2021-09-29 微博扫码登录获取cookie,附带账号密码js逆向解密过程(完结)
2024-05-06 12:17:45
一、前言
作者:tiezhu
接下来就是微博的js逆向了,这里需要使用到WebStorm
WebStorm下载
本文章仅供学习研究,如若侵犯到贵公司权益请联系229456906@qq.com第一时间进行删除;各位朋友切忌用于一切非法途径,否则后果自行承担!
需要使用的库
import base64
import requests
import re
import os
import http.cookiejar as cookielib
# import pickle
import execjs
import time
import json
from PIL import Image
from urllib import parse
二、分析过程
- 来到到微博主页微博主页
- F12打开chrome开发者模式,输入账号密码,这里账号密码以13888888888,123456为例
点击登录之后 一眼就看到了login这个接口,和右边一堆的参数
多点几次可以看到
su
servertime
nonce
rsakv
sp
只有这几个在变化,我们需要破解的就只有账号和密码
在看一下其他接口,可以发现这样一个包含su的
我们对这个su分析一下,按下Ctrl+shift+f
直接搜索su这个参数,出现了很多个,可以慢慢去找,最终锁定了下面这个
格式化之后,搜索su:
发现su:d
d = sinaSSOEncoder.base64.encode(urlencode(d));
打上断点开始调试,查看一下,这个就是咱们需要的账号加密
而且这个su是通过base64计算得来的
可以直接通过pycharm来对其编写
self.username是传入的账号 代码如下:
su = base64.b64encode(parse.quote(self.username).encode('utf-8')).decode('utf-8')
print('账号已加密:',su)
运行结果:
直接搞定,而且这个接口里面返回的数据有以下几个:
和第一步对比下来,发现post表单里面需要的参数
su
servertime
nonce
rsakv
那就剩下了sp了,这个sp会不会是密码呢?
依旧Ctrl+shift+f 去搜索sp,出现了很多js文件,都格式化之后搜索sp找到了下面这个
e.sp = b;
发现上面有这么一句
b = f.encrypt([me.servertime, me.nonce].join("\t") + “\n” + b)
打上断掉调试一下
这里看到是sp的加密之后数据
这下准备扣代码了,打开WebStorm,把这段代码复制上去
这里的三个参数,打印出来看一下
me.rsaPubkey
me.servertime
me.nonce
就是通过su那个接口获取的
在继续看这句加密代码
b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)
在调试界面把鼠标放在f.encrypt会显示如下图这样
点进去 f bt(a) 看一下
把这段代码复制到WebStorm里面去,把加密那一段注释掉运行一下
提示ReferenceError: sinaSSOEncoder is not defined
sinaSSOEncoder没有定义的话,在开头定义在运行看一下
接着又是 navigator is not defined
这个的话,我可以直接给大家一个navigator代码,直接写在开头用就行了
navigator = {// WT-JS_DEBUGappCodeName: "Mozilla",appMinorVersion: "0",appName: "Netscape",appVersion: "5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",browserLanguage: "zh-CN",cookieEnabled: true,cpuClass: "x86",language: "zh-CN",maxTouchPoints: 0,msManipulationViewsEnabled: true,msMaxTouchPoints: 0,msPointerEnabled: true,onLine: true,platform: "Win32",pointerEnabled: true,product: "Gecko",systemLanguage: "zh-CN",userAgent: "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",userLanguage: "zh-CN",vendor: "",vendorSub: "",webdriver: false
}, window = global, window.navigator = navigator;
在运行一下没有报错
现在就可以改写加密代码块了
我们要打印密码查看,就要先写一个函数声明
function pwd() {var f = new sinaSSOEncoder.RSAKey;f.setPublic(me.rsaPubkey, "10001");b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)console.log(b)}
直接运行的话实会报错的,里面的四个参数还没传入
me.rsaPubkey
me.servertime
me.nonce
b
b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)
括号里面的b是传入的初始密码,改成p
把另外三个去掉me.最后调用pwd()这个函数
调用的时候,在网页哪里把
me.rsaPubkey
me.servertime
me.nonce
这几个参数数据复制下来
传参的方式写入函数,就成为这个样子
function pwd(p,servertime,nonce,Pubkey) {var f = new sinaSSOEncoder.RSAKey;f.setPublic(Pubkey, "10001");b = f.encrypt([servertime, nonce].join("\t") + "\n" + p)console.log(b)}
pwd('123456','1632898111','7UMHW2','EB2A38568661887FA180BDDB5CABD5F21C7BFD59C090CB2D245A87AC253062882729293E5506350508E7F9AA3BB77F4333231490F915F6D63C55FE2F08A49B353F444AD3993CACC02DB784ABBB8E42A9B1BBFFFB38BE18D78E87A0E41B9B8F73A928EE0CCEE1F6739884B9777E4FE9E88A1BBE495927AC4A799B3181D6442443')运行结果如下
到这里账号密码就就分析完了
pycharm里面的写完又不一样了
需要通过execjs调用js文件才行
import execjs
在这之前,需要通过预登陆获取以下参数
servertime
nonce
rsakv
pubkey
pcid
预登陆url
'https://login.sina.com.cn/sso/prelogin.php'
部分代码如下:
