【Case】加速乐分析

测试网址

aHR0cHM6Ly93d3cuY252ZC5vcmcuY24vZmxhdy9saXN0

断点分析

  1. 启动无痕模式,加载网页。

  2. 打开控制台 → 应用 → 清除cookie;添加“脚本的第一个语句”断点后,重写加载网页。

    • 第一次的状态码为:521;响应头返回Set-Cookie: __jsluid_s=961ace5c62912fd250d0b4eb85ba95b3;返回源码

      <script>
          document.cookie = ('_') + ('_') + ('j') + ('s') + ('l') + ('_') + ('c') + ('l') + ('e') + ('a') + ('r') + ('a') + ('n') + ('c') + ('e') + ('_') + ('s') + ('=') + ((+true) + '') + (3 + 3 + '') + (3 + 4 + '') + (0 + 1 + 0 + 1 + '') + (1 + 7 + '') + (9 + '') + (8 + '') + (1 + 1 + '') + (-~[7] + '') + (0 + 1 + 0 + 1 + '') + ('.') + (1 + 3 + '') + ((2) * [4] + '') + (2 + 7 + '') + ('|') + ('-') + (-~false + '') + ('|') + ('o') + ('d') + ('A') + ('Z') + ('%') + (1 + 1 + '') + ('F') + ('G') + ('s') + ('O') + ('b') + ('E') + ('q') + ('Q') + ('N') + ('m') + ('Q') + ('n') + ('h') + ('I') + ('O') + ((1 + [2] >> 2) + '') + (2 + 4 + '') + ('S') + ('I') + ('v') + ('L') + ('q') + ('s') + ('%') + (1 + 2 + '') + ('D') + (';') + ('m') + ('a') + ('x') + ('-') + ('a') + ('g') + ('e') + ('=') + ((2 ^ 1) + '') + ([2] * (3) + '') + (~~{} + '') + (~~false + '') + (';') + ('p') + ('a') + ('t') + ('h') + ('=') + ('/');
          location.href = location.pathname + location.search
      </script>

      执行JS代码后,Cookie为__jsluid_s=961ace5c62912fd250d0b4eb85ba95b3;__jsl_clearance_s=1672898282.489|-1|odAZ%2FGsObEqQNmQnhIO36SIvLqs%3D

    • 第二次的状态码为:521;请求头携带第一次获取的cookie;返回源码为OB混淆后的JS代码。

      解混淆后的代码,结构如下

      function hash(_0x147791) {...}
      function go(_0x11b290) {...}
      go({
        "bts": ["1672899031.418|0|Ftk", "9tfUf8bi%2Bqq%2FvSSoXRFAF8%3D"],
        "chars": "VKUATemZOjMWFkGuVRReaU",
        "ct": "973ddf21089482923e721e94588b7932481e4d2f37bb241495747d058f1bc591",
        "ha": "sha256",
        "tn": "__jsl_clearance_s",
        "vt": "3600",
        "wt": "1500"
      });
    • 第三次的状态码为:200;请求头携带第二次计算出的__jsl_clearance_s;返回正常源码

  3. 请求头要携带UA,否则会触发风控

爬虫代码

js部分

请求会随机返回3种加密方式的脚本,需要对应设置下

window = {
    'navigator': {
        'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36'
    }
}

function go_sha256(data) {
    function hash(_0x147791) {
		扣下来的代码
	}
    function go(_0x11b290) {
        function _0x202732() {
            var _0x138b26 = window["navigator"]["userAgent"],
                _0x26bf46 = ["Phantom"];

            for (var _0x34080f = 0; _0x34080f < _0x26bf46["length"]; _0x34080f++) {
                if (_0x138b26["indexOf"](_0x26bf46[_0x34080f]) != -1) {
                    return true;
                }
            }

            if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {
                return true;
            }
        }

        if (_0x202732()) {
            return;
        }

        var _0x2f5eef = new Date();

        function _0x717ddb(_0x3f7c2d, _0x4b676c) {
            var _0x3845ca = _0x11b290["chars"]["length"];

            for (var _0x50e4c1 = 0; _0x50e4c1 < _0x3845ca; _0x50e4c1++) {
                for (var _0x15d326 = 0; _0x15d326 < _0x3845ca; _0x15d326++) {
                    var _0xd41b9f = _0x4b676c[0] + _0x11b290["chars"]["substr"](_0x50e4c1, 1) + _0x11b290["chars"]["substr"](_0x15d326, 1) + _0x4b676c[1];

                    if (hash(_0xd41b9f) == _0x3f7c2d) {
                        return [_0xd41b9f, new Date() - _0x2f5eef];
                    }
                }
            }
        }

        var _0x2556c5 = _0x717ddb(_0x11b290["ct"], _0x11b290["bts"]);

        console.log(_0x2556c5[0])
        return _0x2556c5[0];

