【Case】加速乐分析
测试网址
aHR0cHM6Ly93d3cuY252ZC5vcmcuY24vZmxhdy9saXN0
断点分析
启动无痕模式,加载网页。
打开控制台 → 应用 → 清除cookie;添加“脚本的第一个语句”断点后,重写加载网页。
第一次的状态码为:521;响应头返回
Set-Cookie: __jsluid_s=961ace5c62912fd250d0b4eb85ba95b3;
返回源码<script> document.cookie = ('_') + ('_') + ('j') + ('s') + ('l') + ('_') + ('c') + ('l') + ('e') + ('a') + ('r') + ('a') + ('n') + ('c') + ('e') + ('_') + ('s') + ('=') + ((+true) + '') + (3 + 3 + '') + (3 + 4 + '') + (0 + 1 + 0 + 1 + '') + (1 + 7 + '') + (9 + '') + (8 + '') + (1 + 1 + '') + (-~[7] + '') + (0 + 1 + 0 + 1 + '') + ('.') + (1 + 3 + '') + ((2) * [4] + '') + (2 + 7 + '') + ('|') + ('-') + (-~false + '') + ('|') + ('o') + ('d') + ('A') + ('Z') + ('%') + (1 + 1 + '') + ('F') + ('G') + ('s') + ('O') + ('b') + ('E') + ('q') + ('Q') + ('N') + ('m') + ('Q') + ('n') + ('h') + ('I') + ('O') + ((1 + [2] >> 2) + '') + (2 + 4 + '') + ('S') + ('I') + ('v') + ('L') + ('q') + ('s') + ('%') + (1 + 2 + '') + ('D') + (';') + ('m') + ('a') + ('x') + ('-') + ('a') + ('g') + ('e') + ('=') + ((2 ^ 1) + '') + ([2] * (3) + '') + (~~{} + '') + (~~false + '') + (';') + ('p') + ('a') + ('t') + ('h') + ('=') + ('/'); location.href = location.pathname + location.search </script>
执行JS代码后,Cookie为
__jsluid_s=961ace5c62912fd250d0b4eb85ba95b3;__jsl_clearance_s=1672898282.489|-1|odAZ%2FGsObEqQNmQnhIO36SIvLqs%3D
第二次的状态码为:521;请求头携带第一次获取的cookie;返回源码为OB混淆后的JS代码。
解混淆后的代码,结构如下
function hash(_0x147791) {...} function go(_0x11b290) {...} go({ "bts": ["1672899031.418|0|Ftk", "9tfUf8bi%2Bqq%2FvSSoXRFAF8%3D"], "chars": "VKUATemZOjMWFkGuVRReaU", "ct": "973ddf21089482923e721e94588b7932481e4d2f37bb241495747d058f1bc591", "ha": "sha256", "tn": "__jsl_clearance_s", "vt": "3600", "wt": "1500" });
第三次的状态码为:200;请求头携带第二次计算出的
__jsl_clearance_s
;返回正常源码
请求头要携带UA,否则会触发风控
爬虫代码
js部分
请求会随机返回3种加密方式的脚本,需要对应设置下
window = {
'navigator': {
'userAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36'
}
}
function go_sha256(data) {
function hash(_0x147791) {
扣下来的代码
}
function go(_0x11b290) {
function _0x202732() {
var _0x138b26 = window["navigator"]["userAgent"],
_0x26bf46 = ["Phantom"];
for (var _0x34080f = 0; _0x34080f < _0x26bf46["length"]; _0x34080f++) {
if (_0x138b26["indexOf"](_0x26bf46[_0x34080f]) != -1) {
return true;
}
}
if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {
return true;
}
}
if (_0x202732()) {
return;
}
var _0x2f5eef = new Date();
function _0x717ddb(_0x3f7c2d, _0x4b676c) {
var _0x3845ca = _0x11b290["chars"]["length"];
for (var _0x50e4c1 = 0; _0x50e4c1 < _0x3845ca; _0x50e4c1++) {
for (var _0x15d326 = 0; _0x15d326 < _0x3845ca; _0x15d326++) {
var _0xd41b9f = _0x4b676c[0] + _0x11b290["chars"]["substr"](_0x50e4c1, 1) + _0x11b290["chars"]["substr"](_0x15d326, 1) + _0x4b676c[1];
if (hash(_0xd41b9f) == _0x3f7c2d) {
return [_0xd41b9f, new Date() - _0x2f5eef];
}
}
}
}
var _0x2556c5 = _0x717ddb(_0x11b290["ct"], _0x11b290["bts"]);
console.log(_0x2556c5[0])
return _0x2556c5[0];
// if (_0x2556c5) {
// var _0x3db513;
//
// if (_0x11b290["wt"]) {
// _0x3db513 = parseInt(_0x11b290["wt"]) > _0x2556c5[1] ? parseInt(_0x11b290["wt"]) - _0x2556c5[1] : 500;
// } else {
// _0x3db513 = 1500;
// }
//
// setTimeout(function () {
