井冈山保育院网站建设,搜狐做app的网站,菏泽建设企业网站,各购物网站销售特点注意#xff01;#xff01;#xff01;#xff01;某XX网站逆向实例仅作为学习案例#xff0c;禁止其他个人以及团体做谋利用途#xff01;#xff01;#xff01;
第一步#xff1a;抓包工具第一次请求页面#xff0c;得到响应。本次我使用的fiddle进行抓包#…注意某XX网站逆向实例仅作为学习案例禁止其他个人以及团体做谋利用途
第一步抓包工具第一次请求页面得到响应。本次我使用的fiddle进行抓包可以直接请求得到响应响应内容一样。发现响应内容是不可直接用的内容但是有明确的cookie关键词同时响应里的headers得到了set-cookie的值 第二步抓包工具第二次请求。将第一次请求拿到的cookie放在请求headers 里再次请求同时将步骤一里响应内容进行解析。也就是图里的cookie的两个值。看不懂的等下看代码吧 第三步抓包工具第三次请求。可以看到得到了正确的页面响应内容同时cookie值也和前两次的不一样 第四步这里将是一段描述梳理一下每次请求的作用
第一次请求响应内容为混淆后的cookie值该cookie作用为第二次请求的必要条件
第二次请求响应内容为混淆后的cookie值该cookie作用为最终请求的必要条件
最终请求响应内容为我们看到的页面内容。
第五步解析第一次请求的响应内容。通过正则表达式 将cookie内容取出利用eval() 函数直接在本地或者浏览器的console 就可以直接解析。 第步六注意啦这步开始容易猪猪迷惑了。分析并解析第二次请求的响应内容。根据观察响应内容为ob 混淆加密建议找个工具或者用什么方法进行解密。(可以参考JS逆向 | ob混淆一键还原工具_js反混淆还原工具_丁仔.的博客-CSDN博客和GitHub - DingZaiHub/ob-decrypt: ob混淆还原工具欢迎star亲测用着还可以).这里可以使用hook方式进行解析在浏览器中按照图所示进行操作 第七步将一大坨响应内容进行ob混淆解密操作没有工具这部可以忽略。为方便分析我将第二次响应内容存在本地.html 文件。将ob混淆代码另存在.js 文件使用工具进行解密成功后把解密后的js代码替换本地.html中的js 内容。 第八步在 .html 中补充 debugger 关键词同时将.html 文件复制到第六步新建的文件夹中 。此时浏览器上会自动识别按图勾选即可。由于我们分析解析目的是为了找cookie因此和cookie有关的就是document ,所以在替换文件里 搜索 document 找到后打上断点。 第九步清除浏览器上的cookie重新请求注意清除cookie后会首先断在debugger处接着按下F8(蓝色的按钮执行下一个断点)就可以。执行到document[cookie] 处可以看到已经被赋值直接看一下被哪些所赋值可以看到标红处就是我们需要的cooke 第十一步找cookie出处。 第十二步cookie生成包含两个参数均是从同一个对象中获取的将该对象进行全局所有找到其出处 最后代码展示
# 注意啦由于go方法传的参数不是固定值且 “ha”加密方式也不一样。因此代码里才有显示三种方式目前我只遇到三种。后面有的话在补充。 import json
import reimport execjs
import requestss requests.session()
url https://XXXXX.gov.cn/#/Integrated/index
headers {User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36}
# 第一次请求
res s.get(urlurl, headersheaders, verifyFalse)
print(res.text)
n_cookies requests.utils.dict_from_cookiejar(s.cookies)res.encodingutf-8
jsl .join(re.findall(rdocument\.cookie(.*?);location, res.text))
cookie execjs.eval(jsl)
n_k cookie.split(;)[0].split()[0]
n_v cookie.split(;)[0].split()[1]
n_cookies.update({n_k:n_v})coock
for k, v in n_cookies.items():coock kv;
headers[Cookie] coock.strip(;)# 第二次请求
res s.get(urlurl, headersheaders, verifyFalse)
res.encodingutf-8
with open(./域名.html, w, encodingutf-8)as f:f.write(res.text)
f.close()
go_data json.loads(.join(re.findall(r;go\((.*)\), res.text)))ha go_data.get(ha,)
if ha md5:file 域名_md5.js
elif ha sha1:file 域名_sha1.js
elif ha sha256:file 域名_sha256.jselse:file 域名print(res.text)
with open(./{}.format(file), r, encodingutf-8)as f:infos .join(f.readlines())
f.close()
ctx execjs.compile(infos)
cookie ctx.call(go,go_data)# 第三次请求
headers[Cookie] headers[Cookie].split(;)[0];__jsl_clearance_scookie
url https://XXXXX.gov.cn/
res requests.get(urlurl, headersheaders)
res.encodingutf-8
