参考1:爬虫遭遇状态码521陷阱 破解js加密cookie
参考1:xiantang/Spider/tree/master/Anti_Anti_Spider_521,参考代码
参考2:域名信息521js破解
参考3:爬虫破解状态码521,解析JS混淆(二)
工具1:代码格式化工具
|
|
|
我是找IP代理时遇到的,http://www.66ip.cn/areaindex_1/1.html,
后面慢慢发现,有很多相关项:
- 浏览器;
- IP;
- 时间;
目的是构造格式如:
Cookie: __jsluid_h=f3edfd8409009589e0b3eaa242169f2e; Hm_lvt_d7682ab43891c68a00de46e9ce5b76aa=1562831845; Hm_lvt_1761fabf3c988e7f04bec51acd4073f4=1564476350,1564563423,1565235710,1565320782; __jsl_clearance=1565336592.761|0|eoc%2FRWRS5oN5XACmYLAdzsF%2B6UA%3D; Hm_lpvt_1761fabf3c988e7f04bec51acd4073f4=1565336594
OK ,废话不多说,直接撸码
破解第一步,解密js
import re
import execjs
resHtml = r"""<script>var x="@try@08@@fromCharCode@Aug@if@@@G@cookie@location@9@attachEvent@match@@GMT@@div@@@@onreadystatechange@addEventListener@reverse@while@function@0@@0xEDB88320@false@D@@return@@@@firstChild@catch@toString@@@substr@@@length@f@@Path@rOm9XFMtA3QKV7nYsPGT4lifyWwkq5vcjH2IdxUoCbhERLaz81DNB6@href@Array@2@@setTimeout@Expires@toLowerCase@@@1500@@createElement@8@charCodeAt@join@947@@charAt@parseInt@https@0xFF@gS@innerHTML@else@@eval@pathname@replace@new@@Thu@document@__jsl_clearance@@@3@10@@@@@for@search@String@@DOMContentLoaded@21@X@@@window@36@wbR@@@@g@a@@19@2B@Cx@@@JgSe0upZ@1565256096@e@d@9h@captcha@1@challenge@var@7@RegExp@chars@split@".replace(/@*$/,"").split("@"),y="4f 19=10(){21('c.1o=c.2n+c.3c.2o(/[\\?|&]4c-4e/,\\'\\')',26);31.b='32=48.2c|11|'+(10(){4f g=[10(19){17 19},10(g){17 g},10(19){17 2m('3d.5('+19+')')}],45=[[-~(+!![])+(+!![])+(-~[]|(+!![])+(+!![]))],(-~~~{}+[]+[])+[((+!![])+(+!![])<<(+!![])+(+!![]))],mH~~~{}+[]+[])+[~~[]],[Cg],(~~~{}+[]+[])+q+1q],[((+!![])<<(+!![]))]+[~~[]],[([-~(+!![])]+~~''>>-~(+!![]))],[((+!![])<<(+!![]))]+[((+!![])<<(+!![]))],[1q+1q],[~~[]],(-~~~{}+[]+[])+[-~(+!![])+(+!![])+(-~[]|(+!![])+(+!![]))],(-~~~{}+[]+[])+[d],[((+!![])<<(+!![]))]+(-~~~{}+[]+[]),[3[565],[d],[((+!![])+(+!![])<<(+!![])+(+!![]))],(-~~~{}+[]+[])+[([-~(+!![])]+~~''>>-~(+!![]))],(-~~~{}+[]+[])+[((+!![])<<(+!![]))],(-~~~{}+[]+[])+[35],(-~~~{}+[]+[])+[4g],(-~~~{}+[]+[])+(-~~~{}+[]+[]),(-~~~{}+[]+[]),[((+!![])<<(+!![]))]];8b(4f 19=11;12<4).1j;19++[{45[19[=g[[1q,4d,1q,4d,11,4d,1q,4d,11,1q,4d,11,1q,4d,11,4d,1q,4d,11,1q,4d,11,4d][19]]([[[((+!![])[((+!![])]+(+!![])<<(+!![])+(+!![]))]+[4g]],[35],'15','29',(!''+[]+[[]][11]).2e(-~{}),[[4g]+[4g]],[[4g]+[([-~(+!![])]+~~''>>-~(+!![]))],[4g]+[((+!![])<<(+!![]))]],'4b','3m',[4g],[[((+!![])+(+!![])<<(+!![])+(+!![]))]+(-~~~{}+[]+[])],'%','2i',([]*{}+[]).2e(-~~~{}),[([-~(+!![])]+~~''>>-~(+!![]))],[[4g]+[1q+1q],[-~(+!![])+(+!![])+(-~[]|(+!![])+(+!![]))]+[([-~(+!![])]+~~''>>-~(+!![]))]],'%43',[(-~~~{}+[]+[])+[~~[]]+[35]],'3h',(-~~~{}+[]+[]),'44',[[((+!![])+(+!![])<<(+!![])+(+!![]))]+[35]],'a'][45[19]])};17 45.2b('')})()+';22=30, 3-6-42 36:3g:3l h;1m=/;'};7((10(){2{17 !!3k.o;}1c(49){17 14;}})()){31.o('3f',19,14)}2k{31.e('n',19)}",f=function(x,y){var a=0,b=0,c=0;x=x.split("");y=y||99;while((a=x.shift())&&(b=a.charCodeAt(0)-77.5))c=(Math.abs(b)<13?