网站返回状态码521,从浏览器抓包来看,浏览器一共对此地址请求了三次(中间是设置COOKIE的过程):
第一次请求:网站返回的响应状态码为 521,响应返回的为经过 混淆的 JS 代码;但是这些都不重要,他会有一个set-COOKIE,我们取出COOKIE,这个COOKIE是jsluid_s (可能会改名)
第二次请求:把这个COOKIE加入请求中,然后会获得一段混淆的代码,我们通过反混淆的网站,然后得到以下代码
我们多次获得这个代码 可见这个ha就是加密方式
会发现不止一种加密,每次混淆对应的大概是三次加密方式
分别是
sha256,sha1,还有md5
所以我们扣除代码,分别改下js代码
由于三种代码太多了,下面只放一种代码
sha256
function hash(_0x2d4d71) {
var _0x4fa55c = 8;
var _0x47edc1 = 0;
function _0x2c9622(_0x29359d, _0x4ae66f) {
var _0xb605c0 = (_0x29359d & 65535) + (_0x4ae66f & 65535);
var _0x27744e = (_0x29359d >> 16) + (_0x4ae66f >> 16) + (_0xb605c0 >> 16);
return _0x27744e <<16 | _0xb605c0 & 65535;
}
function _0x19c666(_0xf7e020, _0x235055) {
return _0xf7e020 >>> _0x235055 | _0xf7e020 <<32 - _0x235055;
}
function _0x436381(_0xd2ec5, _0x5c392d) {
return _0xd2ec5 >>> _0x5c392d;
}
function _0x3f7e6a(_0x3df6f9, _0xb07891, _0x43446d) {
return _0x3df6f9 & _0xb07891 ^ ~_0x3df6f9 & _0x43446d;
}
function _0x20e775(_0x51df81, _0xeeb3b4, _0x2ebd5f) {
return _0x51df81 & _0xeeb3b4 ^ _0x51df81 & _0x2ebd5f ^ _0xeeb3b4 & _0x2ebd5f;
}
function _0x5450df(_0x155ce6) {
return _0x19c666(_0x155ce6, 2) ^ _0x19c666(_0x155ce6, 13) ^ _0x19c666(_0x155ce6, 22);
}
function _0x2d51c9(_0xc877f4) {
return _0x19c666(_0xc877f4, 6) ^ _0x19c666(_0xc877f4, 11) ^ _0x19c666(_0xc877f4, 25);
}
function _0x515e90(_0x16cf8f) {
return _0x19c666(_0x16cf8f, 7) ^ _0x19c666(_0x16cf8f, 18) ^ _0x436381(_0x16cf8f, 3);
}
function _0x57905d(_0x9b4d6e) {
return _0x19c666(_0x9b4d6e, 17) ^ _0x19c666(_0x9b4d6e, 19) ^ _0x436381(_0x9b4d6e, 10);
}
function _0x7dfc8(_0x10a4b0, _0x43831c) {
var _0x1d2989 = new Array(1116352408, 1899447441, 3049323471, 3921009573, 961987163, 1508970993, 2453635748, 2870763221, 3624381080, 310598401, 607225278, 1426881987, 1925078388, 2162078206, 2614888103, 3248222580, 3835390401, 4022224774, 264347078, 604807628, 770255983, 1249150122, 1555081692, 1996064986, 2554220882, 2821834349, 2952996808, 3210313671, 3336571891, 3584528711, 113926993, 338241895, 666307205, 773529912, 1294757372, 1396182291, 1695183700, 1986661051, 2177026350, 2456956037, 2730485921, 2820302411, 3259730800, 3345764771, 3516065817, 3600352804, 4094571909, 275423344, 430227734, 506948616, 659060556, 883997877, 958139571, 1322822218, 1537002063, 1747873779, 1955562222, 2024104815, 2227730452, 2361852424, 2428436474, 2756734187, 3204031479, 3329325298);
var _0x5cb44b = new Array(1779033703, 3144134277, 1013904242, 2773480762, 1359893119, 2600822924, 528734635, 1541459225);
var _0x5a20f0 = new Array(64);
var _0x218e05, _0xe3c1e2, _0x107c4d, _0xf15343, _0x4e8165, _0x3d523b, _0x5552b2, _0x55b2d5, _0x8b0131, _0x4adfc9;
