Python处理JS加密和混淆算法获取__jsl_clearance(一)
__jsl_clearance这个Cookie变量很多网站都在使用,目前很多网站的Js都已处理过了JS的算法
比如加入了一些其他语言没法直接调用Js代码获取到值出现错误的问题,今天我来教大家如何
处理这些干扰拿到结果。
使用抓包工具抓到某一个网站的数据,第一个请求返回521,一段JS加密算法,拿到加密结果
发第二次请求,可以正常请求返回200,代码如下:
<script>var x="@@join@g@36@__jsl_clearance@false@parseInt@location@@@rOm9XFMtA3QKV7nYsPGT4lifyWwkq5vcjH2IdxUoCbhERLaz81DNB6@firstChild@@2F9k@hantom@@0xEDB88320@56@RegExp@e@2FMLE@@m0@else@8@fromCharCode@for@match@GMT@href@challenge@__p@19@d@@@@@@catch@29@while@@captcha@JYf@as@JgSe0upZ@s@charAt@onreadystatechange@Expires@@try@@@@0@charCodeAt@2@replace@18@@@06@length@eval@toLowerCase@@1500@cookie@f@function@@reverse@toString@substr@@new@@@Path@@a@@@chars@Sun@1534655216@return@@@Aug@if@DOMContentLoaded@@https@@var@@@search@D@String@@@window@Array@@2BAz@addEventListener@@@0xFF@@document@createElement@div@@@@attachEvent@setTimeout@split@g9@innerHTML@1@pathname".replace(/@*$/,"").split("@"),y="25 2l=1q(){2t('9.v=9.2y+9.28.1e(/[\\?|&]J-w/,\\'\\')',1n);2m.1o='6=1G.G|1b|'+(1q(){25 2=[1q(2l){1H 2l},1q(2){1H 2},(1q(){25 2l=2m.2n('2o');2l.2w='<1B v=\\'/\\'>2r</1B>';2l=2l.d.v;25 2=2l.t(/23?:\\/\\//)[1b];2l=2l.1u(2.1j).1l();1H 1q(2){s(25 2r=1b;2r<2.1j;2r++){2[2r]=2l.13(2[2r])};1H 2.3('')}})()],2r=[[(+!2d['x'+'g'+'10'])]+[(+!2d['x'+'g'+'10'])],([-~{}-~{}]*((-~{}-~{}^-~[]))+[]+[[]][1b]),[(+!2d['x'+'g'+'10'])]+(-~{}-~{}+[]),(-~~~{}-~[(-~![]+[~~[]])/[((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10']))]]+[[]][1b]),(-~((1d)*[(((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10'])))*[((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10']))]])+[]+[[]][1b]),((-~{}-~{}^-~[])+[]+[]),[(+!2d['x'+'g'+'10'])]+[~~{}],(-~{}-~{}+[]),[~~{}],[([((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10']))]+~~''>>((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10'])))],[(-~~~{}+[((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10']))]>>((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10'])))+([((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10']))]+~~''>>((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10'])))],[-~-~[]-~-~[]],[(+!2d['x'+'g'+'10'])]];s(25 2l=1b;2l<2r.1j;2l++){2r[2l]=2[[1b,2x,1d,2x,1b,2x,1b,2x,1d,1b,2x,1b,2x][2l]]([[[(+!2d['x'+'g'+'10'])]+(-~{}-~{}+[])],'29','o','K%2g%m',((-~{}-~{}^-~[])+[]+[]),[[]-{}+[]][1b].13(1d),'2v','l','12%f%',[{}+[]+[[]][1b]][1b].13(-~{}+[~~{}]-(-~{})),(!~~''+[]).13((+!2d['x'+'g'+'10']))+[!''+[[]][1b]][1b].13(~~{})+[!{}+[]+[]][1b].13((-~-~[]<<(+!2d['x'+'g'+'10']))),({}+[]+[[]][1b]).13((1d)*[(((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10'])))*[((+!2d['x'+'g'+'10'])<<(+!2d['x'+'g'+'10']))]]),[[-~-~[]-~-~[]]]][2r[2l]])};1H 2r.3('')})()+';15=1F, y-1K-1f 1i:1i:j u;1z=/;'};20((1q(){17{1H !!2d.2h;}F(l){1H 7;}})()){2m.2h('21',2l,7)}p{2m.2s('14',2l)}",f=function(x,y){var a=0,b=0,c=0;x=x.split("");y=y||99;while((a=x.shift())&&(b=a.charCodeAt(0)-77.5))c=(Math.abs(b)<13?(b+48.5):parseInt(a,36))+y*c;return c},z=f(y.match(/\w/g).sort(function(x,y){return f(x)-f(y)}).pop());while(z++)try{eval(y.replace(/\b\w+\b/g, function(y){return x[f(y,z)-1]||("_"+y)}));break}catch(_){}</script>
分析上面的Js,在本地新建一个Html,打开网站的JS代码格式化工具箱,格式化上面的代码,把代码放入Html中
直接放进去都可以,用Chrome浏览器打开调试,打开发者工具箱查看代码结果
一段错误值,还在不停的刷新,接下来分析下代码,使用Notepad++打开文件
通过分析得出这一段在起作用,一起在循环,eval返回了错误,肯定是从这返回了值
把eval修改成console.log打印返回值到控制台,修改后保存,重新刷新
