本文介绍了如何使用js2py库逆向解析人人直播的网页,通过动态执行JavaScript代码来抓取和处理加密数据,包括RSA加密和Base64转换,最后模拟登录并下载数据的过程。博主强调了灵活使用context和手工查找js文件的重要性。
js逆向要想是想,要非常熟悉web的运行流程,针对不同网站,有不同的思路,这个博客是针对人人直播的一个爬取,先直接上代码,然后在讲解,
import requests
import js2py
import json
headers = {
"User-Agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1",
}
session = requests.session()
context = js2py.EvalJs()
phoneNum = "*********"
password = "******"
context.t = {
"phoneNum":phoneNum,
"password":password,
"c1":-100
}
response = session.get("http://activity.renren.com/livecell/rKey",headers=headers)
result = json.loads(response.content.decode('utf-8'))
context.n = result["data"]
with open('BigInt.js','r',encoding='utf-8') as f:
context.execute(f.read())
with open('Barrett.js','r',encoding='utf-8') as f:
context.execute(f.read())
with open('RSA.js','r',encoding='utf-8') as f:
context.execute(f.read())
js = '''
t.password = t.password.split("").reverse().join("")
setMaxDigits(130)
var o = new RSAKeyPair(n.e,"",n.n)
var r = encryptedString(o, t.password)
t.password = r
t.rKey = n.rkey
'''
context.execute(js)
# 模拟登录
data = {
"c1":context.t.c1,
"password":context.t.password,
"phoneNum":context.t.phoneNum,
"rKey":context.t.rKey
}
response=session.post("http://activity.renren.com/livecell/ajax/clog",headers=headers,data=data)
with open('13-test.html','wb') as f:
f.write(response.content)
账号密码自己注册一个,别想着直接用啊,
context = js2py.EvalJs(),这个函数的运用要灵活,
所有的js文件都需要自己在浏览器上寻找的,这也是最膈应人的,经常性的看的我老眼昏花,
大概步骤:
访问页面,拿到js,读取写入,在ide中执行,获取自己构造请求的真实数据,发送请求
扫一扫
6269
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
