内容
链接: https://ggzyfw.fj.gov.cn/business/list/
废话不多说,直接进入主题!!!
一、分析过程
进入该网站,发现有很多的业务选项,并且点击之后,网址不发生变化,证明是异步数据,初步猜测,每个选项都有相应的数字代号进行异步传参,来改变下面文章的变化。
我们点击文章的页数,在翻页的同时,网址没发生变化,也证明是xhr加载异步包渲染上去的。
右键检查--->network--->xhr,发现有几个包,但是响应都已经加密,单单根据包的名称和参数无法判断哪个是 我们所需要的。就要多点几页数据,多加载几页的包。发现我们需要的包,如图
点击选项会增加新的包,并且发送post请求携带的参数会发生变化
其他的包里面可能含有代表各个选项的数字代码,并且全部加密,暂且不管。
既然该文章加载的方式是异步加载,我们可以增加XHR断点的方式来寻找。
打开source面板点击右侧的event listener breakpoints,勾选XHR。一旦有Ajax请求就会在此处停住。我们尝试一下
停留在了此处,点击下一步,在此处发现疑似的构造方法。看下watch面板,返回的响应跟我们抓取的包的响应是一样的,因此响应的值就是从这里来的。我们关注到e.data 是被 b 函数加密而成的,鼠标选中,点击该方法所指的位置,如图
发现这是一个AES加密,在之前的案例中已经对AES很熟悉了,现在只需要找到iv 和 key值的构造就好了。
鼠标放到 r["c"] 与 r["b"]上,是直接显示的数据,是不是定值呢。多测试几次。发现确实如此,因此把他写死
接下来就直接用pycharm还原就好了。
代码如下
var CryptoJS = require('crypto-js');
function b(t) {
var e = CryptoJS.enc.Utf8.parse('BE45D593014E4A4EB4449737660876CE')
, n = CryptoJS.enc.Utf8.parse('A8909931867B0425')
, a = CryptoJS.AES.decrypt(t, e, {
iv: n,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return a.toString(CryptoJS.enc.Utf8)
}
console.log(b("N1jfMuHUNZzAwf7B5RzFDwkzX4wiyHN1DlFM8lGB/y/9GgFAipawFjonQ3FQaI0XN9OQQPvb8tvqOuQekqJByn1s3oIspfgz2lruyMlgZIGuc0GRZ7RmqYQox1g+tNqeirVnpG0KN29SIKVQOYEFylHLe0BVCWcO4mTGYyblj5Cwq8u4arzgc9A5pcUWXG/TFWjhd14pmbF/dItPm46s6409ByIozGLapNRx+ZjZiACS09u8KsuncRT8AYSXh6gMnfJa2ZDJ7CtRph0hGXmj9l01tabKUozXWEAdQfCG7Xl0wLv7aJPAdhF5guHJgCnKI2dMNh0o6mVeImBjWcu97XTKPJl9hA+FwF4jNP0ZFu8fWfyuPPcY0w43jkV6ZwmS8slfQhDOH3N9duCPU0S1UqKmH1FekayZjRtajz8JmpSnNnC6KZerAwHZPX+dcXDvNwdcv/Id5wpqwF58MoqdQva5zYNkgHtKraJilUEAJvohmDp7LTL/QuXne36CPU1ge3pUWNkwJYHHccOMd1ZW2/XZ9Ed0Qecn3Z+qcvDPFiblvgBda9IcGfknzSvI1v/vmgQrDRiXc0tIwB1AlI+1ksQH/xTDyUTozhTL3FAkCdDq7WFzAhNJTVHcwDVh8SZpg0zVPt9/6/IlmdcdxKKjnAlAkhXrjtyd8IQGKD0UAoFzODq2k6xnNtC+G5BOHvH8pXLkbvq4pS94emWSh5IanckR/6J65/cpnAyQn2Sblzhgl3iWjci0eArCwMy/C9c2DhU+Cll56X7kh4tnZxtLI+qgvG6use3BIedS+qLKC3fg0u98hBhsZWNwpM7vyVcJTT/YlxMxLCM/iPQ/JctueYBPzgh1sV2dqzy2A3CF0aLy8D8xCrY5bpW5noTH8F2iC6XEM5A3rxFiPJDPjZ6s73QgNsBNLNdvxGF6QPC21IJ5gwCws/ZMHcWAQhzuylKApvKJooDCX3p8oc4bsQTUrUi11walXYi7CUmBEVRTfzaoBmTZ9oAHlqcCDAzvcOOKGZg+kF4m4x+j0Izz2vrR4fV7M/NjrpXSsieaCBQ1uFd66iJVKGYdHrupZ/zl31WhbSr9+4comVMEvJEEO1plnl94nMR1YQ+4tsk3KhoONiViv6aVU7UGiWFEX2cM3T3eyfbvCgEwLWDIA5O9lHBNU93FsIJMOEij3WtJTmNzqwqpymYQYPBIhSTD0jjQ5xAqEHLQnh9luKMFOtKPDZBoga+hnSPoaPKB5h0SkCWaIA4xv2X5BYm3SDN9UZw+qewpJUp4prYQ+P05hYGymoodGQARx5FPpsw71UupVi2iFTWntCh+Viw+GAupASbEkeNcrUrX46LFqr+LWweu15YBOyeM+Ai4rGoLgqL3OZXxZn794bzBpep9J1W+pfhnraxOt1L/NO9aPyW1hdGhG0ASn/QvWsrc+++ZnF+kOWMXSrw9R1cbh1jlkhb3g/aP3XhFSByRo/6RnX4zqLJ9qXrNTzZapyNDILYT5Sk0ZITEZ9yzfalNvuEbJknQ65Y4aSfCbF1Tr84EPta4cXnRGyWnXNM1++iaAV6Lb2tM2CfcopoTjCZgQgOOZ1XNiDXlZdbaD3LbQFyWKnODVTyoikYcQAXNwNb0YwJe6UYvurIAbl2rr7N3LaqmhRQqkvpjHt2hquVQU2YRO4/OBLeUyYVb/NTFhHJQzJPEHZfbc+uvhiiYZka/y0YDCJBInhVvkpbc0xu3EAjmiPW/t2ZNWtuDjHdO27UstKfTRpzzOnjPHN/5WV1GT9WaqfvV+kYJ9W+Ymv/Tigjc561j/0sxn8S7twfvo1AosHhDzQwzHAIq5CKnU0akFjD9IZiNkQ8Xqc0I7tMk/S3hOUVz3eol0QBkAW9x7pZWUKntoiqCvl4NIw7q+2/ikR5tCQXji8dGantHZMSBwLq5ienk5BpKkjjktrAaTFeYIXI46db/4nISr+WZTeDGUsO5Mb8iAnaLUUwB6l4Hm4sJmsCWZIUIGj+SP3+38w4jEc0S4oVyBp2UpXVAOHviXmAsYnIdRFyeBbBjbC4eLGUocR/iOK8EUo8at7N0yoOiGnntsXp1TOcSLlIScRIJIsrlRy1xh8ysnJUB1ExnUU63mOATWAKGwDO2+cebSptLbfaZeKd3aPpEy/