逆向网址
aHR0cHM6Ly93d3cudGFvYmFvLmNvbS8=
aHR0cHM6Ly93d3cudG1hbGwuY29tLw==
逆向链接
aHR0cHM6Ly9kZXRhaWwudG1hbGwuY29tL2l0ZW0uaHRtP2lkPTc0NDk3NDQ4NTI3NSZwdmlkPTFiMzdmNjUyLTRjNDYtNGM2Ni04MDg4LWRhYmJiZDJhMzJhNSZzY209MTAwNy40MDk4Ni4yNzY3NTAuMCZzcG09YTIxYm8uamlhbmh1YS4yMDE4NzYuNTQuNWFmOTJhODlTdDFJdHI=
逆向接口
aHR0cHM6Ly9oNWFwaS5tLnRhb2Jhby5jb20vaDUvbXRvcC50YW9iYW8ucGNkZXRhaWwuZGF0YS5nZXQvMS4wLw==
逆向过程
请求方式:GET
参数构成:
【sign】 a30c362859b76a4be4e44feb90e484d2
根据断点可快速进入发包内容
XHR断点方式进入【item.js】搜索【sign:】可快速定位
调试过程
由上图可知变量【s】为逆向数据源。
那么折叠函数发现如下代码:
s = function(e) {.....}(r.token + "&" + u + "&" + c + "&" + n.data)
即可得到值 s
///
//模拟sign值加密
function h(a) {
function b(a, b) {
return a << b | a >>> 32 - b
}
function c(a, b) {
var c, d, e, f, g;
return e = 2147483648 & a,
f = 2147483648 & b,
c = 1073741824 & a,
d = 1073741824 & b,
g = (1073741823 & a) + (1073741823 & b),
c & d ? 2147483648 ^ g ^ e ^ f : c | d ? 1073741824 & g ? 3221225472 ^ g ^ e ^ f : 1073741824 ^ g ^ e ^ f : g ^ e ^ f
}
function d(a, b, c) {
return a & b | ~a & c
}
function e(a, b, c) {
return a & c | b & ~c
}
function f(a, b, c) {
return a ^ b ^ c
}
function g(a, b, c) {
return b ^ (a | ~c)
}
function h(a, e, f, g, h, i, j) {
return a = c(a, c(c(d(e, f, g), h), j)),
c(b(a, i), e)
}
function i(a, d, f, g, h, i, j) {
return a = c(a, c(c(e(d, f, g), h), j)),
c(b(a, i), d)
}
function j(a, d, e, g, h, i, j) {
return a = c(a, c(c(f(d, e, g), h), j)),
c(b(a, i), d)
}
function k(a, d, e, f, h, i, j) {
return a = c(a, c(c(g(d, e, f), h), j)),
c(b(a, i), d)
}
function l(a) {
for (var b, c = a.length, d = c + 8, e = (d - d % 64) / 64, f = 16 * (e + 1), g = new Array(f - 1), h = 0, i = 0; c > i; )
b = (i - i % 4) / 4,
h = i % 4 * 8,
g[b] = g[b] | a.charCodeAt(i) << h,
i++;
return b = (i - i % 4) / 4,
h = i % 4 * 8,
g[b] = g[b] | 128 << h,
g[f - 2] = c << 3,
g[f - 1] = c >>> 29,
g
}
function m(a) {
var b, c, d = "", e = "";
for (c = 0; 3 >= c; c++)
b = a >>> 8 * c & 255,
e = "0" + b.toString(16),
d += e.substr(e.length - 2, 2);
return d
}
function n(a) {
a = a.replace(/\r\n/g, "\n");
for (var b = "", c = 0; c < a.length; c++) {
var d = a.charCodeAt(c);
128 > d ? b += String.fromCharCode(d) : d > 127 && 2048 > d ? (b += String.fromCharCode(d >> 6 | 192),
b += String.fromCharCode(63 & d | 128)) : (b += String.fromCharCode(d >> 12 | 224),
b += String.fromCharCode(d >> 6 & 63 | 128),
b += String.fromCharCode(63 & d | 128))
}
return b
}
var o, p, q, r, s, t, u, v, w, x = [], y = 7, z = 12, A = 17, B = 22, C = 5, D = 9, E = 14, F = 20, G = 4, H = 11, I = 16, J = 23, K = 6, L = 10, M = 15, N = 21;
for (a = n(a),
x = l(a),
t = 1732584193,
u = 4023233417,
v = 2562383102,
w = 271733878,
o = 0; o < x.length; o += 16)
p = t,