print(res.text)附件生成cookie的js ----- sha1(直接在本地执行即可)
// sha1
function hash(_0x3e501b) {var _0x1fb4f5 {};_0x1fb4f5[vcJIZ] function (_0x5e23c5, _0x29f030) {return _0x5e23c5 ^ _0x29f030;};_0x1fb4f5[nnILZ] function (_0x589c24, _0x27233f) {return _0x589c24 _0x27233f;};_0x1fb4f5[tTwDl] function (_0x3cfed1, _0x22a05a) {return _0x3cfed1 _0x22a05a;};_0x1fb4f5[MfRVd] function (_0x3fc96c, _0x32c2a5) {return _0x3fc96c _0x32c2a5;};_0x1fb4f5[fDweB] function (_0x808b4c, _0x45d31f) {return _0x808b4c * _0x45d31f;};_0x1fb4f5[tUtAf] function (_0x2b4b54, _0x47bf25) {return _0x2b4b54 _0x47bf25;};_0x1fb4f5[GlcUf] function (_0x56ff28, _0x51f0d9) {return _0x56ff28 _0x51f0d9;};_0x1fb4f5[Egxmp] function (_0x17e4a7, _0x154189) {return _0x17e4a7 - _0x154189;};_0x1fb4f5[WtxKA] function (_0x13f1da, _0xcedb20) {return _0x13f1da * _0xcedb20;};_0x1fb4f5[AUjcG] function (_0x56ede6, _0xce5419) {return _0x56ede6 _0xce5419;};_0x1fb4f5[aImhj] function (_0x15103f, _0x4d991e) {return _0x15103f * _0x4d991e;};_0x1fb4f5[LZbSM] function (_0xbc81cb, _0x673e4) {return _0xbc81cb - _0x673e4;};_0x1fb4f5[PCjCU] function (_0x30f142, _0x3add8c) {return _0x30f142 _0x3add8c;};_0x1fb4f5[uQyRR] function (_0x1bb4b9, _0xbd0d67) {return _0x1bb4b9 | _0xbd0d67;};_0x1fb4f5[rBwUP] function (_0x50526a, _0x1b9c16) {return _0x50526a _0x1b9c16;};_0x1fb4f5[CVCuK] function (_0x1474de, _0x5433e8) {return _0x1474de ^ _0x5433e8;};_0x1fb4f5[hMtHv] function (_0x144411, _0x566ba2) {return _0x144411 _0x566ba2;};_0x1fb4f5[OjxgU] function (_0x32770d, _0x584a87) {return _0x32770d _0x584a87;};_0x1fb4f5[kxupd] function (_0x5a63ba, _0x1a75ca, _0x11cb71) {return _0x5a63ba(_0x1a75ca, _0x11cb71);};_0x1fb4f5[QZBIa] function (_0x36d06d, _0x573dc0) {return _0x36d06d - _0x573dc0;};_0x1fb4f5[ahQNH] function (_0x521c6a, _0x44faed, _0x975942) {return _0x521c6a(_0x44faed, _0x975942);};_0x1fb4f5[gZCtm] function (_0x3ecc1d, _0x683115, _0x26b6fb, _0x30262f, _0x3a4a9e) {return _0x3ecc1d(_0x683115, _0x26b6fb, _0x30262f, _0x3a4a9e);};_0x1fb4f5[rXdRR] function (_0xd234a, _0x90bdc3, _0x433aa7) {return _0xd234a(_0x90bdc3, _0x433aa7);};_0x1fb4f5[QTmzZ] function (_0x187211, _0x490abd) {return _0x187211(_0x490abd);};_0x1fb4f5[RnoGt] function (_0x2e7670, _0x3f1cd3) {return _0x2e7670(_0x3f1cd3);};var _0x43e73a _0x1fb4f5;function _0x2b41b9(_0x533e58, _0x74964d) {return _0x43e73a[vcJIZ](_0x43e73a[nnILZ](_0x43e73a[tTwDl](_0x533e58, 0x7fffffff), _0x43e73a[tTwDl](_0x74964d, 0x7fffffff)), _0x43e73a[tTwDl](_0x533e58, 0x80000000)) ^ _0x74964d 0x80000000;}function _0x537251(_0x4c333c) {var _0x52058c 0123456789abcdef;var _0x4661a5 ;for (var _0x3c067f 0x7; _0x43e73a[MfRVd](_0x3c067f, 0x0); _0x3c067f--) {_0x4661a5 _0x52058c[charAt](_0x43e73a[tTwDl](_0x4c333c _0x43e73a[fDweB](_0x3c067f, 0x4), 0xf));}return _0x4661a5;}function _0xb227e2(_0x55acf7) {var _0x59cbf2 (_0x43e73a[nnILZ](_0x55acf7[length], 0x8) 0x6) 0x1,_0x1cf031 new Array(_0x43e73a[fDweB](_0x59cbf2, 0x10));for (var _0x30e700 0x0; _0x30e700 _0x59cbf2 * 0x10; _0x30e700) {_0x1cf031[_0x30e700] 0x0;}for (_0x30e700 0x0; _0x30e700 _0x55acf7[length]; _0x30e700) {_0x1cf031[_0x43e73a[tUtAf](_0x30e700, 0x2)] | _0x43e73a[GlcUf](_0x55acf7[charCodeAt](_0x30e700), _0x43e73a[Egxmp](0x18, _0x43e73a[WtxKA](_0x30e700 0x3, 0x8)));}_0x1cf031[_0x43e73a[tUtAf](_0x30e700, 0x2)] | _0x43e73a[AUjcG](0x80, 0x18 - _0x43e73a[aImhj](_0x30e700 0x3, 0x8));_0x1cf031[_0x43e73a[LZbSM](_0x59cbf2 * 0x10, 0x1)] _0x43e73a[aImhj](_0x55acf7[length], 0x8);return _0x1cf031;}function _0x3a304e(_0x5a8556, _0x130fdf) {return _0x5a8556 _0x130fdf | _0x5a8556 0x20 - _0x130fdf;}function _0x520671(_0x2d8c1c, _0x40483b, _0x15ba0f, _0x38aa47) {if (_0x2d8c1c 0x14) return _0x40483b _0x15ba0f | _0x43e73a[tTwDl](~_0x40483b, _0x38aa47);if (_0x43e73a[PCjCU](_0x2d8c1c, 0x28)) return _0x43e73a[vcJIZ](_0x40483b ^ _0x15ba0f, _0x38aa47);if (_0x2d8c1c 0x3c) return _0x43e73a[uQyRR](_0x40483b _0x15ba0f, _0x40483b _0x38aa47) | _0x43e73a[rBwUP](_0x15ba0f, _0x38aa47);return _0x43e73a[CVCuK](_0x40483b, _0x15ba0f) ^ _0x38aa47;}function _0x29ed(_0x3d4ecb) {return _0x3d4ecb 0x14 ? 0x5a827999 : _0x3d4ecb 0x28 ? 0x6ed9eba1 : _0x3d4ecb 0x3c ? -0x70e44324 : -0x359d3e2a;}var _0x35db9f _0xb227e2(_0x3e501b);var _0xa676a2 new Array(0x50);var _0x1fe9ed 0x67452301;var _0x30040d -0x10325477;var _0x15967b -0x67452302;var _0x184d43 0x10325476;var _0x441ea8 -0x3c2d1e10;for (var _0x2527e 0x0; _0x43e73a[hMtHv](_0x2527e, _0x35db9f[length]); _0x2527e 0x10) {var _0x242d65 _0x1fe9ed;var _0x111547 _0x30040d;var _0x570546 _0x15967b;var _0x36025e _0x184d43;var _0x56cb39 _0x441ea8;for (var _0x56c656 0x0; _0x56c656 0x50; _0x56c656) {if (_0x56c656 0x10) {_0xa676a2[_0x56c656] _0x35db9f[_0x43e73a[OjxgU](_0x2527e, _0x56c656)];} else {_0xa676a2[_0x56c656] _0x43e73a[kxupd](_0x3a304e, _0x43e73a[CVCuK](_0xa676a2[_0x43e73a[LZbSM](_0x56c656, 0x3)] ^ _0xa676a2[_0x43e73a[LZbSM](_0x56c656, 0x8)], _0xa676a2[_0x56c656 - 0xe]) ^ _0xa676a2[_0x43e73a[QZBIa](_0x56c656, 0x10)], 0x1);}t _0x43e73a[ahQNH](_0x2b41b9, _0x2b41b9(_0x43e73a[ahQNH](_0x3a304e, _0x1fe9ed, 0x5), _0x43e73a[gZCtm](_0x520671, _0x56c656, _0x30040d, _0x15967b, _0x184d43)), _0x2b41b9(_0x43e73a[rXdRR](_0x2b41b9, _0x441ea8, _0xa676a2[_0x56c656]), _0x29ed(_0x56c656)));_0x441ea8 _0x184d43;_0x184d43 _0x15967b;_0x15967b _0x3a304e(_0x30040d, 0x1e);_0x30040d _0x1fe9ed;_0x1fe9ed