Python crawler advanced essential | a live data analysis platform encryption parameter sign analysis
Today website
aHR0cHMlM0EvL3d3dy5ocmRqeXVuLmNvbS8lM0YlMjMvYW5jaG9yTGlzdA==
I was urged to change. Recently, it is approaching a special period, so I am quite busy.
Packet capture analysis and encryption positioning
Today, the encryption of this website is relatively simple, so it is a quick fix.
First look at the request that needs to be analyzed
What we need to capture is the anchor traffic data, and the following request can be located through packet capture analysis
There are two encrypted parameters token and sign in the request header
Analyzing these two parameters can be analyzed in two ways: parameter name retrieval and xhr breakpoint. Here, let's briefly retrieve the parameter name.
If you are a novice friend, the analysis method of
xhrbreakpoint can be used to locate the encrypted location by parameter name analysis and try it by yourself to exercise your thinking of analyzing the stack
We directly retrieve sign regardless of whether : is added or not, the results are very many
So try the method mentioned before
When retrieving encrypted parameter names and there are many results, you can analyze and locate them by retrieving other parameter names of the request. Generally, they are submitted together, so they are usually written together
So when you retrieve the parameter tenant, you can see that there are few results, and the valuable results are also obvious
Position again in the second result, you can see the result we need
Hit the breakpoint and refresh the verification conjecture again
You can see that the breakpoint was successfully broken
Let's analyze briefly
The variable f is the parameter sign and its encryption is obtained by V(pe(be(h)) + "&accessSecret=800006").toUpperCase();
The result of the parameter token is obtained by c["a"].globalData.token;
Now as long as the executed function is deducted, the parameter generation can be completed if it can run through.
Encryption logic analysis
Let's take a look at the parameter token
Judging from the name, this parameter is a global variable, but after searching, it is found that this parameter has no search results, and there is no change after multiple refreshes.
I switched to other browsers for testing, and the value of this parameter did not change after multiple refreshes. So this parameter may be a logo generated by the combination of account + browser environment. It is only a bluff, and it is treated as a fixed value. it is good
Look at the parameter sign
You can see that its encryption is obtained by V(pe(be(h)) + "&accessSecret=800006").toUpperCase();, so let's look at it step by step
The first execution is be(h)
It seems that there is no special operation, let's verify it
Continue to verify pe(be(h)
You can see that pe uses = to splice the parameters together
Continue to look at V(), the parameter passed in at this time is days=3&accessSecret=800006
At the same time, pass it into the code of X(Q(K(e))), we continue to debug
At the same time use console to assist debugging
Method K changes the parameters to CharCode
Here because our parameters are composed of English and numbers, there is no change
Next, continue to analyze the method Q, and the auxiliary debugging results of console show that Q also does a series of bit operations
I didn’t analyze what it was, just pick it out
Look at X after getting the result of Q
The W here is the fixed value 0
We can get the following results by directly importing the code
You can see the same result as the browser
After the uppercase conversion, it is exactly the same as the request submitted
Then just pass in the Python script directly
Okay, that’s all for today, let’s meet again next time~
[ Finish]