Disclaimer: This article is only for study and research, prohibited for illegal use, otherwise the consequences, such as infringement, please inform to delete, thank you!
preface
I saw this a couple of months ago, but the algorithm still works, so let me share the process
Target Website: aHR0cDovL3guMTBqcWthLmNvbS5jbi9zdG9ja3BpY2svc2VhcmNoP3R5cGVkPTEmcHJlUGFyYW1zPSZ0cz0xJmY9MSZxcz1yZXN1bHRfcmV3cml0ZSZzZWxm c2VjdHNuPSZxdWVyeXR5cGU9c3RvY2smc2VhcmNoZmlsdGVyPSZ0aWQ9c3RvY2twaWNrJnc9JUU4JThBJUFGJUU3JTg5JTg3JnF1ZXJ5YXJlYT0=
I. Page analysis
Some of the interfaces of the flush need to carry this cookie, which is this V, and now start taking it down
2. Parameter acquisition
1. Function positioning
Directly set the script breakpoint, clear the cookie, refresh the page, and inject the hook
(function(){
'use strict'
Object.defineProperty(document.'cookie', {
get: function() {
debugger;
return "";
},
set: function(value) {
debugger;
returnvalue; }}); }) ()Copy the codeThen F8 goes all the way until v is hooked
2. Algorithm acquisition
Then we follow the stack here, find the production function of V, break point here and continue
When I go here, I produce the v parameter
Let’s look at this S thing, a bunch of numbers. I don’t know
From the external assignment, you should be able to see the general meaning, several times and click position, the most important actor in this is ot.timenow (), which is also a timestamp
Then, it is ok to deduct s.tobuffer and et.encode methods
Three, test,
Easy win!
import execjs import requests from loguru import logger with open('./code.js',encoding='utf8') as f: js_func = execjs.compile(f.read()) v = js_func.call('et_encode') logger.info('cookie:{}'.format(v)) cookies = { 'v': v, } headers = { 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'upgrade-insecure -Requests': '1',' user-agent ': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml; Q = 0.9, image/avif, image/webp image/apng, * / *; Q = 0.8, application/signed - exchange; v=b3; Q = 0.9 ', 'the Accept - Language' : 'useful - CN, useful; Q = 0.9 ', } response = requests.get('http://x.10jqka.com.cn/stockpick/search?typed=1&preParams=&ts=1&f=1&qs=result_rewrite&selfsectsn=&querytyp e=stock&searchfilter=&tid=stockpick&w=%E8%8A%AF%E7%89%87&queryarea=', headers=headers, cookies=cookies, verify=False) logger.info(response.text)Copy the code