上文链接
分析参数
acw_sc__v2 663449dacb63fbe529520fb21063cf354dbce1cf
既然在Cookie中那么需要借助Hook脚本
(function() {
//严谨模式 检查所有错误
'use strict';
var cookieTemp = "";
Object.defineProperty(document, 'cookie', {
set: function(val) {
if( val.indexOf( 'acw_sc__v2' ) != -1 ){
debugger
}
cookieTemp = val;
return val;
},
get: function()
{
return cookieTemp;
}
});
})();
断到如下位置:
跟栈找到关键位置
那么由此定位到参数【acw_sc__v2 】生成位置
再向上跟栈看由来,发现存在参数:arg1
那么由上文【某招聘网站搜索结果接口逆向之webpack扣取】可知,存在异常或acw_sc__v2过期时会返回异常页面返回时会给出 【arg1 】值
扣取代码
将该文件【interfaceacting230515.js】全部扣取下来进行补环境导出使用
/
/// Cookie
/// -- acw_sc__v2
var _cookieUtil;
!function() {
window._waf_is_mobile = false;
window._waf_traceid = "";
window._waf_nc_width = 300;
(function(a) {
if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(a.substr(0, 4))) {
window._waf_is_mobile = true
}
}
)(navigator.userAgent || navigator.vendor || window.opera);
if (!window._waf_async_initialized) {
window._waf_async_initialized = true;
var _waf_functions = {
block_list: [],
oldXML: {},
block_show_flag: false,
test: 0,
getElementsByClassName: function(fatherId, tagName, className) {
node = fatherId && document.getElementById(fatherId) || document;
tagName = tagName || "*";
className = className.split(" ");
var classNameLength = className.length;
for (var i = 0, j = classNameLength; i < j; i++) {
className[i] = new RegExp("(^|\\s)" + className[i].replace(/\-/g, "\\-") + "(\\s|$)")
}
var elements = node.getElementsByTagName(tagName);
var result = [];
for (var i = 0, j = elements.length, k = 0; i < j; i++) {
var element = elements[i];
while (className[k++].test(element.className)) {
if (k === classNameLength) {
result[result.length] = element;
break
}
}
k = 0
}
return result
},
domReady: (function(ready) {
var fns = [], fn, f = false, doc = document, testEl = doc.documentElement, hack = testEl.doScroll, domContentLoaded = "DOMContentLoaded", addEventListener = "addEventListener", onreadystatechange = "onreadystatechange", readyState = "readyState", loadedRgx = hack ? /^loaded|^c/ : /^loaded|c/, loaded = loadedRgx.test(doc[readyState]);
function flush(f) {
loaded = 1;
while (f = fns.shift()) {
f()
}
}
doc[addEventListener] && doc[addEventListener](domContentLoaded, fn = function() {
doc.removeEventListener(domContentLoaded, fn, f);
flush()
}
, f);
hack && doc.attachEvent(onreadystatechange, fn = function() {
if (/^c/.test(doc[readyState])) {
doc.detachEvent(onreadystatechange, fn);
flush()
}
}
);
return (ready = hack ? function(fn) {
self != top ? loaded ? fn() : fns.push(fn) : function() {
try {
testEl.doScroll("left")
} catch (e) {
return setTimeout(function() {
ready(fn)
}, 50)
}
fn()
}()
}
: function(fn) {
loaded ? fn() : fns.push(fn)
}
)
}
)(),
hookJSONP: function() {
var index = 0;
var self = this;
function jsonpFactory(oldFn, key) {
return function() {
var script = arguments[0];
if (script.tagName && script.tagName.toUpperCase() === "SCRIPT") {
var url = self.parseURL(script.src);
var old_src = script.src;
var parsedSearch = self.parseQuery(url.search);
if (self.isConfigUrl(url)) {
var cbName = "ua_waf_cb_" + index;
window[cbName] = createHackCb(script, cbName);
var addData = parsedSearch.u_asession ? {
u_acb: cbName
} : {
u_atype: 3,
u_asec: getUA(),
u_acb: cbName
};
url.search = self.addQuery(url.search, addData);
script.src = self.combineUrl(url);
script.old_src = old_src;
index++;
self.resetUA()
}
}
if (this.tagName.toUpperCase() === "BODY" && _waf_body_copy.tagName.toUpperCase() === "BODY") {
var result = self.$directApply(_waf_body_copy, "_waf_old_" + key, arguments);
return result
}
var result = self.$apply(this, oldFn, arguments);
return result
}
}
function createHackCb(script, cbName) {
return function(data) {
if (data && data.u_astatus) {
self.showBlock(data.token);
self.block_list.push({
type: "jsonp",
which: "captcha",
script: script,
onload: script.onload,
onreadystatechange: script.onreadystatechange,
callbackName: cbName
})
}
script.onload = script.onreadystatechange = null
}
}
var head = document.head || document.getElementsByTagName("head")[0];
self.hook(document.body, "appendChild", jsonpFactory);
self.hook(document.body, "insertBefore", jsonpFactory);
self.hook(head, "appendChild", jsonpFactory);
self.hook(head, "insertBefore", jsonpFactory)
},
syncStatus: function(xhr, copy) {
try {
var syncList = ["readyState", "response", "responseText", "responseXML", "status", "upload", "statusText", "DONE", "UNSENT", "OPENED", "LOADING", "HEADERS_RECEIVED"];
for (var i = 0; i < syncList.length; i++) {
var name = syncList[i];
try {
copy[name] = xhr[name]
} catch (e) {}
}
if (copy["timeout"] !== undefined) {
xhr["timeout"] = copy["timeout"]
} else {
copy["timeout"] = xhr["timeout"]
}
if (copy["responseType"] !== undefined) {
xhr["responseType"] = copy["responseType"]
} else {
copy["responseType"] = xhr["responseType"]