def pre_login(self):'''预登陆获取数据,这里有反爬,需要加上“Referer”'''self.params = {'entry': 'weibo','callback': 'sinaSSOController.preloginCallBack','su': self.su,'rsakt': 'mod','client': 'ssologin.js(v1.4.19)','_': self.time,}response = s.get(self.pre_url,params=self.params,headers = self.headers)# .content是字节码还要编码,但是.text不是所有时候显示都正常,这是就需要用.content进行手动编码。# 如何修改编码方式:response.content.decode(“utf8”)# eval() 函数用来执行一个字符串表达式,并返回表达式的值。res = eval(response.content.decode('utf-8').replace('sinaSSOController.preloginCallBack', ''))#print(res)return res
需要注意的是这里有个反爬机制,headers里面需要加上“Referer”
self.headers = {'Referer': 'https://weibo.com/','User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}
就能取出下面这几个参数了
pcid = res['pcid']
pubkey = res['pubkey']
rsakv = res['rsakv']
nonce = res['nonce']
servertime = res['servertime']
把之前改写的js代码复制到pycharm里面,pwd()需要改写以下,代码如下:
navigator = {// WT-JS_DEBUGappCodeName: "Mozilla",appMinorVersion: "0",appName: "Netscape",appVersion: "5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",browserLanguage: "zh-CN",cookieEnabled: true,cpuClass: "x86",language: "zh-CN",maxTouchPoints: 0,msManipulationViewsEnabled: true,msMaxTouchPoints: 0,msPointerEnabled: true,onLine: true,platform: "Win32",pointerEnabled: true,product: "Gecko",systemLanguage: "zh-CN",userAgent: "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; InfoPath.3; rv:11.0) like Gecko",userLanguage: "zh-CN",vendor: "",vendorSub: "",webdriver: false
}, window = global, window.navigator = navigator;var sinaSSOEncoder = {};
(function() {function bt(a) {var b = bp(a, this.n.bitLength() + 7 >> 3);if (b == null)return null;var c = this.doPublic(b);if (c == null)return null;var d = c.toString(16);return (d.length & 1) == 0 ? d : "0" + d}function bs(a) {return a.modPowInt(this.e, this.n)}function br(a, b) {if (a != null && b != null && a.length > 0 && b.length > 0) {this.n = bm(a, 16);this.e = parseInt(b, 16)} elsealert("Invalid RSA public key")}c[--b] = 0;var g = new bl, h = [];while (b > 2) {h[0] = 0;while (h[0] == 0)g.nextBytes(h);c[--b] = h[0]}c[--b] = 2;c[--b] = 0;return new d(c)}function bo(a) {return a < 16 ? "0" + a.toString(16) : a.toString(16)}function bn(a, b) {var c = "", d = 0;while (d + b < a.length) {c += a.substring(d, d + b) + "\n";d += b}return c + a.substring(d, a.length)}function bm(a, b) {return new d(a,b)}function bl() {}function bk(a) {var b;for (b = 0; b < a.length; ++b)a[b] = bj()}function bj() {if (bc == null) {bg();bc = ba();bc.init(bd);for (be = 0; be < bd.length; ++be)bd[be] = 0;be = 0}return bc.next()}function bg() {bf((new Date).getTime())}function bf(a) {bd[be++] ^= a & 255;bd[be++] ^= a >> 8 & 255;bd[be++] ^= a >> 16 & 255;bd[be++] ^= a >> 24 & 255;be >= bb && (be -= bb)}function ba() {return new Z}function _() {var a;this.i = this.i + 1 & 255;this.j = this.j + this.S[this.i] & 255;a = this.S[this.i];this.S[this.i] = this.S[this.j];this.S[this.j] = a;return this.S[a + this.S[this.i] & 255]}function $(a) {var b, c, d;for (b = 0; b < 256; ++b)this.S[b] = b;c = 0;for (b = 0; b < 256; ++b) {c = c + this.S[b] + a[b % a.length] & 255;d = this.S[b];this.S[b] = this.S[c];}this.i = 0;this.j = 0}function Z() {this.i = 0;this.j = 0;this.S = []}function Y(a, b) {var c;a < 256 || b.isEven() ? c = new J(b) : c = new Q(b);return this.exp(a, c)}function X(a, b) {if (a > 4294967295 || a < 1)return d.ONE;var c = e(), f = e(), g = b.convert(this), h = y(a) - 1;g.copyTo(c);while (--h >= 0) {b.sqrTo(c, f);if ((a & 1 << h) > 0)b.mulTo(f, g, c);else {var i = c;c = f;f = i}}return b.revert(c)}function