前言
本文章仅供学习研究,如若侵犯到贵公司权益请联系229456906@qq.com第一时间进行删除;切忌用于一切非法途径,否则后果自行承担!
链接:https://fanyi.baidu.com/?aldtype=16047#zh/en/%E5%85%94%E5%AD%90
一、页面分析
打开页面后输入需要翻译的字符进行抓包:
点击翻译后抓到v2transapi?from=zh&to=en这条接口地址,可以看到Form Data表单,其中除了sign和token以及query外其余参数可以设置为固定值(多抓几次包就能对比得知)query=待翻译字符。
二、加密破解
1.加密定位
首先搜索sign看看是否能找到加密入口:
进入js文件后再次Ctrl+F进行搜索,看到可疑代码打上断点:
接下来再次点击翻译,看到断点停到了7045行处:
细心一点的朋友可以看到token也在这里:
加密入口定位成功。
2.参数解密
sign:f(n),这里sign是通过f()函数的返回值得到的,看看f()函数的内容:
进入e函数后看到如下代码块:
点击执行下一步看看参数r是什么:
没错了,r=兔子=翻译字符;接下来就是动动小手把e()函数的代码扣出,使用工具调试,差啥补啥:
提示i未定义,先定义一个i = “”,再次执行:
提示缺少对象,可以看到代码中有一个n(p, F),我们返回网页看看
进入n函数:
这里再把n函数拿出来,继续调试:
执行结果出来,成功嗷~,sign参数搞定,接下来看看token,把断点打到这里然后再次点击翻译:
token: window.common.token, 在控制台打印window.common.token:
说一下window.xxx.xxx之类的东西,他有极大的可能是服务器返回的参数,直接使用token的值进行全局搜索看看:
很明了,直接请求这个接口看看是否能返回token:
这里需要带上cookie才能请求到token,接下来进一步进行token的提取:
现在sign和token都已近搞定,下面使用python进行模拟请求。
三、模拟请求
# -- coding: utf-8 --
# @Time : 2021/2/27 14:02
# @Author : Los Angeles Clippers
# @Email: 229456906@qq.com
# @sinaemail: angelesclippers@sina.com
import execjs
import requests
import re
import json
def get_sign():
with open('sign.js', 'r') as f:
js = f.read()
f.close()
sign = execjs.compile(js).call('e', '兔子')
print(sign)
return sign
def get_token():
url = 'https://fanyi.baidu.com/?aldtype=16047'
headers = {
'Cookie': 'BIDUPSID=6ED20C8A993C162F592CBBCACFB3BA60; PSTM=1614007307; BAIDUID=6ED20C8A993C162FA88B4C229F31B844:FG=1; __yjs_duid=1_17fddf46c44f2d2c3b304d20c30d4a101614176173764; BAIDUID_BFESS=6ED20C8A993C162FA88B4C229F31B844:FG=1; BDRCVFR[n9IS1zhFc9f]=mk3SLVN4HKm; delPer=0; PSINO=7; H_PS_PSSID=33516_33357_33273_31660_33570_26350; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BCLID=7093079150575847613; BDSFRCVID=zqKOJexroG3VnU3eMoohEXw3ALweG7bTDYLEOwXPsp3LGJLVJeC6EG0Pts1-dEu-EHtdogKK0gOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF=tJKJoDt-JKK3fP36qR6sMJ8thmT22-us35RT2hcH0KLKoxOhefJ8bDuzBN34Xnb8LJriLp6eWfb1MRjvWxQk2q533-DqLM5X2JAHWl5TtUJ6JKnTDMRh-lIeWtvyKMniQKT9-pny0hQrh459XP68bTkA5bjZKxtq3mkjbPbDfn02eCKuDTK2e55QjGAshRTLHDbhLnn_MCD_HnurbDcvXUI8LNDHXtc-bjRn0Ro45nopo-3yQ-_bX-DyXnO7ttoyJKbnLhn5MUccKJ7vWJJ45UL1Db0OhTvMtg3t3DQ6Lpooepvo3Poc3MkbLPjdJJQOBKQB0KnGbUQkeq8CQft20b0EeMtjKjLEtRk8oK-atDvqKROkq4cE-t4hMMoXetJyaR3BBqOvWJ5WqR7jDpj-WbK8XfnraxQvbb7CXxOkMJbjShbXXMorQMCp-qbpQJbW3HcM2M373l02V-b3XxjVWxnDhp7LBPRMW20j0h7mWIQvsxA45J7cM4IseboJLfT-0bc4KKJxbnLWeIJEjjCaePDyqx5Ka43tHD7yWCvL-lvcOR59K4nnDpKH3Hb-W4Ry2gTvLKOpBP3qsI3P3MOZXMLg5n7Tbb8eBgvZ2UQF5l8-sq0x0bO5DDuOQq_L0xvJ5IOMahkM5h7xOKQoQlPK5JkgMx6MqpQJQeQ-5KQN3KJmfbL9bT3YjjISKx-_tTD8tb6P; BCLID_BFESS=7093079150575847613; BDSFRCVID_BFESS=zqKOJexroG3VnU3eMoohEXw3ALweG7bTDYLEOwXPsp3LGJLVJeC6EG0Pts1-dEu-EHtdogKK0gOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF_BFESS=tJKJoDt-JKK3fP36qR6sMJ8thmT22-us35RT2hcH0KLKoxOhefJ8bDuzBN34Xnb8LJriLp6eWfb1MRjvWxQk2q533-DqLM5X2JAHWl5TtUJ6JKnTDMRh-lIeWtvyKMniQKT9-pny0hQrh459XP68bTkA5bjZKxtq3mkjbPbDfn02eCKuDTK2e55QjGAshRTLHDbhLnn_MCD_HnurbDcvXUI8LNDHXtc-bjRn0Ro45nopo-3yQ-_bX-DyXnO7ttoyJKbnLhn5MUccKJ7vWJJ45UL1Db0OhTvMtg3t3DQ6Lpooepvo3Poc3MkbLPjdJJQOBKQB0KnGbUQkeq8CQft20b0EeMtjKjLEtRk8oK-atDvqKROkq4cE-t4hMMoXetJyaR3BBqOvWJ5WqR7jDpj-WbK8XfnraxQvbb7CXxOkMJbjShbXXMorQMCp-qbpQJbW3HcM2M373l02V-b3XxjVWxnDhp7LBPRMW20j0h7mWIQvsxA45J7cM4IseboJLfT-0bc4KKJxbnLWeIJEjjCaePDyqx5Ka43tHD7yWCvL-lvcOR59K4nnDpKH3Hb-W4Ry2gTvLKOpBP3qsI3P3MOZXMLg5n7Tbb8eBgvZ2UQF5l8-sq0x0bO5DDuOQq_L0xvJ5IOMahkM5h7xOKQoQlPK5JkgMx6MqpQJQeQ-5KQN3KJmfbL9bT3YjjISKx-_tTD8tb6P; Hm_lvt_64ecd82404c51e03dc91cb9e8c025574=1614404675; REALTIME_TRANS_SWITCH=1; FANYI_WORD_SWITCH=1; HISTORY_SWITCH=1; SOUND_SPD_SWITCH=1; SOUND_PREFER_SWITCH=1; Hm_lpvt_64ecd82404c51e03dc91cb9e8c025574=1614405111; ab_sr=1.0.0_ZmYwNmMwYTMwOTY1ZjdiYWU5NjIzZDcxZDhiNDJlZGJiMTdiZDc3ZDIyYTkyZTIxODcxZWM1NjUyYmJmNzZhY2IwMGViYWE2NGY0M2Y4ZWQwM2FmNTViMDk0Zjk0ZTg2; __yjsv5_shitong=1.0_7_7761e7b1ad9072852af05b64edf30315e171_300_1614405112502_1.206.246.215_77aafa3d',
'Host': 'fanyi.baidu.com',
'Referer': 'https://fanyi.baidu.com/?aldtype=16047',
'sec-ch-ua': '"Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36'
}
response = requests.get(url, headers=headers).text
token = re.search(r"token: '(.*?)'", response).group(1)
print(token)
return token
def fanyi(sign, token):
url = 'https://fanyi.baidu.com/v2transapi?from=zh&to=en'
data = {
'from': 'zh',
'to': 'en',
'query': '兔子',
'transtype': 'translang',
'simple_means_flag': '3',
'sign': sign,
'token': token,
'domain': 'common',
}
headers = {
'Cookie': 'BIDUPSID=6ED20C8A993C162F592CBBCACFB3BA60; PSTM=1614007307; BAIDUID=6ED20C8A993C162FA88B4C229F31B844:FG=1; __yjs_duid=1_17fddf46c44f2d2c3b304d20c30d4a101614176173764; BAIDUID_BFESS=6ED20C8A993C162FA88B4C229F31B844:FG=1; BDRCVFR[n9IS1zhFc9f]=mk3SLVN4HKm; delPer=0; PSINO=7; H_PS_PSSID=33516_33357_33273_31660_33570_26350; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BCLID=7093079150575847613; BDSFRCVID=zqKOJexroG3VnU3eMoohEXw3ALweG7bTDYLEOwXPsp3LGJLVJeC6EG0Pts1-dEu-EHtdogKK0gOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF=tJKJoDt-JKK3fP36qR6sMJ8thmT22-us35RT2hcH0KLKoxOhefJ8bDuzBN34Xnb8LJriLp6eWfb1MRjvWxQk2q533-DqLM5X2JAHWl5TtUJ6JKnTDMRh-lIeWtvyKMniQKT9-pny0hQrh459XP68bTkA5bjZKxtq3mkjbPbDfn02eCKuDTK2e55QjGAshRTLHDbhLnn_MCD_HnurbDcvXUI8LNDHXtc-bjRn0Ro45nopo-3yQ-_bX-DyXnO7ttoyJKbnLhn5MUccKJ7vWJJ45UL1Db0OhTvMtg3t3DQ6Lpooepvo3Poc3MkbLPjdJJQOBKQB0KnGbUQkeq8CQft20b0EeMtjKjLEtRk8oK-atDvqKROkq4cE-t4hMMoXetJyaR3BBqOvWJ5WqR7jDpj-WbK8XfnraxQvbb7CXxOkMJbjShbXXMorQMCp-qbpQJbW3HcM2M373l02V-b3XxjVWxnDhp7LBPRMW20j0h7mWIQvsxA45J7cM4IseboJLfT-0bc4KKJxbnLWeIJEjjCaePDyqx5Ka43tHD7yWCvL-lvcOR59K4nnDpKH3Hb-W4Ry2gTvLKOpBP3qsI3P3MOZXMLg5n7Tbb8eBgvZ2UQF5l8-sq0x0bO5DDuOQq_L0xvJ5IOMahkM5h7xOKQoQlPK5JkgMx6MqpQJQeQ-5KQN3KJmfbL9bT3YjjISKx-_tTD8tb6P; BCLID_BFESS=7093079150575847613; BDSFRCVID_BFESS=zqKOJexroG3VnU3eMoohEXw3ALweG7bTDYLEOwXPsp3LGJLVJeC6EG0Pts1-dEu-EHtdogKK0gOTH6KF_2uxOjjg8UtVJeC6EG0Ptf8g0M5; H_BDCLCKID_SF_BFESS=tJKJoDt-JKK3fP36qR6sMJ8thmT22-us35RT2hcH0KLKoxOhefJ8bDuzBN34Xnb8LJriLp6eWfb1MRjvWxQk2q533-DqLM5X2JAHWl5TtUJ6JKnTDMRh-lIeWtvyKMniQKT9-pny0hQrh459XP68bTkA5bjZKxtq3mkjbPbDfn02eCKuDTK2e55QjGAshRTLHDbhLnn_MCD_HnurbDcvXUI8LNDHXtc-bjRn0Ro45nopo-3yQ-_bX-DyXnO7ttoyJKbnLhn5MUccKJ7vWJJ45UL1Db0OhTvMtg3t3DQ6Lpooepvo3Poc3MkbLPjdJJQOBKQB0KnGbUQkeq8CQft20b0EeMtjKjLEtRk8oK-atDvqKROkq4cE-t4hMMoXetJyaR3BBqOvWJ5WqR7jDpj-WbK8XfnraxQvbb7CXxOkMJbjShbXXMorQMCp-qbpQJbW3HcM2M373l02V-b3XxjVWxnDhp7LBPRMW20j0h7mWIQvsxA45J7cM4IseboJLfT-0bc4KKJxbnLWeIJEjjCaePDyqx5Ka43tHD7yWCvL-lvcOR59K4nnDpKH3Hb-W4Ry2gTvLKOpBP3qsI3P3MOZXMLg5n7Tbb8eBgvZ2UQF5l8-sq0x0bO5DDuOQq_L0xvJ5IOMahkM5h7xOKQoQlPK5JkgMx6MqpQJQeQ-5KQN3KJmfbL9bT3YjjISKx-_tTD8tb6P; Hm_lvt_64ecd82404c51e03dc91cb9e8c025574=1614404675; REALTIME_TRANS_SWITCH=1; FANYI_WORD_SWITCH=1; HISTORY_SWITCH=1; SOUND_SPD_SWITCH=1; SOUND_PREFER_SWITCH=1; Hm_lpvt_64ecd82404c51e03dc91cb9e8c025574=1614405111; ab_sr=1.0.0_ZmYwNmMwYTMwOTY1ZjdiYWU5NjIzZDcxZDhiNDJlZGJiMTdiZDc3ZDIyYTkyZTIxODcxZWM1NjUyYmJmNzZhY2IwMGViYWE2NGY0M2Y4ZWQwM2FmNTViMDk0Zjk0ZTg2; __yjsv5_shitong=1.0_7_7761e7b1ad9072852af05b64edf30315e171_300_1614405112502_1.206.246.215_77aafa3d',
'Host': 'fanyi.baidu.com',
'Referer': 'https://fanyi.baidu.com/?aldtype=16047',
'sec-ch-ua': '"Chromium";v="88", "Google Chrome";v="88", ";Not A Brand";v="99"',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36'
}
response = requests.post(url, data=data, headers=headers).text
jsData = json.loads(response)
print(jsData)
if __name__ == '__main__':
sign = get_sign()
token = get_token()
fanyi(sign=sign, token=token)
执行结果:
哈哈哈哈哈哈,差强人意…结果并不对
这里我进行了多次调试发现是上面的参数 i 的问题,我们定义了i = “”, 通过断点调试看到 i 的值是这样的:
先看这段代码:u = null !== i ? i : (i = window[l] || “”) || “”; 大致意思就是 u=i=window[l]
而 window[l] 是一个固定值320305.131321201,所以这里直接将js代码中的u = “320305.131321201”即可:
再次运行python项目:
OK,成功~
码字不易,如果本篇文章对你有帮助请点个赞,谢谢~
合作及源码获取vx:tiebanggg 【注明来意】
QQ交流群:735418202
需源码请关注微信公众号回复【百度JS】获取 :
*注:本文为原创文章,转载文章请附上本文链接!否则将追究相关责任,请自重!谢谢!