or4T9l/vBm9HQH4avpR1ANBSJo3iwOFWSKekemqNp7rHSllLArYSPI2gIgimbEZD53N1IqnxeS3skDICxMaCn2Yc2A2C3bBWRGt6/YGPOu8Ud1PRCKl+8/0HeDpEp0WNIeg+/OzuId7ad8Gf50ssUyLfBAWNuSBU9N0WlsKLRvc2V8ecwhcOlXZQwtfSCogTyWaCzA6+pYj1qXYSMt9Aud6mv07GnV99KZ2BngRkD2V2RLhbZGEG4veLXBhZjph0Q824oOvkhwoZz/szLcnb2pd1849Qgpoyj+DKvTlqwCtchgw4mzOrbgfQvmvFnjY288iluptA3PjUPmfr8YzUlSXt01NK/P2AB2/ATPV1vZExg5ixZhmffqqGqrNsk98X1HETaLOTHknC3+J8Gn8Rec6bBE/WUErVmN8k7xYBRJZb6CUBWdzOqJeURLrnGjkTp5lS+dt/VBpV8oWl4Dn/b5HwsxjBTdJRiHI7+IWiWaA0+JdHAdTEkLCRkRE7zRbn5fkNf82P8g9vLzNmCKDwP6VdbmwwrIurRYCaguQSKdM9PpYhG/5KUl5bCBGGvKYGluzs5VZKgn0dZgfUEVcMQDo/e8hmlwY7XlOilaYmGGDL42uSnuA51BMbezmwUPnR4/ycMRQGnHd92VmOKGXLgK3AZsBc7n/zNgBtjNo+foGYxJfTXWHS+LgcZI8NSeQ2752C++Ax39fKt8NrrCmSyrLLqfxFef6oOLG/babG9TVMTVG5Jsklhle1VCfi/d0Qiv+R7lqZVAfhBG3fGZC4u2AinlAlpJsFE7ziPGu8udlfwZXqaz7JVdds8LRCz+NDP2ZrAHTETqOhuvx0jkb6LCnDSYfa2MoI3CQvgQOq5TOYsxoylBPpIUmizS4Duqi3JFqkqzXpo2Kj/papk4mMxPSzwO0VmcXW1I4CWvEJxFnMKnGLfPqyHl4Vm3pZnoyOK7Q6j9GPkDnzTPwZ6WE4nW/LYq/x72E62Z57Xn1eIiNWAjmw+nfXTJ3zQGzMm52ON9bFr99YlYwQ6nYt3+pq7L6JRAgJWXdQIulW9Q+Eaxi+G8PQc1rxkfJ2gv9dkWpFejLiDyxZ+QOelCgYnV5BL1rQB2FQoeD08ps+oKY5xJ11oyJUwK24eUfROm9xLOUeHpkdXNzYQhVo6ACkiRjBRuFb/E+R45X2ey6sCacPvCK5zVou448ObxwT1ATSsxej8ugTnDp8+9eCatBMnM9ca9Bl92S2TSCsfy0QaQe0wzJ261UwMXd5MeZasuj9OmifNPZcLX31YIxng67+bl3FY23JEz4dWk2TMwxg/yBWVTSCFdf+wtDySJzaE0xtylGjWzISTYxPfzXpUjjiu0176qkfM1fkmtFFOp12v78iBWbKN2lMoiCxyhn06KQiigImBpdnBwhGjTH1qiR6iW+MhHl+wqulTmC7J1YHC0sUa/FQoodgq7VuG1HP6mUxH1uJu2dh4XWspTeRvM+ru8wDm3VNzGFbBJSHlnhOiv2j3/vn5sHIqZ6smR7AbfHPbNyCgDu+hGZZD9pOrPOsDEhjKPjCPZcCDqeCffM4Ehebqbc+cJvZ9QNsj0aW/7fxH+t3Ms1x2F9xhVPw8Nogx8HlQsXZeSQTbeJbpeSoNp2mCn/XmGOPssQCKcSPLzQyDfzmfeYriHVxA2y0C5GqiLb1H3io24OZAZHxHE2fk82J1gYcBvcfHZKfTb2rE+HxWLxglvqP+Bs9SFvHxZ3qDVH+AKE9pYt5ClgJtMrT4ySKVmYZamOTHc1LO9sDoN8zUZEQeNy4EPeAGIUM1gZ7cYQWvJAgKog6n9nbmMruzeMlb1Ul95Sv5N0xex/JfJwafKRqKARULc1CS/vYTLWlC2owrA0nGG8urWYHmeOLKDwlz6KyrLRWlRniXbewD8W57gPPh11mFTkxmE5ZU6QH4HbGp+KPLuAMHjv5RgD1I/pPgmSYusETEeGUmgwiJVE/aytLIuOZux92KfrvQf2MVJxt7WKIh1KZBUvV3ZEruQwPuMminQ25Iwfk6V33k456nw7Dj1ZvytNMrOq6brHtnsenG/VB508f1UW3h8hGtkWOb7B2/Og+WT9H4gKO+RMxVRcU6+CMpSKrQvkOVeAKwpFbAB9p9+s/Sr4eUvCLgEiuQUAtbwvHdfmEB5+Zo8+RwaglQHLmXosTjS+ENcu+vC4pjF/cCvFFlrPqAAPkgxnbPDrwQZKLeFVvS3HDVRlZULKN5k8kjvgJ3354mQ3q8n1gU9o0jkVnUPnEYW6sgjIq8oXVRCm5ofVSrfi/ZinDTYpxDxbj2YFmfXBoxr04l49AuqzvCRY9I54xbW0TFqRJLCriqUKHjbb8K7u/lIwXPknIkVxYiTwGtwdnAU19GXGirvBqaFNqnkGL8Bsfi1eqe+VcMKKl1Z7BAtJ02k9nfFKxmgJ67CEZETU3JOCOzDhWz41Jyu6QP5StWVqEWJZj7+raWD11c/HQC3GlU0eImKQk7NTZJzBtqOvgbV7/1++hHoH6Vf+wMWAo3XnyNnGf47SjMYVzgp20DST1jlrWtXLn0ID6stvZq7gPqaB/6ME6yXxOfa0JLwn46eofaJEPk0YFO7Z9yVz2BRbgB/V/55RvtsFGbCzni/spsQ8khEnj9PGV2OzOQn8vn85QgY3BdZ9FJTebCHH4XlnVAtPgwNkygtPgeQR/IUwBAozWzuxN+TBkfkLnRGmw81IaXxhLj8Pe/4tO3FxD0HLDuu77rPnhyxfzWUVHNn0gwWBYTgh63nhQcdzlnmMR6gjGGcy+ATd7VRngk4rjnf0Ls3E+9JW/XVQ7fY/4cQRZsUpeoJMtAbLJ89P+jhRLA+kW0Z9CUAFnhxAxFSY0Pqbyg7551WknVJMtWvpOxZZNY2vUJn9cxsiI96rvAdkIqRX5g53dMhqzu+JRsHPowZ5Xprxuf/lX1kdlt4pYWUgmd1v/TIjiBab5y+LqIP0aUBtMF4SffKgE4NlSn7ScTgrHYekbEFwbwQCaOOLGGw71rCcKyu7q2d3nP00npjY53NcPrA/oBGKOjbKvaJTlpFoLx75BbIh/gjeRU/sueVIjrzwX2ax6bxbpt4nU5cGpWp30s3sJeNoOayK6O4ByMamAw4cfnQW2t/2YnnK0njEQj1ihJRjfIw2m4t8A21L9LiT0zeiKqe86aeEzPplWTI9UcIi3oBwCpAeP6aO1YTv25zsLayG0A6BAaSxG1VRDQebS6MJuJG5fsbPC5R3HeR1vBJQAuJj2p/3ZXZVOtS+DyP1LWJ8oX+eiwOjkH5q+doaPaMhOfFPQjCme9TCFYdMC8MZ0FSVdaHysyHGWL1/0AJ9WC1Dnbtt3OGWlGQCWQGLbR1BHF20trA+DwjvgZfEwuQaxOfB59uq6Hgl22oItFqyoqZ/Ft7KW/uaRdANTVxP7xffnmh5RQy8kDA+vvwx57tARJXOSa74KhmkKmpqWDrtTGt1+TwTEBu3czl/RvPMHXC4yiwnTl/WwiWOESzmDSrnO+b+m7vG3XYuzkbzwR5o7bjS38LbW68fpALCtv972XZ8ZXET7GZa5MkyVOqGJMkwtEfTu5WZVeHjaAnhzJ24vvf4FtCkYFCmyh3q3IMzshvec+Z8kFcqaPF/2LIL+b7mD20pO076v3XA/j9kQCd98ll714syYbirMwE57iWsl7zuLZbrlyhufV5FhqUIxzrMdso/Kz0Roc5fkUnzL807dPskCg1inaW1fRMP8abuDVT37LdmdKLLqI+76/S8r5CwvicU22to6HvYrAZIwuGzk97BQqpot6TEhAvde98MoiJRNaogaKQZ++emyc1lQryHaldWKF9bYhUkhdyJuga6dXPxwh1TRO9ECaFT/XoBe7ln3Xl8j0AL8ghLNyKBJUesHD43Pb58Jsq9pTyVlg/NICG//J0MrQVxHxoHQ4Eek1ZzeXR6W40negj9NNxG+kOky5icv0yd7opxaTxK03S6JRPAkL9PeyE4XvK5iZPet62aSI6QCa03rLzmLKqCBBJCq0gsufzSXLvXqNs4Hlf7mmFY9q/+HTXctcibdtvV+LM9g3YIP8Wv2aqALUQ5Phx6S8/o+Wp6jA0ljfJJ9mqQx6/zrc4j6DX4xFWYZyfufCNwAR4R6QkP3VAU6pIqgtVpAWQtgva8ZgedCKmih5Putj1/TdlvZIcHjWXppfJbqLjIgpvdUv5EY3awthW1tmdagyamglB+/9LHds0W7yPwV2KhU8Uf+SnJYqH4Vw5T344foHybubfUk5Mc3iNuqMNZdS3mW9Vf20ZnVFqt4WeB2KnZcVBOUpqTF9Ah3YA+OKoSse1fQDUHygdNd71Kf02DEXYjOS7Z9Iw0vrNvfjSZkTO+KOhT3RHeiHFl9H8/YVCUjyteiMg01CAB6ewp690fvIHrPv0ReFLC0FYf5lXDjoU+YDUT59/7DefMfIptMVpNXR7x3kIRQESIw7yuupD5jXfhkqGtmhU9Ufx6O6dhzcerRxMKLRsik+/Vmdznzefd/E+Rtd4qHbQXUlFdO7askwqJ++Pemm5MAFP3xbOy//4hVy8YO2a6L4NktYohr3pYS2ydIBwg/xE7py2rnkZWVhJ0cy9aM9TFA7T499d653+kC+KfEvoM+aCH9XhqLrss4ASGx8of6okYZkBT2/TrXHkHuIj7WaRtEYsQLkkhPqwI2yrzMwbdrJhROL6TAIngkRRvZRu+d8fHoeMs2mY7UJ5KDvpPb+aPtf5hVxyRQfP008nnf3tioSTBW8FzMPFDv6Huqr4E4/rrG9CyCN8KNSTEPMvKoiKAmuBXqSRCK5E+r9fqeTh6LhdJY6dYqe7rtCG5fs5Q1TlzBCEHSe9xpJjUtp/vVa8sVUwepWRdf1B2C+rSqWQdu9v/2XS1YCNoNuMvc73rxdAIcBY7yew2wjLBjOXK5TwFAfgqSe2gsuzPg+T/6fk5aRoTgtCesuTBaG186mWiADFebr34ZPPXjDKtxB5XArUdPSxRHsAcZ4jKrlGlMcMrUgCgVwFWimlMUSuQtzsHHnpJ+tAovHp+t2rBpCqlgl/y5HRRqQaOHzyb0HwQv3IeBfxnmjESsnBu/cRBD0o67rjggC3ckoiv0emISQpqIUZlPXj98hdYdO1//XlHfdFvUmwuG1/mtCu4BAfuEOOVtTcHf0+A0imQqFLf/8SCZiv6XbGmy4KwxKLaii1bzserM7Th92u4DZgocS/JORrvJzfpBGBjc/xgsGDDv8e819ir+ZanEm+1ZBXBwfpzh2UqUcaYZLtsDBIg8CSX5CUuidilBOryUUaRE49kSkkqJupgnFw7YCKL5Eh2Cfvc5N6MGNcgGkc2AsCLTqRMHbvXon875kBkyQGPIEeg/kPp5EBBurLfO3/GcJs2p4oQrsHv/me/LseArkPgJhS8XIx6bSM4xL/M86W1PNAUEFBBK4w6nHAvKIM662x5fp9mQ8teuiKbX7WXsdJSrxWGLPXUDGhRU8oH0FwJq2yOCKtwAi3JiMXBtHoca3uiF941ifckehee6SWP+86eDD7IVWXTfjxe6KdHDQ3e7txVmdTsRJf11ZjvHjywy6UChIaARNGQtA+qzMGlyGoY7YW2gVSStR5jHa62AbIXcr7qBwW+GLoEDMOTQYSdOgWF9QurUEFCFg1zeHCtSeHeAubs7uLIXf71JYQwewNLQ5pB6Fg+zg3PkQyKtNuwW/Ukzh8OmOU3e4IZNol58tmizKlU07gZ7dL4KZnVGB3WS1gq9kMbha5Aw+8tf2VnJ/pCDUOtqVq1Pb0b8D4N2g3SO4uTduoSNmowXfQsf26VuQF4dd9dE4YfEK6CNHOVv1KqVyEmrMjChOmbqO43uKpxd0A9ffWVllQd0UVwoQl27gWwF/4nBnFPrs4QBqZt6PT4vUk0BuaLjhQQKbFXxf6R0/hX3kr5Z0xdP4EuJ+wqkX8u6yqWHKncH4dHwjxky0ZzYKr+040T47fOPcy/uYQ8FRpSmz5VA4xyHmcY3iuLzVhKV0lxSxQWvAYXg+cR51bt/tN5fQq9G/jLNaSBZCOtGsOdB7yXer/IGnliksg1lFMPHBSlnDILtX5er5lcumaqqbLwnXO0hL2VPF46WXvUAEgj2db1+81xoXUN7qm93/NZr8wSQjoWN0HXy1t6PGOjaGcvzlHcOf0mBwbsOatDtAekpIu/SooztOdLotXCWX6oP/H81QFXNUSv1/ksYn4Ml10rC3pJH07AFZT42PMpeITObESn4vseDPcnaVqbEgXlgsyuru9MYHO8ZEp5PxHGrSUqnZ4WvLY392hXuWivfL5GGN1Ppm1oxN4GegV2VewRGKGvZ5tFAaefzKphwVMHO6Un4AgFVdLJtIiFSmL/eJ58CFkHjFRtyQASm8UpZjrOPPmWF/yBof77HYaJMXg2UKjx09SxtOf89mUHLajudx4ZWAoNWkWY/Kkij10OlC+spvBBScdDDjJO0gCjcRwI02scjE2FBR35cCkxm71s1Orexk1DDop3tn/rodbD2TY9rxYMw07NIMDqVqEHQUldzqlMVNVDFOwKElDuOzXViS8aW++xQwf2C5kHH/HkxnLYhLM5ytK8RA4N8pI+5FvQCGJCLZxGwQ9cqEU6yvfU1XpMDZmCgM7U39k9/uCsgZOnjD0QFoaVCB6/3bK7GjNWQGFpUup280Oo/ydBcMQnXpVa9QJ5Ly8DRtgUDGfd8/8uGopOmIvlfeVW4oGxhyprbvaVphcWwASUyJWKkFUU1vp3eBBoDmqCgXXgHP8279yHaY/XvFjcGbrzq7YGtKFZM4z4rK/XMxijKa1GPUbpg74g9hSqweRlKrk0LHZjDz31mFUoX6HbICsJSLCUJldERIj/6NdVfvnz/WfMzzDBihFpjfYDRf3rXEU5LTzzzOaembBYTXbzNF8DuW8myKTst0zotVLUbveJKnbmv6754AR3zuY/6R9ah4B0G19ST9/oUMUOLZM5rqgSQEw+zkgoivi1ozci9nfiPzpIgESIQnGqrlHUlrhcK2HmWbnjgaFKRVxwGuhxf7jvGjkhYwL4Ji/2XVnrqg0Yv58+SL65rGmDAo7d7m7H9RERpyTLIQatqAWiLoeOMzYmdI+ixXqd0xt57VRhFDGSbled0JUYeSIExgWxeflTDcxDgz1PKfCoeU37KBjMJin2FKQ1dwnFZ0boAFrJQLkZIaDtEPwXWY3X3Dw9dL6q78waeUYCA2eqZL3mTLqZan1nVGl+xy3cJknUQMCxGUciW0pi4cdtI9cAWtL+VWZ6tKYQ6bLnyCcyJeeV9dj953BfRe/CcRW1lvXuTyEV/ep1nZrVIPe1kKKYYSp5xe1jwjabKZD9oigaTu8FLpFVVGA2MCSTMogX6DV74AmInT6CR8hCxIwglbxniNM0/ht4Aio3Onl2inlb8+omt+1p4XGq7KmRK+QwrW9Wgxek0HP0LuK/i+zAsnO9sJtBvjMvwEcTBKP1YE90GF5n6tbZhpz/Q/poGkSudSdNtP9oDVf2WdB6KQIGJR+5TbULmC5rKHN63Fcp14GUvua3wkll1gJbMAldn2EbuuCdVMFEF6fyvW6wZ1Xy6woczZh24l2I4C1RAPRX/S35FBtXUeFhejgcCL35ZDk+BdZ7zQ0aIf93ts+j7DCewcK8WmvBG23Y0rOAQvD2L3M3vfqbkc0/oTVkMqvZXRc8gSEZ4/UbKhJInx3sTws82KuGb6UVAcbHJlqOpFEDLW/xoGUHxjvz6WHzueaN7d0RdtFZFBbtBapq4iRLPvRfy2rUlUth0WFWsS5IbzTTFrLwvqLZhpHN9dzDRwQzJK8sLimY5g3zGgQdi1YIHnO/eZNbjATZRYJniSNkNKVs5Dx+GcoNVNA4mfmbi/87i+MdNKM3waFqkDaUsMT3Qt1RGVJpsj7c6+G75v8Sks0sFtm8EjoS9pyftzTvti1uQ0142qd7xJBL/D1TQKExANevlp/alvt8l4T84U70XzSv0NAG+4xskQCDlaNMKNeSWAg+fUjlmtlhpUXpnGORHd1ncxAzLPoMrCKtDvsGUkdoqXOJTeHhSfW0Y5uHmiPgLiEiEkOP0qz0YiuSk5/tqucR5SlULNId2fKtP+PhJRENibgmdir7tTgse/mcf3Ohnhu+g73yjIpkBP6QJcjwGDoMEi8fdwg6UYZqtmkgzSyse/HF4CqQ49aCnvw28JojTROdDrNhvd67DVqprMEMIQ/Js1GtoqcESZpkSnOg12yKDmWP6a+GO1XaKHKASOwxeHOtukZSqzq2RSu71yR9oJ4fYJHHd4QPhU1/5e2Rv09vmCtn6AlilbGMnZRZTqE7TYT+yKcRBS7qvqF4BlqV9P3ns7B8nA3Z+mj8MONqjXDPcvfSQEVMUhBQLWxNJWVCIRxlDxSjDZ6daaXDYErRok0c1D88xqkJUckv07fYpxT+k2gnmV1jEmj6wwQzUzFjMvwWW7cf1dioFPkMzRvEXg1ioYh7Jlp2SNbOie3+L0Hwzt5Rzc4odMscBPr4DbEg7KhsQZQZ0BzjM5KDxVE2Pq3XD84f+LUgvxLqkuxnF3kK9w7UVTPXYG7pt1fWaokCSzfS9HUcuHkb/pw0UGKtguwlSH0d8WFWD+33caIjphBweZjgoTFr3C23AIZC3RmCFOajjzIsoM7ai2Ky2pavXSA9G09qqPT4/wTZSzBtrmUSvyaZWWxMFbKIhx25O54W4Z+H/sIikJMSUeiB4d4HkBxUbnpe3O6fxAWTLvYyKw3B/pgmOPWcvdG/XzGUEnl5RsvprgnKv2LDlzgXP6Hasxar8lxKqWtRbOUFU6z3kCgGdCt0o77XTLkLXsiaKSRYB5XSqu4v5ZVgePr7ksKxaKeEsqtoerTa4HpMhSe2OHQoudQpJqm9LrIh2v2vYVqQ4M/waagozQwr0v8NlslA+g2vG60HMZa775qOt363Qw2sgTWjh0CO/CUGYyNq6QT4br1H0BRC2X2tnCYyC1a5GrdM3x2F8+XZW0Bo6//mg3I0O2QFe+l08HMgUVH3XLsJ5GL/eIMKKn9mJusahBNX8w/qu3roouTXz39JewBUSL7+yCI5oD5uU57p1z0OqKM+8zNvVHkFs70/NcRnS3tlOPtmx8M4sIzIshMqGa1lC7fUw1wlX5AlK1OfFFtrSKfp+gTH977iqw0QDuzqHjTUsMDcNVeyMWiYH2LO8DQg2yUCAe3OBJqHkVbcu6NbNckyGSNTkjsTTGs6mNCiqsc0YvM0DbU3/5TyHf/2DPBWJxW1Jl8Q1RIwsWiwvZhC8SeKySl2uLe2d+9e85txUXTRVcVdA0qyTWnfF0UvoM6f+NFKwGXZFEjqk5tKC2gRFk5Xw7zbNqtWFMhQPs6XWQDBcuV+MDgema06B0hOBfZs7+y36IL6CpppTWNuqhBIRrgR2fLa3dnbkcBen9Sn/6hLK5XE6Y8VjNlYoymsKiqzSYCoSsfpxTuw0FGo7X+gcZcPxy06/oqAzOvn7kNMMwpZJW7JLRpzvBEFTCaK2Jtu72Rp0CPc77XXVI/PsS3g7Zhn/CjSx6RMEIY/kKlAw1/UnBODODQZ2g7QotGJKgxSq/0Ho2mjKjuXdmFTzemcSEVBm4gcumJ6mtVLAy2ggssIkU2n3KMLwQmB/beUOgWE9QINdY9grlixBMHIDOBuClpUKKA0A2ZDRrF2NRDxP9jfaquc0m2aUL1BExQQIOKS7Q8oC/Xqg3LneW/Ht5FS3K8KylFAj9mDEBIxP3PDqF/FyxZ+85GNQUe5XhEBRdJZuPYhUbEB7dOzdiua7UHYd97bZk4O+HUMeprd9MMFSefa4LW4++tSec2KKtywoLBoq95Z41vdDRywLudaqgYfASY4COI5xJhUXVvkOd1zJXMHd5t2vCBxhSo8opB7QZsE4dRX+MZ/emvxsk6e1f+olg2P/O6DuE7WNUI5hBMAPihHOEMnM1nCa6EWUoQ7NbRNlhf+af12lsGbhBgLG1Rt3gNxy/TYuMy8qUDbAnOMqREOJN9nr39EeFWiClXSmWLzwQmeqnpmRr00bPfLDSb38QBUs+xUwiO53qr6z7Ze0oBsj0UOf6svXjbW/I+ywxLwPnHLl3d5SV9dpjm2jcubaMzwEU9NVWUVuhOYpDCKeGbNSBuBm6gPOa1z/sECGqywxavPrHKiCEAF3ZBlnz5cMuC/k0KudCJVNnvPHpPjDMhObZD7/Mc3SlUzch7jXXizEZi2YXd5d5yAWjz/dnMPW+JxOYTtcp7JZwoB+uqxPnxHIe7qlQPVLReK3YFc5Y7sv+8Sx6GXOJx/tNA60MxMlYGhwyx2C216b0QyEtEGOzUaWJjpA741qp4OaYxsh8zh7zywV25TJWcvh5BI5JJWIFzchnidFadU5eipFkeEHOwcqXvKq8OowwbCq7SdjK/fAm9rr+SPpzgkGsDplLSyV35dNKWbetFHpBjIEiPzmRWpmRXG14s+SN3qWo7YGL8JcQQ0R3gUQm8zhmb2D6EoEaaum9wOZ/VH8XCrjlett8Wh+TyUdRwapF6u7+HyMvDkbs66cIQcN+tWBSn/39KMsuYyiF9cVytfLp5U8WW4mTQJdKG17FnJLCOWyFa2nYomhuwAvo0jQuZCif/GOJMK5pg9AyL+NFPAckHRihMoJ99CuWQRovv29ycSyldVcB1B5HufHQuArMTPVDplv/3abj4DNj/a/YKmdMyu3eAsaXroxngT4G2Ko7IUeONen6+zH0HqQqcQvMoRV3HMRyt14eY3bxvYftczDMAUg1xdHut640NaEfQVsfs/5ox8CGeq9Z9rUZlbc53nPbLJaKlNcRNyaRoB9+VPDU9ucnGcQ2ZjEUvAvM970aDVlOievTSNtTKNPb+WkNFkMXqNlgjPMWsR9fTm0iHLteJh94IdWu3433ctMQnl92xNl5AoYDOmp++uQ9n3IXsdJTyVh79WM9tJ2fcY/u4HwEmhpNJ93jVyITG0iUPFMiMS+6XwcpBoPp01XgfreMmixx/qKvWBFecGV+PDSaLuFoxJj2K/MJ5uZ2c2GSXvx1fp2zKICQZ7Vjrx+TVq013Ftr2ked1SxGJq/TMwVyThKUq7ftZI2zIJhq2D6Y+RknKmx2mgaAXH3Ue6KqlXO577kcCtXC90t6YZUvgS1PJhBJRHsRGoPDofXs3e3LaaXnnYKFpydOUft8diBDTAxnxiRH4Mx5vtyrSHxkDq0XBCiuLoxFCCjGfDA3+2TgLZ+e6ymn3k9+GJDj/Ow9QkZDZzcntzbL63SSRBG63NgQB4Meqf68vta6+AHG0IrkxUTn+qjKTHA+Nwtr/iO88r1fDshkDb3drQTC9LM1tI6MVO9qaMNVKa7pLXE1bz7arRxzaQ5baveRa23W+Cjdd+W/FEFld5dxgWRu187D2mRKmbuT8WY4R+UDwROs3amklfJhpgooNLOLj/+If88OzYb4j2b2PdvwInNf8mSlE7jizGuXQs/Gm1MRXvig0QwDtJHoEx75AweJSmkC+SVSJm60+65BvEX7bV/j/IO8dEncE+HYP0jkFlRDzcs1j/RGwBZYk6rn2wGF8oqoncBQYHjwHZ5A8gzvsKwNpEK8Jtj4s//jy4UC6d6tBCp76zIk9FGYgv96dArX7PpMINzsIuHLAf7ox5S9+18qOzTlpXhCBgUgypyeLRqALcaL36riUt/95EiBLZ3KRvCTo0vufyz4/mwh6j07yjx1NOtT0p7dfyjsicnvNwzRAcm2E+ubaPGTgqYC47LtzHmdJqueLUS3lvw+nH99w+IeW3++fHq3eWGOCnawZx6J2zXEbdsyvoqoifPFTN2//HEyFPF1ZXuLOW5sjTRQUDz8HV1ik+NwWG1J9ZbcK79oZtaq7gS4YJdFqu/zc0i6tWp0+5BBhQ+k/e+CDW2z4+kcYun4Z6K4Od4UsBlIHNRmXB2gRpxh06Vw1kffrlWvWQ0reyGVN/2ei8e6Od5aGJKfewklzzOkJAFAKpyYGcfCjQr5pfGgu27W5Xf5TbPFJiPbO44FSkBc6NA75kIqzCoyJnFajLYgvcecTbqxAbbxmJAmy7qtOGzl81mLowBvhdPo7N7nxZ959P5fDots+Lw1PDrExJvir5RgPna11Jp3duMlI7nUeuSSGlJKevvWOW2Ck6UU7iGsmHuCHjId8bITor5B0C2WL4VF1Bhs4hSwqzpoc6zsLkO4XCrDF3S8PXTxzuaT8AIlUQuJyR2bKkyKpXMvZ6G4hovNbvnwQQsPZetJjI6MdqBrTfA2kAWJbpStZTshfKu1/S67kTgMEJQSEY8xlYyLTejA2LkNe4j8Pfd+8eMeTCZW2L5unVdthEUH9P4YE7X8z4yAtsYAq2u/9wL/vF5AziwH27rZYbfRQv8C7wJfOpSI6tqz9XDYu0WhCTU9WlnFDEqGuz+VS4E50kWhPHeCQ7w1fbbjqZWsrKn5blqc2hC84eIRyngX4xJ5q3u7E1rMqhqhwUFeAKuLmeJqbFO1WytuD1m0d9oVAH5zI0h3saSpH7Y0MTdlw/KdMsWcSgrSS+7pXbuU128i8tL74y86W71GkHvp8O0OignqYJe2bO8GyxnJ6XTe4LkcLcXc443ymJ7iP5KNvU8zBNLhmLHUJjzOj3Wc+Mp9hbYcSWQ7/KnUtCrZ88f8YZePs/gQ5ZB9ctkGEc3H1Jjh4pFpTaPK6sDPqle3jKwcX73r7R86hKhnGbMNYvwAFTLP48qVIrfWD2