猿人学试题(非常简单js混淆、雪碧图、样式干扰 css加密、js混淆源码乱码、js混淆动态cookie、访问逻辑)

学习目标:

python学习—猿人学试题


学习内容:

1、非常简单js混淆
2、雪碧图、样式干扰 css加密
3、js混淆源码乱码
4、js混淆动态cookie
5、访问逻辑


1、非常简单js混淆

  • 试题连接:http://match.yuanrenxue.com/match/12

m的值是base64加密

解决方法:

import base64
import requests
import time
# http://match.yuanrenxue.com/api/match/12?page=1&m=eXVhbnJlbnh1ZTE%3D
sum = 0
for i in range(5):
    time.sleep(0.3)
    m = 'yuanrenxue'+str(i+1)
    m = base64.b64encode(m.encode('utf-8'))
    m = m.decode('utf-8')
    print(m)
    header = {
        'User-Agent': 'yuanrenxue.project',
        'Cookie': 'Hm_lvt_c99546cf032aaa5a679230de9a95c7db=1614301813; no-alert2=true; sessionid=7zw5agrizbkl4mfr2sbbsl8eu87fp89p; yuanrenxue_cookie=1615427946|OQ627PFzh1ka4yQF1jYvRpo3qEjjafxRaWGwpyCFr9UmrowVRUpUR4U3LoIdHBomSiNDxq5PUtjtrcAgfTAK9vMfPw1fxMaFSGkb3KVWZPDRkWFKU9P1f6Df8Cq4p5mTSkuOYXhkXCs08Vs3nzC3Oiobi0p2kEZM4fph9cSUw0; Hm_lpvt_c99546cf032aaa5a679230de9a95c7db=1615428833'
    }
    url = 'http://match.yuanrenxue.com/api/match/12?page='+str(i+1)+'&m='+m
    r = requests.get(url, timeout=(2, 2), headers=header)
    r = r.json()
    data = r['data']
    for value in data:
        num = value['value']
        sum = sum + num
print(sum)

2、雪碧图、样式干扰 css加密

  • 试题连接:http://match.yuanrenxue.com/match/4

查看数字的样式为图片
接口中发现返回的数据图片的数据
数据里面包含干扰图片
干扰图片分别又px偏移和html页面代码中的style属性决定

解决方法:

