有道翻译破解案例(post)
- 目标
破解有道翻译接口,抓取翻译结果
# 结果展示
请输入要翻译的词语: elephant
翻译结果: 大象
**************************
请输入要翻译的词语: 喵喵叫
翻译结果: mews
-
实现步骤
1、浏览器F12开启网络抓包,Network-All,页面翻译单词后找Form表单数据 2、在页面中多翻译几个单词,观察Form表单数据变化(有数据是加密字符串) 3、刷新有道翻译页面,抓取并分析JS代码(本地JS加密) 4、找到JS加密算法,用Python按同样方式加密生成加密数据 5、将Form表单数据处理为字典,通过requests.post()的data参数发送
具体实现
- 1、开启F12抓包,找到Form表单数据如下:
i: 喵喵叫
from: AUTO
to: AUTO
smartresult: dict
client: fanyideskweb
salt: 15614112641250 # 加盐
sign: 94008208919faa19bd531acde36aac5d # 签名
ts: 1561411264125
bv: f4d62a2579ebb44874d7ef93ba47e822
doctype: json
version: 2.1
keyfrom: fanyi.web
action: FY_BY_REALTlME
- 2、在页面中多翻译几个单词,观察Form表单数据变化
salt: 15614112641250
sign: 94008208919faa19bd531acde36aac5d
ts: 1561411264125
bv: f4d62a2579ebb44874d7ef93ba47e822
# 但是bv的值不变
- 3、一般为本地js文件加密,刷新页面,找到js文件并分析JS代码
# 方法1
Network - JS选项 - 搜索关键词salt
# 方法2
控制台右上角 - Search - 搜索salt - 查看文件 - 格式化输出
# 最终找到相关JS文件 : fanyi.min.js
- 4、打开JS文件,分析加密算法,用Python实现
# ts : 经过分析为13位的时间戳,字符串类型
js代码实现: "" + (new Date).getTime()
python实现: str(int(time.time()*1000))
# salt
js代码实现: r+parseInt(10 * Math.random(), 10);
python实现: ts + str(random.randint(0,9))
# sign(设置断点调试,来查看 e 的值,发现 e 为要翻译的单词) 在js代码最前面点击一下
js代码实现: n.md5("fanyideskweb" + e + salt + "n%A-rKaT5fb[Gy?;N5@Tj")
python实现:
from hashlib import md5
s = md5()
s.update("fanyideskweb" + e + salt + "n%A-rKaT5fb[Gy?;N5@Tj".encode())
sign = s.hexdigest()
- 5、代码实现
import requests
import time
from hashlib import md5
import random
# 获取相关加密算法的结果
def get_salt_sign_ts(word):
# salt
salt = str(int(time.time()*1000)) + str(random.randint(0,9))
# sign
string = "fanyideskweb" + word + salt + "n%A-rKaT5fb[Gy?;N5@Tj"
s = md5()
s.update(string.encode())
sign = s.hexdigest()
# ts
ts = str(int(time.time()*1000))
return salt,sign,ts
# 攻克有道
def attack_yd(word):
salt,sign,ts = get_salt_sign_ts(word)
# url为抓包抓到的地址 F12 -> translate_o -> post
url = 'http://fanyi.youdao.com/translate_o?smartresult=dict&smartresult=rule'
headers = {
"Accept": "application/json, text/javascript, */*; q=0.01",
"Accept-Encoding": "gzip, deflate",
"Accept-Language": "zh-CN,zh;q=0.9",
"Connection": "keep-alive",
"Content-Length": "238",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"Cookie": "OUTFOX_SEARCH_USER_ID=-1449945727@10.169.0.82; OUTFOX_SEARCH_USER_ID_NCOO=1492587933.976261; JSESSIONID=aaa5_Lj5jzfQZ_IPPuaSw; ___rl__test__cookies=1559193524685",
"Host": "fanyi.youdao.com",
"Origin": "http://fanyi.youdao.com",
"Referer": "http://fanyi.youdao.com/",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
"X-Requested-With": "XMLHttpRequest",
}
# Form表单数据
data = {
'i': word,
'from': 'AUTO',
'to': 'AUTO',
'smartresult': 'dict',
'client': 'fanyideskweb',
'salt': salt,
'sign': sign,
'ts': ts,
'bv': 'cf156b581152bd0b259b90070b1120e6',
'doctype': 'json',
'version': '2.1',
