当前位置: 首页 > news >正文

【js逆向案例三】瑞数6

news 2025/11/4 10:24:24

总结一下瑞数

这几天一直在做瑞数6,发现基本上简单的都不需要补什么原型链,而且补原型链的话,还有可能不成功,而且也不能环境补的太完美,补的太完美的话,也容易报错,就是很烦人,其实也不是很难,就差不多补一下,然后测试一下,就基本上可以了。

let setProxyArr = function (proxyObjArr) {for (let i = 0; i < proxyObjArr.length; i++) {const handler = `{get:function(target,property,receiver){console.log("方法:","get","对象","${proxyObjArr[i]}","属性:",
property,"属性类型:",typeof property,"属性值:",target[property],"属性值类型:",typeof target[property]);
return Reflect.get(...arguments)},set:function(target,property,value,receiver){console.log("方法:","set","对象:","${proxyObjArr[i]}","属性:",
property,"属性类型:",typeof property,"属性值:",value,"属性值类型:",typeof target[property]);return Reflect.set(...arguments);}}`;eval(`try{${proxyObjArr[i]};${proxyObjArr[i]} = new Proxy(${proxyObjArr[i]},${handler});} catch (e){${proxyObjArr[i]} = {};${proxyObjArr[i]} = new Proxy(${proxyObjArr[i]},${handler});}`);}
}function watch(object) {const handler = {get: function (target, property, receiver) {if (property.includes('application')) {debugger;}if (property !== 'isNaN' && property !== 'encodeURI' && property !== "Uint8Array" && property !== 'undefined' && property !== 'JSON') {console.log("方法:", "get", "对象", target, "属性:",property, "属性类型:", typeof property, "属性值:", target[property], "属性值类型:", typeof target[property]);}return Reflect.get(...arguments)},set: function (target, property, value, receiver) {console.log("方法:", "set", "对象:", target, "属性:",property, "属性类型:", typeof property, "属性值:", value, "属性值类型:", typeof target[property]);return Reflect.set(...arguments);}}return objectreturn new Proxy(object, handler)
}window = globalThis
window.top = window
window.self = window
window.window = windowwindow.setInterval = function setInterval() {
}
window.setTimeout = function setTimeout() {
}
window.clearTimeout = function clearTimeout() {
}
window.DOMParser = function DOMParser() {
}
window.addEventListener = function addEventListener() {// console.log("addEventListener", arguments)
}
window.attachEvent = function attachEvent() {// console.log("attachEvent", arguments)
}window.indexedDB = watch({}, 'indexedDB')
window.name = ''
window.ActiveXObject = undefined
window.XMLHttpRequest = function XMLHttpRequest() {
}document = {visibilityState: "visible",createElement: function createElement(tagName){if (tagName === "div") {return watch({getElementsByTagName: function getElementsByTagName(tagName){if (tagName === "i"){return {length:0}}}}, "div")}// console.log("createElement", arguments)},appendChild: function appendChild() {// console.log("appendChild", arguments)},removeChild: function removeChild() {// console.log("removeChild", arguments)},getElementById: function getElementById(id) {if (id === "0kWWhDmfQA9h") {return watch({getAttribute: function getAttribute(name) {if (name === "r") {return "m"}},parentNode: {removeChild: function removeChild() {// console.log("removeChild", arguments)}},content: "content文件"}, "0kWWhDmfQA9h")}console.log("getElementById", arguments)},getElementsByTagName: function getElementsByTagName(tagName) {if (tagName === "base") {return {length:0}}if (tagName === "script") {return watch([watch({src: '',innerText: '',getAttribute: function getAttribute(name) {if (name === "r") {return "m"}},parentElement: {removeChild: function removeChild() {// console.log("removeChild", arguments)}}}, "script1"),watch({getAttribute: function getAttribute(name) {if (name === "r") {return "m"}},parentElement: {removeChild: function removeChild() {// console.log("removeChild", arguments)}}}, "script2")], "script")}// console.log("getElementsByTagName", arguments)},addEventListener: function addEventListener() {// console.log("addEventListener", arguments)},attachEvent: function attachEvent() {// console.log("attachEvent", arguments)}
}navigator = {}location = {"ancestorOrigins": {},"href": "","origin": "afda","protocol": "https:","host": "pafafcn","hostname": "pctfafafn","port": "","pathname": "/taff/home","search": "","hash": ""
}history = {}screen = {}localStorage = {"$_YWTU": "zABQbHJqtnenNlfV8QASAKdDbKm.jLJfp2f4ex8l0k9","_$rc": "lxeRdeWb6ekJUCpEPru2pSV70gbMVtCtPfIwae.QpDHJX0_5iVJqKl_t8Wq","__#classType": "localStorage","$_YVTX": "WA"
}
localStorage.setItem = function setItem(key, value) {// console.log("setItem", key, value)
}
localStorage.getItem = function getItem(key) {if (key === "$_YWTU") {return "zABQbHJqtnenNlfV8QASAKdDbKm.jLJfp2f4ex8l0k9"}if (key === "$_YVTX") {return "WA"}if (key === "__#classType") {return "localStorage"}if (key === "_$rc") {return "lxeRdeWb6ekJUCpEPru2pSV70gbMVtCtPfIwae.QpDHJX0_5iVJqKl_t8Wq"}// console.log("getItem", key)
}
localStorage.removeItem = function removeItem(key) {// console.log("removeItem", key)
}sessionStorage = {"$_YWTU": "zABQbHJqtnenNlfV8QASAKdDbKm.jLJfp2f4ex8l0k9","$_YVTX": "WA"
}
sessionStorage.setItem = function setItem(key, value) {// console.log("setItem", key, value)
}
sessionStorage.getItem = function getItem(key) {if (key === "$_YWTU") {return "zABQbHJqtnenNlfV8QASAKdDbKm.jLJfp2f4ex8l0k9"}if (key === "$_YVTX") {return "WA"}if (key === "_$rc") {return null}// console.log("getItem", key)
}
sessionStorage.removeItem = function removeItem(key) {// console.log("removeItem", key)
}// setProxyArr(['window', 'document', 'location', 'history', 'screen', 'navigator'])// require("./ts")
// require("./tsload")
ts文件
tsload文件function get_cookie() {console.log(document.cookie)return document.cookie
}get_cookie()