import requests
import base64
import hashlib
import json
import re
headers = {
    'User-Agent': 'yuanrenxue.project',
    'Cookie': 'no-alert2=true; yuanrenxue_cookie=1615427946|OQ627PFzh1ka4yQF1jYvRpo3qEjjafxRaWGwpyCFr9UmrowVRUpUR4U3LoIdHBomSiNDxq5PUtjtrcAgfTAK9vMfPw1fxMaFSGkb3KVWZPDRkWFKU9P1f6Df8Cq4p5mTSkuOYXhkXCs08Vs3nzC3Oiobi0p2kEZM4fph9cSUw0; Hm_lvt_9bcbda9cbf86757998a2339a0437208e=1615531422; Hm_lpvt_9bcbda9cbf86757998a2339a0437208e=1615531501; Hm_lvt_c99546cf032aaa5a679230de9a95c7db=1614301813,1616088450; Hm_lpvt_c99546cf032aaa5a679230de9a95c7db=1616158186',
}
dict_list = {
    'iVBORw0KGgoAAAANSUhEUgAAABQAAAAdCAYAAACqhkzFAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAMTSURBVEhLrZY/TBNRHMe/bY82LeGA0Dp4NTGYqO1gdKEMwmQcGh38M5CQlGDSwWiMAwwYg2iCJsZJQ9CJ0ETsQMJgwuagLIUFXIAFXNoYcqDloLRXrq3v7v3aXktbSPCTXO77fZRvf/feu9+r5dz5iwX8R+oESigMPka6/wb2vSJUBx+1QoVD3kTz7DScb+f4YBVHA6U+ZKLPsON1IE9DtbDLP9AxEIawRgOEle4cKYSD+ZeQq8IcKquMXTbyOllPL7aiEWgSDRCmQAnahyHsiGQZruUvkIKXcObyFeM62zcOd1ylvwJ5MYDkuxA5Tjlw8A2S12iyGM7YODrujsFqfqTFCJw9L+CWyTPS3QPIBMgwKFBC9n4AaW4AdQVtQxEy1czBObkIJznAi9TDO6SLgVIYqt9QBq5YFEKCTC2momg2VXngD5bmnAc+uIqUIXQUOL/X3hJl5mHfUEgzPJ04pMUxAnN+CYeG1UlAmCLZANtqAk2kARG5m1zxQI9paWUZAsmGsArLnxOh0ZSxwCBypjwo2zQPxzCTgJ2kTtbbZ9zZ/7pRKO8WOOWqrX9iePyJiqnNGgTTuhRhgT5o5kc+JaeosDYssHbpx+OtXEziSIWqx0fqOFpg7ns2Zd24s8B1WE0V5h2mJW/ELTc0kjo2Zcm4s8ClikCIlR+si59tZpL66yosc2U8clM8bhgDkfVFUzuqR569rqXOqG7CPsOlEWiJJSraUaa/i3Q9upC94CHNCtr4WXoN+aJMzcFlakd73eGG5wnuhZHykmZ1tnx9TboYqDfNWLxoWDvqhfK+h0w1Pcg87cUBOavMmu1HMoxShuXJNNpNi7N3ewLJTyEUzIdQIIT0wgQ7EcmzxWifZMcEOZ3KY3Qwgp3RQOnbOfqJx5XGtlSOS4aK1tlHEIcXyHNsrW0dY6SBFX0ufShc70S21OwE5AR+lb+ZVfb5OVpGviGTTkHeSmBfScJqtdX55SAFoY0OsMXxISM6SvvNrshwrS7A9WoENupyv+O/oGm831sslno/RU6OsvsHu3+3yQH/AOyW6SvqnweCAAAAAElFTkSuQmCC': '0',
    'iVBORw0KGgoAAAANSUhEUgAAABUAAAAcCAYAAACOGPReAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAD0SURBVEhLY5RVUPvPQGXABKUJAA2GvzP3Mry6f5PhzfI4qBhuQNjQqD6Gzxc3Mjxzk2H4CRUiBHAYKs3wP7Gd4evhSwzPWr0ZPvBBhYkEqIaaBzL8nrmS4f3FfQzP6oIY3smwM/yFSpECkAyNY/g2q4PhhZsBwxegy/5BRZlfP2HgIdbfUIAnTD8xCGyuZ5AyW8jATqmhzD9fMwjumsUgbWPKwJu3AipKGkAydC8DZ24sg5SGDQNPei8D01OoMBkAydCnDIyHTkHZlAE8YUo+GDWU+mAEGfq46RCUhQAUGypbZwdlIcBoRFEfjBpKfUADQxkYAKYHOb9g+7HMAAAAAElFTkSuQmCC': '1',
    'iVBORw0KGgoAAAANSUhEUgAAABQAAAAdCAYAAACqhkzFAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAKCSURBVEhLrZZLaBNRFIb/PDp5SFMxjqVOAjYLNUGUbhI3cdEGwaAgbmopWFIQBEUwFhQVldIqCuqilLoymEVVlCqWuNdVXRk31Y1uTKAQMRI0ycQk453JaWaSJjYPPxjmnJPwcefOuSfROXftlvAfaSAUIIXOITfuR9bBQzQBZfqEEzPgVuPY8uIeuMXPVK2lVnjoCrKzJ5F2mKqSZpi/xGCfCEOfpAKhCkPz+HEpgN9sRVpMoqjcJZMJBSVS0Wfeoz94CkaNVE93wOOqygyZr9i+cBnOwT3YsXe/cvUPDsMxHcPWTOU7MmWbD+m5i5RVUIUKGfQt38DOA0dgufuSauskoYuE0RuchV0jzQ8FIAqUMFShmIB9+jhs559SoQnJKKwLcZgpBVwoTFLIUIXXTsMaqdvhZjz8qBECRYeXog2P3CoJts8UMko2F0UdC90o2ihkcAl1mzoTnnGh0kwyGRhXKWR0IBRQOOZGnjL57RsjFDLaF87MI+1Ru9+ysgSOYpn2hKEovo+71RMjfoJtKkpJhRaFAsozr5C67kOOKvLe2e+cBVfXaZsLhSD+LD3DGluZum8p5RA06tt/C4/exK83D7A2xKNEJT07UfzV0aaHoImQHnFuDGlNv8kja2BkBObF5ieqgdDf8BG3PboAPrBx/tVTN7H9KMTuI+WxVQesIRUHPzWKnndU2ATNCgUUn9TKrB8eY8DbukxGFYZu4+dBVWZZYXPvxC3oKG8VEnqRn1R7rCfBfi/Gahu2VSpC3wRyDiViiOhdDre9snUqwsOCZnqkYHhLYSfIb9n5+psESerq6nvOPMylrLDEa7q3C7L7hrVt0z1Fu9Dor0g3AH8BJlTqZkAngxQAAAAASUVORK5CYII=': '2',