// document["cookie"] = _0x11b290["tn"] + "=" + _0x2556c5[0] + ";Max-age=" + _0x11b290["vt"] + "; path = /";
// location["href"] = location["pathname"] + location["search"];
// }, _0x3db513);
// } else {
// alert("请求验证失败");
// }
}
go({
"bts": ["1672899031.418|0|Ftk", "9tfUf8bi%2Bqq%2FvSSoXRFAF8%3D"],
"chars": "VKUATemZOjMWFkGuVRReaU",
"ct": "973ddf21089482923e721e94588b7932481e4d2f37bb241495747d058f1bc591",
"ha": "sha256",
"tn": "__jsl_clearance_s",
"vt": "3600",
"wt": "1500"
});
return go(data)
}
function go_sha1(data) {
function hash(_0x46c87f) {
扣下来的代码
}
function go(_0x2852c6) {
function _0x2262ba() {
var _0x504c6c = window["navigator"]["userAgent"],
_0x597534 = ["Phantom"];
for (var _0x361176 = 0; _0x361176 < _0x597534["length"]; _0x361176++) {
if (_0x504c6c["indexOf"](_0x597534[_0x361176]) != -1) {
return true;
}
}
if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {
return true;
}
}
if (_0x2262ba()) {
return;
}
var _0x322583 = new Date();
function _0x47dd73(_0x535f24, _0x1964cc) {
var _0x2b76f5 = _0x2852c6["chars"]["length"];
for (var _0x15035f = 0; _0x15035f < _0x2b76f5; _0x15035f++) {
for (var _0x163521 = 0; _0x163521 < _0x2b76f5; _0x163521++) {
var _0x27df30 = _0x1964cc[0] + _0x2852c6["chars"]["substr"](_0x15035f, 1) + _0x2852c6["chars"]["substr"](_0x163521, 1) + _0x1964cc[1];
if (hash(_0x27df30) == _0x535f24) {
return [_0x27df30, new Date() - _0x322583];
}
}
}
}
var _0x2b039e = _0x47dd73(_0x2852c6["ct"], _0x2852c6["bts"]);
console.log(_0x2b039e[0])
return _0x2b039e[0];
// if (_0x2b039e) {
// var _0x6305a1;
//
// if (_0x2852c6["wt"]) {
// _0x6305a1 = parseInt(_0x2852c6["wt"]) > _0x2b039e[1] ? parseInt(_0x2852c6["wt"]) - _0x2b039e[1] : 500;
// } else {
// _0x6305a1 = 1500;
// }
//
// setTimeout(function () {
// document["cookie"] = _0x2852c6["tn"] + "=" + _0x2b039e[0] + ";Max-age=" + _0x2852c6["vt"] + "; path = /";
// location["href"] = location["pathname"] + location["search"];
// }, _0x6305a1);
// } else {
// alert("请求验证失败");
// }
}
go({
"bts": ["1672901416.665|0|7PM", "Hsp0CRwf0gdnHaKxN93VZE%3D"],
"chars": "yPCRfNImnbHhUQIYGBcoJg",
"ct": "3f981d0e9cc215327f358f184e742573ca60d646",
"ha": "sha1",
"tn": "__jsl_clearance_s",
"vt": "3600",
"wt": "1500"
});
return go(data)
}
function go_md5(data) {
function hash(_0x76d8a) {
扣下来的代码
}
function go(_0x1d4ce1) {
function _0x4e17a9() {
var _0xc12af0 = window["navigator"]["userAgent"],
_0xdd2259 = ["Phantom"];
for (var _0x197d0f = 0; _0x197d0f < _0xdd2259["length"]; _0x197d0f++) {
if (_0xc12af0["indexOf"](_0xdd2259[_0x197d0f]) != -1) {
return true;
}
}
if (window["callPhantom"] || window["_phantom"] || window["Headless"] || window["navigator"]["webdriver"] || window["navigator"]["__driver_evaluate"] || window["navigator"]["__webdriver_evaluate"]) {
return true;
}
}
if (_0x4e17a9()) {
return;
}
var _0x3e7224 = new Date();
function _0x41f7a7(_0x2c6332, _0x586dfc) {
var _0x4d30a2 = _0x1d4ce1["chars"]["length"];
for (var _0x3bc25d = 0; _0x3bc25d < _0x4d30a2; _0x3bc25d++) {
for (var _0x42c9b3 = 0; _0x42c9b3 < _0x4d30a2; _0x42c9b3++) {
var _0x35e8ba = _0x586dfc[0] + _0x1d4ce1["chars"]["substr"](_0x3bc25d, 1) + _0x1d4ce1["chars"]["substr"](_0x42c9b3, 1) + _0x586dfc[1];
