抓包分析
資料是通過ajax加載的:
https://acs.youku.com/h5/mtop.youku.soku.yksearch/2.0/?jsv=2.5.1&appKey=23774304&t=1605772436322&sign=9491a9cb4b10800725aa1707d4050e38&api=mtop.youku.soku.yksearch&type=originaljson&v=2.0&ecode=1&dataType=json&jsonpIncPrefix=headerSearch&data={“searchType”:1,“keyword”:“王中王電視劇”,“pg”:4,“pz”:20,“site”:1,“appCaller”:“pc”,“appScene”:“mobile_multi”,“userTerminal”:2,“sdkver”:313,“userFrom”:1,“noqc”:0,“aaid”:“bf533a34a7532e5d1d0893b9e2e3bdef”,“ftype”:0,“duration”:"",“categories”:"",“ob”:"",“utdId”:“tP/hF4OrRWkCAXL6lgpWdwlE”,“userType”:“guest”,“userNumId”:0,“searchFrom”:“1”,“sourceFrom”:“home”}
需要的參數:
可以看到需要的參數有很多,但是很多都是固定的,我們隻需要破解參數 t 和參數 sign 即可,t 顯然是毫秒級時間戳,那麼我們的工作就是破解sign。
尋找js加密關鍵代碼
通過在檔案中再次檢索,可以快速定位到sign的位置。
可以看到s就是sign,可以通過打斷點的方式檢視資料
上圖就是s生成的加密算法函數,找到js加密算法後,可以通過execjs運作js得到生成的s值。
算法加密函數參數e的構成可以通過斷點方式和上圖檢視推測,最終确定是:請求cookie中的token&毫秒級時間戳&固定的appKey&請求參數data
js加密代碼
var c = function(e) {
function t(e, t) {
return e << t | e >>> 32 - t
}
function n(e, t) {
var n, o, r, i, a;
return r = 2147483648 & e,
i = 2147483648 & t,
a = (1073741823 & e) + (1073741823 & t),
(n = 1073741824 & e) & (o = 1073741824 & t) ? 2147483648 ^ a ^ r ^ i : n | o ? 1073741824 & a ? 3221225472 ^ a ^ r ^ i : 1073741824 ^ a ^ r ^ i : a ^ r ^ i
}
function o(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return e & t | ~e & n
}(o, r, i), a), c)), s), o)
}
function r(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return e & n | t & ~n
}(o, r, i), a), c)), s), o)
}
function i(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return e ^ t ^ n
}(o, r, i), a), c)), s), o)
}
function a(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return t ^ (e | ~n)
}(o, r, i), a), c)), s), o)
}
function s(e) {
var t, n = "", o = "";
for (t = 0; 3 >= t; t++)
n += (o = "0" + (e >>> 8 * t & 255).toString(16)).substr(o.length - 2, 2);
return n
};
var c, u, p, l, f, d, m, y, g, v;
for (v = function(e) {
for (var t, n = e.length, o = n + 8, r = 16 * ((o - o % 64) / 64 + 1), i = new Array(r - 1), a = 0, s = 0; n > s; )
a = s % 4 * 8,
i[t = (s - s % 4) / 4] = i[t] | e.charCodeAt(s) << a,
s++;
return a = s % 4 * 8,
i[t = (s - s % 4) / 4] = i[t] | 128 << a,
i[r - 2] = n << 3,
i[r - 1] = n >>> 29,
i
}(e = function(e) {
for (var t = "", n = 0; n < e.length; n++) {
var o = e.charCodeAt(n);
128 > o ? t += String.fromCharCode(o) : o > 127 && 2048 > o ? (t += String.fromCharCode(o >> 6 | 192),
t += String.fromCharCode(63 & o | 128)) : (t += String.fromCharCode(o >> 12 | 224),
t += String.fromCharCode(o >> 6 & 63 | 128),
t += String.fromCharCode(63 & o | 128))
}
return t
}(e)),
d = 1732584193,
m = 4023233417,
y = 2562383102,
g = 271733878,
c = 0; c < v.length; c += 16)
u = d,
p = m,
l = y,
f = g,
m = a(m = a(m = a(m = a(m = i(m = i(m = i(m = i(m = r(m = r(m = r(m = r(m = o(m = o(m = o(m = o(m, y = o(y, g = o(g, d = o(d, m, y, g, v[c + 0], 7, 3614090360), m, y, v[c + 1], 12, 3905402710), d, m, v[c + 2], 17, 606105819), g, d, v[c + 3], 22, 3250441966), y = o(y, g = o(g, d = o(d, m, y, g, v[c + 4], 7, 4118548399), m, y, v[c + 5], 12, 1200080426), d, m, v[c + 6], 17, 2821735955), g, d, v[c + 7], 22, 4249261313), y = o(y, g = o(g, d = o(d, m, y, g, v[c + 8], 7, 1770035416), m, y, v[c + 9], 12, 2336552879), d, m, v[c + 10], 17, 4294925233), g, d, v[c + 11], 22, 2304563134), y = o(y, g = o(g, d = o(d, m, y, g, v[c + 12], 7, 1804603682), m, y, v[c + 13], 12, 4254626195), d, m, v[c + 14], 17, 2792965006), g, d, v[c + 15], 22, 1236535329), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 1], 5, 4129170786), m, y, v[c + 6], 9, 3225465664), d, m, v[c + 11], 14, 643717713), g, d, v[c + 0], 20, 3921069994), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 5], 5, 3593408605), m, y, v[c + 10], 9, 38016083), d, m, v[c + 15], 14, 3634488961), g, d, v[c + 4], 20, 3889429448), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 9], 5, 568446438), m, y, v[c + 14], 9, 3275163606), d, m, v[c + 3], 14, 4107603335), g, d, v[c + 8], 20, 1163531501), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 13], 5, 2850285829), m, y, v[c + 2], 9, 4243563512), d, m, v[c + 7], 14, 1735328473), g, d, v[c + 12], 20, 2368359562), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 5], 4, 4294588738), m, y, v[c + 8], 11, 2272392833), d, m, v[c + 11], 16, 1839030562), g, d, v[c + 14], 23, 4259657740), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 1], 4, 2763975236), m, y, v[c + 4], 11, 1272893353), d, m, v[c + 7], 16, 4139469664), g, d, v[c + 10], 23, 3200236656), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 13], 4, 681279174), m, y, v[c + 0], 11, 3936430074), d, m, v[c + 3], 16, 3572445317), g, d, v[c + 6], 23, 76029189), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 9], 4, 3654602809), m, y, v[c + 12], 11, 3873151461), d, m, v[c + 15], 16, 530742520), g, d, v[c + 2], 23, 3299628645), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 0], 6, 4096336452), m, y, v[c + 7], 10, 1126891415), d, m, v[c + 14], 15, 2878612391), g, d, v[c + 5], 21, 4237533241), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 12], 6, 1700485571), m, y, v[c + 3], 10, 2399980690), d, m, v[c + 10], 15, 4293915773), g, d, v[c + 1], 21, 2240044497), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 8], 6, 1873313359), m, y, v[c + 15], 10, 4264355552), d, m, v[c + 6], 15, 2734768916), g, d, v[c + 13], 21, 1309151649), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 4], 6, 4149444226), m, y, v[c + 11], 10, 3174756917), d, m, v[c + 2], 15, 718787259), g, d, v[c + 9], 21, 3951481745),
d = n(d, u),
m = n(m, p),
y = n(y, l),
g = n(g, f);
return (s(d) + s(m) + s(y) + s(g)).toLowerCase()
}
python代碼實作
import time
import execjs
import requests
cookies = {
'cna': 'tP/hF4OrRWkCAXL6lgpWdwlE',
'__ysuid': '1604481425963Xxi',
'UM_distinctid': '175da5f09bd288-042a3d7bd8b0fa-c781f38-e1000-175da5f09be6ad',
'__aysid': '16056864632110aI',
'xlly_s': '1',
'modalFrequency': '{"UUID":"9"}',
'youku_history_word': '%5B%22%25E7%258E%258B%25E4%25B8%25AD%25E7%258E%258B%25E7%2594%25B5%25E8%25A7%2586%25E5%2589%25A7%22%5D',
'__ayft': '1605749794413',
'__ayscnt': '1',
'_m_h5_tk': 'cea17d5a532131d79a7d5268a21fc7bd_1605769539431',
'_m_h5_tk_enc': 'ca9d268388d25463e541fc3ad1fabe58',
'P_ck_ctl': 'F8C2FF80C20A5FC424C9692D9FD65534',
'__arpvid': '1605767282009xWQVly-1605767282070',
'__aypstp': '42',
'__ayspstp': '44',
'tfstk': 'ctFcB_0dT-kjZMMudsGbJLiNTyjda3Iq05PYa7RKLBS_zsyEuscWUpSR6amzm5p1.',