W() {return (this.t > 0 ? this[0] & 1 : this.s) == 0}function V(a, b, c) {a.multiplyTo(b, c);this.reduce(c)}function U(a, b) {a.squareTo(b);this.reduce(b)}function T(a) {while (a.t <= this.mt2)a[a.t++] = 0;for (var b = 0; b < this.m.t; ++b) {var c = a[b] & 32767, d = c * this.mpl + ((c * this.mph + (a[b] >> 15) * this.mpl & this.um) << 15) & a.DM;c = b + this.m.t;a[c] += this.m.am(0, d, a, b, 0, this.m.t);while (a[c] >= a.DV) {a[c] -= a.DV;a[++c]++}}a.clamp();a.drShiftTo(this.m.t, a);a.compareTo(this.m) >= 0 && a.subTo(this.m, a)}function S(a) {var b = e();a.copyTo(b);this.reduce(b);return b}function R(a) {var b = e();a.abs().dlShiftTo(this.m.t, b);b.divRemTo(this.m, null, b);a.s < 0 && b.compareTo(d.ZERO) > 0 && this.m.subTo(b, b);return b}function Q(a) {this.m = a;this.mp = a.invDigit();this.mpl = this.mp & 32767;this.mph = this.mp >> 15;this.um = (1 << a.DB - 15) - 1;this.mt2 = 2 * a.t}function P() {if (this.t < 1)return 0;var a = this[0];if ((a & 1) == 0)return 0;var b = a & 3;b = b * (2 - (a & 15) * b) & 15;b = b * (2 - (a & 255) * b) & 255;b = b * (2 - ((a & 65535) * b & 65535)) & 65535;b = b * (2 - a * b % this.DV) % this.DV;return b > 0 ? this.DV - b : -b}function O(a, b) {a.squareTo(b);this.reduce(b)}function N(a, b, c) {a.multiplyTo(b, c);this.reduce(c)}function M(a) {a.divRemTo(this.m, null, a)}function L(a) {return a}function K(a) {return a.s < 0 || a.compareTo(this.m) >= 0 ? a.mod(this.m) : a}function J(a) {this.m = a}function I(a) {var b = e();this.abs().divRemTo(a, null, b);this.s < 0 && b.compareTo(d.ZERO) > 0 && a.subTo(b, b);return b}function H(a, b, c) {var f = a.abs();if (!(f.t <= 0)) {var g = this.abs();if (g.t < f.t) {b != null && b.fromInt(0);c != null && this.copyTo(c);return}c == null && (c = e());var h = e(), i = this.s, j = a.s, k = this.DB - y(f[f.t - 1]);if (k > 0) {f.lShiftTo(k, h);g.lShiftTo(k, c)} else {f.copyTo(h);g.copyTo(c)}var l = h.t, m = h[l - 1];if (m == 0)return;var n = m * (1 << this.F1) + (l > 1 ? h[l - 2] >> this.F2 : 0), o = this.FV / n, p = (1 << this.F1) / n, q = 1 << this.F2, r = c.t, s = r - l, t = b == null ? e() : b;h.dlShiftTo(s, t);if (c.compareTo(t) >= 0) {c[c.t++] = 1;c.subTo(t, c)}d.ONE.dlShiftTo(l, t);t.subTo(h, h);while (h.t < l)h[h.t++] = 0;while (--s >= 0) {var u = c[--r] == m ? this.DM : Math.floor(c[r] * o + (c[r - 1] + q) * p);if ((c[r] += h.am(0, u, c, s, 0, l)) < u) {h.dlShiftTo(s, t);c.subTo(t, c);while (c[r] < --u)c.subTo(t, c)}}if (b != null) {c.drShiftTo(l, b);i != j && d.ZERO.subTo(b, b)}c.t = l;c.clamp();k > 0 && c.rShiftTo(k, c);i < 0 && d.ZERO.subTo(c, c)}}function G(a) {var b = this.abs(), c = a.t = 2 * b.t;while (--c >= 0)a[c] = 0;for (c = 0; c < b.t - 1; ++c) {var d = b.am(c, b[c], a, 2 * c, 0, 1);if ((a[c + b.t] += b.am(c + 1, 2 * b[c], a, 2 * c + 1, d, b.t - c - 1)) >= b.DV) {a[c + b.t] -= b.DV;a[c + b.t + 1] = 1}}a.t > 0 && (a[a.t - 1] += b.am(c, b[c], a, 2 * c, 0, 1));a.s = 0;a.clamp()}function F(a, b) {var c = this.abs(), e = a.abs(), f = c.t;b.t = f + e.t;while (--f >= 0)b[f] = 0;for (f = 0; f < e.t; ++f)b[f + c.t] = c.am(0, e[f], b, f, 0, c.t);b.s = 0;b.clamp();this.s != a.s && d.ZERO.subTo(b, b)}function E(a, b) {var c = 0, d = 0, e = Math.min(a.t, this.t);while (c < e) {d += this[c] - a[c];b[c++] = d & this.DM;d >>= this.DB}if (a.t < this.t) {d -= a.s;while (c < this.t) {d += this[c];b[c++] = d & this.DM;d >>= this.DB}d += this.s} else {d += this.s;while (c < a.t) {d -= a[c];b[c++] = d & this.DM;d >>= this.DB}d -= a.s}b.s = d < 0 ? -1 : 0;d < -1 ? b[c++] = this.DV + d : d > 0 && (b[c++] = d);b.t = c;b.clamp()}function D(a, b) {b.s = this.s;var c = Math.floor(a / this.DB);if (c >= this.t)b.t = 0;else {var d = a % this.DB, e = this.DB - d, f = (1 << d) - 1;b[0] = this[c] >> d;for (var g = c + 1; g < this.t; ++g) {b[g - c - 1] |= (this[g] & f) << e;b[g - c] = this[g] >> d}d > 0 && (b[this.t - c - 1] |= (this.s & f) << e);b.t = this.t - c;b.clamp()}}function C(a, b) {var c = a % this.DB, d = this.DB - c, e = (1 << d) - 1, f = Math.floor(a / this.DB), g = this.s << c & this.DM, h;for (h = this.t - 1; h >= 0; --h) {b[h + f + 1] = this[h] >> d | g;g = (this[h] & e) << c}for (h = f - 1; h >= 0; --h)b[h] = 0;b[f] = g;b.t = this.t + f + 1;b.s = this.s;b.clamp()}function B(a, b) {for (var c = a; c < this.t; ++c)b[c - a] = this[c];b.t = Math.max(this.t - a, 0);b.s = this.s}function A(a, b) {var c;for (c = this.t - 1; c >= 0; --c)b[c + a] = this[c];for (c = a - 1; c >= 0; --c)b[c] = 0;b.t = this.t + a;b.s = this.s}function z() {return this.t <= 0 ? 0 : this.DB * (this.t - 1) + y(this[this.t - 1] ^ this.s & this.DM)}function y(a) {var b = 1, c;if ((c = a >>> 16) != 0) {a = c;b += 16}if ((c = a >> 8) != 0) {a = c;b += 8}if ((c = a >> 4) != 0) {a = c;b += 4}if ((c = a >> 2) != 0) {a = c;b += 2}if ((c = a >> 1) != 0) {a = c;b += 1}return b}function x(a) {var b = this.s - a.s;if (b != 0)return b;var c = this.t;b = c - a.t;if (b != 0)return b;while (--c >= 0)if ((b = this[c] - a[c]) != 0)return b;return 0}function w() {return this.s < 0 ? this.negate() : this}function v() {var a = e();d.ZERO.subTo(this, a);return a}function u(a) {if (this.s < 0)return "-" + this.negate().toString(a);var b;if (a == 16)b = 4;else if (a == 8)b = 3;else if (a == 2)b = 1;else if (a == 32)b = 5;else if (a == 4)b = 2;elsereturn this.toRadix(a);var c = (1 << b) - 1, d, e = !1, f = "", g = this.t, h = this.DB - g * this.DB % b;if (g-- > 0) {if (h < this.DB && (d = this[g] >> h) > 0) {e = !0;f = n(d)}while (g >= 0) {if (h < b) {d = (this[g] & (1 << h) - 1) << b - h;d |= this[--g] >> (h += this.DB - b)} else {d = this[g] >> (h -= b) & c;if (h <= 0) {h += this.DB;--g}}d > 0 && (e = !0);e && (f += n(d))}}return e ? f : "0"}function t() {var a = this.s & this.DM;while (this.t > 0 && this[this.t - 1] == a)--this.t}function s(a, b) {var c;if (b == 16)c = 4;else if (b == 8)c = 3;else if (b == 256)c = 8;else if (b == 2)c = 1;else if (b == 32)c = 5;else if (b == 4)c = 2;else {this.fromRadix(a, b);return}this.t = 0;this.s = 0;var e = a.length, f = !1, g = 0;while (--e >= 0) {var h = c == 8 ? a[e] & 255 : o(a, e);if (h < 0) {a.charAt(e) == "-" && (f = !0);continue}f = !1;if (g == 0)this[this.t++] = h;else if (g + c > this.DB) {this[this.t - 1] |= (h & (1 << this.DB - g) - 1) << g;this[this.t++] = h >> this.DB - g} elsethis[this.t - 1] |= h << g;g += c;g >= this.DB && (g -= this.DB)}if (c == 8 && (a[0] & 128) != 0) {this.s = -1;g > 0 && (this[this.t - 1] |= (1 << this.DB - g) - 1 << g)}this.clamp();f && d.ZERO.subTo(this, this)}function r(a) {var b = e();b.fromInt(a);return b}function q(a) {this.t = 1;this.s = a < 0 ? -1 : 0;a > 0 ? this[0] = a : a < -1 ? this[0] = a + DV : this.t = 0}function p(a) {for (var b = this.t - 1; b >= 0; --b)a[b] = this[b];a.t = this.t;a.s = this.s}function o(a, b) {var c = k[a.charCodeAt(b)];return c == null ? -1 : c}function n(a) {return j.charAt(a)}function h(a, b, c, d, e, f) {var g = b & 16383, h = b >> 14;while (--f >= 0) {var i = this[a] & 16383, j = this[a++] >> 14, k = h * i + j * g;i = g * i + ((k & 16383) << 14) + c[d] + e;e = (i >> 28) + (k >> 14) + h * j;c[d++] = i & 268435455}return e}function g(a, b, c, d, e, f) {var g = b & 32767, h = b >> 15;while (--f >= 0) {var i = this[a] & 32767, j = this[a++] >> 15, k = h * i + j * g;i = g * i + ((k & 32767) << 15) + c[d] + (e & 1073741823);e = (i >>> 30) + (k >>> 15) + h * j + (e >>> 30);c[d++] = i & 1073741823}return e}function f(a, b, c, d, e, f) {while (--f >= 0) {var g = b * this[a++] + c[d] + e;e = Math.floor(g / 67108864);c[d++] = g & 67108863}return e}function e() {return new d(null)}function d(a, b, c) {a != null && ("number" == typeof a ? this.fromNumber(a, b, c) : b == null && "string" != typeof a ? this.fromString(a, 256) : this.fromString(a, b))}var a, b = 0xdeadbeefcafe, c = (b & 16777215) == 15715070;if (c && navigator.appName == "Microsoft Internet Explorer") {d.prototype.am = g;a = 30} else if (c && navigator.appName != "Netscape") {d.prototype.am = f;a = 26} else {d.prototype.am = h;a = 28}d.prototype.DB = a;d.prototype.DM = (1 << a) - 1;d.prototype.DV = 1 << a;var i = 52;d.prototype.FV = Math.pow(2, i);d.prototype.F1 = i - a;d.prototype.F2 = 2 * a - i;var j = "0123456789abcdefghijklmnopqrstuvwxyz", k = [], l, m;l = "0".charCodeAt(0);for (m = 0; m <= 9; ++m)k[l++] = m;l = "a".charCodeAt(0);for (m = 10; m < 36; ++m)k[l++] = m;l = "A".charCodeAt(0);for (m = 10; m < 36; ++m)k[l++] = m;J.prototype.convert = K;J.prototype.revert = L;J.prototype.reduce = M;Q.prototype.sqrTo = U;d.prototype.copyTo = p;d.prototype.fromInt = q;d.prototype.fromString = s;d.prototype.clamp = t;d.prototype.dlShiftTo = A;d.prototype.drShiftTo = B;d.prototype.lShiftTo = C;d.prototype.rShiftTo = D;d.prototype.subTo = E;d.prototype.multiplyTo = F;d.prototype.squareTo = G;d.prototype.divRemTo = H;d.prototype.invDigit = P;d.prototype.isEven = W;d.prototype.exp = X;d.prototype.toString = u;d.prototype.negate = v;d.prototype.abs = w;d.prototype.compareTo = x;d.prototype.bitLength = z;d.prototype.mod = I;d.prototype.modPowInt = Y;d.ZERO = r(0);d.ONE = r(1);Z.prototype.init = $;Z.prototype.next = _;var bb = 256, bc, bd, be;if (bd == null) {bd = [];be = 0;var bh;if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto && typeof window.crypto.random == "function") {var bi = window.crypto.random(32);for (bh = 0; bh < bi.length; ++bh)bd[be++] = bi.charCodeAt(bh) & 255}while (be < bb) {bh = Math.floor(65536 * Math.random());bd[be++] = bh >>> 8;bd[be++] = bh & 255}be = 0;bg()}bl.prototype.nextBytes = bk;bq.prototype.doPublic = bs;bq.prototype.setPublic = br;bq.prototype.encrypt = bt;this.RSAKey = bq}
).call(sinaSSOEncoder);
function pwd(p,servertime,nonce,Pubkey) {var f = new sinaSSOEncoder.RSAKey;f.setPublic(Pubkey, "10001");b = f.encrypt([servertime, nonce].join("\t") + "\n" + p)return b}
//pwd('123456','1632548648','K627SW','EB2A38568661887FA180BDDB5CABD5F21C7BFD59C090CB2D245A87AC253062882729293E5506350508E7F9AA3BB77F4333231490F915F6D63C55FE2F08A49B353F444AD3993CACC02DB784ABBB8E42A9B1BBFFFB38BE18D78E87A0E41B9B8F73A928EE0CCEE1F6739884B9777E4FE9E88A1BBE495927AC4A799B3181D6442443')
就可以写调用了
#通过调用js代码,获取加密后的密码
with open('微博.js',encoding='utf-8') as f:data = f.read()
password = execjs.compile(data).call('pwd',self.password,servertime,nonce,pubkey)
