声明
本文章中所有内容仅供学习交流使用,不用于其他任何目的,不提供完整代码,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
本文章未经许可禁止转载,禁止任何修改后二次传播,擅自使用本文讲解的技术而导致的任何意外,作者均不负责,若有侵权,请联系作者立即删除!
逆向目标
网址
:https://www.mafengwo.cn/i/24292737.html接口
:https://www.mafengwo.cn/i/24292737.html参数
:cookie
逆向过程
老规矩,先分析网络请求
总共发起了三次网络请求:
# 1. 第一次请求
Request URL: https://www.mafengwo.cn/i/24292737.html
Request Method: GET
Status Code: 521
# 2. 第二次请求
Request URL: https://www.mafengwo.cn/i/24292737.html
Request Method: GET
Status Code: 521
# 3. 第三次请求
Request URL: https://www.mafengwo.cn/i/24292737.html
Request Method: GET
Status Code: 200 OK
我们使用抓包工具来看下
然后我们观察下获取到实际内容的第三次请求,可以看到是加速乐
Application
标签页下
逆向分析
我们下来分析第一次请求,按照如下方式复制curl请求
粘贴到如下
复制右侧的python
脚本执行
# 第一次请求可以不带cookie
import requests
headers = {
"Host": "www.mafengwo.cn",
"Pragma": "no-cache",
"Cache-Control": "no-cache",
"sec-ch-ua": "\"Not A(Brand\";v=\"99\", \"Google Chrome\";v=\"121\", \"Chromium\";v=\"121\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"macOS\"",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Sec-Fetch-Site": "same-origin",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-User": "?1",
"Sec-Fetch-Dest": "document",
"Referer": "https://www.mafengwo.cn/i/24292737.html",
"Accept-Language": "en-US,en;q=0.9"
}
url = "https://www.mafengwo.cn/i/24292737.html"
response = requests.get(url, headers=headers)
print(response.text)
print(response)
# 输出如下
<script>document.cookie=('_')+('_')+('j')+('s')+('l')+('_')+('c')+('l')+('e')+('a')+('r')+('a')+('n')+('c')+('e')+('_')+('s')+('=')+(-~[]+'')+(-~[6]+'')+(~~{}+'')+(1+7+'')+(1+[0]-(1)+'')+(3+'')+((2^1)+'')+((1<<1)+'')+(-~(3)+'')+(1+8+'')+('.')+(-~(8)+'')+((1<<1)+'')+(2+6+'')+('|')+('-')+(-~[]+'')+('|')+(+!+[]+'')+('%')+(-~1+'')+('B')+('k')+('h')+(6+'')+(-~1+'')+('T')+('I')+('g')+('S')+('u')+('D')+('y')+(~~false+'')+('i')+('w')+('T')+('U')+('i')+('b')+('C')+('Z')+('x')+('v')+('U')+('%')+(0+1+0+1+'')+('B')+('M')+('%')+((1+[2]>>2)+'')+('D')+(';')+(' ')+('M')+('a')+('x')+('-')+('a')+('g')+('e')+('=')+((1|2)+'')+(3+3+'')+(~~{}+'')+((+[])+'')+(';')+(' ')+('P')+('a')+('t')+('h')+('=')+('/')+(';')+(' ')+('S')+('a')+('m')+('e')+('S')+('i')+('t')+('e')+('=')+('N')+('o')+('n')+('e')+(';')+(' ')+('S')+('e')+('c')+('u')+('r')+('e');location.href=location.pathname+location.search</script>
我们直接把script
标签内的 js代码
拷贝出来执行
document = {};
location = {};
document.cookie=('_')+('_')+('j')+('s')+('l')+('_')+('c')+('l')+('e')+('a')+('r')+('a')+('n')+('c')+('e')+('_')+('s')+('=')+(-~[]+'')+(-~[6]+'')+(~~{}+'')+(1+7+'')+(1+[0]-(1)+'')+(3+'')+((2^1)+'')+((1<<1)+'')+(-~(3)+'')+(1+8+'')+('.')+(-~(8)+'')+((1<<1)+'')+(2+6+'')+('|')+('-')+(-~[]+'')+('|')+(+!+[]+'')+('%')+(-~1+'')+('B')+('k')+('h')+(6+'')+(-~1+'')+('T')+('I')+('g')+('S')+('u')+('D')+('y')+(~~false+'')+('i')+('w')+('T')+('U')+('i')+('b')+('C')+('Z')+('x')+('v')+('U')+('%')+(0+1+0+1+'')+('B')+('M')+('%')+((1+[2]>>2)+'')+('D')+(';')+(' ')+('M')+('a')+('x')+('-')+('a')+('g')+('e')+('=')+((1|2)+'')+(3+3+'')+(~~{}+'')+((+[])+'')+(';')+(' ')+('P')+('a')+('t')+('h')+('=')+('/')+(';')+(' ')+('S')+('a')+('m')+('e')+('S')+('i')+('t')+('e')+('=')+('N')+('o')+('n')+('e')+(';')+(' ')+('S')+('e')+('c')+('u')+('r')+('e');location.href=location.pathname+location.search
