Shulou(Shulou.com)05/31 Report--

This article mainly explains "Python and JS anti-climbing how to solve the anti-climbing parameter signKey", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "Python and JS anti-crawling how to solve the anti-climbing parameter signKey"!

Actual combat scene

There is a large category of Python anti-crawling, which is called font anti-crawling. The core theory is to implement encryption logic through font file or CSS offset.

The site to be collected this time is: 54yr55y855S15b2x (Base64 encryption) site address is: https%3A%2F%2Fmaoyan.com%2Ffilms%2F522013 (URL coding)

After the above address is opened, and after a text is selected with the developer tool, you will find that the data cannot be read from the source code in Elements.

As shown in the following figure:

All similar scenes belong to the font coding series, which is simply understood as follows:

Server source code, can not read the text directly.

You can also use the request page preview tab to determine whether the font is encrypted or not. When the following conclusion appears, you can judge that the digital information is displayed as a box.

systems analysis

Originally thought that directly into the font encryption and decryption logic, this case can be solved, but when the request header, found that there is a request parameter signKey, but also encrypted, then solve the font anti-crawling, first solve this encryption problem.

Open the console, retrieve the signKey parameter directly, and find that there is only one file involved.

After opening the common.js file, format it and continue to retrieve keywords.

Type the breakpoint directly near line 688, then refresh the page and wait for the breakpoint request.

When you find the keyword _ 0x371d, you know that you need a little bit of JS code here, which is another meticulous job.

The JS code to be extracted is as follows:

U = function (x) {var d = x [a (_ 0x371d ("0x14c"))], e = x [a (_ 0x371d ("0x14d"))], _ = x [a (_ 0x371d ("0x14e"))], t = void 0 = _? 1: _, n = Math [a ("0x82")] (10 * Math [a (_ 0x371d ("0x14f"))] ()), I = (new Date) [a (_ 0x371d ("0x150"))] () O = typeof window! = a ("0x4") & & window [_ 0x371d ("0x151")], s = o [a (_ 0x371d ("0x152"))], u = a (_ 0x371d ("0x153")) + d.toUpperCase () + a ("0x87") + I + a (_ 0x371d ("0x154")) + s + 0x371d ("0x155") + n + a ("0x89") + e + a (_ 0x371d ("0x156")) + t, f = a (_ 0x371d ("0x157")) Return {timeStamp: I, index: n, signKey: (0, r [a (_ 0x371d ("0x158"))]) (u + f), channelId: e, sVersion: t, webdriver: C ()}

Each time the page is refreshed, you can capture the relevant parameters and values.

For example, you can get d = "GET" directly here and write it to our JS file.

After the first step of encryption, the parameter values are obtained, among which u and f are more important. With each breakpoint, the code can be restored step by step. Here are some important steps. If the path is not clear, you can click on the card below and ask the eraser directly.

Get f value

Get the contents of the _ 0x5827 function

The following content r is an array in which the strings can be obtained by index

A (_ 0x371d ("0x158")); ("default")

With the deepening of the code, the encryption location of the core signKey parameter is found. The screenshot is as follows:

This is a big project, there is no 1 hour, can not be translated.

We deduct the core function first, and then replace it bit by bit. The core untranslated code is as follows:

Function () {var d = e (7) there's a lot of code, v = u, M = f. S = m (s, c, u, f, I [l + 0], 7,-680876936), f = m (f, s, c, u, I [l + 1], 12,-389564586), u = m (u, f, s, c, I [l + 2], 17, 606105819), c = m (c, u, f, s, I [l + 3], 22,-1044525330).

When translating, just pay attention to a few key parameters. * * _ 0x371d * *

Var _ 0x371d = function (x, d) {return (x-= 0), _ 0x5827 [x];}

* * _ 0x5827 * *

Var _ 0x5827 = ["parseJSON", "parseXML", "ajaxSettings", "ajaxSetup", "statusCode", "canceled", "success", "dataType",.

Copy it to the editor, straight good guy, more than 7W words.

Encryption variable a

Var a = function (x, d) {return (x-= 0), r [x];}

Encryption variable r

Encryption parameter d

Knowing how to take the above values makes it very easy to solve signKey.

In addition, the easiest way is to directly build the common.js file locally, and then use Python to call, you can directly get the corresponding data.

The JS code is executed in Python, which can be implemented using the following Demo:

Import execjs# executes the JS file js = "js script content" ctx = execjs.compile (js) x = {'method':' GET', 'channelId': 40011,' sVersion': 1, 'type':' object'} # pass in the parameter n = ctx.call ('translated encryption function name', x). I believe you have a better understanding of "Python and JS anti-crawling how to solve the anti-crawling parameter signKey" You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.