目标:返回的结果有加密,把结果解密
可以看到返回来的data是加密的,但是加密的数据并没有进行混淆,
这时候我们可以采用直接搜解密:decrypt
直接发先我们的数据书通过aes加密的,我们开始些python代码
from Crypto.Cipher import AES #encrypt加密
from Crypto.Util.Padding import pad # decrypt解密
import base64
def aes_decrypt(data):
key="BE45D593014E4A4EB4449737660876CE".encode("utf-8")#????
iv="A8909931867B0425".encode("utf-8")
aes=AES.new(key=key,mode=AES.MODE_CBC,IV=iv)
raw = pad(data.encode("utf-8"), 16)
aes_bytes = aes.decrypt(raw)
return aes_bytes.decode()
b="MgwXi0KD1jGM575jK3LON58XYQrUR1goy7Unh54JnehzDbDxCXw6piS+aU5c2ocHtQjAN1kXgyHFs2YA3IdDRO2eqznJFVQeokMzj3AT2BQyWT8AO50ASbdIjodPf28rBnIkz+tny7JSoIYDUxZjmBz9S+dJOmo2QzHowt8SZuZOFF81SMbmje5ev1nLnBpG/N8eNBB5lYiJKlyMXVGNQ3nmXce1q2+X/9sfKXlWiQYIRUIKoFys8VjvGw4DWAelTNAqoxkxCyC/nLNs+CrxGBf5baFUfMzXGFzROeoPIsnKyU+4lA86MGvJiHe+vNFwU3gUbPt1Bct9ncqkP3nXhv7Gd5DS1FPhoyczCpRcMYVQsDWR3og8ZltfetZITTJY1lBOFq4+o9Ua8bNZmcTkAe5GgpILtVyvDIV/s3xBX1bfto9Qbuv6uuLOIUC0Lje3GKfA8VRp2YzQSECtDiGmRtCLZQRYeH8XWKG+PNg1inBLn6m6owzG8c+wXlHr3VdmYTWmDAQPCuHTxKUtXI6b0WobIsv7Lto1VAULWXH31DIEogMmjaApRt3yGp2rVnkXVfGd94Za4n57tpmz8i/3hNUiVx9IHJ4sYy9XFk8OZaJs03aX5nFqLZPTz1YhyJOzNAQ9BCXmVDJOUcshQPRtx4id8llLPN+0Anl7cPXhpWbiz2bxqXxSqAPk2WwioaL40vsntwiYf3l6oMz6m08NQTYaAxOFFBRydROPHQ1L8xZ7dhAMuKwGuNHGeW1dB4lHMh9w/+oVhvGaBpaC5UzAzGYXdt1ebc7+UgFh+rWLFXL+39K6pD78EemiiYjAr/Vvai276jsJ+sfseZ1EzbSYP1vxG8YMwesyVX8m+Zjo+fX0Fvex9Ae9Rpken8jPO0clgK1p8wEORGsnWNIeLbKEKt34I++smRSfp0BtS2IwidpxobbbJzrH0Te4mXpdiYYDg8STRCEPgWmaiBriw1JV6I/FUMX8Jc8SEbOEVsV8Id+L0raEWHIdMlbcCKn9lzKJwwkfJUaOzZeVoJJ77X3Hb1Tz7O/lvDAkFjKP/1O6QvSCC7AdKyf7Qew0yTBwKBM6FSf09reNfMOjmmQh3C13+j9z6rVD6XboCscOhQvKhro2v9TO5CJCYaDjeovzzOBE9pgT7YxrDxgbWK0tjss0obOku6QgzV8jqdV781oDfK+KtCNV7RgfWG6+kF9ZO9ecZ5GcIxRSS22JkFjKsvmxnkW1bqZwzIO52BkgQMx/7Eod/LKIuqCmoc41w3wiobBnCEywDEtAmSUBeGdqqn9OPxfdPkz4BTn/qbmhrb001ZA9abvtSGmg9UXMkvZiYZbZRjWiETEeEFMxGdkSt1rEeTZSx/BoqgZ8ZHdqvnSZBmdbU8CaUYT0a3mP50tRnMDclQITKuVrzxE1UxpOm5TNHa3Xj+zjEs42GTIta8ykqG4gBGieDyqHYVtJI+XG/kcZzTEmpdcVVjHaZJKzssVjeOawl6UcYGC6fmggNb04kNZlTZdgyT2TwjPg4c+BpdGuHFDO+wr7cFZMJE//FiBrh05NeLcu7+VeA3BlYV2Mnws="
a=aes_decrypt(b)
print(a)
发下他报错:'utf-8' codec can't decode byte 0xd3 in position 0: invalid continuation byte
我们开始该编码为:gbk,....还是不行,换一种思路来处理,把他该为base64然后编码
from Crypto.Cipher import AES #encrypt加密
from Crypto.Util.Padding import pad # decrypt解密
import base64
def aes_decrypt(data):
key="BE45D593014E4A4EB4449737660876CE".encode("utf-8")#????
iv="A8909931867B0425".encode("utf-8")
aes=AES.new(key=key,mode=AES.MODE_CBC,IV=iv)
# raw = pad(data.encode("utf-8"), 16)
# aes_bytes = aes.decrypt(raw)
# return aes_bytes.decode()
bs = base64.b64decode(data)
print(bs)
resp = aes.decrypt(bs).decode()
return resp
b="MgwXi0KD1jGM575jK3LON58XYQrUR1goy7Unh54JnehzDbDxCXw6piS+aU5c2ocHtQjAN1kXgyHFs2YA3IdDRO2eqznJFVQeokMzj3AT2BQyWT8AO50ASbdIjodPf28rBnIkz+tny7JSoIYDUxZjmBz9S+dJOmo2QzHowt8SZuZOFF81SMbmje5ev1nLnBpG/N8eNBB5lYiJKlyMXVGNQ3nmXce1q2+X/9sfKXlWiQYIRUIKoFys8VjvGw4DWAelTNAqoxkxCyC/nLNs+CrxGBf5baFUfMzXGFzROeoPIsnKyU+4lA86MGvJiHe+vNFwU3gUbPt1Bct9ncqkP3nXhv7Gd5DS1FPhoyczCpRcMYVQsDWR3og8ZltfetZITTJY1lBOFq4+o9Ua8bNZmcTkAe5GgpILtVyvDIV/s3xBX1bfto9Qbuv6uuLOIUC0Lje3GKfA8VRp2YzQSECtDiGmRtCLZQRYeH8XWKG+PNg1inBLn6m6owzG8c+wXlHr3VdmYTWmDAQPCuHTxKUtXI6b0WobIsv7Lto1VAULWXH31DIEogMmjaApRt3yGp2rVnkXVfGd94Za4n57tpmz8i/3hNUiVx9IHJ4sYy9XFk8OZaJs03aX5nFqLZPTz1YhyJOzNAQ9BCXmVDJOUcshQPRtx4id8llLPN+0Anl7cPXhpWbiz2bxqXxSqAPk2WwioaL40vsntwiYf3l6oMz6m08NQTYaAxOFFBRydROPHQ1L8xZ7dhAMuKwGuNHGeW1dB4lHMh9w/+oVhvGaBpaC5UzAzGYXdt1ebc7+UgFh+rWLFXL+39K6pD78EemiiYjAr/Vvai276jsJ+sfseZ1EzbSYP1vxG8YMwesyVX8m+Zjo+fX0Fvex9Ae9Rpken8jPO0clgK1p8wEORGsnWNIeLbKEKt34I++smRSfp0BtS2IwidpxobbbJzrH0Te4mXpdiYYDg8STRCEPgWmaiBriw1JV6I/FUMX8Jc8SEbOEVsV8Id+L0raEWHIdMlbcCKn9lzKJwwkfJUaOzZeVoJJ77X3Hb1Tz7O/lvDAkFjKP/1O6QvSCC7AdKyf7Qew0yTBwKBM6FSf09reNfMOjmmQh3C13+j9z6rVD6XboCscOhQvKhro2v9TO5CJCYaDjeovzzOBE9pgT7YxrDxgbWK0tjss0obOku6QgzV8jqdV781oDfK+KtCNV7RgfWG6+kF9ZO9ecZ5GcIxRSS22JkFjKsvmxnkW1bqZwzIO52BkgQMx/7Eod/LKIuqCmoc41w3wiobBnCEywDEtAmSUBeGdqqn9OPxfdPkz4BTn/qbmhrb001ZA9abvtSGmg9UXMkvZiYZbZRjWiETEeEFMxGdkSt1rEeTZSx/BoqgZ8ZHdqvnSZBmdbU8CaUYT0a3mP50tRnMDclQITKuVrzxE1UxpOm5TNHa3Xj+zjEs42GTIta8ykqG4gBGieDyqHYVtJI+XG/kcZzTEmpdcVVjHaZJKzssVjeOawl6UcYGC6fmggNb04kNZlTZdgyT2TwjPg4c+BpdGuHFDO+wr7cFZMJE//FiBrh05NeLcu7+VeA3BlYV2Mnws="
a=aes_decrypt(b)
print(a)
这时候发现他可以正常了
开始完整带代码
推荐一个网站:copy一个网站的curl,可以简单写出一个下爬虫
https://curlconverter.com/
在编译器中发现:不能请求,使用先data,ts好像一个时间戳,我们去验证, 搜索ts发现js太多了,我们换一种思路,来搜索他的接口
果然是一个时间戳,有python实现
import time
a=int(time.time()*1000)
这时候看请求头是portal-sign签名搞的鬼,我们继续直接搜索
是请求头的参数,在getsing函数加密得到的结果,点进去看
d函数进行加密的我们,缝缝补补高出完整的js代码
可以看到在py中可以实现