if (hash(_0x35e8ba) == _0x2c6332) {
return [_0x35e8ba, new Date() - _0x3e7224];
}
}
}
}
var _0x4f8828 = _0x41f7a7(_0x1d4ce1["ct"], _0x1d4ce1["bts"]);
console.log(_0x4f8828[0])
return _0x4f8828[0];
// if (_0x4f8828) {
// var _0x38c774;
//
// if (_0x1d4ce1["wt"]) {
// _0x38c774 = parseInt(_0x1d4ce1["wt"]) > _0x4f8828[1] ? parseInt(_0x1d4ce1["wt"]) - _0x4f8828[1] : 500;
// } else {
// _0x38c774 = 1500;
// }
//
// setTimeout(function () {
// document["cookie"] = _0x1d4ce1["tn"] + "=" + _0x4f8828[0] + ";Max-age=" + _0x1d4ce1["vt"] + "; path = /";
// location["href"] = location["pathname"] + location["search"];
// }, _0x38c774);
// } else {
// alert("请求验证失败");
// }
}
go({
"bts": ["1672907162.205|0|d2T", "g2vz4EKe63gsiEOntyMh44%3D"],
"chars": "XnRrrmgzYbHSEjXVnQCybL",
"ct": "d177066b36a9f595d3058529f1ae4a75",
"ha": "md5",
"tn": "__jsl_clearance_s",
"vt": "3600",
"wt": "1500"
});
return go(data)
}
python部分
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36'
}
def cookie_to_dict(cookie):
return {item.split('=')[0].strip(): item.split('=')[1].strip() for item in cookie.split(r';')}
def read_string(file, encoding='UTF-8'):
with open(file, 'r', encoding=encoding) as f:
return f.read()
def first_time(request, url):
response = request.get(url, headers=headers)
print(response.text)
cookie = execjs.eval(re.search('document.cookie=(.*);location.href=', response.text).group(1))
# print(cookie)
cookie_dict = cookie_to_dict(cookie)
print(cookie_dict)
request.cookies.update(cookie_dict)
def second_time(request, url):
response = request.get(url, headers=headers)
print(response.text)
go = re.search(r'go\(({"bts":\[.*)\)</script>$', response.text).group(1)
hash = re.search(r'"ha":"(.*?)"', go).group(1)
print(hash, '***', go)
js_text = read_string('cnvd.js')
js_compile = execjs.compile(js_text)
cookie = js_compile.call('go_' + hash, json.loads(go))
print(cookie)
request.cookies.update({'__jsl_clearance_s': cookie})
def third_time(request, url):
response = request.get(url, headers=headers)
# print(response.text)
html = etree.HTML(response.text)
print(html.xpath('.//tr[@class="current"]//a/@title'))
if __name__ == '__main__':
test_url = 'https://www.cnvd.org.cn/flaw/list'
session = requests.session()
first_time(session, test_url)
second_time(session, test_url)
third_time(session, test_url)
运行结果
<script>document.cookie=('_')+('_')+('j')+('s...a')+('t')+('h')+('=')+('/');location.href=location.pathname+location.search</script>
{'__jsl_clearance_s': '1672908867.093|-1|jolxDs8QDojvoYYuYJwGqLPvRYU%3D', 'max-age': '3600', 'path': '/'}
<script>var _0x359a=['wrzDoGMw','PcOvwohV','eDMmWA==','CMKFFE0='...,"ha":"sha256","tn":"__jsl_clearance_s","vt":"3600","wt":"1500"})</script>
sha256 *** {"bts":["1672908867.604|0|pZA","5tN...arance_s","vt":"3600","wt":"1500"}
1672908867.604|0|pZAZF5tNb4bFHvLM%2FxqJat50cmA%3D
['IBM AIX拒绝服务漏洞(CNVD-2023-00804)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00806)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00808)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00810)', 'IBM AIX拒绝服务漏洞(CNVD-2023-00812)']
【Case】加速乐分析
https://元气码农少女酱.我爱你/1a6861840eb3/