'keyfrom': 'fanyi.web',
'action': 'FY_BY_REALTlME'
}
json_html = requests.post(url,data=data,headers=headers).json()
result = json_html['translateResult'][0][0]['tgt']
return result
if __name__ == '__main__':
word = input('请输入要翻译的单词:')
result = attack_yd(word)
print(result)
百度翻译抓取
实现步骤
1、浏览器F12开启网络抓包,Network-All,页面翻译单词后找Form表单数据
2、在页面中多翻译几个单词,观察Form表单数据变化(有数据是加密字符串)
3、刷新百度翻译页面,抓取并分析JS代码(sign是由js生成的)
4、找到JS代码,在pycharm中新建js文件,将js代码复制到文件中
5、将js生成的sign返回给py文件,请求访问
方法
1.Network - JS选项 - 搜索关键词sign,找到sign:m(a)
2.在sign:m(a)处打断点调试,鼠标放在m处会有e(a)js函数,点击进入找到响应的js代码
JS代码(在pycharm中新建js文件,将js代码复制到文件中)
function n(r, o) {
for (var t = 0; t < o.length - 2; t += 3) {
var a = o.charAt(t + 2);
a = a >= "a" ? a.charCodeAt(0) - 87 : Number(a),
a = "+" === o.charAt(t + 1) ? r >>> a : r << a,
r = "+" === o.charAt(t) ? r + a & 4294967295 : r ^ a
}
return r
}
var i = "320305.131321201"
function e(r) {
var o = r.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g);
if (null === o) {
var t = r.length;
t > 30 && (r = "" + r.substr(0, 10) + r.substr(Math.floor(t / 2) - 5, 10) + r.substr(-10, 10))
} else {
for (var e = r.split(/[\uD800-\uDBFF][\uDC00-\uDFFF]/), C = 0, h = e.length, f = []; h > C; C++)
"" !== e[C] && f.push.apply(f, a(e[C].split(""))),
C !== h - 1 && f.push(o[C]);
var g = f.length;
g > 30 && (r = f.slice(0, 10).join("") + f.slice(Math.floor(g / 2) - 5, Math.floor(g / 2) + 5).join("") + f.slice(-10).join(""))
}
var u = void 0
, l = "" + String.fromCharCode(103) + String.fromCharCode(116) + String.fromCharCode(107);
u = null !== i ? i : (i = window[l] || "") || "";
for (var d = u.split("."), m = Number(d[0]) || 0, s = Number(d[1]) || 0, S = [], c = 0, v = 0; v < r.length; v++) {
var A = r.charCodeAt(v);
128 > A ? S[c++] = A : (2048 > A ? S[c++] = A >> 6 | 192 : (55296 === (64512 & A) && v + 1 < r.length && 56320 === (64512 & r.charCodeAt(v + 1)) ? (A = 65536 + ((1023 & A) << 10) + (1023 & r.charCodeAt(++v)),
S[c++] = A >> 18 | 240,
S[c++] = A >> 12 & 63 | 128) : S[c++] = A >> 12 | 224,
S[c++] = A >> 6 & 63 | 128),
S[c++] = 63 & A | 128)
}
for (var p = m, F = "" + String.fromCharCode(43) + String.fromCharCode(45) + String.fromCharCode(97) + ("" + String.fromCharCode(94) + String.fromCharCode(43) + String.fromCharCode(54)), D = "" + String.fromCharCode(43) + String.fromCharCode(45) + String.fromCharCode(51) + ("" + String.fromCharCode(94) + String.fromCharCode(43) + String.fromCharCode(98)) + ("" + String.fromCharCode(43) + String.fromCharCode(45) + String.fromCharCode(102)), b = 0; b < S.length; b++)
p += S[b],
p = n(p, F);
return p = n(p, D),
p ^= s,
0 > p && (p = (2147483647 & p) + 2147483648),
p %= 1e6,
p.toString() + "." + (p ^ m)
}
新建py文件,代码实现
安装执行js代码的库
pip install PyExecJS
'''
百度翻译数据抓取
'''
# 用来执行js代码
import execjs
import requests
class BaiduTranslateJS(object):
