逆向目标
网址:
目标:session请求
逆向分析
首先分析网络请求,我们发现每次的翻页请求都会有一个jssm请求
从启动器进去跟栈进去
现在观察一下cookie是否有变化,经观察没有发生变化,参数也没有加密,所以直接
这个实际上没有发生变化。参数也没有加密,所以先分析下jssm请求返回了什么
# -*- coding: utf-8 -*-
import requests
headers = {
"authority": "match.yuanrenxue.cn",
"accept": "*/*",
"accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"cache-control": "no-cache",
"content-length": "0",
"origin": "https://match.yuanrenxue.cn",
"pragma": "no-cache",
"referer": "https://match.yuanrenxue.cn/match/3",
"sec-ch-ua": "\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"macOS\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
}
cookies = {
"Hm_lvt_9bcbda9cbf86757998a2339a0437208e": "1709127611",
"Hm_lvt_c99546cf032aaa5a679230de9a95c7db": "1709127610",
"sessionid": "q2ps6kb6i8uyh34hjio052jk2ryfzbhk",
"tk": "4758967477092429531",
"Hm_lpvt_9bcbda9cbf86757998a2339a0437208e": "1709129732",
"Hm_lpvt_c99546cf032aaa5a679230de9a95c7db": "1709129736"
}
url = "https://match.yuanrenxue.cn/jssm"
response = requests.post(url, headers=headers, cookies=cookies)
print(response.text)
print(response)
// 返回如下
<Response [202]>
再来看/api/match 请求
# -*- coding: utf-8 -*-
import requests
headers = {
"authority": "match.yuanrenxue.cn",
"accept": "application/json, text/javascript, */*; q=0.01",
"accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"cache-control": "no-cache",
"pragma": "no-cache",
"referer": "https://match.yuanrenxue.cn/match/3",
"sec-ch-ua": "\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"macOS\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
"x-requested-with": "XMLHttpRequest"
}
cookies = {
"Hm_lvt_9bcbda9cbf86757998a2339a0437208e": "1709127611",
"Hm_lvt_c99546cf032aaa5a679230de9a95c7db": "1709127610",
"sessionid": "q2ps6kb6i8uyh34hjio052jk2ryfzbhk",
"tk": "4758967477092429531",
"Hm_lpvt_9bcbda9cbf86757998a2339a0437208e": "1709129732",
"Hm_lpvt_c99546cf032aaa5a679230de9a95c7db": "1709129736"
}
url = "https://match.yuanrenxue.cn/api/match/3"
params = {
"page": "3"
}
response = requests.get(url, headers=headers, cookies=cookies, params=params)
print(response.text)
print(response)
返回如下
var x="div@Expires@@captcha@while@length@@reverse@0xEDB88320@substr@fromCharCode@234@@0@@@11@1500@@cookie@@36@createElement@JgSe0upZ@rOm9XFMtA3QKV7nYsPGT4lifyWwkq5vcjH2IdxUoCbhERLaz81DNB6@@@eval@@window@href@GMT@String@attachEvent@false@toLowerCase@@2@Array@@@@Path@@@@f@if@@@26@@addEventListener@@@try@return@location@toString@@@@@@pathname@@@@setTimeout@@replace@a@innerHTML@@@@1589175086@else@@document@3@@@@https@join@for@@DOMContentLoaded@06@e@@@@@new@catch@var@@May@@split@@function@1@charAt@@__jsl_clearance@0xFF@firstChild@search@31@chars@charCodeAt@20@parseInt@8@@match@RegExp@Mon@challenge@@g@onreadystatechange@@d@".replace(/@*$/,"").split("@"),y="1L N=22(){1i('17.v=17.1e+17.29.1k(/[\\?|&]4-2k/,\\'\\')',i);1t.k='26=1q.c|e|'+(22(){1L t=[22(N){16 s('x.b('+N+')')},(22(){1L N=1t.n('1');N.1m='<1l v=\\'/\\'>1H</1l>';N=N.28.v;1L t=N.2h(/1y?:\\/\\//)[e];N=N.a(t.6).A();16 22(t){1A(1L 1H=e;1H<t.6;1H++){t[1H]=N.24(t[1H])};16 t.1z('')}})()],1H=[[[-~[-~(-~((-~{}|-~[]-~[])))]]+[-~[-~(-~((-~{}|-~[]-~[])))]],[((+!~~{})<<-~[-~-~{}])]+[((+!~~{})<<-~[-~-~{}])],[-~[-~(-~((-~{}|-~[]-~[])))]]+[((+!~~{})<<-~[-~-~{}])],[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]]+[(+!![[][[]]][23])],[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]]+(C-~[-~-~{}]+[]+[[]][e]),(C-~[-~-~{}]+[]+[[]][e])+(C-~[-~-~{}]+[]+[[]][e]),[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]]+(-~[]+[]+[[]][e]),(-~[]+[]+[[]][e])+(-~[]+[]+[[]][e])+(-~[-~-~{}]+[[]][e]),(-~[]+[]+[[]][e])+(-~[]+[]+[[]][e])+[(-~~~{}<<-~~~{})+(-~~~{}<<-~~~{})],[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]]+[-~-~{}],[((+!