console.log(document.cookie);
// OUTPUT
__jsl_clearance_s=1708933249.928|-1|1%2Bkh62TIgSuDy0iwTUibCZxvU%2BM%3D; Max-age=3600; Path=/; SameSite=None; Secure
同上继续分析第二次请求,返回值如下
# 返回内容
<script>
document.cookie = ('_') + ('_') + ('j') + ('s') + ('l') + ('_') + ('c') + ('l') + ('e') + ('a') + ('r') + ('a') + ('n') + ('c') + ('e') + ('_') + ('s') + ('=') + (-~false + '') + (3 + 4 + '') + (~~[] + '') + (-~[7] + '') + (1 + 8 + '') + (3 + '') + (1 + 5 + '') + ((1 << 2) + '') + ((+false) + '') + (-~(4) + '') + ('.') + (1 + 5 + '') + (3 + 4 + '') + (-~0 + '') + ('|') + ('-') + (-~[] + '') + ('|') + ('n') + ('r') + ('m') + ('%') + (0 + 1 + 0 + 1 + '') + ('B') + ('u') + ('b') + ('O') + ('H') + ('M') + ('G') + ('e') + ('B') + ('D') + ('A') + (([2] + 0 >> 2) + '') + ('Q') + ('X') + ('Q') + ('C') + ('D') + (-~(4) + '') + ('d') + ('K') + ('W') + ('m') + ('f') + ('I') + ('%') + (3 + '') + ('D') + (';') + (' ') + ('M') + ('a') + ('x') + ('-') + ('a') + ('g') + ('e') + ('=') + (-~[2] + '') + ([2] * (3) + '') + (~~{} + '') + ((+false) + '') + (';') + (' ') + ('P') + ('a') + ('t') + ('h') + ('=') + ('/') + (';') + (' ') + ('S') + ('a') + ('m') + ('e') + ('S') + ('i') + ('t') + ('e') + ('=') + ('N') + ('o') + ('n') + ('e') + (';') + (' ') + ('S') + ('e') + ('c') + ('u') + ('r') + ('e');
location.href = location.pathname + location.search
</script>
# 输出如下
__jsl_clearance_s=1708934799.525|-1|P7xfo%2FD8ppojDXKRuV6GCZe%2BgW8%3D; Max-age=3600; Path=/; SameSite=None; Secure
# 返回Headers
Connection:keep-alive
Connection:close
Date:Mon, 26 Feb 2024 08:33:25 GMT
Server:nginx
Set-Cookie:__jsluid_s=384752ae6df9332fabc335968c604588; max-age=31536000; path=/; HttpOnly; SameSite=None; secure
Transfer-Encoding:chunked
X-Via-Jsl:ecc62cf,-
可以看到通过第二次请求,我们可以拿到 __jsluid_s
和 __jsl_clearance_s
最后,第三次请求带上第二步生成的两个参数 __jsluid_s
和 __jsl_clearance_s
,就可以拿到最终结果
结果验证
import requests
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Accept-Language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"Cache-Control": "no-cache",
"Connection": "keep-alive",
"Pragma": "no-cache",
"Referer": "https://www.mafengwo.cn/i/24292737.html",
"Sec-Fetch-Dest": "document",
"Sec-Fetch-Mode": "navigate",
"Sec-Fetch-Site": "same-origin",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36",
"sec-ch-ua": "\"Not A(Brand\";v=\"99\", \"Google Chrome\";v=\"121\", \"Chromium\";v=\"121\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"macOS\""
}
cookies = {
"__jsluid_s": "384752ae6df9332fabc335968c604588",
"__jsl_clearance_s": "1708936405.739|0|L5szFUsv5X88tahEhh3Yk256Pi8%3D"
}
url = "https://www.mafengwo.cn/i/24292737.html"
response = requests.get(url, headers=headers, cookies=cookies)
print(response.text)
print(response)