9-爬⾍⾼级实战【js逆向】
js逆向步骤
js调试⼯具
PyExecJs
实现使⽤python执⾏js代码
安装环境
安装node.js开发环境
pip install PyExecJs
js算法改写初探
打断点
代码调试时,如果发现了相关变量的缺失,⼀般给其定义成空字典即可。
代码调试时,如果js内置对象确实,直接将该内置对象赋值为this。例如:window = this;
js反混淆
相关概念
js混淆:对核⼼的js代码进⾏加密
js反混淆:对js加密代码进⾏解密
破解
使⽤浏览器⾃带的反混淆⼯具【推荐】:打开开发者⼯具 ----> 点击⼩齿轮 ----> 到Souces选项卡 ----> 勾选Search in anonymous and scripts框 ----> 刷新页⾯暴⼒破解【迫不得已】:
1. 平台js算法逆向【MD5算法】
url:
import execjs
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件./wechat.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{}")'.format('123123123')
pwd = ctx.eval(funcName)
print(pwd)
2. Steam游戏平台js算法逆向【RSA算法】
url:
import requests
import execjs
import time
# 动态获取mod和exp串
url = 'store.steampowered/login/getrsakey/'
data = {
'donotcache': str(int(time.time() * 1000)), # 时间戳
'username': '123@qq',
}
headers = {
'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
}
response_json = requests.post(url=url,headers=headers,data=data).json()
mod = response_json['publickey_mod']
exp = response_json['publickey_exp']
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件./steam.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{0}","{1}","{2}")'.format('123123123',mod,exp)
pwd = ctx.eval(funcName)
print(pwd)
3. 凡科⽹js算法逆向【MD5算法】
注意:如果需要逆向的js函数的实现时出现在⼀个闭包中,那么直接将闭包的整个代码拷贝出进⾏调试即可
url:
import execjs
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件/fanke.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'md5("{0}")'.format('123123123')
pwd = ctx.eval(funcName)
print(pwd)
js代码加密软件
4. 游戏js算法逆向【RSA算法】
url:
import requests
from lxml import etree
import execjs
# 获取公钥串
url = 'passport.wanmei/sso/login?service=passport&isiframe=1&location=2f736166652f'
headers = {
'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
}
response_text = requests.post(url=url,headers=headers).text
tree = etree.HTML(response_text)
publicKey = tree.xpath('//input[@id="e"]/@value')[0]
# 1. 实例化⼀个node对象
ctx = nodepile(open('./js源⽂件/wanmei.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{0}","{1}")'.format('123123123',publicKey)
pwd = ctx.eval(funcName)
print(pwd)
5. 试客联盟js算法逆向【RSA算法】
url:
import requests
from lxml import etree
import execjs
import re
# 获取rsa_n串
url = 'login.shikee/getkey?v=19b53e441bc51f28a9e6afead8e665ea'
headers = {
'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
}
response_text = (url=url,headers=headers).text
ex = 'var rsa_n = "(.*?)";'
rsa_n = re.findall(ex,response_text)[0]
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件/shike.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{}","{}")'.format('123123123',rsa_n)
pwd = ctx.eval(funcName)
print(pwd)
6. 空中⽹js算法逆向【RSA算法】
url:
import requests
import execjs
import re
import json
# 获取j_data['dc']串
url = 'sso.kongzhong/ajaxLogin?j=j&jsonp=j&service=passport.kongzhong/&_=1626875097213'
headers = {
'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
'Referer': 'passport.kongzhong/'
}
response_text = (url=url,headers=headers).text
ex = "KZLoginHandler.jsonpCallbackKongZ\((.*?)\)"
data = re.findall(ex,response_text)[0]
dc = json.loads(data)['dc']
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件/kongzhong.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{}","{}")'.format('123123123',dc)
pwd = ctx.eval(funcName)
print(pwd)
7. 长房⽹js算法逆向【DES算法】
url:
import execjs
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件/changfang.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{}")'.format('123123123')
pwd = ctx.eval(funcName)
print(pwd)
8. 有道翻译js算法逆向【MD5算法】
import time
import random
import execjs
import requests
word = input("Please input a English word:")
r = str(int(time.time() * 1000))
i = r + str(random.randint(0,9))
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件/youdao.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getSign("{}","{}")'.format(word,i)
sign = ctx.eval(funcName)
url = 'udao/translate_o?smartresult=dict&smartresult=rule'
headers = {
'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36',
'Referer': 'udao/',
'Cookie': 'OUTFOX_SEARCH_USER_ID_NCOO=512615467.85577774; OUTFOX_SEARCH_USER_ID="-673357154@10.169.0.82"; _ga=GA1.2.446310143.1622377950; _ntes_nnid=4ef5ec83bdbbbe870ec8f8c735810336,1622941677257; JSE }
data = {
'i': word,
'from': 'AUTO',
'client': 'fanyideskweb',
'salt': i,
'sign': sign,
'lts': r,
'bv': '24ecb70ba6203e4453baed50aa26b78e',
'doctype': 'json',
'version': '2.1',
'keyfrom': 'fanyi.web',
'action': 'FY_BY_REALTlME',
}
response_json = requests.post(url=url,headers=headers,data=data).json() print(response_json)
9. CTE四六级js算法逆向【DES算法】
url:
import execjs
# 1. 实例化⼀个node对象
node = ()
# 2. js源⽂件编译
ctx = nodepile(open('./js源⽂件/CTE.js',encoding='utf-8').read())
# 3. 执⾏js函数
funcName = 'getPwd("{}")'.format('123123123')
pwd = ctx.eval(funcName)print(pwd)
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论