js逆向是让爬虫萌新们比较头疼的一块领域,因为市面上大部分的爬虫书籍等教程都未涉及这方面知识,需要爬取用js加密的网站时常常无从下手,只能使用selenium等自动化框架来模拟人工点击。但这种方式往往效率低下,
本教程所有配套资料索取方式如下:
点赞三连后Q裙搜索:652892456找管理员获取(或直接加小助理微信:python5180 ){备注:UR的出不克}
学习或其他资料也可+Q群:652892456,告别孤单,共同进步!
对于爬虫来说,进行逆向可能才算真正开始入了门,似乎绝大部分的网站都有了加密数据。仅仅是requests是获取不到数据的,真实的数据被通过多种加密方式隐藏了起来,列如;文本数据内容加密、图片数据链接加密、视频数据m3u8链接加密、签名加密、post数据加密、请求头参数加密等。
对于网站来说,有了反爬可以避免大部分的爬虫程序;但爬虫也有了反反爬来对应解决。而js加密也就有了js逆向,如果要进行逆向就要有相对应的环境和js代码,通过在自己的电脑上复现加密过程以此来破解加密。逆向路漫漫
这次进行逆向的入门案例讲解《百度翻译》
百度翻译的js是sign加密,我们首先打开f12刷新页面后查看我们进行翻译后的结果
找到了接口查看携带的数据
通过对接口进行xhr断点,然后刷新页面,就行搜索关键词《sign: 》找到sign的位置
可以看到sign是b方法传入了e参数得到的,e参数是我们要翻译的内容
鼠标指针在b上面悬浮,可以进入到b方法里
t.exports = function(t) {
var o, i = t.match(/[\uD800-\uDBFF][\uDC00-\uDFFF]/g);
if (null === i) {
var a = t.length;
a > 30 && (t = "".concat(t.substr(0, 10)).concat(t.substr(Math.floor(a / 2) - 5, 10)).concat(t.substr(-10, 10)))
} else {
for (var s = t.split(/[\uD800-\uDBFF][\uDC00-\uDFFF]/), c = 0, u = s.length, l = []; c < u; c++)
"" !== s[c] && l.push.apply(l, function(t) {
if (Array.isArray(t))
return e(t)
}(o = s[c].split("")) || function(t) {
if ("undefined" != typeof Symbol && null != t[Symbol.iterator] || null != t["@@iterator"])
return Array.from(t)
}(o) || function(t, n) {
if (t) {
if ("string" == typeof t)
return e(t, n);
var r = Object.prototype.toString.call(t).slice(8, -1);
return "Object" === r && t.constructor && (r = t.constructor.name),
"Map" === r || "Set" === r ? Array.from(t) : "Arguments" === r || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r) ? e(t, n) : void 0
}
}(o) || function() {
throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")
}()),
c !== u - 1 && l.push(i[c]);
var p = l.length;
p > 30 && (t = l.slice(0, 10).join("") + l.slice(Math.floor(p / 2) - 5, Math.floor(p / 2) + 5).join("") + l.slice(-10).join(""))
}
for (var d = "".concat(String.fromCharCode(103)).concat(String.fromCharCode(116)).concat(String.fromCharCode(107)), h = (null !== r ? r : (r = window[d] || "") || "").split("."), f = Number(h[0]) || 0, m = Number(h[1]) || 0, g = [], y = 0, v = 0; v < t.length; v++) {
var _ = t.charCodeAt(v);
_ < 128 ? g[y++] = _ : (_ < 2048 ? g[y++] = _ >> 6 | 192 : (55296 == (64512 & _) && v + 1 < t.length && 56320 == (64512 & t.charCodeAt(v + 1)) ? (_ = 65536 + ((1023 & _) << 10) + (1023 & t.charCodeAt(++v)),
g[y++] = _ >> 18 | 240,
g[y++] = _ >> 12 & 63 | 128) : g[y++] = _ >> 12 | 224,
g[y++] = _ >> 6 & 63 | 128),
g[y++] = 63 & _ | 128)
}
for (var b = f, w = "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(97)) + "".concat(String.fromCharCode(94)).concat(String.fromCharCode(43)).concat(String.fromCharCode(54)), k = "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(51)) + "".concat(String.fromCharCode(94)).concat(String.fromCharCode(43)).concat(String.fromCharCode(98)) + "".concat(String.fromCharCode(43)).concat(String.fromCharCode(45)).concat(String.fromCharCode(102)), x = 0; x < g.length; x++)
b = n(b += g[x], w);
return b = n(b, k),