}
if (copy["withCredentials"] !== undefined) {
xhr["withCredentials"] = copy["withCredentials"]
} else {
copy["withCredentials"] = xhr["withCredentials"]
}
var needReplace = ["getResponseHeader", "getAllResponseHeaders"];
for (var i = 0; i < needReplace.length; i++) {
var name = needReplace[i];
copy[name] = (function(fnName) {
return function(e) {
return _waf_functions.$apply(xhr, xhr[fnName], arguments)
}
}
)(name)
}
} catch (e) {}
},
hookXHR: function() {
if (XMLHttpRequest) {
oldXML = window.XMLHttpRequest;
XMLHttpRequest = this.hookXMLHttpRequest;
this.hookXMLHttpRequest.prototype.addEventListener = oldXML.prototype.addEventListener
}
},
addPostData: function(oldData, addData) {
var data = oldData ? ("?" + oldData) : "";
data = this.addQuery(data, addData);
data = data.substr(1);
return data
},
hookXMLHttpRequest: function() {
var originXHR = new oldXML();
var hookXHR = this;
_wrapNativeFn(originXHR, this);
_bindEvent(originXHR, hookXHR);
_waf_functions.syncStatus(originXHR, hookXHR);
originXHR.onreadystatechange = function(e) {
_waf_functions.syncStatus(originXHR, hookXHR);
if (originXHR.readyState === 4 && originXHR.status === 200) {
try {
var result = originXHR.responseText;
result = JSON.parse(result)
} catch (e) {}
if (result && (typeof result) === "string" && result.indexOf('appkey: "CF_APP_WAF", // \u5e94\u7528\u6807\u8bc6') > -1) {
window._waf_traceid = _waf_functions.getWafTraceId(result);
hookXHR.id = _waf_functions.test++;
_waf_functions.block_list.push({
type: "xhr",
which: "captcha",
oldXHR: hookXHR
});
var nc_token = "0b72f618-4c1-4aba-9a78-f" + (new Date()).getTime() + "ba";
var cptLang = "cn";
if (result.indexOf('language: "en",//语言包,默认中文') > -1 || result.indexOf('language: "en", //语言包,默认中文') > -1) {
cptLang = "en"
}
_waf_functions.showBlock(nc_token, cptLang);
return
} else {
if (result && (typeof result) === "string" && result.indexOf("acw_sc__v2") > -1) {
hookXHR.id = _waf_functions.test++;
_waf_functions.block_list.push({
type: "xhr",
which: "jsclg",
oldXHR: hookXHR
});
var arg1 = result.split("var arg1='")[1].split("';")[0];
_waf_functions._0x4818(arg1);
_waf_functions.hideBlock(null);
return
}
}
}
if (hookXHR.onreadystatechange) {
hookXHR.onreadystatechange.call(hookXHR, e)
}
}
;
originXHR.onload = function(e) {
_waf_functions.syncStatus(originXHR, hookXHR);
if (originXHR.readyState === 4 && originXHR.status === 200) {
try {
var result = originXHR.responseText;
result = JSON.parse(result)
} catch (e) {}
if (result && (typeof result) === "string" && result.indexOf('appkey: "CF_APP_WAF", // \u5e94\u7528\u6807\u8bc6') > -1) {
window._waf_traceid = _waf_functions.getWafTraceId(result);
return
} else {
if (result && (typeof result) === "string" && result.indexOf("acw_sc__v2") > -1) {
return
}
}
}
if (hookXHR.onload) {
hookXHR.onload.call(hookXHR, e)
}
}
;
hookXHR.open = function(method, url, async, username, password) {
this._url = url;
var is_async = (async === false ? false : true);
var parsedUrl = _waf_functions.parseURL(url);
var parsedSearch = _waf_functions.parseQuery(parsedUrl.search);
if (originXHR.open.call) {
if (username) {
originXHR.open.call(originXHR, method, url, is_async, username, password)
} else {
originXHR.open.call(originXHR, method, url, is_async)
}
} else {
if (username) {
originXHR.open(method, url, is_async, username, password)
} else {
originXHR.open(method, url, is_async)
}
}
this._method = method;
this._parsedUrl = parsedUrl;
this._parsedSearch = parsedSearch;
this._username = username;
this._password = password
}
;
hookXHR.send = function(data) {
_waf_functions.syncStatus(originXHR, hookXHR);
var parsedData = _waf_functions.parseQuery(data ? "?" + data : "");
this._sendData = data;
if (originXHR.send.call) {
originXHR.send.call(originXHR, data)
} else {
originXHR.send(data)
}
}
;
hookXHR.setRequestHeader = function(header, value) {
this._header = this._header || {};
var tmp_header = this._header[header];
if (tmp_header != null && (tmp_header.indexOf("application/json") > -1 || tmp_header.indexOf("multipart/form-data") > -1 || tmp_header.indexOf(value) > -1)) {
return
}
this._header[header] = value;
if (originXHR.setRequestHeader.call) {
originXHR.setRequestHeader.call(originXHR, header, value)
} else {
originXHR.setRequestHeader(header, value)
}
}
;
function _wrapNativeFn(xhr, copy) {
var fnNames = ["abort", "overrideMimeType", "dispatchEvent", "removeEventListener"];
for (var i = 0; i < fnNames.length; i++) {
var name = fnNames[i];
copy[name] = (function(fnName) {
return function() {
return _waf_functions.$apply(xhr, xhr[fnName], arguments)
}
}
)(name)
}
copy["addEventListener"] = function(event, cb) {
copy["on" + event] = cb
}
}
function _bindEvent(xhr, copy) {
var evnets = ["onloadend", "ontimeout", "onerror", "onabort", "onprogress", "onloadstart"];