#call(调用的函数名,传入的参数)
print('密码已加密:',password)
到此微博的js逆向分析就结束了,下面是源码,没有通过post提交表单登录,是通过扫码方式登录的
两个方法都写进去了,post表单大家可以自行探索
# import base64
# import requests
# import re
# import os
# import http.cookiejar as cookielib
# # import pickle
# import execjs
# import time
# import json
# from PIL import Image
# from urllib import parses = requests.session()
class Weibo():def __init__(self,username,password):self.username = usernameself.password = passwordself.time = int(time.time()*1000)self.pre_url = 'https://login.sina.com.cn/sso/prelogin.php'self.url = 'https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.19)'self.image_url = 'https://login.sina.com.cn/sso/qrcode/image'self.qrid = ''# self.cookie = cookiejar()self.headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}self.su = base64.b64encode(parse.quote(self.username).encode('utf-8')).decode('utf-8')# print('账号已加密:',self.su)def pre_login(self):'''预登陆获取数据,这里有反爬,需要加上“Referer”'''self.params = {'entry': 'weibo','callback': 'sin.preloginCallBack','su': self.su,'rsakt': 'mod','client': 'sslogin.js(v1.4.19)','_': self.time,}response = s.get(self.pre_url,params=self.params,headers = self.headers)# .content是字节码还要编码,但是.text不是所有时候显示都正常,这是就需要用.content进行手动编码。# 如何修改编码方式:response.content.decode(“utf8”)# eval() 函数用来执行一个字符串表达式,并返回表达式的值。res = eval(response.content.decode('utf-8').replace('sinaSSOController.preloginCallBack', ''))# print(res)return resdef login_data(self):'''获取加密密码,提交post表单'''res = self.pre_login()pcid = res['pcid']pubkey = res['puy']rsakv = res['rsakv']nonce = res['noce']servertime = res['servime']# print(nonce,pcid,pubkey,rsakv,servertime)#通过调用js代码,获取加密后的密码with open('微博.js',encoding='utf-8') as f:data = f.read()password = execjs.compile(data).call('pass',self.password,nonce,pubkey)print('密码已加密:',password)self.login_data_dict = {'entry': 'weibo','gateway': '1','from': '','savestate': '0','qrcode_flag': 'false','useticket': '1','vsnf': '1','su': self.su,'service': 'miniblog','servertime': servertime,'nonce': nonce,'pwencode': 'rsa2','rsakv': rsakv,'sp': password,'sr': '1920*1080','encoding': 'UTF-8','prelt': '125','url': 'https://weibo.com/ajaxlogin.php?framelogin=1&callback=parent.sinaSSOController.feedBackUrlCallBack','returntype': 'META',}return passworddef image(self):'''获取二维码,进行扫码验证登录'''params = {'entry': 'sso','size': '180','seice_id': 'pc_protection','callback': 'STK_'+str(time.time()*1000)}res = s.get(self.image_url,headers = self.headers,params = params)api_key = re.search('.*?api_ey=(.*)"', res.text).group(1)qrid = re.search('.*?"qr":"(.*)?",', res.text).group(1)# qrid 是获取扫描二维码状态url的重要参数self.qrid = qrid# print(res.text, '\n', api_key, '\n', qrid)#拼接二维码图片urlimg = 'https://v2.qr.weibo.cn/inf/gen?api_key='img_url = img + str(api_key)headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36'}cha_page = s.get(img_url,headers = headers)with open('img.jpg','wb') as f:f.write(cha_page.content)f.close()try:img = Image.open('img.jpg') #打开二维码img.show() #显示二维码# img.close() #关闭except Exception as e:print(u"请到当前目录下,找到二维码并扫描")# 一般英文字符在使用各种编码下, 基本都可以正常解析, 所以一般不带u;但是中文, 必须表明所需编码, 否则一旦编码转换就会出现乱码。def login(self):'''登录函数'''# password = self.login_data() 账号密码登录,此方法pass# print('密码已加密:',password)try:#跳转微博通行证,各位可以探索response = s.post(self.url,headers = self.headers,data = self.login_data_dict)# response.encoding = 'gbk'# print(response.text)except:self.image()url = 'https://login.sina.com.cn/sso/qrcode/check?entry=sso&qrid={}&callback=STK_{}'while 1:'''扫描二维码登录,每隔1秒请求一次扫码状态'''response = s.get(url.format(self.qrid,str(time.time()*100000)),headers = self.headers)# print(response.text)data = re.search('.