q = u,
r = v,
s = w,
t = h(t, u, v, w, x[o + 0], y, 3614090360),
w = h(w, t, u, v, x[o + 1], z, 3905402710),
v = h(v, w, t, u, x[o + 2], A, 606105819),
u = h(u, v, w, t, x[o + 3], B, 3250441966),
t = h(t, u, v, w, x[o + 4], y, 4118548399),
w = h(w, t, u, v, x[o + 5], z, 1200080426),
v = h(v, w, t, u, x[o + 6], A, 2821735955),
u = h(u, v, w, t, x[o + 7], B, 4249261313),
t = h(t, u, v, w, x[o + 8], y, 1770035416),
w = h(w, t, u, v, x[o + 9], z, 2336552879),
v = h(v, w, t, u, x[o + 10], A, 4294925233),
u = h(u, v, w, t, x[o + 11], B, 2304563134),
t = h(t, u, v, w, x[o + 12], y, 1804603682),
w = h(w, t, u, v, x[o + 13], z, 4254626195),
v = h(v, w, t, u, x[o + 14], A, 2792965006),
u = h(u, v, w, t, x[o + 15], B, 1236535329),
t = i(t, u, v, w, x[o + 1], C, 4129170786),
w = i(w, t, u, v, x[o + 6], D, 3225465664),
v = i(v, w, t, u, x[o + 11], E, 643717713),
u = i(u, v, w, t, x[o + 0], F, 3921069994),
t = i(t, u, v, w, x[o + 5], C, 3593408605),
w = i(w, t, u, v, x[o + 10], D, 38016083),
v = i(v, w, t, u, x[o + 15], E, 3634488961),
u = i(u, v, w, t, x[o + 4], F, 3889429448),
t = i(t, u, v, w, x[o + 9], C, 568446438),
w = i(w, t, u, v, x[o + 14], D, 3275163606),
v = i(v, w, t, u, x[o + 3], E, 4107603335),
u = i(u, v, w, t, x[o + 8], F, 1163531501),
t = i(t, u, v, w, x[o + 13], C, 2850285829),
w = i(w, t, u, v, x[o + 2], D, 4243563512),
v = i(v, w, t, u, x[o + 7], E, 1735328473),
u = i(u, v, w, t, x[o + 12], F, 2368359562),
t = j(t, u, v, w, x[o + 5], G, 4294588738),
w = j(w, t, u, v, x[o + 8], H, 2272392833),
v = j(v, w, t, u, x[o + 11], I, 1839030562),
u = j(u, v, w, t, x[o + 14], J, 4259657740),
t = j(t, u, v, w, x[o + 1], G, 2763975236),
w = j(w, t, u, v, x[o + 4], H, 1272893353),
v = j(v, w, t, u, x[o + 7], I, 4139469664),
u = j(u, v, w, t, x[o + 10], J, 3200236656),
t = j(t, u, v, w, x[o + 13], G, 681279174),
w = j(w, t, u, v, x[o + 0], H, 3936430074),
v = j(v, w, t, u, x[o + 3], I, 3572445317),
u = j(u, v, w, t, x[o + 6], J, 76029189),
t = j(t, u, v, w, x[o + 9], G, 3654602809),
w = j(w, t, u, v, x[o + 12], H, 3873151461),
v = j(v, w, t, u, x[o + 15], I, 530742520),
u = j(u, v, w, t, x[o + 2], J, 3299628645),
t = k(t, u, v, w, x[o + 0], K, 4096336452),
w = k(w, t, u, v, x[o + 7], L, 1126891415),
v = k(v, w, t, u, x[o + 14], M, 2878612391),
u = k(u, v, w, t, x[o + 5], N, 4237533241),
t = k(t, u, v, w, x[o + 12], K, 1700485571),
w = k(w, t, u, v, x[o + 3], L, 2399980690),
v = k(v, w, t, u, x[o + 10], M, 4293915773),
u = k(u, v, w, t, x[o + 1], N, 2240044497),
t = k(t, u, v, w, x[o + 8], K, 1873313359),
w = k(w, t, u, v, x[o + 15], L, 4264355552),
v = k(v, w, t, u, x[o + 6], M, 2734768916),
u = k(u, v, w, t, x[o + 13], N, 1309151649),