for (var i = 0; i < evnets.length; i++) {
var name = evnets[i];
xhr[name] = (function(eventName) {
return function(e) {
if (copy[eventName]) {
if (copy[eventName].call) {
copy[eventName].call(copy, e)
} else {
copy[eventName](e)
}
}
}
}
)(name)
}
}
},
hookFetch: function() {
if (!window.fetch) {
return
}
var _fetch = fetch;
window.fetch = function() {
var url = arguments[0];
var parsedUrl = _waf_functions.parseURL(url);
var parsedSearch = _waf_functions.parseQuery(parsedUrl.search);
var param = arguments[1];
return _fetch.apply(this, arguments).then(function(response) {
return new Promise(function(resolve, reject) {
if (response.status != 200) {
resolve(response)
}
response.clone().text().then(function(data) {
if (data.indexOf('appkey: "CF_APP_WAF", // \u5e94\u7528\u6807\u8bc6') > -1) {
window._waf_traceid = _waf_functions.getWafTraceId(data);
_waf_functions.block_list.push({
type: "fetch",
which: "captcha",
originUrl: url,
originParam: param,
successCb: function(response) {
resolve(response)
}
});
var nc_token = "0b72f618-4c1-4aba-9a78-f" + (new Date()).getTime() + "ba";
var cptLang = "cn";
if (data.indexOf('language: "en",//语言包,默认中文') > -1 || data.indexOf('language: "en", //语言包,默认中文') > -1) {
cptLang = "en"
}
_waf_functions.showBlock(nc_token, cptLang)
} else {
if (data.indexOf("acw_sc__v2") > -1) {
_waf_functions.block_list.push({
type: "fetch",
which: "jsclg",
originUrl: url,
originParam: param,
successCb: function(response) {
resolve(response)
}
});
var arg1 = data.split("var arg1='")[1].split("';")[0];
_waf_functions._0x4818(arg1);
_waf_functions.hideBlock(null)
} else {
resolve(response)
}
}
})["catch"](function(e) {
resolve(response)
})
}
)
})["catch"](function(e) {
return Promise.reject(e)
})
}
},
hook: function(obj, key, factory) {
if (!obj[key]) {
return false
}
var oldFn = obj[key];
obj["_waf_old_" + key] = oldFn;
obj[key] = factory(oldFn, key)
},
eventHandler: function(ele, event, cb) {
if (document.addEventListener) {
ele.addEventListener(event, cb, true)
} else {
ele.attachEvent("on" + event, cb)
}
},
isConfigUrl: function(parsedUrl) {
var i = 0;
var testUrl = parsedUrl.original;
var Url_host = testUrl.split("?")[0];
if (testUrl.split("?").length === 2) {
var Url_param = testUrl.split("?")[1]
} else {
var Url_param = null
}
for (i; i < this.HOOK_LIST.length; i++) {
if (this.HOOK_LIST[i].split("/*").length === 2) {
if (Url_host.indexOf(this.HOOK_LIST[i].split("/*")[0] + "/") > -1) {
return true
}
}
if (this.HOOK_LIST[i].split("?").length === 2) {
if (this.HOOK_LIST[i].split("?")[0] === Url_host && Url_param != null && Url_param.indexOf(this.HOOK_LIST[i].split("?")[1]) > -1) {
return true
}
}
if (Url_host[Url_host.length - 1] === "/") {
Url_host = Url_host.substr(0, Url_host.length - 1)
}
if (Url_host === this.HOOK_LIST[i]) {
return true
}
}
return false
},
mockVerify: function(data) {
var result = {
u_atoken: data.token,
u_asession: data.sessionId,
u_asig: data.sig
};
this.hideBlock(result)
},
showBlock: function(token, cptLang) {
var self = this;
var NC_Opt;
if (self.block_show_flag) {
return
}
self.block_show_flag = true;
_waf_functions.initSlideDom();
if (_waf_is_mobile) {
NC_Opt = {
renderTo: "#nocaptcha",
appkey: "CF_APP_WAF",
scene: "register_h5",
language: cptLang,
width: window._waf_nc_width,
trans: {
"key1": "code100",
"user": "default",
"aysnc": "1"
},
token: token,
isEnabled: true,
times: 3,
success: function(data) {
if (data.token === undefined) {
data.token = token
}
self.mockVerify(data)
},
fail: function(failCode) {},
error: function(errorCode) {}
}
} else {
NC_Opt = {
renderTo: "nocaptcha",
appkey: "CF_APP_WAF",
scene: "register",
trans: {
"key1": "code100",
"user": "default",
"aysnc": "1"
},
token: token,
language: cptLang,
isEnabled: true,
times: 3,
success: function(data) {
var wrapper = document.getElementById("WAF_NC_WRAPPER");
wrapper.style.height = "260px";
self.mockVerify(data)
},
fail: function(failCode) {},
error: function(errorCode) {}
}
}
function initNC() {
if (_waf_is_mobile) {
AWSC.use("nc", function(state, module) {
window.nc = module.init(NC_Opt)
})
} else {
AWSC.use("nc", function(state, module) {
window.nc = module.init(NC_Opt)
})
}
}
function showNC() {
setTimeout(function() {
if (document.getElementById("waf_nc_block")) {
document.getElementById("waf_nc_block").style.display = "block";
if (cptLang == "en") {
if (document.getElementsByClassName("waf-nc-h5-description").length > 0) {
document.getElementsByClassName("waf-nc-h5-description")[0].innerText = "For better experience, please complete the verification process."
}
if (document.getElementsByClassName("waf-nc-description").length > 0) {
document.getElementsByClassName("waf-nc-description")[0].innerText = "For better experience, please slide to complete the verification process before accessing the web page."