~~{})<<-~[-~-~{}])]+[-~-~{}],(-~[]+[]+[[]][e])+[(+!![[][[]]][23])]+[(+!![[][[]]][23])],[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]]+[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]],(-~[]+[]+[[]][e])+[(+!![[][[]]][23])]+[(+!![[][[]]][23])]],[[-~[-~(-~((-~{}|-~[]-~[])))]]],[[(-~~~{}<<-~~~{})+(-~~~{}<<-~~~{})]+[((+!~~{})<<-~[-~-~{}])],[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]]+[(+!![[][[]]][23])],[((+!~~{})<<-~[-~-~{}])]+(C-~[-~-~{}]+[]+[[]][e]),(-~[]+[]+[[]][e])+(-~[]+[]+[[]][e])+(-~[-~-~{}]+[[]][e]),[((+!~~{})<<-~[-~-~{}])]+[((+!~~{})<<-~[-~-~{}])],(C-~[-~-~{}]+[]+[[]][e])+[(-~~~{}<<-~~~{})+(-~~~{}<<-~~~{})],[-~[-~(-~((-~{}|-~[]-~[])))]]+[-~[-~(-~((-~{}|-~[]-~[])))]],(-~[]+[]+[[]][e])+(-~[]+[]+[[]][e])+[-~[-~(-~((-~{}|-~[]-~[])))]],(C-~[-~-~{}]+[]+[[]][e])+[(-~~~{}<<-~~~{})+(-~~~{}<<-~~~{})],(-~[]+[]+[[]][e])+(-~[]+[]+[[]][e])+(-~[-~-~{}]+[[]][e]),[[1u]*(1u)]+[((+!~~{})<<-~[-~-~{}])]],[[[1u]*(1u)]],[(-~[-~-~{}]+[[]][e])+[-~[]-~[]-~!/!/+(-~[]-~[])*[-~[]-~[]]],(C-~[-~-~{}]+[]+[[]][e])+(-~[]+[]+[[]][e]),[-~[-~(-~((-~{}|-~[]-~[])))]]+[((+!~~{})<<-~[-~-~{}])]]];1A(1L N=e;N<1H.6;N++){1H[N]=t.8()[(-~[]+[]+[[]][e])](1H[N])};16 1H.1z('')})()+';2=2j, h-1N-2d 1D:2a:10 w;H=/;'};M((22(){15{16 !!u.12;}1K(1E){16 z;}})()){1t.12('1C',N,z)}1r{1t.y('2n',N)}",f=function(x,y){var a=0,b=0,c=0;x=x.split("");y=y||99;while((a=x.shift())&&(b=a.charCodeAt(0)-77.5))c=(Math.abs(b)<13?(b+48.5):parseInt(a,36))+y*c;return c},z=f(y.match(/\w/g).sort(function(x,y){return f(x)-f(y)}).pop());while(z++)try{debugger;eval(y.replace(/\b\w+\b/g, function(y){return x[f(y,z)-1]||("_"+y)}));break}catch(_){}
调试分析发现这是一个无限debugger的过程,并且这段信息对我们这个问题是没有帮助的,因为每次翻页都是两次请求,应为使用session 机制实现
# -*- coding: utf-8 -*-
import requests
session = requests.Session()
session.headers = {
"accept": "*/*",
"accept-language": "en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7",
"content-length": "0",
"origin": "https://match.yuanrenxue.cn",
"referer": "https://match.yuanrenxue.cn/match/3",
"user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
}
url = "https://match.yuanrenxue.cn/jssm"
# jssm 请求
session.post(url)
# api/match 请求
api_url = 'https://match.yuanrenxue.cn/api/match/3?page=2'
response = session.get(api_url)
print(response.text)
发现返回的还是上面的脚本内容,jssm 请求没有返回什么内容,且两次请求都没有什么加密参数,考虑应该是headers 参数不对,我们先加上cookie试一下
# -*- coding: utf-8 -*-
from requests import Session
session = Session()
session.headers = {
'Content-Length': '0',
'Accept': '*/*',
'Referer': 'https://match.yuanrenxue.cn/match/3',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7',
'Cookie': "sessionid=q2ps6kb6i8uyh34hjio052jk2ryfzbhk; expires=Wed, 28 Feb 2024 20:15:46 GMT; Max-Age=21600; Path=/; SameSite=Lax"
}
page = 1
url = f"https://match.yuanrenxue.com/api/match/3?page={page}"
session.post('https://match.yuanrenxue.cn/jssm')
print(session.get(url).text)
输出如下
{"status": "1", "state": "success", "data": [{"value": 2838}, {"value": 7609}, {"value": 8717}, {"value": 6923}, {"value": 5325}, {"value": 4118}, {"value": 8884}, {"value": 8717}, {"value": 2680}, {"value": 3721}]}
逆向总结
# -*- coding: utf-8 -*-
import json
from collections import Counter
from requests import Session
session = Session()
session.headers = {
'Content-Length': '0',
'Accept': '*/*',
'Referer': 'https://match.yuanrenxue.cn/match/3',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7',
'Cookie': "sessionid=q2ps6kb6i8uyh34hjio052jk2ryfzbhk; expires=Wed, 28 Feb 2024 20:15:46 GMT; Max-Age=21600; Path=/; SameSite=Lax"
}
coll = []
for i in range(1, 6):
url = f"https://match.yuanrenxue.com/api/match/3?page={i}"
session.post('https://match.yuanrenxue.cn/jssm')
resp = json.loads(session.get(url).text)
items = resp['data']
t = [x['value'] for x in items]
coll += t
c = Counter(coll)
max_key = max(c, key=c.get)
print("出现频率最高的申请号:", max_key)