'l': 'eBx32D4uOGT5oj1WBO5wnurza77OaQAfCsPzaNbMiIncC6Zd1l9OJLKQKh6HgptRR8XVi9LM4h8SpzeTpe48-y8b-wBsSNk_-hGeCeTC.',
'isg': 'BNXVBH2aJqLRDQLcE-hQbO965NGP0onkxJmWW1d4zM2srvCgGSO6tfEoeLIYrqGc',
}
token = cookies['_m_h5_tk'].split('_')[0]
data = '{"searchType":1,"keyword":"王中王電視劇","pg":1,"pz":20,"site":1,"appCaller":"pc","appScene":"mobile_multi","userTerminal":2,"sdkver":313,"userFrom":1,"noqc":0,"aaid":"856a8bf644b776412a3ec7965b55c28b","ftype":0,"duration":"","categories":"","ob":"","utdId":"tP/hF4OrRWkCAXL6lgpWdwlE","userType":"guest","userNumId":0,"searchFrom":"1","sourceFrom":"home"}'
t = int(time.time() * 1000)
a = token + '&' + str(t) + '&23774304&' + data
js_code = """
var c = function(e) {
function t(e, t) {
return e << t | e >>> 32 - t
}
function n(e, t) {
var n, o, r, i, a;
return r = 2147483648 & e,
i = 2147483648 & t,
a = (1073741823 & e) + (1073741823 & t),
(n = 1073741824 & e) & (o = 1073741824 & t) ? 2147483648 ^ a ^ r ^ i : n | o ? 1073741824 & a ? 3221225472 ^ a ^ r ^ i : 1073741824 ^ a ^ r ^ i : a ^ r ^ i
}
function o(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return e & t | ~e & n
}(o, r, i), a), c)), s), o)
}
function r(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return e & n | t & ~n
}(o, r, i), a), c)), s), o)
}
function i(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return e ^ t ^ n
}(o, r, i), a), c)), s), o)
}
function a(e, o, r, i, a, s, c) {
return n(t(e = n(e, n(n(function(e, t, n) {
return t ^ (e | ~n)
}(o, r, i), a), c)), s), o)
}
function s(e) {
var t, n = "", o = "";
for (t = 0; 3 >= t; t++)
n += (o = "0" + (e >>> 8 * t & 255).toString(16)).substr(o.length - 2, 2);
return n
};
var c, u, p, l, f, d, m, y, g, v;
for (v = function(e) {
for (var t, n = e.length, o = n + 8, r = 16 * ((o - o % 64) / 64 + 1), i = new Array(r - 1), a = 0, s = 0; n > s; )
a = s % 4 * 8,
i[t = (s - s % 4) / 4] = i[t] | e.charCodeAt(s) << a,
s++;
return a = s % 4 * 8,
i[t = (s - s % 4) / 4] = i[t] | 128 << a,
i[r - 2] = n << 3,
i[r - 1] = n >>> 29,
i
}(e = function(e) {
for (var t = "", n = 0; n < e.length; n++) {
var o = e.charCodeAt(n);
128 > o ? t += String.fromCharCode(o) : o > 127 && 2048 > o ? (t += String.fromCharCode(o >> 6 | 192),
t += String.fromCharCode(63 & o | 128)) : (t += String.fromCharCode(o >> 12 | 224),
t += String.fromCharCode(o >> 6 & 63 | 128),
t += String.fromCharCode(63 & o | 128))
}
return t
}(e)),
d = 1732584193,
m = 4023233417,
y = 2562383102,
g = 271733878,
c = 0; c < v.length; c += 16)
u = d,
p = m,
l = y,
f = g,
m = a(m = a(m = a(m = a(m = i(m = i(m = i(m = i(m = r(m = r(m = r(m = r(m = o(m = o(m = o(m = o(m, y = o(y, g = o(g, d = o(d, m, y, g, v[c + 0], 7, 3614090360), m, y, v[c + 1], 12, 3905402710), d, m, v[c + 2], 17, 606105819), g, d, v[c + 3], 22, 3250441966), y = o(y, g = o(g, d = o(d, m, y, g, v[c + 4], 7, 4118548399), m, y, v[c + 5], 12, 1200080426), d, m, v[c + 6], 17, 2821735955), g, d, v[c + 7], 22, 4249261313), y = o(y, g = o(g, d = o(d, m, y, g, v[c + 8], 7, 1770035416), m, y, v[c + 9], 12, 2336552879), d, m, v[c + 10], 17, 4294925233), g, d, v[c + 11], 22, 2304563134), y = o(y, g = o(g, d = o(d, m, y, g, v[c + 12], 7, 