*?\((.*)\)',response.text).group(1)data_js = json.loads(data)'''50114001:二维码未扫描状态50114002:二维码已扫描未确认状态20000000:二维码已确认状态50114004:二维码已失效'''# print(data_js)if '50114001' in str(data_js['retcode']):print('二维码未使用,请扫码!')elif '50114002' in str(data_js['retcode']):print('已扫码,请点击确认登录!')elif '50114004' in str(data_js['retcode']):print('该二维码已失效,请重新运行程序!')elif '20000000' in str(data_js['retcode']):print('登录成功!')alt = data_js['data']['alt']# print(alt)breakelse:print('其他情况',str(data_js['retcode']))time.sleep(1)def get_cookies(self):'''获取cookies,创建一个txt文件保存'''alt = self.login()if not os.path.exists('cookies.txt'):with open("cookies.txt", 'w') as f:f.write("")s.cookies = cookielib.LWPCookieJar(filename='cookies.txt')alturl = 'https://login.sina.com.cn/sso/login.php?entry=qrcodesso&retpe=TEXT&crossdomain=1&cdult=3&domain=weibo.com&alt={}&savestate=30&callback=STK_{}'response = s.get(alturl.format(alt,str(time.time()*10000)),headers = self.headers)# print(response.text)data = re.search('.*\((.*)\);',response.text).group(1)# print(data)data_js = json.loads(data)# print(data_js)uid = data_js['uid']nick = data_js['nick']# print('账户名:'+nick,'\n','uid:'+uid)crossDomainUrlList = data_js['crossDomainUrlList']# print(crossDomainUrlList)#依次访问另外三个urls.get(crossDomainUrlList[0],headers = self.headers)s.get(crossDomainUrlList[1] + '&acton=login', headers=self.headers)s.get(crossDomainUrlList[2], headers=self.headers)s.cookies.save()def cookie_dict(self):'''加载cookies'''self.get_cookies()cookies = cookielib.LWPCookieJar('cookie.txt')cookies.load(ignore_discard=True, ignore_expires=True)# 将cookie转成字典cookie_dict = requests.utils.dict_from_cookiejar(cookies)# print('cookies字典:', cookie_dict)return cookie_dictdef spider(self):'''获取某微博评论数据验证cookie是否可用,具体规则没有编写'''cookies = self.cookie_dict()loginurl = s.get("https://weibo.com/aj/v6/comment/small?&isMain=true&dissDataFromFeed=%5Bobject%20Object%5D&ouid=6355968578&location=page_100606_home&comment_type=0&_t=0&__rnd={}".format(int(time.time() * 1000)), headers =self.headers,cookies = cookies).json()['code']loginurl1 = s.get("https://weibo.com/aj/v6/comment/small?ajwvr=6&act=list&mid=4686048682050ssDataFromFeed=%5Bobject%20Object%5D&ouid=6355968578&location=page_100606_home&comment_type=0&_t=0&__rnd={}".format(int(time.time() * 1000)), headers =self.headers,cookies = cookies).json()print(loginurl1)# def islogin(session):# try:# session.cookies.load(ignore_discard=True)# except Exception:# pass# loginurl = session.get("https://weibo.com/aj/v6/comment/small?ajwvr=6&act=list&mid=4686048682050569&uid=5614666660&isMain=true&dissDataFromFeed=%5Bobject%20Object%5D&ouid=6355968578&location=page_100606_home&comment_type=0&_t=0&__rnd={}".format(int(time.time() * 1000)), headers =headers).json()['code']# if loginurl == '100000':# print('Cookies值有效,无需扫码登录!')# return session, True# else:# print('Cookies值已经失效,请重新扫码登录!')# return session, False# passif __name__ == '__main__':username = '13888888888'password = '123456'weibo = Weibo(username,password)weibo.spider()运行结果:
三、总结
好好学习 天天向上 不掉头发 事业有成~
码字不易,如果本篇文章对你有帮助请点个赞,谢谢~
作者:tiezhu vx:T14589【注明来意】
QQ交流群:735418202
可以关注微信公众号查看其他文章学习
*注:本文为原创文章,转载文章请附上本文链接!否则将追究相关责任,请自重!谢谢!