(b+48.5):parseInt(a,36))+y*c;return c},z=f(y.match(/\w/g).sort(function(x,y){return f(x)-f(y)}).pop());while(z++)try{eval(y.replace(/\b\w+\b/g, function(y){return x[f(y,z)-1]||("_"+y)}));break}catch(_){}</script>"""
def fixed_fun():
function = re.search('<script>(.*)</script>', resHtml).group(1)
func_return=function.replace('eval','return')
content=execjs.compile(func_return)
evaled_func=content.call('f')
return evaled_func
def main():
cookie_js = fixed_fun()
print(cookie_js)
if __name__ == '__main__':
main()
得到的结果为:
_4f 2=_10(){_21('location.charAt=location.2B+location._3c.Cx(/[\?|&]_4c-_4e/,\'\')',String);_31.cookie='_32=_48._2c|_11|'+(_10(){_4f _g=[_10(2){href 2},_10(_g){href _g},_10(2){href 19('_3d.fromCharCode('+2+')')}],_45=[[-~(+!![])+(+!![])+(-~[]|(+!![])+(+!![]))],(-~~~{}+[]+[])+[((+!![])+(+!![])<<(+!![])+(+!![]))],_mH~~~{}+[]+[])+[~~[]],[_Cg],(~~~{}+[]+[])+while+https],[((+!![])<<(+!![]))]+[~~[]],[([-~(+!![])]+~~''>>-~(+!![]))],[((+!![])<<(+!![]))]+[((+!![])<<(+!![]))],[https+https],[~~[]],(-~~~{}+[]+[])+[-~(+!![])+(+!![])+(-~[]|(+!![])+(+!![]))],(-~~~{}+[]+[])+[9],[((+!![])<<(+!![]))]+(-~~~{}+[]+[]),[08[_565],[9],[((+!![])+(+!![])<<(+!![])+(+!![]))],(-~~~{}+[]+[])+[([-~(+!![])]+~~''>>-~(+!![]))],(-~~~{}+[]+[])+[((+!![])<<(+!![]))],(-~~~{}+[]+[])+[_35],(-~~~{}+[]+[])+[_4g],(-~~~{}+[]+[])+(-~~~{}+[]+[]),(-~~~{}+[]+[]),[((+!![])<<(+!![]))]];_8b(_4f 2=_11;length<_4).8;2++[{_45[2[=_g[[https,_4d,https,_4d,_11,_4d,https,_4d,_11,https,_4d,_11,https,_4d,_11,_4d,https,_4d,_11,https,_4d,_11,_4d][2]]([[[((+!![])[((+!![])]+(+!![])<<(+!![])+(+!![]))]+[_4g]],[_35],'Path','21',(!''+[]+[[]][_11]).36(-~{}),[[_4g]+[_4g]],[[_4g]+[([-~(+!![])]+~~''>>-~(+!![]))],[_4g]+[((+!![])<<(+!![]))]],'_4b','_3m',[_4g],[[((+!![])+(+!![])<<(+!![])+(+!![]))]+(-~~~{}+[]+[])],'%','_2i',([]*{}+[]).36(-~~~{}),[([-~(+!![])]+~~''>>-~(+!![]))],[[_4g]+[https+https],[-~(+!![])+(+!![])+(-~[]|(+!![])+(+!![]))]+[([-~(+!![])]+~~''>>-~(+!![]))]],'%_43',[(-~~~{}+[]+[])+[~~[]]+[_35]],'_3h',(-~~~{}+[]+[]),'_44',[[((+!![])+(+!![])<<(+!![])+(+!![]))]+[_35]],'G'][_45[2]])};href _45._2b('')})()+';_22=_30, 08-Aug-_42 _36:_3g:_3l GMT;947=/;'};if((_10(){try{href !!_3k.addEventListener;}Expires(_49){href _14;}})()){_31.addEventListener('_3f',2,_14)}a{_31.attachEvent('onreadystatechange',2)}
其他方法得到同样结果:将eval
替换成console.log
1、浏览器:借用浏览器的console窗口,复制->运行
2、Node: 将不含script
的js主体复制到temp.js,控制台运行,node temp.js
_19函数体是目标函数体,里面有DOM操作,需要筛选后再执行
|
|
|