当前位置：首页 > news >正文

【js逆向入门】图灵爬虫练习平台第九题

news 来源：原创 2025/5/2 4:04:36

地址：aHR0cHM6Ly9zdHUudHVsaW5ncHl0b24uY24vcHJvYmxlbS1kZXRhaWwvOS8=

f12进入了debugger，右击选择一律不在此处暂停，点击继续执行

查看请求信息

查看载荷，2个加密参数，m和tt

查看启动器，打上断点

进来

往下滑就能找到对应参数生成的位置

这个e数组就是执行顺序

f的求解

接着 case 6

接着 case 7

接着 case 2

———————————————————————————————————————————

载荷中m的求解：

进到这个c函数，看返回结果

代码：

// 引入 CryptoJS
const CryptoJS = require("crypto-js");

var f = (new Date)["getTime"]();
console.log(f);

var payload_m = CryptoJS.HmacSHA1("9527" + f, "xxxooo").toString();

console.log(payload_m);

结果：

———————————————————————————————————————————

载荷中 tt 的求解：

代码：

tt = btoa(f)
console.log(tt)

———————————————————————————————————————————

py代码：

import json
import subprocess
from functools import partial
import time
import requests

subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
import execjs

base_url = 'https://stu.tulingpyton.cn/api/problem-detail/9/data/'

sum = 0
for pageNumber in range(1, 21):

    with open("tuling_9.js") as f:
        jscode = f.read()

    js = execjs.compile(jscode)
    result = js.call("run")
    m = result[0]
    tt = result[1]
    print(m, tt)

    headers = {
        "authority": "stu.tulingpyton.cn",
        "method": "POST",
        "path": "/api/problem-detail/9/data/",
        "scheme": "https",
        "accept": "*/*",
        "accept-encoding": "gzip, deflate, br, zstd",
        "accept-language": "zh-CN,zh;q=0.9",
        "content-length": "85",
        "content-type": "application/json",
        "cookie": "Hm_lvt_b5d072258d61ab3cd6a9d485aac7f183=1742636212; HMACCOUNT=B88D03FCE9EB9B74; sessionid=340601jxoe4omfo21a6g88elw8m3xz9c; Hm_lpvt_b5d072258d61ab3cd6a9d485aac7f183=1742636343",
        "origin": "https://stu.tulingpyton.cn",
        "priority": "u=1, i",
        "referer": "https://stu.tulingpyton.cn/problem-detail/9/",
        "sec-ch-ua": "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\"",
        "sec-ch-ua-mobile": "?0",
        "sec-ch-ua-platform": "\"Windows\"",
        "sec-fetch-dest": "empty",
        "sec-fetch-mode": "cors",
        "sec-fetch-site": "same-origin",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
        "x-requested-with": "XMLHttpRequest",
    }

    # 请求载荷
    payload = {
        "m": m,
        "page": pageNumber,
        "tt":tt
    }
    res = requests.post(base_url, headers=headers, json=payload)
    json_data = res.json()
    response_data = res.text
    print(json_data)
    result = json.loads(response_data)
    for j in result['current_array']:
        sum += j

print(sum)

js代码：

// 引入 CryptoJS
const CryptoJS = require("crypto-js");

function run() {
    f = (new Date)["getTime"]();
    m = CryptoJS.HmacSHA1("9527" + f, "xxxooo").toString();
    tt = btoa(f)
    return [m,tt]
}

运行结果：