}
if (document.getElementsByClassName("waf-nc-title").length > 0) {
document.getElementsByClassName("waf-nc-title")[0].innerText = "Access Verification"
}
}
if (_waf_is_mobile && window.AWSC) {
initNC()
} else {
var script = document.createElement("script");
var time = new Date;
var head = document.head || document.getElementsByTagName("head")[0];
script.src = "//g.alicdn.com/AWSC/AWSC/awsc.js?t=" + (time.getFullYear() + (time.getMonth() + 1) + time.getDate() + time.getHours());
if ("onload"in script) {
script.onload = function() {
initNC()
}
} else {
script.onreadystatechange = function() {
if (/loaded|complete/.test(script.readyState)) {
initNC()
}
}
}
head.appendChild(script)
}
} else {
showNC()
}
}, 500)
}
showNC();
if (document.getElementById("waf-nc-traceid")) {
if (cptLang == "en") {
document.getElementById("waf-nc-traceid").innerHTML = "TraceID: " + window._waf_traceid
} else {
document.getElementById("waf-nc-traceid").innerHTML = "日志ID: " + window._waf_traceid
}
}
},
hideBlock: function(result) {
var self = this;
if (document.getElementById("waf_nc_block")) {
document.getElementById("waf_nc_block").style.display = "none"
}
document.getElementById("nocaptcha").innerHTML = "";
for (var i = 0; i < self.block_list.length; i++) {
var block = self.block_list[i];
if (block.type === "jsonp") {
var script = document.createElement("script");
script.onload = script.onreadystatechange = function() {
if ((!this.readyState || this.readyState === "loaded" || this.readyState === "complete")) {
script.onload = script.onreadystatechange = null;
block.onload && block.onload.call(script)
}
}
;
var blockSrc = block.script.old_src;
var parsedBlock = self.parseURL(blockSrc);
parsedBlock.search = self.addQuery(parsedBlock.search, {
u_atype: 7,
u_atoken: result.u_atoken,
u_asession: result.u_asession,
u_asig: result.u_asig
});
script.src = self.combineUrl(parsedBlock);
document.body.appendChild(script);
try {
delete (window[block.callbackName])
} catch (e) {}
} else {
if (block.type === "xhr") {
var xhr = new XMLHttpRequest();
var hookXHR = block.oldXHR;
var url = hookXHR._url;
var method = hookXHR._method;
var is_async = hookXHR._is_async;
var username = hookXHR._username;
var password = hookXHR._password;
var data = hookXHR._sendData;
if (block.which === "captcha") {
var parsedUrl = self.parseURL(url);
parsedUrl.search = self.addQuery(parsedUrl.search, {
u_atoken: result.u_atoken,
u_asession: result.u_asession,
u_asig: result.u_asig,
u_aref: "123"
});
url = self.combineUrl(parsedUrl)
}
if (hookXHR.onload) {
xhr.onload = hookXHR.onload
}
if (username) {
xhr.open(method, url, is_async, username, password)
} else {
xhr.open(method, url, is_async)
}
for (var k in hookXHR._header) {
var head = hookXHR._header[k];
xhr.setRequestHeader(k, head)
}
if (hookXHR.withCredentials) {
xhr.withCredentials = true
}
xhr.send(data);
xhr.onreadystatechange = (function(xhr, hookXHR) {
return function(e) {
self.syncStatus(xhr, hookXHR);
if (hookXHR.onreadystatechange) {
hookXHR.onreadystatechange.call(hookXHR, e)
}
}
}
)(xhr, hookXHR)
} else {
if (block.type === "fetch") {
var url = block.originUrl
, param = block.originParam;
if (block.which === "captcha") {
var parsedUrl = self.parseURL(url);
parsedUrl.search = self.addQuery(parsedUrl.search, {
u_atoken: result.u_atoken,
u_asession: result.u_asession,
u_asig: result.u_asig,
u_aref: "123"
});
url = self.combineUrl(parsedUrl)
}
fetch(url, param).then(function(response) {
if (response.status >= 200 && response.status < 500) {
block.successCb(response)
}
})["catch"](function(e) {})
}
}
}
}
self.block_list = [];
self.block_show_flag = false
},
absolute: function(base, relative) {
var stack = base.split("/")
, parts = relative.split("/");
stack.pop();
for (var i = 0; i < parts.length; i++) {
if (parts[i] == ".") {
continue
}
if (parts[i] == "..") {
stack.pop()
} else {
stack.push(parts[i])
}
}
return stack.join("/")
},
parseURL: function(url) {
var div = document.createElement("div"), parser;
div.innerHTML = "<a></a>";
div.firstChild.href = url;
div.innerHTML = div.innerHTML;
parser = div.firstChild;
parser.href = div.firstChild.href;
return {
protocol: parser.protocol,
host: parser.host,
hostname: parser.hostname,
port: parser.port,
pathname: parser.pathname.substr(0, 1) === "/" ? parser.pathname : "/" + parser.pathname,
search: parser.search,
hash: parser.hash,
original: parser.href
}
},
combineUrl: function(parsedUrl) {
return parsedUrl.protocol + "//" + parsedUrl.host + parsedUrl.pathname + parsedUrl.search + parsedUrl.hash
},