var _0x92e82e, _0x281f56;
_0x10a4b0[_0x43831c >> 5] |= 128 <<24 - _0x43831c % 32;
_0x10a4b0[(_0x43831c + 64 >> 9 <<4) + 15] = _0x43831c;
for (var _0x8b0131 = 0; _0x8b0131 <_0x10a4b0["length"]; _0x8b0131 += 16) {
_0x218e05 = _0x5cb44b[0];
_0xe3c1e2 = _0x5cb44b[1];
_0x107c4d = _0x5cb44b[2];
_0xf15343 = _0x5cb44b[3];
_0x4e8165 = _0x5cb44b[4];
_0x3d523b = _0x5cb44b[5];
_0x5552b2 = _0x5cb44b[6];
_0x55b2d5 = _0x5cb44b[7];
for (var _0x4adfc9 = 0; _0x4adfc9 <64; _0x4adfc9++) {
if (_0x4adfc9 <16) {
_0x5a20f0[_0x4adfc9] = _0x10a4b0[_0x4adfc9 + _0x8b0131];
} else {
_0x5a20f0[_0x4adfc9] = _0x2c9622(_0x2c9622(_0x2c9622(_0x57905d(_0x5a20f0[_0x4adfc9 - 2]), _0x5a20f0[_0x4adfc9 - 7]), _0x515e90(_0x5a20f0[_0x4adfc9 - 15])), _0x5a20f0[_0x4adfc9 - 16]);
}
_0x92e82e = _0x2c9622(_0x2c9622(_0x2c9622(_0x2c9622(_0x55b2d5, _0x2d51c9(_0x4e8165)), _0x3f7e6a(_0x4e8165, _0x3d523b, _0x5552b2)), _0x1d2989[_0x4adfc9]), _0x5a20f0[_0x4adfc9]);
_0x281f56 = _0x2c9622(_0x5450df(_0x218e05), _0x20e775(_0x218e05, _0xe3c1e2, _0x107c4d));
_0x55b2d5 = _0x5552b2;
_0x5552b2 = _0x3d523b;
_0x3d523b = _0x4e8165;
_0x4e8165 = _0x2c9622(_0xf15343, _0x92e82e);
_0xf15343 = _0x107c4d;
_0x107c4d = _0xe3c1e2;
_0xe3c1e2 = _0x218e05;
_0x218e05 = _0x2c9622(_0x92e82e, _0x281f56);
}
_0x5cb44b[0] = _0x2c9622(_0x218e05, _0x5cb44b[0]);
_0x5cb44b[1] = _0x2c9622(_0xe3c1e2, _0x5cb44b[1]);
_0x5cb44b[2] = _0x2c9622(_0x107c4d, _0x5cb44b[2]);
_0x5cb44b[3] = _0x2c9622(_0xf15343, _0x5cb44b[3]);
_0x5cb44b[4] = _0x2c9622(_0x4e8165, _0x5cb44b[4]);
_0x5cb44b[5] = _0x2c9622(_0x3d523b, _0x5cb44b[5]);
_0x5cb44b[6] = _0x2c9622(_0x5552b2, _0x5cb44b[6]);
_0x5cb44b[7] = _0x2c9622(_0x55b2d5, _0x5cb44b[7]);
}
return _0x5cb44b;
}
function _0x180a16(_0xf1fd6e) {
var _0xb0db85 = Array();
var _0x25f9c5 = 255;
for (var _0x2f8e7d = 0; _0x2f8e7d <_0xf1fd6e["length"] * _0x4fa55c; _0x2f8e7d += _0x4fa55c) {
_0xb0db85[_0x2f8e7d >> 5] |= (_0xf1fd6e["charCodeAt"](_0x2f8e7d / _0x4fa55c) & _0x25f9c5) <<24 - _0x2f8e7d % 32;
}
return _0xb0db85;
}
function _0x46ee98(_0x58c977) {
var _0x85a9a = new RegExp("\n", "g");
_0x58c977 = _0x58c977["replace"](_0x85a9a, "\n");
var _0x4bca3a = "";
for (var _0x1e7342 = 0; _0x1e7342 <_0x58c977["length"]; _0x1e7342++) {
var _0x5c7a8b = _0x58c977["charCodeAt"](_0x1e7342);
if (_0x5c7a8b <128) {
_0x4bca3a += String["fromCharCode"](_0x5c7a8b);
} else {
if (_0x5c7a8b > 127 && _0x5c7a8b <2048) {
_0x4bca3a += String["fromCharCode"](_0x5c7a8b >> 6 | 192);
_0x4bca3a += String["fromCharCode"](_0x5c7a8b & 63 | 128);
} else {
