瑞数——网上房地产补环境cookie及后缀XJlCTRRM获取
瑞数——网上房地产补环境cookie及后缀XJlCTRRM获取
- 逆向地址
- 请求大致流程
- 第一次请求
- 第二次请求
- 获取数据内容请求
- 补环境
- 前期准备
- 组装开始补环境
- 补完效果
- 后缀的获取
- 最终的效果
逆向地址
aHR0cHM6Ly93d3cuZmFuZ2RpLmNvbS5jbi9uZXdfaG91c2UvbmV3X2hvdXNlX2xpc3QuaHRtbA==
请求大致流程
第一次请求
记得之前是瑞数4代,现在好像是升级了,但是流程基本相同
第二次请求
获取数据内容请求
补环境
前期准备
Python通过request库请求,然后通过etree去解析HTML内容把content、ts代码、外链js路径(通过request请求获取内容)提取出来分别保存为content.js 、ts.js 、func.js
代码如下
def down_js(UA1L1zGonajvO: str, js_path: str, js_name: str) -> None:cookies = {'UA1L1zGonajvO': UA1L1zGonajvO,}headers = {'Host': 'www.fangdi.com.cn','sec-ch-ua-platform': '"Windows"','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36','sec-ch-ua': '"Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"','sec-ch-ua-mobile': '?0','Accept': '*/*','Sec-Fetch-Site': 'same-origin','Sec-Fetch-Mode': 'no-cors','Sec-Fetch-Dest': 'script','Referer': 'https://www.fangdi.com.cn/new_house/new_house_list.html','Accept-Language': 'zh-CN,zh;q=0.9',# 'Cookie': 'UA1L1zGonajvO=60OGpu6.gocgJ38eA_nXkt8t1R6vPD8mIfVGqQ0xWtIKuYact64phFfxnLObBz7jTcDgcJgl1g1GTp4Gc8k8wUNa',}response = requests.get('https://www.fangdi.com.cn' + js_path, cookies=cookies,headers=headers)with open(js_name, "wb") as f:f.write(response.content)f.close()logger.info(f'成功获取外链js文件:{js_name}')return Nonedef first_req() -> str:headers = {'Host': 'www.fangdi.com.cn','sec-ch-ua': '"Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"','sec-ch-ua-mobile': '?0','sec-ch-ua-platform': '"Windows"','Upgrade-Insecure-Requests': '1','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36','Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7','Sec-Fetch-Site': 'none','Sec-Fetch-Mode': 'navigate','Sec-Fetch-User': '?1','Sec-Fetch-Dest': 'document','Accept-Language': 'zh-CN,zh;q=0.9',}response = requests.get('https://www.fangdi.com.cn/new_house/new_house_list.html', headers=headers)UA1L1zGonajvO = response.cookies['UA1L1zGonajvO']logger.info(f'成功获取cookie-UA1L1zGonajvO: {UA1L1zGonajvO}')html_text = etree.HTML(response.text)content = html_text.xpath('//meta[2]/@content')[0]logger.info(f'成功获取content:{content}')content_str = 'content = "' + content + '"'with open("content.js", "w", encoding="utf-8") as f:f.write(content_str)f.close()script = html_text.xpath('//head/script[1]/text()')[0]with open("ts.js", "w", encoding="utf-8") as f:f.write(script)f.close()logger.info(f'成功获取ts代码,保存文件:ts.js')js_path = html_text.xpath('//head/script[2]/@src')[0]down_js(UA1L1zGonajvO, js_path, "func.js")with open('first.html', 'wb') as f:f.write(response.content)f.close()return UA1L1zGonajvO
组装开始补环境
require("./content")delete __dirname
delete __filename
delete processfunction getEnvs(proxyObjs) {for (let i = 0; i < proxyObjs.length; i++) {const handler = `{get: function(target, property, receiver) {console.log("方法:", "get ", "对象:", "${proxyObjs[i]}", " 属性:", property, " 属性类型:", typeof property, ", 属性值:", target[property], ", 属性值类型:", typeof target[property]);return target[property];},set: function(target, property, value, receiver) {console.log("方法:", "set ", "对象:", "${proxyObjs[i]}", " 属性:", property, " 属性类型:", typeof property, ", 属性值:", value, ", 属性值类型:", typeof target[property]);return Reflect.set(...arguments);}}`;eval(`try {${proxyObjs[i]};${proxyObjs[i]} = new Proxy(${proxyObjs[i]}, ${handler});} catch (e) {${proxyObjs[i]} = {};${proxyObjs[i]} = new Proxy(${proxyObjs[i]}, ${handler});}`);}
}window = global;
window.top = window;proxyObjs = ['window', 'document', 'location', 'navigator', 'history', 'screen']
setTimeout = function (){}
setInterval = function (){}
getEnvs(proxyObjs);
require("./ts")
require("./func")
function get_cookie(){return document.cookie;
}
get_cookie()
之后就是开始缺啥补啥(没什么好讲的,主要是讲下来太长了)主要是ActiveXObject、a标签、div标签、form、input等等,网上都有的,可以去借鉴一下
补完效果
大致就是这些
后缀的获取
当你补环境能够成功获取cookie之后对于后缀的获取就只差一步了
只需要构造一个XMLHttpRequest
最终的效果
