手机建网站步骤软件,免费手工活外发加工网站,自己做网站怎么维护,外贸流程的基本流程图本次目标网址如下#xff0c;使用base64解码后获得 aHR0cHM6Ly9wYW4uYmFpZHUuY29tL3MvMUZsaDBPeGpZamZJTFVZWUQzTm9fVnc 链接提取码为#xff1a;ly12 本次逆向分析分为上下两篇文章说明#xff0c;一为讲解如何从原链接通过逆向拿到下载链接#xff0c;二为逆向登录拿到co… 本次目标网址如下使用base64解码后获得 aHR0cHM6Ly9wYW4uYmFpZHUuY29tL3MvMUZsaDBPeGpZamZJTFVZWUQzTm9fVnc 链接提取码为ly12 本次逆向分析分为上下两篇文章说明一为讲解如何从原链接通过逆向拿到下载链接二为逆向登录拿到cookie因为在获取下载链接的过程中是要登录百度网盘的账号的本文在讲解提取的过程中登录后的cookies先固定死只讲解最后拿到的百度网盘链接后面再讲解逆向登录拿到cookie 解密流程 1、找到下载链接2、分析接口参数3、分析data参数4、分析链接参数5、组装加密接口 1、找到下载链接
下载链接其实非常好找打开network点击下载查看接口协议就能看到如下图 将下载链接跟接口中比对查找后就能发现与dlink字段的值一模一样那么下载链接就在share这个接口里面
2、分析接口参数
我们将share接口复制成curl请求后放到该网站解析
https://curlconverter.com/python/通过转换成python代码后如下 那么本次需要分析的就是data参数和url链接参数
3、分析data参数
这些参数我们逐个研究先从data参数入手这里固定的参数就不再多说了只说变化的参数全局搜索extra字段, 通过试错查找发现在这个位置生成 我们跟进s函数发现就是取出cookie那个extra值就是cookie中的BDCLND由于之前说过本文不涉及登录cookie参数是固定的所以这里就不再往下追究去找cookie的来源了 vcode_input是输入验证码的参数vcode_str是请求验证码时附带的校验参数需要和正确的验证码一起传回去校验验证码是否正确如下图可以找到vcode_str的来源 接着看primaryid参数还是跟栈查找在这个位置 查找流程就不多说了稍微根根就能找到可以发现primaryid就是shareid uk就是share_uk一下子解决两个参数我们再往前跟栈找找查看参数生成的位置 最终我们发现这两个参数都是在请求网页时附带生成, 同样fid_list应该就是文件列表的id也在加载网页时就附带了 至此data参数已经分析完毕
4、分析链接参数
接着我们看请求链接中的参数我们重放请求后最后确定可变的参数如下 fhttps://pan.baidu.com/api/sharedownload?sign{sign}timestamp{timestamp}channelchunleiweb1app_id{appid}bdstoken{bdstoken}logid{logid}clienttype0jsToken{jsToken}dp-logid{dplogid}sign和timestamp在tplconfig接口里面 appid是固定应用idbdstoken在yundata里面 logid是cookie里的BAIDUID dplogid是全局函数window.BpDataInstance.getDpLogId() 至此所有加密参数已经找到
5、组装加密接口
加密接口组装流程如下 初始化进入页面接口-获取sign接口-获取验证码接口-获取下载链接接口 按照流程组装代码如下
response session.get(https://pan.baidu.com/s/1Flh0OxjYjfILUYYD3No_Vw?pwdly12?, headersheaders)# 使用正则表达式提取带有 window.jsToken 的 script 标签内容
pattern rscript\b[^]*([\s\S]*?)\/script
matches re.findall(pattern, response.text)# 遍历匹配到的 script 标签内容
for match in matches:if window.jsToken in match:# print(match)jsToken urllib.parse.unquote(match)jsToken jsToken.split(()[1].split())[0]# 遍历匹配到的 script 标签内容
for match in matches:if window.yunData in match:# 使用正则表达式提取第二个自执行代码块pattern r!function\(\)\s*{([\s\S]*?)}\(\);selfexecutes re.findall(pattern, match)# 输出第二个自执行代码块for selfexecute in selfexecutes:if window.yunData in selfexecute:selfexecutefun selfexecutesign_url https://pan.baidu.com/share/tplconfig?surl download_paramsekey urllib.parse.unquote(cookies.get(BDCLND))jsstr execjs.compile(jsstr.replace({selfexecutes}, selfexecutefun))
yunData jsstr.call(get_yundata)
locals jsstr.call(get_locals)bdstoken yunData.get(bdstoken)
fsid locals.get(file_list)[0].get(fs_id)# 获取sign接口
response session.get(sign_url ffieldssign,timestampchannelchunleiweb1app_id{appid}bdstoken{bdstoken}logid{logid}clienttype0dp-logid{dplogid},headersheaders,
)sign response.json().get(data).get(sign)
timestamp response.json().get(data).get(timestamp)# 请求验证码
response session.get(fhttps://pan.baidu.com/api/getvcode?prodpant0.2430438848136891channelchunleiweb1app_id{appid}bdstoken{bdstoken}logid{logid}clienttype0dp-logid{dplogid},headersheaders,
)
print(response.json())
vcode_str response.json().get(vcode)
img response.json().get(img)# 下载验证码
