参考文章JS逆向中常见的window.webpackJsonp分析,网址JS逆向中常见的window.webpackJsonp分析_Zzzzzzzzzzzaa2的博客-CSDN博客_webpackjsonp
xhr下断点的话,直接输入网址,重新刷新,下断点方法如下图:
用栈堆追溯上去,找到cookie加密的位置
扣出js,这里碰见了(window.webpackJsonp = window.webpackJsonp || [])这种压缩代码,处理方法参考:JS逆向中常见的window.webpackJsonp分析_Zzzzzzzzzzzaa2的博客-CSDN博客_webpackjsonp
抠出来的js如下:
var window;
var global = {};
var getdata;
(function(n) {
var o = {};
function r(e) {
if (o[e]) return o[e].exports;
var t = o[e] = {
i: e,
l: !1,
exports: {}
};
return n[e].call(t.exports, t, t.exports, r),
t.l = !0,
t.exports
}
r.m = n;
r.c = o;
r.d = function(e, t, n) {
r.o(e, t) || Object.defineProperty(e, t, {
enumerable: !0,
get: n
})
};
r.r = function(e) {
"undefined" != typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, {
value: "Module"
}),
Object.defineProperty(e, "__esModule", {
value: !0
})
};
r.t = function(t, e) {
if (1 & e && (t = r(t)),
8 & e) return t;
if (4 & e && "object" == typeof t && t && t.__esModule) return t;
var n = Object.create(null);
if (r.r(n),
Object.defineProperty(n, "default", {
enumerable: !0,
value: t
}),
2 & e && "string" != typeof t) for (var o in t)
r.d(n, o, function(e) {
return t[e]
}.bind(null, o));
return n
};
r.n = function(e) {
var t = e && e.__esModule ? function() {
return e.
default
} : function() {
return e
};
return r.d(t, "a", t),
t
};
r.o = function(e, t) {
return Object.prototype.hasOwnProperty.call(e, t)
};
r.p = "";
getdata = r;
})([])
'[]"里边的就是抠出来的push数组的函数,这里需要做的处理如下:
global.jakepat = G[C(522)] = function(a, f) {
var s = C;
I[s(624)](f, null) && (f = a, a = {});
G[s(891)](a, function(n) {
for (var r = s, t = [], e = 0; I[r(1548)](e, n[r(1691)]); e++) {
var o = n[e];
if (I[r(1286)](o[r(850)], a[r(1255)] || I[r(783)])) t.push({
key: o.key,
value: I.FDTDF
});
else if (I[r(462)](o[r(1661)], r(1700))) t[r(452)]({
key: I[r(521)],
value: I[r(742)](b, o.value, function(n) {
var t = r,
e = b(n[2], function(n) {
return n.join ? n.join("~") : n
})[t(1539)](",");
return [n[0], n[1], e].join("::")
})
});
else if (I[r(507)]([I[r(1530)]][r(1149)](o.key), -1) && H()(o[r(850)])) t[r(452)]({
key: o[r(1661)],
value: o[r(850)][r(1539)]("~")
});
else if (-1 !== [I.sddir][r(1149)](o[r(1661)]) && H()(o.value)) t.push({
key: o[r(1661)],
value: I.IULpW(p, o[r(850)].join("~"), 31)
});
else if (-1 !== [I[r(1595)], "localStorage", I[r(478)], I.hfzvw, I[r(1676)]][r(1149)](o[r(1661)])) {
if (!o.value) continue;
t[r(452)]({
key: o[r(1661)],
value: 1
})
} else o.value ? t.push(o[r(850)][r(1539)] ? {
key: o[r(1661)],
value: o[r(850)][r(1539)](";")
} : o) : t[r(452)]({
key: o[r(1661)],
value: o.value
})
}
var i = {};
Z()(t).call(t, function(n) {
var t = r;
i[n.key] = n[t(850)]
});
var u = I.qrTqB(l, I.PNXDL, JSON[r(1347)](i)),
c = I[r(570)](v, I[r(791)](u, I[r(222)]));
global.jjs = u;
global.jjl = c;
})
}
出口函数如下:
function getid() {
getdata(278);
global.jakepat();
return global.jjl;
}
function getsign() {
getdata(278);
global.jakepat();
return global.jjs;
}
module.exports = {
getid
}
module.exports = {
getsign
}
这里用noodjs代码如下:
const express = require('express');
// 对网站首页的访问返回 "Hello World!" 字样
const app = express();
const test = require('./routes/test');
app.get('/', function (req, res) {
result=test.getid();
res.send(result);
});
app.get('/test',function (req, res) {
result=test.getsign();
res.send(result);
});
app.listen(3000, function () {
console.log('Example app listening on port 3000!')
});
app.listen(3000, () => {
console.log('开启服务,端口3000')
});
使用py文件去爬取自己搭建的客户端:
import time
import requests
url1 = "http://localhost:3000"
url2="http://localhost:3000/test"
gotid = requests.get(url1)
gotsign=requests.get(url2)
print(response.text)