篇幅有限
完整内容及源码关注公众号:ReverseCode,发送 冲
https://www.lagou.com/
抓包
登录url:
GET https://passport.lagou.com/login/login.json
参数:
plain1
2
3
4
5
6
7
| jsoncallback: jQuery11130510950445912626_1618227551741
isValidate: true
username: 15806204095
password: 990eb670f81e82f546cfaaae1587279a
request_form_verifyCode:
challenge: c7a96a290ed4d75ca2a8bf139172dbe0
_: 1618227551745
|
分析
参数中password和challenge看起来是加密参数,其实challenge是极验验证码请求的参数,本文针对password进行参数分析,暂时先不做讨论。
image-20210412195059257
搜索login/login.json并格式化js后,发现改password通过md5实现加密,在Watch界面输入g查看g的内容
image-20210412195442176
放行程序后,在g.isValidate && (g.password = md5(g.password)处重新打上断点并登录
image-20210412195745639
那么分析得出password=md5(“veenike”+md5(passwrod)+”veenike”)
image-20210412200010128
爬虫实现
plain1
2
3
4
5
6
7
8
9
10
| import requests
from hashlib import md5
username = '15806204095'
pwd = '123'
md5_pwd = md5(("veenike" + md5(pwd.encode('utf8')).hexdigest() + "veenike").encode("utf8")).hexdigest()
print(md5_pwd)
url = 'https://passport.lagou.com/login/login.json?jsoncallback=jQuery111306946515748870927_1618229101639&isValidate=true&username='+username+'&password=+'+md5_pwd+'+&request_form_verifyCode=&challenge=c3bebcad0648898aa58cb3f4dbf2f820&_=1618229101642'
r =requests.get(url)
print(r.text)
|
完整源码请关注微信公众号:ReverseCode,回复:JS逆向