t = k(t, u, v, w, x[o + 4], K, 4149444226),
w = k(w, t, u, v, x[o + 11], L, 3174756917),
v = k(v, w, t, u, x[o + 2], M, 718787259),
u = k(u, v, w, t, x[o + 9], N, 3951481745),
t = c(t, p),
u = c(u, q),
v = c(v, r),
w = c(w, s);
var O = m(t) + m(u) + m(v) + m(w);
return O.toLowerCase()
}构建查询参数即可到的加密【sign】值 s
//构建参数 获取sign值
function _getSign( token, i, data )
{
var g = '12574478';
if( !i || typeof i == undefined )
{
i = (new Date).getTime()
}
return h( token + "&" + i + "&" + g + "&" + data );
}整合好js代码之后。接下来就是构建python代码实现请求动态请求接口
整合测试
爬虫端构建
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# @Time : 2024/3/11 15:18
# @Author : Carey
# @Description
import json
import re
import sys
import requests
import time
import execjs
from urllib.parse import urlparse
strCookie = 'xxxx';
'''
提取cookie中 _m_h5_tk 的值
'''
token = re.findall( r'_m_h5_tk=(.*?)_(?:.*?);', strCookie )
if False == token or len(token[0]) <= 0:
print( '当前cookie无效, 未识别出来【_m_h5_tk】值' )
sys.exit()
headers = {
'accept': 'application/json',
'accept-language': 'en,zh-CN;q=0.9,zh;q=0.8,ja;q=0.7',
'content-type': 'application/x-www-form-urlencoded',
'cookie': strCookie,
'origin': '{origin}',
'referer': '{referer}',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36',
}
'''
解析url链接 为sign值生成做准备
'''
url = 'xxxx'
urlInfo = urlparse( url )
if False == urlInfo.query or len( urlInfo.query ) <= 0:
sys.exit()
queryInfo = urlInfo.query.split( '&' )
arrParams = {}
for item in queryInfo:
arrIt = item.split( '=' )
if arrIt:
arrParams.update({arrIt[0]:arrIt[1]})
else:
continue
exParams = {
"queryParams": urlInfo.query,
"domain": f"{urlInfo.scheme}//{urlInfo.netloc}",
"path_name": urlInfo.path
}
for k in arrParams:
if k in arrParams and len( arrParams[k] ) > 0:
exParams.update({k: arrParams[k]})
else:
continue
data = {
'id': arrParams['id'],
'detail_v': '3.3.2',
'exParams': json.dumps( exParams, ensure_ascii=False).replace(' ', '')
}
js_file = "./detail.js"
with open(js_file, "r", encoding='utf-8') as f:
js_tamp = f.read()
jsDrive = execjs.compile(js_tamp)
rtime = round( time.time() * 1000 )
c = json.dumps( data ).replace(' ', '' )
sign = jsDrive.call('_getSign', token[0], rtime, c )
'''
构建请求参数
'''
params = {
'jsv': '2.6.1',
'appKey': '12574478',
't': str(rtime),
'sign': sign,
'api': 'mtop.taobao.pcdetail.data.get',
'v': '1.0',
'isSec': '0',
'ecode': '0',
'timeout': '10000',
'ttid': '2022@taobao_litepc_9.17.0',
'AntiFlood': 'true',
'AntiCreep': 'true',
'dataType': 'json',
'valueType': 'string',
'preventFallback': 'true',
'type': 'json',
'data': json.dumps( data, ensure_ascii=False).replace(' ', ''),
}
'''
发起请求 + 解析数据
'''
response = requests.get( 'xxxx', params=params, headers=headers )
print( response.json() )测试结果