DuWP+aUc4lom8F9qwhedwuk6+GKp4PWcdUDDmSvIrl84O06duKL6A1883AMjL43wczzLNXIOKV0AGHYRPdtSqJpfcbXuGt1oJOvy6pX396VwrOToLBIGuFXzTYe6tpwZM6/ELZHLc0pJ7UwtpXn4HgXVx7HSt5u3KmOXgJtnUWFtCnJV7bA4HTjgIKabL0mb1CsTsZgJkG3R7i8/RkvmXa7kNdTmj5IS+3svd0yXdyur0WBJ0AdAeHtTiE+Wo+pmr4juL3cgSWponyMgqsKGREOdBzjXXUWd0wNInIpZCNGRjHgmDBKetgzLU9HgCdbfvsPwa8aW5+RYhcinMAttv7ZrObCsA6HcT3xyoDsA+FEnGyTJCiqtDH1+9wuRrb6WVBoDf1ymlJo1O9+ecNqI+BEcZjFtOYihXiI91oT+IjATm7RV5mF0++Cu9eV5OMfUUYi4lapM3zKyQp7hOjZ3+QVudjQwjbyY13BWK2kHL7bCt+w3p7Ipwz9bpXfIUHzeF0aKDCJGSQ+KWYYzkNZcPqYRCSUevU8DNqem/JRLE0QxZ5nfZQ3ZIdk8J/SKz5DX6kBnixMVQmK8MUkuWs5erRu2Ca22b+MZx0XpecNf/rbsHeJ668XnDIicfoVaEtk6njCItijuUOBaLXX8riGIKJ4XmZdvDFk+FqnFPflsTFNNqGIYMsEN38chO8gIN1AG7rxxU8VVlqUX+Fs1v6pRLtq37lWZB1oAsDqmTOmVoNFTHxFSquEHq6eWlrVSRiCWl7Ggworc+RzVd8DSlNw9dY0jwFphrgvU/h1se3yDxTewzi6j7LdpJx5PyuOBR3pmjcfMMWy7nAacej1PQstZ+uk8lE7uVysoMh9B59mJq0VGicn6EWBfKQyPDiz1rijOsIrhEbKxkyL62pxhsM4rNgs0KFjQ7x/G7DocKiuFtTdB6quUJARsayZZ41kEN5WR5wVtxTYC6dI5H6qxopEbW0FULBYmU4r6sg/Auoac4sqKwR0pTYDouBBBcTvu3xaiK5eNcRSOc/zVZ2uWzWeyaGyK8MPdM8uiIY/chSNlObHZBSTyDZFkV2rlWPG72HYYHPnF3DGP0jtpVsGldpGgkIzfKKr4kyKzryctb8RKUswldlM7mhpt7AqlwbEI//8ke+NnLbVwuWa3DLjlDG0jwoCBIhIXKmt8okVt9PhwP3fTiKHnb/AbkYAY0yA0NbwKCjukPsyDKqWXuy8GmFyvJAVUPB16Ujlm8sM2Wrj5TN7c6MdvYU/Ph3amMbDER8Zzu70Is1mc0M4/euAsN/NZRQn9aj6fqTIsUowIAsjGLEUrsSDJJ6bV46f+Fzwimr0ZR5FfKw49t9NXaXsbMcfuHJI6PH0DB+xinNthaLJEFkLE/gUZHBUjUo03lC4Z/aBzNWMhYEECagnBCuS4nemlL4+StS4vTT5ZKEpzkvtfcoQscrQ5VMGc7gOOg4DAXPZ0S9rPpDwdRVFyoQZ1I/+TZUP8Xylm3yrRVfR2QQuAJqsOf5//Iyu8qU109UZsdJQGz4bjL6CseMz4uH+3QOmlI+AncQS5rDX4vPgLWk+mQhhxv8trZUnM4ypcDM374vrfgj1T9mGxT5Mdkla5a3RlXbdOykI9mpk8hjtKIegE1ojtcz8tY6WPpWu7zGyBpxbq6EVPn2V2GlUau5bcaZDg3I177p2++pb7lJxttCw0s9E/j8JNnS4lUyxQJQDzRrPdl0xKh7PTVZvpa01mRV0izujoeGe/JSXZuBN4mrtEeUOnxMtg7NWd+TqRO+P6GFCGx0E/xR5M5gFBd39rxvTIMaBMSgsUIMCoceSWGQF8HsC8UtF4jHjaU1U3NSAxBdgAEVY+URjET2YQC+xqFGZSgXdu3YUrFWv/OzsCme3zV9wJtxJyANCpZdBcWmIWCCRI82/cNnJ8kIGKl/ZmaCOpXRxziRZ5JdaSRfSsIPe3ypUpsxivGgOa+s1KS6nRaKPKLgwiVFM9+DjwsPFV1BVajJo9F3KJO1RLYzyV/6lXfolphZGrVbrI9IF9JXmdGoUJbczpa0eWXZ95r9YQ29UoR8QuYTJ1SpJsiS5nudXtGuqA//ZOPGe3ieYnEktJYZuTfRC6QPRC/KLkNnXB16kZYMwCA4hRxThQRcUYw1dT/I2zKdDKI99i7dKAbDgpmFXSlD1nz3uOqcG68vycYTOt6V1qjMFP8Q/CIHHfG1czV8Nee4ay1AbEaOx0CkLePpTwOPG9tRPJuvq0QZi+k/C48yYctb4BTkggOWLLIbUop5M2FlW4/zomOeLmli4mcY17RBi1ZtnLhqxnYQ3z70/MALIxrFeBBwH+fDeEqZSWl3ky0pECQ0Iuop48WVoaqeTu8mrNtFi9AZoSmzdYvND7dxPbeAUDry5dCSctiuVT/Rrk3RkaRJD4SWkpzBIll7zayhVlCEGHmrp/u0pDhyCPazEGqOqV8APDha8caAdfvNK7xChyZOgyHi78lhwyg2JJGrDPe31zicAaQQjmXiup7MEpijxQ0lXZd+exdKD4mFoMBCIwIkpipEclHH8eFCBM2DqaTIF4Q67rM2RqBgT7HjRHOoGXBIl2vyFBo1DB3Hw9egSzjBvjJJGlOuTQrQ="))
响应结果的解密部分已经完成,开始构建请求。可是在构建的过程当中,获取到的结果却是500,并不能获取到响应。
import time, execjs
import requests
data = {"pageNo": '1',
"pageSize": '20',
"total": '0',
"AREACODE": "",
"M_PROJECT_TYPE": "",
"KIND": "GCJS",
"GGTYPE": "1",
"PROTYPE": "",
"timeType": "6",
"BeginTime": "2022-12-19 00:00:00",
"EndTime": "2023-06-19 23:59:59",
"createTime": '[]',
"ts": str(int(time.time()*1000))
}
headers = {
'Host': 'ggzyfw.fj.gov.cn',
'Origin': 'https://ggzyfw.fj.gov.cn',
'Portal-Sign': 'db0de44089efc2ea180df378722cc1e4',
'Pragma': 'no-cache',
