yhdm网站点踩小技巧
前言
今天发现这个网站点踩的时候JavaScript没反应,导致只能点赞却无法点踩,怀疑是网站开发者有意为之,但是,这点前端小伎俩怎么能难倒web人呐)
分析
首先ctrl+shift+c查看这个点赞图标,看到:
所以,ctrl+u源代码搜索digg_link:
发现这个JavaScript代码是空的,那么说明JavaScript代码是外部加载的。
全局搜索 .js,发现有12个JavaScript文件,逐个看,在statics/js/home.js这里找到:
那么就可以得到api格式:
[maccms.path]/index.php/ajax/digg.html?mid=[模块ID]&id=[内容ID]&type=down
接下来,轻松找到mid和id,即可直接通过api来点踩:
成功实现零的突破:
自动化脚本实现
由于网站有简单的防重复投票的检测,分析发现与ip无关,那么随机http header即可。
安装库:
pip install requests fake_useragent
代码:
import requests
import random
import time
import argparse
from fake_useragent import UserAgent
def generate_random_headers():
"""生成随机的HTTP请求头"""
ua = UserAgent()
browsers = ['chrome', 'firefox', 'safari', 'edge']
browser = random.choice(browsers)
if browser == 'chrome':
user_agent = ua.chrome
elif browser == 'firefox':
user_agent = ua.firefox
elif browser == 'safari':
user_agent = ua.safari
else:
user_agent = ua.edge
referers = [
'https://www.857fans.com/',
'https://www.857fans.com/index.php',
'https://www.google.com/',
'https://www.baidu.com/',
''
]
languages = [
'zh-CN,zh;q=0.9,en;q=0.8',
'en-US,en;q=0.9',
'zh-TW,zh;q=0.9',
'ja-JP,ja;q=0.9'
]
encodings = [
'gzip, deflate, br',
'gzip, deflate',
'br, gzip, deflate'
]
headers = {
'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': random.choice(languages),
'Accept-Encoding': random.choice(encodings),
'Connection': 'keep-alive',
'Upgrade-Insecure-Requests': '1',
'Cache-Control': random.choice(['no-cache', 'max-age=0']),
'DNT': str(random.choice([0, 1])),
}
referer = random.choice(referers)
if referer:
headers['Referer'] = referer
return headers
def fetch_url(url, max_retries=3):
for attempt in range(max_retries):
try:
session = requests.Session()
headers = generate_random_headers()
print(f"\n{'='*60}")
print(f"第 {attempt + 1} 次请求")
print(f"{'='*60}")
print(f"User-Agent: {headers.get('User-Agent')[:50]}...")
print(f"Referer: {headers.get('Referer', '无')}")
print(f"Accept-Language: {headers.get('Accept-Language')}")
response = session.get(url, headers=headers, timeout=10, allow_redirects=True)
print(f"\n状态码: {response.status_code}")
print(f"响应长度: {len(response.text)} 字符")
print(f"\n响应内容:")
print(response.text)
if response.status_code == 200:
return response
except requests.exceptions.RequestException as e:
print(f"请求失败: {e}")
if attempt < max_retries - 1:
wait_time = random.uniform(1, 3)
print(f"等待 {wait_time:.2f} 秒后重试...")
time.sleep(wait_time)
return None
def main():
parser = argparse.ArgumentParser(description="对目标 URL 发起随机头请求")
parser.add_argument("--mid", type=int, default=1,
help="mid 参数,默认 1")
parser.add_argument("--id", type=int, default=9351,
help="URL 中 id 参数,默认 9351")
parser.add_argument("--type", "-t", default="down",
help="type 参数,默认 down")
parser.add_argument("--num", "-n", type=int, default=5,
help="请求次数,默认 5")
args = parser.parse_args()
url = f"https://www.857fans.com/index.php/ajax/digg.html?mid={args.mid}&id={args.id}&type={args.type}"
print(f"准备发起 {args.num} 次请求到: {url}\n")
for i in range(args.num):
print(f"\n{'#'*60}")
print(f"第 {i + 1}/{args.num} 次请求")
print(f"{'#'*60}")
response = fetch_url(url)
if response:
print("\n✓ 请求成功!")
else:
print("\n✗ 请求失败!")
if i < args.num - 1:
wait_time = random.uniform(2, 5)
print(f"\n等待 {wait_time:.2f} 秒后继续...")
time.sleep(wait_time)
if __name__ == "__main__":
main()
简单使用:
浙公网安备 33010602011771号