其中重要的也就是window.ActiveXObject = undefined,还有addEventListener,attachEvent这些还有meta和script标签,补好这些基本上一些简单的都可以过,我这边测试了一下中国海关、中国科学技术馆,中文期刊,药监局,江苏产权,深圳医院,发现都过了

这些都显示成功了,发现不了错误的话可以使用浏览器联调,用vscode

{"type": "node","request": "launch","name": "无环境浏览器联调","skipFiles": ["<node_internals>/**"],"runtimeExecutable": "node-inspect","program": "${workspaceFolder}\\${fileBasename}"}

然后就可以找到错误,请求的代码我放到下边

import requests
import execjs
from lxml import etreesession = requests.session()# 打开补环境文件
with open("env.js", "r", encoding="utf-8") as f:js_code = f.read()# 第一次请求
headers = {}response = session.get("url", headers=headers)cookie = [*response.cookies][0]
cookies = {cookie.name: cookie.value
}
# 第一次请求获取的cookie1
# print(cookie)
# print(response.text)html = etree.HTML(response.text)
# 获取ts文件
ts = html.xpath('//script')[0].text# 获取tsload的文件链接,请求获取内容
tsload_url = 'url' + html.xpath('//script')[1].attrib['src']
tsload = session.get(tsload_url, headers=headers).text# 获取content内容
content = html.xpath('//meta')[1].attrib['content']
print("content内容:", content)# 替换环境文件中的内容
js_code = js_code.replace('ts文件', ts).replace('tsload文件', tsload).replace('content文件', content)# 保存到新的文件中
with open("now.js", "w", encoding="utf-8") as f:f.write(js_code)print("保存成功")# 获取cookie2
cookie2 = execjs.compile(js_code).call('get_cookie')
name, value = cookie2.split('; path')[0].split('=', 1)
cookies[name] = value# 输出最后的cookie
print(cookies)response = session.get("url", headers=headers, cookies=cookies)
print(response.text)
print(response)

http://www.dtcms.com/a/565566.html

相关文章:

  • 等保三级“通关”秘籍:如何化繁为简,高效通过
  • 【文笔碎屑】更深的温柔
  • 建设网站费用明细北京市建设工程资源交易网
  • gateface做网站文章类型网站
  • Spring Boot3零基础教程,StreamAPI 介绍,笔记98
  • windows-scoop管理jdk版本
  • 构建轻量级Thrift服务自动化部署Pipeline
  • 什么是seo优化?广州网站seo推广
  • OUC AI Lab第五章:生成式对抗网络 Diffusion
  • JAVA113 Leecode 3 无重复字符的最长字串
  • 给上市公司做网站有什么用ui设计软件sketch
  • 【05】JMeter导出接口 保存文件到本地
  • linux怎么使用wordpress网站关键词优化方法
  • 【每日一个AI小知识】:什么是多模态AI?
  • NumPy 全面指南:使用技巧、安全实践与生态对比
  • 【IC】NoC设计入门 -- 流控 Flow Control 与交换 Switching
  • 泉州网站建设费用dw制作网站网页模板
  • 网站建设费用组成提高工作效率的方法有哪些
  • PyQt5(八):ui设置为可以手动随意拉伸功能
  • 小迪安全v2023学习笔记(一百四十三讲)—— Win系统权限提升篇AD内网域控NetLogonADCSPACKDCCVE漏洞
  • 傻瓜动态建站 工具做照片书的网站
  • 【开题答辩过程】以《基于Spring Boot的相机租赁系统》为例,不会开题答辩的可以进来看看
  • 酷站网优设网页
  • 课后作业-2025-11-02
  • 一些sparksql的面试题
  • 数据结构(17)
  • 企业级 SaaS 服务 AI 优化全解析:从线索获取到续约的 7 个核心策略
  • MAC-SQL论文 总结
  • 网站挂马怎么处理网站的域名证书
  • 网站关键词优化的方法icp备案网站接入信息ip地址段