1804603682), m, y, v[c + 13], 12, 4254626195), d, m, v[c + 14], 17, 2792965006), g, d, v[c + 15], 22, 1236535329), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 1], 5, 4129170786), m, y, v[c + 6], 9, 3225465664), d, m, v[c + 11], 14, 643717713), g, d, v[c + 0], 20, 3921069994), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 5], 5, 3593408605), m, y, v[c + 10], 9, 38016083), d, m, v[c + 15], 14, 3634488961), g, d, v[c + 4], 20, 3889429448), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 9], 5, 568446438), m, y, v[c + 14], 9, 3275163606), d, m, v[c + 3], 14, 4107603335), g, d, v[c + 8], 20, 1163531501), y = r(y, g = r(g, d = r(d, m, y, g, v[c + 13], 5, 2850285829), m, y, v[c + 2], 9, 4243563512), d, m, v[c + 7], 14, 1735328473), g, d, v[c + 12], 20, 2368359562), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 5], 4, 4294588738), m, y, v[c + 8], 11, 2272392833), d, m, v[c + 11], 16, 1839030562), g, d, v[c + 14], 23, 4259657740), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 1], 4, 2763975236), m, y, v[c + 4], 11, 1272893353), d, m, v[c + 7], 16, 4139469664), g, d, v[c + 10], 23, 3200236656), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 13], 4, 681279174), m, y, v[c + 0], 11, 3936430074), d, m, v[c + 3], 16, 3572445317), g, d, v[c + 6], 23, 76029189), y = i(y, g = i(g, d = i(d, m, y, g, v[c + 9], 4, 3654602809), m, y, v[c + 12], 11, 3873151461), d, m, v[c + 15], 16, 530742520), g, d, v[c + 2], 23, 3299628645), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 0], 6, 4096336452), m, y, v[c + 7], 10, 1126891415), d, m, v[c + 14], 15, 2878612391), g, d, v[c + 5], 21, 4237533241), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 12], 6, 1700485571), m, y, v[c + 3], 10, 2399980690), d, m, v[c + 10], 15, 4293915773), g, d, v[c + 1], 21, 2240044497), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 8], 6, 1873313359), m, y, v[c + 15], 10, 4264355552), d, m, v[c + 6], 15, 2734768916), g, d, v[c + 13], 21, 1309151649), y = a(y, g = a(g, d = a(d, m, y, g, v[c + 4], 6, 4149444226), m, y, v[c + 11], 10, 3174756917), d, m, v[c + 2], 15, 718787259), g, d, v[c + 9], 21, 3951481745),
d = n(d, u),
m = n(m, p),
y = n(y, l),
g = n(g, f);
return (s(d) + s(m) + s(y) + s(g)).toLowerCase()
}
"""
js = execjs.compile(js_code)
sign = js.call('c', a)
headers = {
'Connection': 'keep-alive',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Accept': 'application/json',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36',
'Content-type': 'application/x-www-form-urlencoded',
'Origin': 'https://so.youku.com',
'Sec-Fetch-Site': 'same-site',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Dest': 'empty',
'Referer': 'https://so.youku.com/',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
}
params = (
('jsv', '2.5.1'),
('appKey', '23774304'),
('t', str(t)),
('sign', sign),
('api', 'mtop.youku.soku.yksearch'),
('type', 'originaljson'),
('v', '2.0'),
('ecode', '1'),
('dataType', 'json'),
('jsonpIncPrefix', 'headerSearch'),
('data', data)
)
response = requests.get('https://acs.youku.com/h5/mtop.youku.soku.yksearch/2.0/', headers=headers, params=params, cookies=cookies).json()
print(response)
複制代碼可能會提示令牌過期,更換一個最新的cookies即可。