response session.get(img,cookiescookies,headersheaders, )
with open(vcode.jpg, wb) as f:f.write(response.content)# vcode_str 3332423865633234636166333465663732323763363637363764323966666433666231363236383236373834303030303030303030303030303031373035353639333539FD63FF431D35E2B5D98E13D16C79AEA0
print(1)
# 获取下载链接data {encrypt: 0,extra: {sekey:%s} % sekey,product: share,vcode_input: H4DG,vcode_str: vcode_str,uk: yunData.get(share_uk),primaryid: yunData.get(shareid),fid_list: f[{fsid}],path_list: ,vip: 2,
}response session.post(fhttps://pan.baidu.com/api/sharedownload?sign{sign}timestamp{timestamp}channelchunleiweb1app_id{appid}bdstoken{bdstoken}logid{logid}clienttype0jsToken{jsToken}dp-logid{dplogid},headersheaders,datadata,
)
print(response.text)
dlink response.json().get(list)[0].get(dlink)
server_filename response.json().get(list)[0].get(server_filename)response session.get(dlink,cookiescookies,headersheaders,
)
print(response)
print(server_filename, len(response.content))
with open(server_filename, wb) as f:f.write(response.content)用到的js补环境如下navigator实际上并没有用到那么多我使用一键获取懒得删用不着的变量了
window global;navigator {vendorSub: ,productSub: 20030107,vendor: Google Inc.,maxTouchPoints: 0,scheduling: {},userActivation: {},doNotTrack: null,geolocation: {},connection: {},plugins: {0: {0: {},1: {}},1: {0: {},1: {}},2: {0: {},1: {}},3: {0: {},1: {}},4: {0: {},1: {}}},mimeTypes: {0: {},1: {}},pdfViewerEnabled: true,webkitTemporaryStorage: {},webkitPersistentStorage: {},hardwareConcurrency: 8,cookieEnabled: true,appCodeName: Mozilla,appName: Netscape,appVersion: 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36,product: Gecko,language: zh-CN,languages: [zh-CN,zh],onLine: true,webdriver: false,deprecatedRunAdAuctionEnforcesKAnonymity: false,bluetooth: {},clipboard: {},credentials: {},keyboard: {},managed: {},mediaDevices: {},storage: {},serviceWorker: {},virtualKeyboard: {},wakeLock: {},deviceMemory: 8,cookieDeprecationLabel: {},login: {},ink: {},hid: {},locks: {},gpu: {},mediaCapabilities: {},mediaSession: {},permissions: {},presentation: {},usb: {},xr: {},serial: {},windowControlsOverlay: {},userAgentData: {brands: [{brand: Not_A Brand,version: 8},{brand: Chromium,version: 120},{brand: Google Chrome,version: 120}],mobile: false,platform: Windows}
}location {ancestorOrigins: {},href: https://pan.baidu.com/s/1TBy2gI-PUz2P_SWjCjq-ww?pwdd1g1,origin: https://pan.baidu.com,protocol: https:,host: pan.baidu.com,hostname: pan.baidu.com,port: ,pathname: /s/1TBy2gI-PUz2P_SWjCjq-ww,search: ?pwdd1g1,hash:
}document {}locals {set: function(k, v){//console.log(k,v);this[k] v},mset: function(v){this.data v}
}require(./bpdatajs-sdk-min-1.3.3.js)if (window.BpData) {window.BpDataInstance new BpData({serverId: 13328,from: main,page: share_common_page,parasitifer: web})
}{selfexecutes}function getDpLogId(){/*for(var i 0;i 40;i ){window.BpDataInstance.getDpLogId()}*/return window.BpDataInstance.getDpLogId()
}function get_yundata(){return window.yunData;
}
function get_locals(){return locals.data;
}
function get_servertime(){return locals.servertime;
}//console.log(locals);最后也能成功下载文件到本地