_0x4bca3a += String["fromCharCode"](_0x5c7a8b >> 12 | 224);
_0x4bca3a += String["fromCharCode"](_0x5c7a8b >> 6 & 63 | 128);
_0x4bca3a += String["fromCharCode"](_0x5c7a8b & 63 | 128);
}
}
}
return _0x4bca3a;
}
function _0x5fb598(_0x580622) {
var _0x11d2a4 = "0123456789abcdef";
var _0x180550 = "";
for (var _0x11bebf = 0; _0x11bebf <_0x580622["length"] * 4; _0x11bebf++) {
_0x180550 += _0x11d2a4["charAt"](_0x580622[_0x11bebf >> 2] >> (3 - _0x11bebf % 4) * 8 + 4 & 15) + _0x11d2a4["charAt"](_0x580622[_0x11bebf >> 2] >> (3 - _0x11bebf % 4) * 8 & 15);
}
return _0x180550;
}
_0x2d4d71 = _0x46ee98(_0x2d4d71);
return _0x5fb598(_0x7dfc8(_0x180a16(_0x2d4d71), _0x2d4d71["length"] * _0x4fa55c));
}
function go(data) {
var chars = data["chars"]["length"];
for (var i = 0; i
if (hash(COOKIE) === data["ct"]) {
return COOKIE;
}
}
}
}
import re
import execjs
import requests
import json
from requests.utils import add_dict_to_COOKIEjar
from requests.packages.urllib3.exceptions import InsecureRequestWarning
# 关闭ssl验证提示
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class JsClearance:
header = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0',
}
url = 'https://www.zbytb.com/search/?kw=%E7%9F%BF&okw=&catid=0&zizhi=&field=0&moduleid=26&areaids=&page=2'
# 使用session保持会话
session = requests.session()
def get_parameter(self, response):
# 提取js代码
js_clearance = re.findall('COOKIE=(.*?);location', response.text)[0]
# 执行后获得COOKIE参数js_clearance
result = execjs.eval(js_clearance).split(';')[0].split('=')[1]
# 添加COOKIE
add_dict_to_COOKIEjar(self.session.COOKIEs, {'__jsl_clearance_s': result})
# 第二次请求
respOnse= self.session.get(self.url, headers=self.header, verify=False)
# 提取参数并转字典
parameter = json.loads(re.findall(r';go\((.*?)\)', response.text)[0])
js_file = ''
# 判断加密方式
if parameter['ha'] == 'sha1':
js_file = 'sha1.js'
elif parameter['ha'] == 'sha256':
js_file = 'sha256.js'
elif parameter['ha'] == 'md5':
js_file = 'md5.js'
return parameter, js_file
def get_COOKIE(self, param, file):
with open(file, 'r') as f:
js = f.read()
cmp = execjs.compile(js)
# 执行js代码传入参数
clearance = cmp.call('go', param)
return clearance
def main(self):
# 第一次请求
respOnse= self.session.get(self.url, headers=self.header, verify=False)
# 获取参数及加密方式
parameter, js_file = self.get_parameter(response)
# 获取COOKIE
clearance = self.get_COOKIE(parameter, js_file)
# 修改COOKIE
add_dict_to_COOKIEjar(self.session.COOKIEs, {'__jsl_clearance_s': clearance})
# 第三次请求
response1 = self.session.get(self.url, headers=self.header, verify=False)
print(response1.text)
if __name__ == '__main__':
JsClearance().main()