parseQuery: function(qstr) {
if (qstr.charAt(0) != "?") {
return {}
}
var query = {};
var a = qstr.substr(1).split("&");
for (var i = 0; i < a.length; i++) {
var b = a[i].split("=");
try {
query[decodeURIComponent(b[0])] = decodeURIComponent(b[1] || "")
} catch (e) {
query[decodeURIComponent(b[0] && b[0].replace(/\%/g, "%25"))] = decodeURIComponent(b[1] && b[1].replace(/\%/g, "%25") || "")
}
}
return query
},
addQuery: function(query, data) {
var qdata = this.parseQuery(query);
var rt = "?";
for (var i in data) {
qdata[i] = data[i]
}
for (var i in qdata) {
rt += encodeURIComponent(i) + "=" + encodeURIComponent(qdata[i]) + "&"
}
rt = rt.substr(0, rt.length - 1);
return rt
},
parseResponse: function(XHR) {},
isInArray: function(arr, str) {
for (var i = 0; i < arr.length; i++) {
if (str.indexOf(arr[i]) >= 0) {
return true
}
}
return false
},
$apply: function(thiz, fn, $) {
if ("apply"in fn) {
try {
return fn.apply(thiz, $)
} catch (e) {}
}
switch ($.length) {
case 0:
return fn();
case 1:
return fn($[0]);
case 2:
return fn($[0], $[1]);
case 3:
return fn($[0], $[1], $[2]);
default:
return fn($[0], $[1], $[2], $[3])
}
},
$directApply: function(obj, key, $) {
switch ($.length) {
case 0:
return obj[key]();
case 1:
return obj[key]($[0]);
case 2:
return obj[key]($[0], $[1]);
case 3:
return obj[key]($[0], $[1], $[2]);
default:
return obj[key]($[0], $[1], $[2], $[3])
}
},
getWafTraceId: function(responseText) {
var start = responseText.indexOf('id="traceid"');
if (start == -1) {
return ""
}
start = responseText.indexOf(": ", start);
var end = responseText.indexOf("</div>", start);
return responseText.substring(start + 2, end)
},
initSlide: function() {
var html, css;
if (_waf_is_mobile) {
html = '<div id="waf_nc_block"style="display: none;"><div class="waf-nc-h5-mask"></div><div id="WAF_NC_WRAPPER"class="waf-nc-h5-wrapper"><p class="waf-nc-title">访问验证</p><div class="waf-nc-h5-description">为了更好的访问体验,请进行如下验证</div><p id="waf-nc-traceid" class="waf-nc-traceid-class"></p><div id="nocaptcha"class="nc-container"data-nc-idx="1"></div></div></div>';
var getInitialScaleCss = function() {
try {
var viewport = document.getElementsByName("viewport");
if (viewport && viewport.length == 1 && viewport[0].content && viewport[0].content.indexOf("initial-scale") != -1) {
viewport = viewport[0].content.replace(/\s+/g, "");
initialScale = parseFloat(viewport.split("initial-scale=")[1].split(",")[0]);
if (initialScale == 0) {
return 1
}
return 1 / initialScale
}
return 1
} catch (e) {
return 1
}
};
var b = getInitialScaleCss();
window._waf_nc_width = 300 * b;
css = "#waf_nc_block{position:fixed;_position:absolute;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}.waf-nc-h5-mask{background:#000;opacity:.5;filter:alpha(opacity=50);width:100%;height:100%}.waf-nc-h5-wrapper{width:85% !important;height:" + (216 * b) + "px;position:absolute;top:50%;left:50%;margin-top:-20%;margin-left:-42% !important;padding:5% 1%;background:#fff;border-radius:" + (9 * b) + "px;box-sizing:border-box}.waf-nc-title{margin-top:" + (1 * b) + "px;font-size:" + (18 * b) + "px;font-weight:500;color:#1a1a1a;text-align:center}.waf-nc-h5-description{margin-top:" + (24 * b) + "px;font-size:" + (14 * b) + "px;color:#595959;text-align:center}.waf-nc-traceid-class{margin-top:" + (8 * b) + "px;font-size:" + (12 * b) + "px;color:#999;text-align:center}.nc_bg{background:#fff3ea!important}.btn_slide{background:#ff6a00!important;border:0!important;color:#fff!important;width:" + (48 * b) + "px!important;height:" + (48 * b) + "px!important;font-size:" + (30 * b) + "px;font-weight:900!important;line-height:" + (48 * b) + "px!important}.btn_ok{background:#ff6a00!important;border:0!important;color:#fff!important;width:" + (48 * b) + "px!important;height:" + (48 * b) + "px!important;font-size:" + (30 * b) + "px;font-weight:900!important;line-height:" + (48 * b) + "px!important}.nc_scale{background:rgba(241,241,242,1)!important;height:" + (48 * b) + "px!important}.nc-lang-cnt{height:" + (48 * b) + "px!important;margin-left:" + (10 * b) + "px!important;line-height:" + (48 * b) + "px!important;font-size:" + (14 * b) + "px!important}.nc-container{width:" + (300 * b) + "px!important;height:" + (48 * b) + "px!important;margin:auto!important;left:0!important;right:0!important}"
} else {
html = '<div id="waf_nc_block"style="display: none;"><div class="waf-nc-mask"></div><div id="WAF_NC_WRAPPER"class="waf-nc-wrapper"><p class="waf-nc-title">访问验证</p><p class="waf-nc-description">为了更好的访问体验,请进行如下验证</p><p id="waf-nc-traceid" class="waf-nc-traceid-class"></p><div id="nocaptcha"></div></div></div></div>';
