https://match.yuanrenxue.cn/match/15
抓包分析
抓包分析有一个m参数,三个数字组成
追栈/扣代码
根据启动器顺序追栈,一般优先跳过 jQuery
直接能找到加密函数
每次获取的数字都不一样
window.m = function() {
t1 = parseInt(Date.parse(new Date()) / 1000 / 2);
t2 = parseInt(Date.parse(new Date()) / 1000 / 2 - Math.floor(Math.random() * (50) + 1));
return window.q(t1, t2).toString() + '|' + t1 + '|' + t2;
};
找到加密函数,本地运行,需要补环境window = global;需要用到window.q函数,这个函数是二进制wasm导出的。
在控制台输出函数点击则可以跳转函数位置
wasm文件可以直接使用python调用。刷新页面找到wasm文件双击即可下载到本地。
构建Python代码
- 安装
pywasm
pip install pywasm
把上面的JS转化成Python代码
import random
import time
import pywasm
# 加载WASM模块
vm = pywasm.load('main.wasm')
# 定义encode函数
def encode(t1, t2):
return vm.exec('encode', [t1, t2])
# 定义m函数
def m():
t1 = int(time.time() // 2)
t2 = int(time.time() // 2 - random.randint(1, 50))
encoded_result = encode(t1, t2)
return f'{encoded_result}|{t1}|{t2}'
# 执行m函数并打印结果
print(m())
11846484|858829793|858829743
构建爬虫代码尝试。
完整代码
import random
import time
import pywasm
import requests
# 加载WASM模块
vm = pywasm.load('main.wasm')
# 定义encode函数
def encode(t1, t2):
return vm.exec('encode', [t1, t2])
# 定义m函数
def m():
t1 = int(time.time() // 2)
t2 = int(time.time() // 2 - random.randint(1, 50))
encoded_result = encode(t1, t2)
return f'{encoded_result}|{t1}|{t2}'
headers = {
"authority": "match.yuanrenxue.cn",
"accept": "application/json, text/javascript, */*; q=0.01",
"accept-language": "zh-CN,zh;q=0.9",
"referer": "https://match.yuanrenxue.cn/match/15",
"sec-ch-ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36",
"x-requested-with": "XMLHttpRequest"
}
cookies = {
"sessionid": "zwy0uz1vd0ge1e42310i34b37584m1lj",
"Hm_lvt_c99546cf032aaa5a679230de9a95c7db": "1717578931,1717603706,1717646819,1717658072",
"Hm_lvt_9bcbda9cbf86757998a2339a0437208e": "1717578942,1717639423,1717658081",
"qpfccr": "true",
"no-alert3": "true",
"Hm_lpvt_9bcbda9cbf86757998a2339a0437208e": "1717658404",
"m": "a4bc4a41fac1af0f16d90557df669d6f|1717659407000",
"Hm_lpvt_c99546cf032aaa5a679230de9a95c7db": "1717659649"
}
url = "https://match.yuanrenxue.cn/api/match/15"
ret = 0
for pageIndex in range(1, 6):
params = {
"m": m(),
"page": pageIndex
}
response = requests.get(url, headers=headers, cookies=cookies, params=params)
print(response.text)
data = response.json()["data"]
for item in data:
ret += item['value']
print(ret)
使用代码请自行修改
cookie
{"status": "1", "state": "success", "data": [{"value": 2086}, {"value": 9613}, {"value": 8563}, {"value": 9659}, {"value": 7656}, {"value": 4363}, {"value": 8892}, {"value": 3371}, {"value": 1335}, {"value": 3312}]}
{"status": "1", "state": "success", "data": [{"value": 8992}, {"value": 678}, {"value": 3708}, {"value": 8387}, {"value": 2657}, {"value": 1345}, {"value": 9763}, {"value": 800}, {"value": 4328}, {"value": 104}]}
{"status": "1", "state": "success", "data": [{"value": 2795}, {"value": 2594}, {"value": 9150}, {"value": 6656}, {"value": 5834}, {"value": 476}, {"value": 1968}, {"value": 1218}, {"value": 5901}, {"value": 1851}]}
{"status": "1", "state": "success", "data": [{"value": 1317}, {"value": 6556}, {"value": 2163}, {"value": 1628}, {"value": 930}, {"value": 2919}, {"value": 9012}, {"value": 8671}, {"value": 1232}, {"value": 4586}]}
{"status": "1", "state": "success", "data": [{"value": 492}, {"value": 7595}, {"value": 3262}, {"value": 9299}, {"value": 7287}, {"value": 4316}, {"value": 3091}, {"value": 1926}, {"value": 2803}, {"value": 2248}]}
219388
实际上
cookie里面还有一个m,最开始我没有注意到,不过好在这个不应该操作