        // if (_0x2556c5) {
        //     var _0x3db513;
        //
        //     if (_0x11b290["wt"]) {
        //         _0x3db513 = parseInt(_0x11b290["wt"]) > _0x2556c5[1] ? parseInt(_0x11b290["wt"]) - _0x2556c5[1] : 500;
        //     } else {
        //         _0x3db513 = 1500;
        //     }
        //
        //     setTimeout(function () {
        //         document["cookie"] = _0x11b290["tn"] + "=" + _0x2556c5[0] + ";Max-age=" + _0x11b290["vt"] + "; path = /";
        //         location["href"] = location["pathname"] + location["search"];
        //     }, _0x3db513);
        // } else {
        //     alert("请求验证失败");
        // }
    }

    go({
        "bts": ["1672899031.418|0|Ftk", "9tfUf8bi%2Bqq%2FvSSoXRFAF8%3D"],
        "chars": "VKUATemZOjMWFkGuVRReaU",
        "ct": "973ddf21089482923e721e94588b7932481e4d2f37bb241495747d058f1bc591",
        "ha": "sha256",
        "tn": "__jsl_clearance_s",
        "vt": "3600",
        "wt": "1500"
    });

    return go(data)
}


function go_sha1(data) {
    function hash(_0x46c87f) {
		扣下来的代码
	}
    function go(_0x2852c6) {
        function _0x2262ba() {
            var _0x504c6c = window["navigator"]["userAgent"],
                _0x597534 = ["Phantom"];

            for (var _0x361176 = 0; _0x361176 < _0x597534["length"]; _0x361176++) {
                if (_0x504c6c["indexOf"](_0x597534[_0x361176]) != -1) {
                    return true;
                }
            }

            if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {
                return true;
            }
        }

        if (_0x2262ba()) {
            return;
        }

        var _0x322583 = new Date();

        function _0x47dd73(_0x535f24, _0x1964cc) {
            var _0x2b76f5 = _0x2852c6["chars"]["length"];

            for (var _0x15035f = 0; _0x15035f < _0x2b76f5; _0x15035f++) {
                for (var _0x163521 = 0; _0x163521 < _0x2b76f5; _0x163521++) {
                    var _0x27df30 = _0x1964cc[0] + _0x2852c6["chars"]["substr"](_0x15035f, 1) + _0x2852c6["chars"]["substr"](_0x163521, 1) + _0x1964cc[1];

                    if (hash(_0x27df30) == _0x535f24) {
                        return [_0x27df30, new Date() - _0x322583];
                    }
                }
            }
        }

        var _0x2b039e = _0x47dd73(_0x2852c6["ct"], _0x2852c6["bts"]);

        console.log(_0x2b039e[0])
        return _0x2b039e[0];

        // if (_0x2b039e) {
        //     var _0x6305a1;
        //
        //     if (_0x2852c6["wt"]) {
        //         _0x6305a1 = parseInt(_0x2852c6["wt"]) > _0x2b039e[1] ? parseInt(_0x2852c6["wt"]) - _0x2b039e[1] : 500;
        //     } else {
        //         _0x6305a1 = 1500;
        //     }
        //
        //     setTimeout(function () {
        //         document["cookie"] = _0x2852c6["tn"] + "=" + _0x2b039e[0] + ";Max-age=" + _0x2852c6["vt"] + "; path = /";
        //         location["href"] = location["pathname"] + location["search"];
        //     }, _0x6305a1);
        // } else {
        //     alert("请求验证失败");
        // }
    }

    go({
        "bts": ["1672901416.665|0|7PM", "Hsp0CRwf0gdnHaKxN93VZE%3D"],
        "chars": "yPCRfNImnbHhUQIYGBcoJg",
        "ct": "3f981d0e9cc215327f358f184e742573ca60d646",
        "ha": "sha1",
        "tn": "__jsl_clearance_s",
        "vt": "3600",
        "wt": "1500"
    });

    return go(data)
}

function go_md5(data) {
    function hash(_0x76d8a) {
		扣下来的代码
	}
    function go(_0x1d4ce1) {
        function _0x4e17a9() {
            var _0xc12af0 = window["navigator"]["userAgent"],
                _0xdd2259 = ["Phantom"];

            for (var _0x197d0f = 0; _0x197d0f < _0xdd2259["length"]; _0x197d0f++) {
                if (_0xc12af0["indexOf"](_0xdd2259[_0x197d0f]) != -1) {
                    return true;
                }
            }

            if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {
                return true;
            }
        }

        if (_0x4e17a9()) {
            return;
        }

        var _0x3e7224 = new Date();

        function _0x41f7a7(_0x2c6332, _0x586dfc) {
            var _0x4d30a2 = _0x1d4ce1["chars"]["length"];