css = "#waf_nc_block{position:fixed;_position:absolute;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}.waf-nc-mask{background:#000;opacity:.5;filter:alpha(opacity=50);width:100%;height:100%}.waf-nc-wrapper{width:348px;height:236px;text-align:center;position:absolute;top:50%;left:50%;margin-top:-160px;margin-left:-200px;margin-bottom:16px;background:#fff;box-shadow:0 0 10px 0 rgba(0,0,0,0.15)}.waf-nc-title{margin-top:28px;font-size:24px;font-weight:500;color:#181818;letter-spacing:1.71px;text-align:center}.waf-nc-description{margin-top:24px;font-size:14px;color:#666;text-align:center}.waf-nc-traceid-class{margin-top:8px;font-size:12px;color:#999;text-align:center}#nocaptcha{margin-left:24px;margin-top:14px}.nc_bg{background:#fff3ea!important}.btn_slide{background:#ff6a00!important;border:0!important;color:#fff!important;width:48px!important;height:48px!important;font-size:30px;font-weight:900!important;line-height:48px!important}.btn_ok{background:#ff6a00!important;border:0!important;color:#fff!important;width:48px!important;height:48px!important;font-size:30px;font-weight:900!important;line-height:48px!important}.nc_scale{background:rgba(241,241,242,1)!important;height:48px!important}.nc-lang-cnt{height:48px!important;margin-left:10px!important;line-height:48px!important;font-size:14px!important}"
}
var div = document.createElement("div");
var style = document.createElement("style");
style.type = "text/css";
div.innerHTML = html;
try {
style.appendChild(document.createTextNode(css))
} catch (e) {
style.styleSheet.cssText = css
}
document.body.appendChild(div.firstChild);
var head = document.head || document.getElementsByTagName("head")[0];
head.appendChild(style)
},
initSlideDom: function() {
if (document.getElementById("waf_nc_block")) {
return
}
_waf_functions.initSlide()
},
_0x4818: function(arg1) {
var _0x3e9e = ["c3BsaXQ=", "c2xpY2U=", "dG9TdHJpbmc=", "c2V0VGltZQ==", "Z2V0VGltZQ==", "Y29va2ll", "YWN3X3NjX192Mj0=", "O2V4cGlyZXM9", "dG9HTVRTdHJpbmc=", "O21heC1hZ2U9MzYwMDtwYXRoPS8=", "MzAwMDE3NjAwMDg1NjAwNjA2MTUwMTUzMzAwMzY5MDAyNzgwMDM3NQ==", "bGVuZ3Ro", "am9pbg==", "MXw0fDN8MHwy"];
(function(_0x2d8f05, _0x4b81bb) {
var _0x4d74cb = function(_0x32719f) {
while (--_0x32719f) {
_0x2d8f05["push"](_0x2d8f05["shift"]())
}
};
var _0x33748d = function() {
var _0x3e4c21 = {
"data": {
"key": "cookie",
"value": "timeout"
},
"setCookie": function(_0x5c685e, _0x3e3156, _0x1e9e81, _0x292610) {
_0x292610 = _0x292610 || {};
var _0x151bd2 = _0x3e3156 + "=" + _0x1e9e81;
var _0x558098 = 0;
for (var _0x558098 = 0, _0x230f38 = _0x5c685e["length"]; _0x558098 < _0x230f38; _0x558098++) {
var _0x948b6c = _0x5c685e[_0x558098];
_0x151bd2 += ";\x20" + _0x948b6c;
var _0x29929c = _0x5c685e[_0x948b6c];
_0x5c685e["push"](_0x29929c);
_0x230f38 = _0x5c685e["length"];
if (_0x29929c !== !![]) {
_0x151bd2 += "=" + _0x29929c
}
}
_0x292610["cookie"] = _0x151bd2
},
"removeCookie": function() {
return "dev"
},
"getCookie": function(_0x5dd881, _0x550fbc) {
_0x5dd881 = _0x5dd881 || function(_0x18d5c9) {
return _0x18d5c9
}
;
var _0x4ce2f1 = _0x5dd881(new RegExp("(?:^|;\x20)" + _0x550fbc["replace"](/([.$?*|{}()[]\/+^])/g, "$1") + "=([^;]*)"));
var _0x333808 = function(_0x432180, _0x2ab90b) {
_0x432180(++_0x2ab90b)
};
_0x333808(_0x4d74cb, _0x4b81bb);
return _0x4ce2f1 ? decodeURIComponent(_0x4ce2f1[1]) : undefined
}
};
var _0x991246 = function() {
var _0x981158 = new RegExp("\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}");
return _0x981158["test"](_0x3e4c21["removeCookie"]["toString"]())
};
_0x3e4c21["updateCookie"] = _0x991246;
var _0x57b080 = "";
var _0x219af0 = _0x3e4c21["updateCookie"]();
if (!_0x219af0) {
_0x3e4c21["setCookie"](["*"], "counter", 1)
} else {
if (_0x219af0) {
_0x57b080 = _0x3e4c21["getCookie"](null, "counter")
} else {
_0x3e4c21["removeCookie"]()
}
}
};
_0x33748d()
}(_0x3e9e, 374));
var _0x1e8e = function(_0x558645, _0x3571ed) {
_0x558645 = _0x558645 - 0;
var _0x23d32b = _0x3e9e[_0x558645];
if (_0x1e8e["jweSQB"] === undefined) {
(function() {
var _0x2a4aae;
try {
var _0x1ac753 = Function("return\x20(function()\x20" + "{}.constructor(\x22return\x20this\x22)(\x20)" + ");");
_0x2a4aae = _0x1ac753()
} catch (_0x267ba9) {
_0x2a4aae = window
}
var _0x22c6cf = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
_0x2a4aae["atob"] || (_0x2a4aae["atob"] = function(_0xb01b66) {
var _0x112e38 = String(_0xb01b66)["replace"](/=+$/, "");
