抓请求包
全局搜索 会发现很多参数在这个请求里
多抓几次包 会发现 只有 su 和 sp 然后找加密的js代码
su base64
sp
Python 实现
import requests,time, base64, re, json
import execjs
class WeiBo(object):
def __init__(self):
self.session = requests.Session()
self.headers = {
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36"
}
def login(self,phone,password):
api = "https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.19)"
url1 = 'https://login.sina.com.cn/sso/prelogin.php?entry=weibo&callback=sinaSSOController.preloginCallBack&su=&rsakt=mod&client=ssologin.js(v1.4.19)&_={}'.format(str(time.time()).replace('.','')[:13])
html = self.session.get(url1,headers=self.headers)
print(html.text)
json_res = re.search(r'preloginCallBack\((.*?)\)', html.text).group(1)
json_res = json.loads(json_res)
print(json_res, type(json_res))
# pwd = self._get_sp_rsa(password,json_res.get('servertime'),json_res.get('nonce'),)
# print(pwd)
ctx = execjs.compile(open('jm.js', 'r').read())
sp = ctx.call('get_sp',
json_res.get('pubkey'),
str(json_res.get('servertime')),
json_res.get('nonce'),
password
)
print(password)
su = self._get_su(phone)
data = {
"entry": "weibo",
"gateway": "1",
"from": "",
"savestate": "7",
"qrcode_flag": "false",
"useticket": "1",
"pagerefer": "https://login.sina.com.cn/crossdomain2.php?action=logout&r=https%3A%2F%2Fpassport.weibo.com%2Fwbsso%2Flogout%3Fr%3Dhttps%253A%252F%252Fweibo.com%26returntype%3D1",
"vsnf": "1",
"su": su,
"service": "miniblog",
"servertime": json_res.get('servertime'),
"nonce": json_res.get('nonce'),
"pwencode": "rsa2",
"rsakv": "1330428213",
"sp": sp,
"sr": "1920*1080",
"encoding": "UTF - 8",
"prelt": "149",
"url": "https://weibo.com/ajaxlogin.php?framelogin=1&callback=parent.sinaSSOController.feedBackUrlCallBack",
"returntype": "META",
}
headers = self.headers.copy()
headers.update({
"Host": "login.sina.com.cn",
"Origin": "https://weibo.com",
"Referer": "https://weibo.com/"
})
response = self.session.post(api, headers=self.headers, data=data, allow_redirects=False)
response.encoding = response.apparent_encoding
# print('-----',response.text)
tz_url = re.search(r'location.replace\(\"(.*?)\"',response.text,re.S)
res = self.session.get(tz_url.group(1), headers=headers.update({
"Referer": "https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.19)"
}), allow_redirects=False)
res.encoding = res.apparent_encoding
# print('======',res.text)
search_result = re.search('"arrURL":(.*?)}', res.text)
redirct_urls = search_result.group(1)
redirct_url_list = json.loads(redirct_urls)
for url in redirct_url_list:
response = self.session.get(url, headers=self.headers)
result = self.session.get('https://weibo.com/')
result.encoding = result.apparent_encoding
print(result.text)
def _get_su(self, account):
return str(base64.b64encode(bytes(account, encoding="utf-8")), encoding="utf-8")
a = WeiBo()
a.login('手机号','密码')
js 这段代码可以用 Python 实现 暂时没有研究
var sinaSSOEncoder = sinaSSOEncoder || {};
(function() {
var a = 0
, b = 8;
this.hex_sha1 = function(a) {
return i(c(h(a), a.length * b))
}
;
var c = function(a, b) {
a[b >> 5] |= 128 << 24 - b % 32;
a[(b + 64 >> 9 << 4) + 15] = b;
var c = Array(80)
, h = 1732584193
, i = -271733879
, j = -1732584194
, k = 271733878
, l = -1009589776;
for (var m = 0; m < a.length; m += 16) {
var n = h
, o = i
, p = j
, q = k
, r = l;
for (var s = 0; s < 80; s++) {
s < 16 ? c[s] = a[m + s] : c[s] = g(c[s - 3] ^ c[s - 8] ^ c[s - 14] ^ c[s - 16], 1);
var t = f(f(g(h, 5), d(s, i, j, k)), f(f(l, c[s]), e(s)));
l = k;
k = j;
j = g(i, 30);
i = h;
h = t
}
h = f(h, n);
i = f(i, o);
j = f(j, p);
k = f(k, q);
l = f(l, r)
}
return [h, i, j, k, l]
}
, d = function(a, b, c, d) {
return a < 20 ? b & c | ~b & d : a < 40 ? b ^ c ^ d : a < 60 ? b & c | b & d | c & d : b ^ c ^ d
}
, e = function(a) {
return a < 20 ? 1518500249 : a < 40 ? 1859775393 : a < 60 ? -1894007588 : -899497514
}
, f = function(a, b) {
var c = (a & 65535) + (b & 65535)
, d = (a >> 16) + (b >> 16) + (c >> 16);
return d << 16 | c & 65535
}
, g = function(a, b) {
return a << b | a >>> 32 - b
}
, h = function(a) {
var c = []
, d = (1 << b) - 1;
for (var e = 0; e < a.length * b; e += b)
c[e >> 5] |= (a.charCodeAt(e / b) & d) << 24 - e % 32;
return c
}
, i = function(b) {
var c = a ? "0123456789ABCDEF" : "0123456789abcdef"
, d = "";
for (var e = 0; e < b.length * 4; e++)
d += c.charAt(b[e >> 2] >> (3 - e % 4) * 8 + 4 & 15) + c.charAt(b[e >> 2] >> (3 - e % 4) * 8 & 15);
return d
}
, j = function(a) {
var b = ""
, c = 0;
for (; c < a.length; c++)
b += "%" + k(a[c]);
return decodeURIComponent(b)
}
, k = function(a) {
var b = "0" + a.toString(16);
return b.length <&#