Incapsula reese84 逆向

西楚傲天

于 2024-06-03 10:22:10 发布

阅读量1k

点赞数 20

分类专栏： js逆向文章标签：前端爬虫 javascript

本文链接：https://blog.csdn.net/weixin_58584029/article/details/139406242

版权

js逆向专栏收录该内容

16 篇文章 38 订阅

订阅专栏

网站：'aHR0cHM6Ly93d3cuZmx5c2Nvb3QuY29tL2Vu'

请求流程：

拿js生成的p，请求得到token，然后cookies里面携带这个token，

再次请求拿到accessToken，就完成了js的流程，就可以正常拿搜索参数了。

加密入入口：

网页上直接搜window.JSON.stringify( ，最后一个就是加密入口。

扣的话也很简单，混淆是ob，加密流程都是在第一个自执行里面。将头扣下来后，加密流程都在这里面，每个window.JSON.stringify( 都是加密请求参数，跟进window.JSON.stringify( 就行。

检查点：

注意比较了大的function下的call与toString的值，函数name，枚举了window下的属性

检测无头浏览器，自动化
Zi["QrJGGDBlS7QE2g0w7OMMQu52WxE="] = {};




对iframe.contentWindow.navigator进行遍历，Object.getOwnPropertyDescriptor查看navigator属性
[key,""]形式进行push
for(var i in navigator){
    CC.push([i,""])
}
Zi.LrJTGCplTbQE2gcw8uMMQt92XhEs8x2WMJxYfip0SToXZxBd9XkHBfNK = CC;



avigator.userAgent
navigator.language
原型链上赋值，检测navigator自身属性。
new window["Date"]()["getTime"]()["toString"]()
new window["File"]([], "")["lastModified"]["toString"]()
window["performance"]["now"]()["toString"]()
new window["DocumentTimeline"]()["currentTime"]["toString"]()
window["performance"]["timing"]["navigationStart"]["toString"]()        写死

navigator.mimeTypes
获取属性：suffixes,type,enabledPlugin.filename

screen.width/height/availHeight/availLeft/availTop/availWidth/pixelDepth
window.innerWidth/innerHeight/outerHeight/devicePixelRatio
scrreen["orientation"]["type"]
window.screenX/screenY

new window["Date"]()["getTimezoneOffset"]()

window.indexedDB
document.body.addBehavior = undefined

window.openDatabase = function(){}
navigator.cpuClass/platform/doNotTrack/appName

window.ActiveXObject

navigator.plugins.length
plugins.name进行sort
循环遍历，获取type，suffixes，name，description


fillRect = function(){}
fillText = function(){}
beginPath = function(){}
closePath = function(){}
fill = function(){}
arc = function(){}
getImageData = function(){return ImageData_obj}
toDataURL = function(){return }         

canvas_two = document["createElement"]("canvas");
canvas_two.toDataURL = function(){return "data:image/webpdwadwadwadwadwa"}; //带上"data:image/webp"放在首位即可

canvas_three = document["createElement"]("canvas");
CanvasRenderingContext2D_two = canvas_three["getContext"]("2d");

canvas_four = document["createElement"]("canvas");
CanvasRenderingContext2D_three = canvas_four["getContext"]("2d");
CanvasRenderingContext2D_three.putImageData = function(){}
canvas_four.toDataURL = function(){return } 




canvas.toDataURl


canvas_five = document["createElement"]("canvas");
WebGLRenderingContext_one = canvas_five["getContext"]("webgl") || er["getContext"]("experimental-webgl");


WebGLBuffer_one = WebGLRenderingContext_one["createBuffer"] && WebGLRenderingContext_one["createBuffer"]();
WebGLRenderingContext_one
.bindBuffer = function
.bufferData = function
.createProgram = function
.createShader = function
.shaderSource
.compileShader
.attachShader
.linkProgram
.useProgram
.getAttribLocation = function(){return ???}
.getUniformLocation
.enableVertexAttribArray
.vertexAttribPointer
.uniform2f
.drawArrays
.canvas = {
    toDataURL:function(){return ""}
}
.readPixels = function(){}

canvas_six = document["createElement"]("canvas");

CanvasRenderingContext2D_canvas_six = canvas_six["getContext"]("2d");
CanvasRenderingContext2D_canvas_six.createImageData = function(){return ImageDataOBj]
CanvasRenderingContext2D_canvas_six.putImageData = function(){}
ImageDataOBj = {
    data:{      //Uint8ClampedArray
        set:function(){}
    }
}

canvas_six.toDataURL = function(){return ""}

WebGLRenderingContext_one.getSupportedExtensions = function(){return []}
.getParameter = function(){}        "ALIASED_LINE_WIDTH_RANGE"/"ALIASED_POINT_SIZE_RANGE"/"ALPHA_BITS"
.getContextAttributes = function(){return obj = {antialias :true}}
"BLUE_BITS"/"DEPTH_BITS"/"GREEN_BITS"


window["WebGLRenderingContext"]["prototype"]["getParameter"]["name"];
toString检测
navigator.maxTouchPoints
document["createElement"]("video");  = object = {
                                                    canPlayType :function(){return "probably"}
                                                }
document["createElement"]("audio");
===> {
    canPlayType :function(){return "probably"}      参数："audio/x-m4a;"  返回maybe/ 参数：[]  返回nope
}
navigator.vendor
.product
.productSub
window.chrome = {
    loadTimes :function(){} // toString()检测，
    app:{
        获取app下属性的描述符，
    }
}
navigator.appName
.webdriver = false
["connection"]["rtt"] = 100

window.history.length = 12
navigator.hardwareConcurrency = 12

 window["self"] !== window["top"];
 window["navigator"]["getBattery"] 函数 toString检测

 window["console"]["debug"]["name"]; toString检测
 window.PERSISTENT/TEMPORARY/PerformanceObserver.supportedEntryTypes

 location.protocol
 CanvasRenderingContext2D_十三 = document["createElement"]("canvas")["getContext"]("2d");
.measureText = function(){return {}} ???????????????

twoelement = window["document"]["documentElement"]["children"];
twoelement[0]["tagName"]["toUpperCase"]()

window.visualViewport.width/height/scale

document["createAttribute", "createElement", "createElementNS"]; 三个函数
document["implementation"]["createHTMLDocument"]("");

西楚傲天

关注

20
点赞
踩
13

收藏

觉得还不错? 一键收藏
0
评论
Incapsula reese84 逆向

CanvasRenderingContext2D_十三 = document["createElement"]("canvas")["getContext"]("2d");window["performance"]["timing"]["navigationStart"]["toString"]() 写死。window["navigator"]["getBattery"] 函数 toString检测。toString检测。
复制链接

扫一扫