(b ^= m) < 0 && (b = 2147483648 + (2147483647 & b)),
"".concat((b %= 1e6).toString(), ".").concat(b ^ f)
}
},
这些js代码就是加密的方法,我们把他复制粘贴到pycharm里新建一个js文件
重新定义方法,
把 t.exports = function(t) { 改为 function sign_get (t) {这样就定义了一个函数sign_get,在最下面进行使用打印输出
console.log(sign_get('你好'))接着报错r不存在,把鼠标指针放到r上可以看到r
ReferenceError: r is not defined
r = 320305.131321201
所以我们要在最前面定义r,接着运行代码
var r =320305.131321201提示ReferenceError: n is not defined n是不存在的,我们接着找n ;n是一个函数我们接着复制粘贴
function n(t, e) {
for (var n = 0; n < e.length - 2; n += 3) {
var r = e.charAt(n + 2);
r = "a" <= r ? r.charCodeAt(0) - 87 : Number(r),
r = "+" === e.charAt(n + 1) ? t >>> r : t << r,
t = "+" === e.charAt(n) ? t + r & 4294967295 : t ^ r
}
return t
}接着报错,意思是不能用split ;我们去找这段话的原本含义
TypeError: (intermediate value)(intermediate value)(intermediate value).split is not a function
我们直接定义h h = ["320305","131321201"] 对报错部分进行替换;再次运行可以得到一串数字
这样js部分就算做好了,接下来就是python的部分;这里我使用的是execjs和requests模块进行
具体的我就不再说了,可以百度;data的query参数就是需要翻译的内容
import requests
import execjs
url = 'https://fanyi.baidu.com/v2transapi?from=zh&to=en'
with open('02.js', 'r', encoding='gbk') as f:
jscode=f.read()
ctx=execjs.compile(jscode).call('sign_get','你好')
data = {
'from': 'zh',
'to': 'en',
'query': '你好',
'simple_means_flag': '3',
'sign': ctx,
'token': '11a94bd45d61b3b48a3c62ed23846c93',
'domain': 'common'
}
header = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
'Cookie': '__bid_n=184f9e0d59fd2163d74207; FEID=v10-f9209600d41db38bdd49f7105816939b3640ce45; APPGUIDE_10_0_2=1; REALTIME_TRANS_SWITCH=1; FANYI_WORD_SWITCH=1; HISTORY_SWITCH=1; SOUND_SPD_SWITCH=1; SOUND_PREFER_SWITCH=1; BIDUPSID=EDCF141702C9AEB30B1F09861FCEEF3B; PSTM=1671626357; ZFY=uSNCdPepKv6V0w:Ap1ROBN3d3kE4duPUtfgNCMmXGHEI:C; BAIDUID=ABB11C7398F54340A3E3240B4CB40A1B:FG=1; BAIDUID_BFESS=ABB11C7398F54340A3E3240B4CB40A1B:FG=1; __xaf_thstime__=1671991324423; __xaf_fpstarttimer__=1672073992146; FPTOKEN=+AAQsZsUnwhm0Kbm/TLp5Yt3ea6SmcMucbWzft2vs35lTLBEkUkawNoKGxPO2HrehwD8/tRuu6EXaw8SkjSurkgjpaEgQj1PDN7JsvRneUuPxnyUOH6Ja3GmkCZwkcrRhAIjqBpZflCHqX/kchXioFofFvYCE4/Z/fZGCbnzAOvCy9B3zbFkjDZDNmFR+T0g9fhuiAXwxNEsGauZdRta5+8x2sT56ljJTtHAudyiLUCJqjOjvCO+jrmIVMpf0oQDwyodpeYwki3Ku5wvDE7bVvhQ72nUZ3MAirKJSvz1jfHFh6Pa29NRAjlOu4UhV/MNq13SmXtFE2JAxTEUdi5L8RkstuQ2HDrWvOVXzgGXxh4AGbKL5K1o7Wq8BtrVCRRp2YGN2P8FRyPtjXkUTeNVAg==|B9HQxs44fH4NC144O1Chh4kHgA6567PumeFjdVqZ8+s=|10|b280893f65bdc3e9f842f8affd3121c4; __xaf_fptokentimer__=1672073992738; Hm_lvt_64ecd82404c51e03dc91cb9e8c025574=1671618556,1672472502,1672896002; ab_sr=1.0.1_NDVjZWRhNDlhMGZhMzcxZWNmYTg5ODk2OGQ5ZjU2ODMzNWY0MTI5MTBlZGMxNzAyY2MzMTg3NjY1ZGQzODZhNTM0NTdjNGIxNTRiNTFkN2Q1MjA0N2E0ZDkxZGIxZGY3OGQwOTQ1MTE4NzkzM2I2MDNlMTUyN2QzNGU2ZmI0ZGJjYTEwZWNkYjc0MDY4NTY5NGExODlkYWM0NDdkMDExZQ==; Hm_lpvt_64ecd82404c51e03dc91cb9e8c025574=1672897686'
}
response = requests.post(url,headers=header,data=data)
response.encoding='utf-8'
print(response.json())上展示图
这样百度翻译的逆向大概就算是做好了,过几天会写抖音直播的弹幕采集webscoket