复制上面的代码,格式化工具箱处理分析,其实上面就是一段JS的密代码,最关键是这打印的这一段代码,格式化后如下
1 var _2l = function() { 2 setTimeout('location.href=location.pathname+location.search.replace(/[\?|&]captcha-challenge/,\'\')', 1500); 3 document.cookie = '__jsl_clearance=1534655216.29|0|' + (function() { 4 var _2 = [function(_2l) { 5 return _2l 6 }, 7 function(_2) { 8 return _2 9 }, 10 (function() { 11 var _2l = document.createElement('div'); 12 _2l.innerHTML = '<a href=\'/\'>_2r</a>'; 13 _2l = _2l.firstChild.href; 14 var _2 = _2l.match(/https?:\/\//)[0]; 15 _2l = _2l.substr(_2.length).toLowerCase(); 16 return function(_2) { 17 for (var _2r = 0; _2r < _2.length; _2r++) { 18 _2[_2r] = _2l.charAt(_2[_2r]) 19 }; 20 return _2.join('') 21 } 22 })()], 23 _2r = [[( + !window['__p' + 'hantom' + 'as'])] + [( + !window['__p' + 'hantom' + 'as'])], ([ - ~ {} - ~ {}] * (( - ~ {} - ~ {} ^ -~ [])) + [] + [[]][0]), [( + !window['__p' + 'hantom' + 'as'])] + ( - ~ {} - ~ {} + []), ( - ~~~ {} - ~ [( - ~ ! [] + [~~ []]) / [(( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))]] + [[]][0]), ( - ~ ((2) * [((( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))) * [(( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))]]) + [] + [[]][0]), (( - ~ {} - ~ {} ^ -~ []) + [] + []), [( + !window['__p' + 'hantom' + 'as'])] + [~~ {}], ( - ~ {} - ~ {} + []), [~~ {}], [([(( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))] + ~~'' >> (( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as'])))], [( - ~~~ {} + [(( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))] >> (( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))) + ([(( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))] + ~~'' >> (( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as'])))], [ - ~ - ~ [] - ~ - ~ []], [( + !window['__p' + 'hantom' + 'as'])]]; 24 for (var _2l = 0; _2l < _2r.length; _2l++) { 25 _2r[_2l] = _2[[0, 1, 2, 1, 0, 1, 0, 1, 2, 0, 1, 0, 1][_2l]]([[[( + !window['__p' + 'hantom' + 'as'])] + ( - ~ {} - ~ {} + [])], 'D', 'm0', 'JYf%2BAz%2FMLE', (( - ~ {} - ~ {} ^ -~ []) + [] + []), [[] - {} + []][0].charAt(2), 'g9', 'e', 's%2F9k%', [{} + [] + [[]][0]][0].charAt( - ~ {} + [~~ {}] - ( - ~ {})), (!~~'' + []).charAt(( + !window['__p' + 'hantom' + 'as'])) + [!'' + [[]][0]][0].charAt(~~ {}) + [!{} + [] + []][0].charAt(( - ~ - ~ [] << ( + !window['__p' + 'hantom' + 'as']))), ({} + [] + [[]][0]).charAt((2) * [((( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))) * [(( + !window['__p' + 'hantom' + 'as']) << ( + !window['__p' + 'hantom' + 'as']))]]), [[ - ~ - ~ [] - ~ - ~ []]]][_2r[_2l]]) 26 }; 27 return _2r.join('') 28 })() + ';Expires=Sun, 19-Aug-18 06:06:56 GMT;Path=/;' 29 }; 30 if ((function() { 31 try { 32 return !! window.addEventListener; 33 } catch(e) { 34 return false; 35 } 36 })()) { 37 document.addEventListener('DOMContentLoaded', _2l, false) 38 } else { 39 document.attachEvent('onreadystatechange', _2l) 40 }
把上面的Js代码入到刚才的Html文件中,Script中间,保存后继续刷新浏览器看结果
按图上所说的修改代码如下,为便于查看结果,把document.cookie =修改为console.log()后面的括号一定要找到
正确的位置,修改后如下图所示
保存后继续刷新代码,看结果,奇迹出现了
结果出现在了控制台中,这就是我们所需要的值,再去比如下抓包工具返回的值,验证下正确性
Cookie: __jsl_clearance=1534655216.29|0|Og99ebJYf%2BAz%2FMLErtem0mNs%2F9k%3D
__jsl_clearance=1534655216.29|0|Og99ebJYf%2BAz%2FMLErtem0mNs%2F9k%3D;Expires=Sun, 19-Aug-18 06:06:56 GMT;Path=/;
上面的两个值完全一样,说成成功了,到此为此分析JS的问题可以完成了
接下来用Python实现我们手动操作的部分,详见下一个教程
浙公网安备 33010602011771号