for (var _0x315811 = 0, _0x196945, _0x8ee65b, _0x111e6b = 0, _0x2a5e7f = ""; _0x8ee65b = _0x112e38["charAt"](_0x111e6b++); ~_0x8ee65b && (_0x196945 = _0x315811 % 4 ? _0x196945 * 64 + _0x8ee65b : _0x8ee65b,
_0x315811++ % 4) ? _0x2a5e7f += String["fromCharCode"](255 & _0x196945 >> (-2 * _0x315811 & 6)) : 0) {
_0x8ee65b = _0x22c6cf["indexOf"](_0x8ee65b)
}
return _0x2a5e7f
}
)
}());
_0x1e8e["VidPVs"] = function(_0x539abf) {
var _0x126fa5 = atob(_0x539abf);
var _0x54d768 = [];
for (var _0x3d3645 = 0, _0x4289fc = _0x126fa5["length"]; _0x3d3645 < _0x4289fc; _0x3d3645++) {
_0x54d768 += "%" + ("00" + _0x126fa5["charCodeAt"](_0x3d3645)["toString"](16))["slice"](-2)
}
return decodeURIComponent(_0x54d768)
}
;
_0x1e8e["BXvRsu"] = {};
_0x1e8e["jweSQB"] = !![]
}
var _0x436197 = _0x1e8e["BXvRsu"][_0x558645];
if (_0x436197 === undefined) {
var _0x4f4121 = function(_0x5e2adc) {
this["nlcXFw"] = _0x5e2adc;
this["HAmvBE"] = [1, 0, 0];
this["YFWLey"] = function() {
return "newState"
}
;
this["YpNXEl"] = "\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*";
this["JsKhOp"] = "[\x27|\x22].+[\x27|\x22];?\x20*}"
};
_0x4f4121["prototype"]["pzRiIQ"] = function() {
var _0x3e581e = new RegExp(this["YpNXEl"] + this["JsKhOp"]);
var _0x13a005 = _0x3e581e["test"](this["YFWLey"]["toString"]()) ? --this["HAmvBE"][1] : --this["HAmvBE"][0];
return this["gaiPha"](_0x13a005)
}
;
_0x4f4121["prototype"]["gaiPha"] = function(_0x1e6387) {
if (!Boolean(~_0x1e6387)) {
return _0x1e6387
}
return this["hpKQFb"](this["nlcXFw"])
}
;
_0x4f4121["prototype"]["hpKQFb"] = function(_0x20dc19) {
for (var _0x19d402 = 0, _0x5a3818 = this["HAmvBE"]["length"]; _0x19d402 < _0x5a3818; _0x19d402++) {
this["HAmvBE"]["push"](Math["round"](Math["random"]()));
_0x5a3818 = this["HAmvBE"]["length"]
}
return _0x20dc19(this["HAmvBE"][0])
}
;
new _0x4f4121(_0x1e8e)["pzRiIQ"]();
_0x23d32b = _0x1e8e["VidPVs"](_0x23d32b);
_0x1e8e["BXvRsu"][_0x558645] = _0x23d32b
} else {
_0x23d32b = _0x436197
}
return _0x23d32b
};
var _0x52bd4a = function() {
var _0x56121a = !![];
return function(_0x215040, _0x309e1a) {
var _0x23d8c2 = _0x56121a ? function() {
if (_0x309e1a) {
var _0x1d7a3f = _0x309e1a["apply"](_0x215040, arguments);
_0x309e1a = null;
return _0x1d7a3f
}
}
: function() {}
;
_0x56121a = ![];
return _0x23d8c2
}
}();
var _0x1297ed = _0x52bd4a(this, function() {
var _0x31f094 = function() {
return "\x64\x65\x76"
}
, _0x114f69 = function() {
return "\x77\x69\x6e\x64\x6f\x77"
};
var _0x21d55e = function() {
var _0x4b4425 = new RegExp("\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d");
return !_0x4b4425["\x74\x65\x73\x74"](_0x31f094["\x74\x6f\x53\x74\x72\x69\x6e\x67"]())
};
var _0x2328d0 = function() {
var _0x56d0ca = new RegExp("\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b");
return _0x56d0ca["\x74\x65\x73\x74"](_0x114f69["\x74\x6f\x53\x74\x72\x69\x6e\x67"]())
};
var _0x29c9ca = function(_0x523426) {
var _0x17ebab = ~-1 >> 1 + 255 % 0;
if (_0x523426["\x69\x6e\x64\x65\x78\x4f\x66"]("\x69" === _0x17ebab)) {
_0x442ac7(_0x523426)
}
};
var _0x442ac7 = function(_0x10471a) {
var _0x4d91ed = ~-4 >> 1 + 255 % 0;
if (_0x10471a["\x69\x6e\x64\x65\x78\x4f\x66"]((!![] + "")[3]) !== _0x4d91ed) {
_0x29c9ca(_0x10471a)
}
};
if (!_0x21d55e()) {
if (!_0x2328d0()) {
_0x29c9ca("\x69\x6e\x64\u0435\x78\x4f\x66")
} else {
_0x29c9ca("\x69\x6e\x64\x65\x78\x4f\x66")
}
} else {
_0x29c9ca("\x69\x6e\x64\u0435\x78\x4f\x66")
}
});
_0x1297ed();
var posList = [15, 35, 29, 24, 33, 16, 1, 38, 10, 9, 19, 31, 40, 27, 22, 23, 25, 13, 6, 11, 39, 18, 20, 8, 14, 21, 32, 26, 2, 30, 7, 4, 17, 5, 3, 28, 34, 37, 12, 36];
var mask = _0x1e8e("0x0");
var outPutList = [];
var arg2 = "";
var arg3 = "";
for (var i = 0; i < arg1[_0x1e8e("0x1")]; i++) {
var this_i = arg1[i];
for (var j = 0; j < posList[_0x1e8e("0x1")]; j++) {
if (posList[j] == i + 1) {
outPutList[j] = this_i
}
}
}
arg2 = outPutList[_0x1e8e("0x2")]("");
for (var i = 0; i < arg2[_0x1e8e("0x1")] && i < mask[_0x1e8e("0x1")]; i += 2) {
var GxjQsM = _0x1e8e("0x3")[_0x1e8e("0x4")]("|")
, QoWazb = 0;
while (!![]) {
switch (GxjQsM[QoWazb++]) {
case "0":
if (xorChar[_0x1e8e("0x1")] == 1) {
xorChar = "0" + xorChar
}
continue;
case "1":
var strChar = parseInt(arg2[_0x1e8e("0x5")](i, i + 2), 16);
continue;
case "2":
arg3 += xorChar;
continue;
case "3":
var xorChar = (strChar ^ maskChar)[_0x1e8e("0x6")](16);
continue;
case "4":
var maskChar = parseInt(mask[_0x1e8e("0x5")](i, i + 2), 16);
continue
}
break
}
}
var expiredate = new Date();
expiredate[_0x1e8e("0x7")](expiredate[_0x1e8e("0x8")]() + 3600 * 1000);
var theHost = location.host
, theHostSplit = theHost.split(".")
