接上節課内容
JS逆向 -- 某新聞資料包中sign值加密分析
一、将補環境代碼複制到上節課那個js檔案裡面
const jsdom = require("jsdom");
const { JSDOM } = jsdom;//導入jsdom子產品
const html = "<!DOCTYPE html><p>逆向有你</p>";
const resourceLoader = new jsdom.ResourceLoader({
userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
});
const dom = new JSDOM(html,{
url: "https://www.toutiao.com",
referrer: "https://www.toutiao.com",
contentType: "text/html",
resources: resourceLoader,
})
window = global
document = dom.window.document
const params = {
location: {
hash: "",
host: "www.toutiao.com",
hostname: "www.toutiao.com",
href: "https://www.toutiao.com",
origin: "https://www.toutiao.com",
pathname: "/",
port: "",
protocol: "https:",
search: "",
},
navigator: {
appCodeName: "Mozilla",
appName: "Netscape",
appVersion: "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
cookieEnabled: true,
deviceMemory: 8,
doNotTrack: null,
hardwareConcurrency: 12,
language: "zh-CN",
languages: ["zh-CN", "zh"],
maxTouchPoints: 0,
onLine: true,
platform: "Win112",
product: "Gecko",
productSub: "20030107",
userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
vendor: "Google Inc.",
vendorSub: "",
webdriver: false
}
};
Object.assign(global,params)
二、列印我們要的結果
console.log(window.byted_acrawler.sign({'url':'https://www.toutiao.com/toutiaohttps://lf3-config.bytetcc.com/obj/tcc-config-web/tcc-v2-data-toutiao.fe.toutiao_web_pc-common'}))
三、提示報錯,找不到sign函數,上面函數中,e參數裡面有一個exports導緻
四、将該三目運算複制到網站的控制台,結果是undefined,是以直接将該運算替換成void 0
五、重新運作JS代碼,成功擷取sign值
六、Python代碼實作加載資料
1、由于sign函數參數不是固定,為了增加通用性,是以我們繼續修改成如下代碼
console.log(window.byted_acrawler.sign({'url':process.argv[2]}))
2、調用方式如下,将url位址直接寫到後面
3、python代碼實作擷取sign
import subprocess
url='https://www.toutiao.com/api/pc/list/feed?channel_id=3189398996&max_behot_time=1684844002&offset=0&category=pc_profile_channel&client_extra_params=%7B%22short_video_item%22:%22filter%22%7D&aid=24&app_name=toutiao_web'
sign=subprocess.getoutput('node jiami.js %s' % url)
print(sign)