            for (var _0x3bc25d = 0; _0x3bc25d < _0x4d30a2; _0x3bc25d++) {
                for (var _0x42c9b3 = 0; _0x42c9b3 < _0x4d30a2; _0x42c9b3++) {
                    var _0x35e8ba = _0x586dfc[0] + _0x1d4ce1["chars"]["substr"](_0x3bc25d, 1) + _0x1d4ce1["chars"]["substr"](_0x42c9b3, 1) + _0x586dfc[1];

                    if (hash(_0x35e8ba) == _0x2c6332) {
                        return [_0x35e8ba, new Date() - _0x3e7224];
                    }
                }
            }
        }

        var _0x4f8828 = _0x41f7a7(_0x1d4ce1["ct"], _0x1d4ce1["bts"]);
        console.log(_0x4f8828[0])
        return _0x4f8828[0];
        // if (_0x4f8828) {
        //     var _0x38c774;
        //
        //     if (_0x1d4ce1["wt"]) {
        //         _0x38c774 = parseInt(_0x1d4ce1["wt"]) > _0x4f8828[1] ? parseInt(_0x1d4ce1["wt"]) - _0x4f8828[1] : 500;
        //     } else {
        //         _0x38c774 = 1500;
        //     }
        //
        //     setTimeout(function () {
        //         document["cookie"] = _0x1d4ce1["tn"] + "=" + _0x4f8828[0] + ";Max-age=" + _0x1d4ce1["vt"] + "; path = /";
        //         location["href"] = location["pathname"] + location["search"];
        //     }, _0x38c774);
        // } else {
        //     alert("请求验证失败");
        // }
    }

    go({
        "bts": ["1672907162.205|0|d2T", "g2vz4EKe63gsiEOntyMh44%3D"],
        "chars": "XnRrrmgzYbHSEjXVnQCybL",
        "ct": "d177066b36a9f595d3058529f1ae4a75",
        "ha": "md5",
        "tn": "__jsl_clearance_s",
        "vt": "3600",
        "wt": "1500"
    });
    return go(data)
}

python部分

headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36'
}


def cookie_to_dict(cookie):
    return {item.split('=')[0].strip(): item.split('=')[1].strip() for item in cookie.split(r';')}


def read_string(file, encoding='UTF-8'):
    with open(file, 'r', encoding=encoding) as f:
        return f.read()


def first_time(request, url):
    response = request.get(url, headers=headers)
    print(response.text)
    cookie = execjs.eval(re.search('document.cookie=(.*);location.href=', response.text).group(1))
    # print(cookie)
    cookie_dict = cookie_to_dict(cookie)
    print(cookie_dict)
    request.cookies.update(cookie_dict)


def second_time(request, url):
    response = request.get(url, headers=headers)
    print(response.text)
    go = re.search(r'go\(({"bts":\[.*)\)</script>$', response.text).group(1)
    hash = re.search(r'"ha":"(.*?)"', go).group(1)
    print(hash, '***', go)
    js_text = read_string('cnvd.js')
    js_compile = execjs.compile(js_text)
    cookie = js_compile.call('go_' + hash, json.loads(go))
    print(cookie)
    request.cookies.update({'__jsl_clearance_s': cookie})


def third_time(request, url):
    response = request.get(url, headers=headers)
    # print(response.text)
    html = etree.HTML(response.text)
    print(html.xpath('.//tr[@class="current"]//a/@title'))


if __name__ == '__main__':
    test_url = 'https://www.cnvd.org.cn/flaw/list'
    session = requests.session()
    first_time(session, test_url)
    second_time(session, test_url)
    third_time(session, test_url)

运行结果

<script>document.cookie=('_')+('_')+('j')+('s...a')+('t')+('h')+('=')+('/');location.href=location.pathname+location.search</script>
{'__jsl_clearance_s': '1672908867.093|-1|jolxDs8QDojvoYYuYJwGqLPvRYU%3D', 'max-age': '3600', 'path': '/'}
<script>var _0x359a=['wrzDoGMw','PcOvwohV','eDMmWA==','CMKFFE0='...,"ha":"sha256","tn":"__jsl_clearance_s","vt":"3600","wt":"1500"})</script>
sha256 *** {"bts":["1672908867.604|0|pZA","5tN...arance_s","vt":"3600","wt":"1500"}
1672908867.604|0|pZAZF5tNb4bFHvLM%2FxqJat50cmA%3D
['IBM AIX拒绝服务漏洞(CNVD-2023-00804)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00806)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00808)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00810)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00812)']

【Case】加速乐分析
https://元气码农少女酱.我爱你/1a6861840eb3/
作者
元气码农少女酱
发布于
2023年5月28日
许可协议