t;}_0x1fe9ed _0x2b41b9(_0x1fe9ed, _0x242d65);_0x30040d _0x43e73a[rXdRR](_0x2b41b9, _0x30040d, _0x111547);_0x15967b _0x2b41b9(_0x15967b, _0x570546);_0x184d43 _0x2b41b9(_0x184d43, _0x36025e);_0x441ea8 _0x43e73a[rXdRR](_0x2b41b9, _0x441ea8, _0x56cb39);}return _0x43e73a[OjxgU](_0x43e73a[OjxgU](_0x43e73a[OjxgU](_0x43e73a[QTmzZ](_0x537251, _0x1fe9ed) _0x43e73a[RnoGt](_0x537251, _0x30040d), _0x43e73a[RnoGt](_0x537251, _0x15967b)), _0x537251(_0x184d43)), _0x43e73a[RnoGt](_0x537251, _0x441ea8));
}function go(_0x268948) {var _0x225662 {};_0x225662[yYDkD] function (_0x5126f0, _0x3b3575) {return _0x5126f0 _0x3b3575;};_0x225662[kvFwD] function (_0x16a4ff, _0x530f7e) {return _0x16a4ff ! _0x530f7e;};_0x225662[frrXH] function (_0x32c21a, _0x14e517) {return _0x32c21a _0x14e517;};_0x225662[SpsfD] function (_0x3e7e11, _0x1d6dba) {return _0x3e7e11 _0x1d6dba;};_0x225662[CoTAd] function (_0x31c498, _0x2b21b3) {return _0x31c498(_0x2b21b3);};_0x225662[qvRxI] function (_0x489d0c, _0x2103a3) {return _0x489d0c _0x2103a3;};_0x225662[XOBkW] function (_0xd7f68f, _0x449d27) {return _0xd7f68f _0x449d27;};_0x225662[jjOHZ] function (_0x362da3) {return _0x362da3();};_0x225662[KtJNL] function (_0x5a35c5, _0x102625, _0x42b3f4) {return _0x5a35c5(_0x102625, _0x42b3f4);};_0x225662[sRcCE] function (_0x45e436, _0x1a4b8a) {return _0x45e436 _0x1a4b8a;};_0x225662[fjvps] function (_0xcd3d09, _0x797f52) {return _0xcd3d09 - _0x797f52;};_0x225662[RFwHe] 请求验证失败;var _0x55796d _0x225662;function _0x21c0a0() {var _0x8c81c5 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36,_0x4f9c34 [Phantom];for (var _0x663d22 0x0; _0x55796d[yYDkD](_0x663d22, _0x4f9c34[length]); _0x663d22) {if (_0x55796d[kvFwD](_0x8c81c5[indexOf](_0x4f9c34[_0x663d22]), -0x1)) {return !![];}}if (undefined) {return !![];}};if (_0x55796d[jjOHZ](_0x21c0a0)) {return;}var _0x5eb57d new Date();function _0x6c8612(_0x46fd88, _0xdc1245) {var _0x3fca5a _0x268948[chars][length];for (var _0x35b219 0x0; _0x55796d[frrXH](_0x35b219, _0x3fca5a); _0x35b219) {for (var _0x252718 0x0; _0x252718 _0x3fca5a; _0x252718) {var _0x236c3d _0xdc1245[0x0] _0x268948[chars][substr](_0x35b219, 0x1) _0x268948[chars][substr](_0x252718, 0x1) _0xdc1245[0x1];if (_0x55796d[SpsfD](_0x55796d[CoTAd](hash, _0x236c3d), _0x46fd88)) {return [_0x236c3d, new Date() - _0x5eb57d];}}}};var _0x375f7d _0x55796d[KtJNL](_0x6c8612, _0x268948[ct], _0x268948[bts]);return _0x375f7d[0]
};cookie go({bts: [1690516426.653|0|rRT, DKS8EVDzKevNzhePIdloyU%3D],chars: pycPPMayT9bXKYdZdnURpd,ct: 1073cc6066c93a07c810a5451165a7654310858a,ha: sha1,tn: __jsl_clearance_s,vt: 3600,wt: 1500
})
console.log(cookie)仅作为笔记记录如有问题请各位大佬来指导