'Referer': 'https://ggzyfw.fj.gov.cn/business/list/',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36',
'Accept': 'application/json, text/plain, */*',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Length': '226',
'Content-Type': 'application/json;charset=UTF-8'
}
url = 'https://ggzyfw.fj.gov.cn/FwPortalApi/Trade/TradeInfo'
response = requests.post(url=url, headers=headers, data=data).text
print(response)
这就很奇怪了,代码只有这几行,也没有其他的成分,思来想去,请求的包一定没错,post请求参数是固定的,出的问题就只能是在headers里面,我们重新对比一下各个包的headers有什么不同,结果如下
看来逆向分析并没有结束。我们撸起袖子接着干
二、headers中的sign值的破解
全局搜索变量Portal-Sign,发现只有在一个包内出现,如下
点击进入,发现这个值是由getsign()生成,继续ctrl + f 寻找getsign方法,如下
我们可以发现,这又是一个连环的嵌套
打上断点,调试看一下,数据是怎么运行的
很奇怪,没有认识的数据,而且不断地点击下一步,会不断地重复执行,每次传入的参数e在不断变化,从而导致 f.getsign(e) 的值也不断地发生变化
这就变的非常的棘手,但是话说回来, 不论参数怎么变化,最后生成我们看到的值,就代表运行到最后一定会有结果。
如果我们找到调试过程中生成的值,跟在headers里面显示的值相同,那么回过头找生成的过程,传入的参数怎么变化的,执行到第几次才变化成我们想要的值,这个过程是怎么样的,就变得简单了。
耐着性子不断地执行执行,反复的调试调试,当然,这个过程是很漫长的,也没啥好说的,调试看变化就行了。发现了如下规律
当传入参数 e 是我们发送post请求时携带的参数的值时,返回的数据跟我们在headers当中的数据才保持一致。
把js代码全部抠出来,放到pycharm当中。
var e = {
"pageNo": '1',
"pageSize": '20',
"total": '0',
"AREACODE": "",
"M_PROJECT_TYPE": "",
"KIND": "GCJS",
"GGTYPE": "1",
"PROTYPE": "",
"timeType": "6",
"BeginTime": "2022-12-19 00:00:00",
"EndTime": "2023-06-19 23:59:59",
"createTime": '[]',
"ts": '1687144878878'
}
function u(t, e) {
return t.toString().toUpperCase() > e.toString().toUpperCase() ? 1 : t.toString().toUpperCase() == e.toString().toUpperCase() ? 0 : -1
}
function l(t) {
for (var e = Object.keys(t).sort(u), n = "", a = 0; a < e.length; a++)
if (void 0 !== t[e[a]])
if (t[e[a]] && t[e[a]] instanceof Object || t[e[a]] instanceof Array) {
var i = JSON.stringify(t[e[a]]);
n += e[a] + i
} else
n += e[a] + t[e[a]];
return n
}
function d(t) {
for (var e in t)
"" !== t[e] && void 0 !== t[e] || delete t[e];
var n = r['d'] + l(t);
return s(n).toLocaleLowerCase()
}
console.log(d(e))运行之后发现缺少很多的函数,我们依次加上
在多次的调试过程当中,发现这个 r[''d] 是一个定值,我们可以将他写死,更改该变量为 a,传入即可
继续运行,
查找 s 函数,选中找函数位置
发现是个md5加密,这个我们可以自己用代码还原,不用抠代码了
到目前为止,我们找到了所有的js 代码,我们重新刷新一下,再次加载这个包,将参数当中的时间戳写死,看headers中的sign值跟js代码中生成的是否一致,不一致则我们前功尽弃。
js 测试代码如下,为了方便观察,将sign值的生成用函数封装起来
var e = {
"pageNo": '1',
"pageSize": '20',
"total": '0',
"AREACODE": "",
"M_PROJECT_TYPE": "",
"KIND": "GCJS",
"GGTYPE": "1",
"PROTYPE": "",
"timeType": "6",
"BeginTime": "2022-12-19 00:00:00",
"EndTime": "2023-06-19 23:59:59",
"createTime": '[]',
"ts": '1687157140502'
}
function headers_get_sign(e) {
var a = '3637CB36B2E54A72A7002978D0506CDF';
function u(t, e) {
return t.toString().toUpperCase() > e.toString().toUpperCase() ? 1 : t.toString().toUpperCase() == e.toString().toUpperCase() ? 0 : -1
}
function l(t) {
for (var e = Object.keys(t).sort(u), n = "", a = 0; a < e.length; a++)
if (void 0 !== t[e[a]])
if (t[e[a]] && t[e[a]] instanceof Object || t[e[a]] instanceof Array) {
var i = JSON.stringify(t[e[a]]);
n += e[a] + i
} else
n += e[a] + t[e[a]];
return n
}
function s(t) {
const crypto = require('crypto');
const md5 = crypto.createHash('md5');
var cryptostr = md5.update(t).digest('hex');
return cryptostr
}
function d(t) {
for (var e in t)
"" !== t[e] && void 0 !== t[e] || delete t[e];
var n = a + l(t);
return s(n).toLocaleLowerCase()
}
return d(e)
}