'''
百度翻译数据抓取
'''
def __init__(self, query):
"""
:param query: 待翻译的内容
cookie 值 可能会影响到翻译结果,可以将未登陆情况下百度翻译的cookie填写。
"""
self.query = query
self.url = "https://fanyi.baidu.com/v2transapi"
self.headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",
"Cookie": "BAIDUID=AFB6E3FB47D3EEA8C525D02E728E0991:FG=1; BIDUPSID=AFB6E3FB47D3EEA8C525D02E728E0991; PSTM=1556177968; REALTIME_TRANS_SWITCH=1; FANYI_WORD_SWITCH=1; HISTORY_SWITCH=1; SOUND_SPD_SWITCH=1; SOUND_PREFER_SWITCH=1; MCITY=-131%3A; Hm_lvt_64ecd82404c51e03dc91cb9e8c025574=1556507678,1557287607,1557714510,1557972796; BDSFRCVID=xr-sJeCCxG3twro9YX2saOEfCZPT14fNd2s33J; H_BDCLCKID_SF=tR3fL-08abrqqbRGKITjhPrM2hKLbMT-027OKKO2b-oobfTyDRbHXULELn6TLT_J5eobot8bthF0HPonHj85j6bQ3J; PSINO=2; delPer=0; H_PS_PSSID=1450_28937_21095_18560_29064_28518_29098_28722_28963_28836_28584_26350; locale=zh; yjs_js_security_passport=5b9f340d92cf7400bd5ba82b49a65bc0520935cc_1558490261_js; Hm_lpvt_64ecd82404c51e03dc91cb9e8c025574=1558493551; to_lang_often=%5B%7B%22value%22%3A%22jp%22%2C%22text%22%3A%22%u65E5%u8BED%22%7D%2C%7B%22value%22%3A%22en%22%2C%22text%22%3A%22%u82F1%u8BED%22%7D%2C%7B%22value%22%3A%22zh%22%2C%22text%22%3A%22%u4E2D%u6587%22%7D%5D; from_lang_often=%5B%7B%22value%22%3A%22jp%22%2C%22text%22%3A%22%u65E5%u8BED%22%7D%2C%7B%22value%22%3A%22zh%22%2C%22text%22%3A%22%u4E2D%u6587%22%7D%2C%7B%22value%22%3A%22en%22%2C%22text%22%3A%22%u82F1%u8BED%22%7D%5D"
}
self.data = {
"from": "en",
"to": "zh",
"query": self.query, # query 即我们要翻译的的内容
"transtype": "translang",
"simple_means_flag": "3",
"sign": "", # sign 是变化的需要我们执行js代码得到
"token": "13508e550366f3004701d561721e12bd" # token没有变化
}
def structure_form(self):
"""
读取js文件
执行js代码得到我们苦求的sign值
构造新的表单
:return:
"""
with open('baidu_translate_js.js', 'r', encoding='utf-8') as f:
ctx = execjs.compile(f.read())
sign = ctx.call('e', self.query) # e为js代码里的函数名 # self.query为要查的单词,也就是e函数需要填写的参数 sign为js代码执行的返回的结果
# print(sign)
# sign成功获取,写入date
self.data['sign'] = sign
def get_response(self):
"""
通过构造的新的表单数据,访问api,获取翻译内容
:return: 翻译结果
"""
self.structure_form()
response = requests.post(self.url, headers=self.headers, data=self.data).json()
# print(response)
r = response['trans_result']['data'][0]['dst']
return r
if __name__ == '__main__':
while True:
word = input('请输入要查的单词:')
baidu_translate_spider = BaiduTranslateJS(word)
result = baidu_translate_spider.get_response()
print(result)
附git地址:https://github.com/RyanLove1/spider_code
有道翻译流程梳理
1. 打开首页
2. 准备抓包: F12开启控制台
3. 寻找地址
页面中输入翻译单词,控制台中抓取到网络数据包,查找并分析返回翻译数据的地址
4. 发现规律
找到返回具体数据的地址,在页面中多输入几个单词,找到对应URL地址,分析对比 Network - All(或者XHR) - Form Data,发现对应的规律
5. 寻找JS文件
右上角 ... -> Search -> 搜索关键字 -> 单击 -> 跳转到Sources,左下角格式化符号{}
6、查看JS代码
搜索关键字,找到相关加密方法,分析并用python实现
7、断点调试
8、完善程序
3066
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