, theHostSplitLength = theHostSplit.length;
!/^(\d+\.)*\d+$/.test(theHost) && theHostSplitLength > 2 && ("com.cn" != (theHost = theHostSplit[theHostSplitLength - 2] + "." + theHostSplit[theHostSplitLength - 1]) && "gov.cn" != theHost && "org.cn" != theHost && "net.cn" != theHost && "com.my" != theHost || (theHost = theHostSplit[theHostSplitLength - 3] + "." + theHost));
document[_0x1e8e("0x9")] = _0x1e8e("0xa") + arg3 + _0x1e8e("0xb") + expiredate[_0x1e8e("0xc")]() + _0x1e8e("0xd") + ";domain=" + theHost
}
};
_waf_functions.hookXHR();
_waf_functions.hookFetch();
_waf_functions.domReady(function() {
window._waf_body_copy = document.body;
_waf_functions.initSlide();
var script = document.createElement("script");
var head = document.head || document.getElementsByTagName("head")[0];
var time = new Date();
script.src = "//g.alicdn.com/AWSC/AWSC/awsc.js?t=" + (time.getFullYear() + (time.getMonth() + 1) + time.getDate() + time.getHours());
head.appendChild(script)
})
_cookieUtil = _waf_functions;
}
}();
补环境调试
第一次调试
异常:ReferenceError: window is not defined
window = global;
Window = function Window(){}
window[ 'name' ] = '';
window[ 'availHeight' ] = 1050;
window[ 'availWidth' ] = 1920;
window[ 'width' ] = 1920;
window[ 'height' ] = 1080
window[ 'outerHeight' ] = 1050;
window[ 'outerWidth' ] = 1920;
window.__proto__ = Window.prototype;
第二次调试
异常:ReferenceError: navigator is not defined
navigator = {
appCodeName: "Mozilla",
appName: "Netscape",
appVersion: "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",
language: "en",
languages: [ "en" ],
platform: "Win32",
product: "Gecko",
productSub: "20030107",
userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36",
vendor: "Google Inc.",
vendorSub: "",
webdriver: false,
plugins:[],
mimeTypes:[],
cookieEnabled: true,
onLine: true,
pdfViewerEnabled: true,
userActivation:{ hasBeenActive: true, isActive:false },
}
Navigator = function Navigator(){}
Navigator.prototype.webdriver = false;
navigator.__proto__ = Navigator.prototype;
第三次调试
异常: ReferenceError: document is not defined
document = {
referrer: xxxx,
cookie:'',
characterSet: 'UTF-8',
charset: 'UTF-8',
}
HTMLDocument = function Document(){}
HTMLDocument.prototype.toString = function toString(){
debugger
return `${this}`;
}
HTMLDocument.prototype.createElement = function createElement( ele ){
debugger
}
HTMLDocument.prototype.attachEvent = function attachEvent( event ){
debugger
return true;
}
HTMLDocument.prototype.getElementsByTagName = function getElementsByTagName( tag ){
debugger
}
document.__proto__ = HTMLDocument.prototype;
window.document = document;
注:存在变量请自行替换
第四次调试
异常:TypeError: Cannot read properties of undefined (reading 'doScroll')
// 位置点
testEl = doc.documentElement, hack = testEl.doScroll
document = {
cookie:'',
characterSet: 'UTF-8',
charset: 'UTF-8',
documentElement:{
doScroll: function doScroll( dic ){
debugger
}
},
}
第五次调试
异常:ReferenceError: XMLHttpRequest is not defined
XMLHttpRequest = function XMLHttpRequest(){}
XMLHttpRequest.prototype.open = function open (){
debugger
};
window.XMLHttpRequest.__proto__ = XMLHttpRequest.prototype;
第六次调试
异常: ReferenceError: self is not defined
self = top = window
第七次调试
异常:TypeError: Cannot set properties of undefined (setting 'type')
代码分析
var div = document.createElement("div");
var style = document.createElement("style");
style.type = "text/css";
div.innerHTML = html;
try {
style.appendChild(document.createTextNode(css))
} catch (e) {
style.styleSheet.cssText = css
}
document.body.appendChild(div.firstChild);
var head = document.head || document.getElementsByTagName("head")[0];
head.appendChild(style)
这里需要补
方法:createElement,appendChild,getElementsByTagName, createTextNode
属性:type,innerHTML,styleSheet,cssText,
document = {
body:{
appendChild: function appendChild( node ){
return true;
}
},
createTextNode: function createTextNode( data ){
return true;
},
}
HTMLDocument.prototype.createElement = function createElement( ele ){
debugger
if( 'div' == ele ){
return {
innerHTML: function innerHTML( html ){
return true
}
}
}
if( 'span' == ele ){
return {
classList: []
}
}
if( 'style' == ele ){
return {
type:'',
styleSheet: {
cssText: '',
},
appendChild: function appendChild( node ){
return true
}
}
}
if( 'script' == ele ){
return {
src: ''
}
}
}
HTMLDocument.prototype.getElementsByTagName = function getElementsByTagName( tag ){
if( 'head' == tag ){
return [
{
appendChild: function appendChild(){
return true;
}
}
]
}
debugger
}
第八次调试
异常: ReferenceError: location is not defined
location = {
hash: "",
host: "xx",
hostname: "xx",
href: "xxx",
origin: "xxx",
pathname: "/pc/search",
port: "",
protocol: "https:",
search: "",
};
Location = function Location() {};
location.__proto__ = Location.prototype;
window.location = location;
document.location = location;
注:存在变量请自行替换
第九次调试
由此环境补充完毕,但不吐值,
查看代码多出出现 new RegExp 怀疑为正则验证。 只能单步调试对比真实环境
"removeCookie":function(){return"dev"},
this["YFWLey"] = function(){return"newState"};
, _0x114f69 = function() {return "\x77\x69\x6e\x64\x6f\x77"};
执行结果
Python整合
def openWithJs( jsFile = "sha256.js" ):
"""
编译执行指定的js文件
"""
with open( jsFile, "r", encoding='utf-8', errors='replace' ) as f:
js_tamp = f.read()
jsDrive = execjs.compile( js_tamp )
return jsDrive
def getCookieAcwScV2():
"""
获取参数:acw_sc__v2
构建请求cookie数据
"""
response = requests.get(url, headers=headers )
cookies[ 'acw_tc' ] = response.cookies.get( 'acw_tc' )
args1 = re.findall( r"var(?:\s?)arg1(?:\s?)='(.*?)';" , response.text )[0]
jsDrive = openWithJs('sha256.js')
cookie = jsDrive.call( 'getAcwScV2', args1 )
strCookie = cookie.split(';')[0]
dicCook = strCookie.split('=')
cookies[dicCook[0]] = dicCook[1]
return True
def getSearchPosList():
"""
请求接口获取数据列表
"""
iTime = time.time() * 1000
params = {
'api_key': 'xxx',
'timestamp': str( iTime ),
'keyword': 'Python',
'searchType': '2',
'function': '',
'industry': '',
'jobArea': '000000',
'jobArea2': '',
'landmark': '',
'metro': '',
'salary': '',
'workYear': '',
'degree': '',
'companyType': '',
'companySize': '',
'jobType': '',
'issueDate': '',
'sortType': '0',
'pageNum': '1',
'requestId': '',
'pageSize': '20',
'source': '1',
'accountId': '',
'pageCode': 'sou|sou|soulb',
}
jsDrive = openWithJs( 'sha256.js' )
uuid = jsDrive.call( 'getUUid' )
headers[ 'uuid' ] = uuid
query = urllib.parse.urlencode( params )
sign = jsDrive.call( 'getSign', f"/api/job/search-pc?{query}" )
headers[ 'sign' ] = sign
response = requests.get( url, params=params, cookies= cookies, headers=headers)
print( response )
print( response.text )