console.log(headers_get_sign(e))获取到一模一样的字符串,因此我们的判断是正确的。
那这样的话,再次去构造请求,会不会获得响应呢? 答案是肯定的。
至此,所有的js逆向分析结束。
三、代码示例
# ! /usr/bin/nev python
# -*-coding:utf8-*-
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
import time, execjs, json
import requests
class Fujian_exchange():
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
def __init__(self):
self.data = {"pageNo": '1',
"pageSize": '20',
"total": '0',
"AREACODE": "",
"M_PROJECT_TYPE": "",
"KIND": "GCJS",
"GGTYPE": "1",
"PROTYPE": "",
"timeType": "6",
"BeginTime": "2022-12-19 00:00:00",
"EndTime": "2023-06-19 23:59:59",
"createTime": '[]',
"ts": str(int(time.time()*1000))
}
self.headers = {
'Host': 'ggzyfw.fj.gov.cn',
'Origin': 'https://ggzyfw.fj.gov.cn',
'Portal-Sign': self.get_sign(),
'Pragma': 'no-cache',
'Referer': 'https://ggzyfw.fj.gov.cn/business/list/',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36',
'Accept': 'application/json, text/plain, */*',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Length': '226',
'Content-Type': 'application/json;charset=UTF-8'
}
self.url = 'https://ggzyfw.fj.gov.cn/FwPortalApi/Trade/TradeInfo'
def get_sign(self):
with open('../Test/js/text_js.js', 'r', encoding='utf-8')as f:
result_js = f.read()
headers_sign = execjs.compile(result_js).call("headers_get_sign", self.data)
return headers_sign
def parse_response(self, response):
with open('../Test/js/text_js.js', 'r', encoding='utf-8')as f:
result_js = f.read()
parse_text = execjs.compile(result_js).call('b', response)
return parse_text
def get_res(self):
response = requests.post(url=self.url, headers=self.headers, json=self.data).text
response = json.loads(response)['Data']
response = self.parse_response(response)
print(response)
if __name__ == '__main__':
f = Fujian_exchange()
f.get_res()js 部分
//响应数据解析
var CryptoJS = require('crypto-js');
function b(t) {
var e = CryptoJS.enc.Utf8.parse('BE45D593014E4A4EB4449737660876CE')
, n = CryptoJS.enc.Utf8.parse('A8909931867B0425')
, a = CryptoJS.AES.decrypt(t, e, {
iv: n,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
return a.toString(CryptoJS.enc.Utf8)
}
//headers中sign值解析
function headers_get_sign(e) {
var a = '3637CB36B2E54A72A7002978D0506CDF';
function u(t, e) {
return t.toString().toUpperCase() > e.toString().toUpperCase() ? 1 : t.toString().toUpperCase() == e.toString().toUpperCase() ? 0 : -1
}
function l(t) {
for (var e = Object.keys(t).sort(u), n = "", a = 0; a < e.length; a++)
if (void 0 !== t[e[a]])
if (t[e[a]] && t[e[a]] instanceof Object || t[e[a]] instanceof Array) {
var i = JSON.stringify(t[e[a]]);
n += e[a] + i
} else
n += e[a] + t[e[a]];
return n
}
//md5加密
function s(t) {
const crypto = require('crypto');
const md5 = crypto.createHash('md5');
var cryptostr = md5.update(t).digest('hex');
return cryptostr
}
function d(t) {
for (var e in t)
"" !== t[e] && void 0 !== t[e] || delete t[e];
var n = a + l(t);
return s(n).toLocaleLowerCase()
}
return d(e)
}四、思路总结
响应解析:重点是打xhr断点,让其要加载时自动停止,按照人家的加密方式找方法,抠出来或者自己实现。
解析headers中的sign:
首先发现他是隐藏在headers中变化的值,
其次找到方法并对方法的产生正确的理解,比如这个方法的反复调用的原因:多个包的加载都依赖于此方法,因此会反复调用,从而造成每次传入参数的不同,不易寻找。
继而找到正确的参数,重新构造
最后固定变化的值,比对抓包获取的值,进行判断,还原代码。
3147
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