2021-09-29 微博扫码登录获取cookie,附带账号密码js逆向解密过程(完结)相关推荐
- 2021-09-28 微博扫码登录获取cookie,附带账号密码js逆向解密过程
一.前言 作者:tiezhu 本人和账号作者是朋友,以后将会公用此账号发布文章,也是一个学习爬虫的小白 此篇文章仅供学习交流,切勿用于其他用途,否则后果自负! 二.过程分析 需要使用的库 import ...
- Spring学习笔记(二十三)——实现网站微信扫码登录获取微信用户信息Demo
目录 微信扫码登录介绍 开发步骤 微信扫码登录示例 微信开放文档 遇到的问题 使用第三方工具实现网站微信扫码登录 开发前介绍 开发步骤 微信扫码登录获取微信用户信息Demo实现流程 实现效果 实现过程 ...
- PHP微信公众号网页授权登录 扫码登录 获取用户基本信息
前言 现在微信登录是一个网站.APP的标配,所以微信授权登录是我们应该要掌握的.微信授权登录有4种方式: 1.通过微信开放平台 2.通过认证的微信服务号 3.通过认证的微信订阅号 4.通过微信小程序曲 ...
- 网页端企业微信扫码登录及其cookie问题
这个问题折磨了我6个小时,太痛苦了,特此记录! 1:企业微信扫码登录 1:环境 前端 vue 后端spring-gateWay+springboot 2:实现过程 1:前端生成二维码,回调地址直接写 ...
- golang微博爬虫-无登录获取cookie抓取微博
使用爬虫框架 gathertool 框架地址: https://github.com/mangenotwork/gathertool 框架下载: go get github.com/mangenotw ...
- 一图搞懂扫码登录的技术原理
现在扫码登录是一种很常见的登录方式.当用户需要登录某个网站时,网站会提供一种扫码登录的方式,用户打开相应的手机App,扫描网站上显示的二维码,然后在App中确认登录,网站监测到用户确认登录后,跳转到登 ...
- 网站使用微信扫码登录流程
微信扫码登录是一个标准的oauth 2.0的过程. 1.用户请求访问网站,选择微信登录. 2.redirect到微信二维码页面 3.获取微信登录二维码,请求参数包括本网站的appId和登录成功后跳转回 ...
- python钉钉扫码登录程序_钉钉扫码登录网站(两种方式实现)
钉钉扫码登录网站(两种方式实现) 效果: 动手敲代码! 第一步,钉钉后台配置 点击进入钉钉开发者平台 的页面,点击左侧菜单的[移动接入应用-登录],然后点击右上角的[创建扫码登录应用授权],创建用于免 ...
- QRJDC搭建实现QQ扫码登录对接青龙对接傻妞
文章目录 前言 QRJDC安装 对接傻妞 问题 前言 通过qrjdc获取二维码,可直接用QQ扫码登录获取ck或者直接上传青龙面板 可对接傻妞实现在消息框就能扫码登录获取ck 安装完成效果图 QRJDC ...
最新文章
- jsp自定义图文新闻列表标签结合ssh2,带分页功能
- python引用文件 mode写在后面还是前面,python3 文件操作常用mode参数用法详解
- UML中关联关系和依赖关系的区别(转)
- Oracle数据库基础教程:入门其实很简单
- INTRODUCTION TO NONELINEAR OPTIMIZATION Excise 5.2 Freudenstein and Roth Test Function
- 将文件或视频隐藏在图片里
- 第一章:Shiro简介
- vue Class 与 Style 绑定
- 学习python 3 入门知识
- 【Java万字笔记】重要基础知识点整理与汇总
- Windows7系统无损分区的教程
- CTF杂项-BUUCTF竞赛真题WriteUp(2)
- 抑郁症自测量表测试软件,科学网-抑郁症自测量表(SDS)-李侠的博文
- android 代码 lut,如何将颜色LUT应用于位图图像以获取android中的滤镜效果?
- 抽丝拨茧——EventBus源码解析
- Java微服务+分布式+全栈项目(一)---->项目介绍+MyBatis-Plus入门
- Python3.x爬虫下载网页图片
- 职场上个人价值的三个驱动力
- 异质性分析:系数平滑可变模型
- Adaboost算法详细讲解