    'iVBORw0KGgoAAAANSUhEUgAAABQAAAAdCAYAAACqhkzFAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAALaSURBVEhLrZVPSBRRHMe/O+rOuuaUyRoyBlGQfw5lh9xTekg8qIdMKSsQFKRAD0WUROhBCIlSBD1YQsJKQSB1iRa8VRf1Up4UQiNcRVw1nXVdx3V3euP+ZnZmR9EVP/CY3/vx5sPMe+/3nu3suYsKjhGrUCxB5GErNssKERIEyDzlIYOX/MgY+4r0zm5w85ROwCRU2j1Yu+fGhi7ZG072Iau3Bc6BacrE4ejJ6EKgySyzy+yrdptpIKJ8HlbahrHZKFImjnEcIeHU6FuIlfk4U3AJObstH2L9C7hmJKTQKEBg0h7sUE/DJLT5x5FbeRWZ99kcTVFSY9wDR/kN5Pxkn6vBFyPUTjFhEPYjs6YBqYkiE/NIfTeODOqpyEUNFMUwCNmy7bNyJr5M787pfuwxhwfhh+1YhWIxtgWKGXafh6IYSQuVjssIUgxMwdFLIZGc8IEHKxV5iFL3xGg37AnzfnAtu68jUlYFueIa1i4IiFDaOfYa2XcGqRfHKnzlxVzdeepYSZVmkfXyERwfrGWnktQvc7If6T62yrxhVRKwCvX6jTet3KK8C4EiN5Y6hrEw6YV811rLhzwPRSi19dhqqmFCFzvINPzI7rwN51B8ZQ4pNNA4iNW2UgTpVOL835Fb0qz/atL7EEPNyPrm01+MutwIPaUOI3khw9Y5aTggeISu1FN8RCHm5YQX7fQ8qlDk9WpR4eRlinQhW37rDtgXpc1Yz2xrsYtLg4StCHz+iHD1IazVPQgY6hnSLzgGKGbov6y4irHY58W/T13YKS2grIHCGoTfeLHcV4V1w9V6+v0zwz2j78MuSH9uYp2SKhwbnKbvYB5hJjHOmyo7OdIC4ckP6segL5wAb7rR1Jd5dslrzSxLYQeE6/ktXbYVCmJp0YfghpRQKbWPsVVXjs0iEWGBxzalVXhZQtrMFJwj/eCHJigbY2FuFpFI7EJNvvT2wPf3NxRF1QD/AbAv8WdRHzjKAAAAAElFTkSuQmCC': '3',
    'iVBORw0KGgoAAAANSUhEUgAAABUAAAAbCAYAAACTHcTmAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAHHSURBVEhLrZW9LwNhHMe/WrT10mrKVE2EROIfUAuTTQxMLISBQSxeIjQSTZRIsYgYhYVRIrWzaCxiMjFVoqjWaatPaR9Pe09bbfT6XHKf5Mn9vne9T+55fs/1qhxtnRRqWD1DcLILSR5Nfg+aR495ktHxoyBDiA8WhOVQJaXeKUgtPCggLrXPs6dsxzePSghLU9sjiBh4qICYtG8fUo8Z6UxNXlEvZc+WRUDaC+LpR5SnhssLGHldjopS6l1BpFWuda9XsEwH5KCAstS5iU/WHHkLSbAerAmtl8JvupH0DOCDN8d4e4q6wyc5VKCslHrdCHdwI7mHZXZHrgX4X9r3d9oElvMN1Io9ZJZ/pL1IeIbz06598KFx8UYOgpRI7fg52UWIdzszbev4Mqp4FKVYOrGJSG6Ts27btmZUTTtHQcrWUVpy4otHk39PuNulyFL7GOJ7hXWsCfhgK/mPVAOTstfwaAEhMz9DHmF1zalexyIcbj81UUqh0TBdr9OS7muDDoRAz4ZBxajmN2dggqJrepKE+g8fWFPvXPkeaPDhE0MzaeIrhpfnAGJRSTvp+1sQJBFHOBTUTppOp7LHzM7STGpusvEK+AUL4d3X/AgqvQAAAABJRU5ErkJggg==': '4',
    'iVBORw0KGgoAAAANSUhEUgAAABUAAAAcCAYAAACOGPReAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAIxSURBVEhLrZU/aBNRHMe/bWKexnoiaSg0FSSCaAfFwT+L7dKloUs7OqRVcHBwcZOCiCAOhk4dxAwdHFRwEEoRSjvoZNqhdDE4tC7aIYmWvOiV1941vnf51dy7S0ou6Qfu+P5+B9/7/e7e+72us+cuVHHE+EzF0jcUzlPQCjyH/itphChUdKub+bcCXv4tVQr7hsp0hmNqWXsob5ek6kWVqUxneNpPw1yfxi+nWo7Y02uIzjkPAuFUWucSrKNqvzEcoUWSAdFNbyewSxJK/SQZEN1U+0kCXaSCopvGGfZJgsv2SQbFY2rI+jqn+Y/ipbYr1dap/WYVWzfra0q98f/nkDDBcWwjj+j7WbC5Fcr6aV6pxG2oEMzAn8EbKDx+ja31jxBytTRCM7WNepVhIWRl6qKEB9tIovDsA8w7fuPWR9/QPezenQAfTmKHUg5iE32To4jkKJYc2r7G5ywiU6PoTWUQK7rKZ0lU7o9TUKN10wPyWUQfLOA0hQrz6jhs0orgporcI0TXXNUacVgkFe2ZSsI/iqT8tG162DBv23RvYICURG4K3xkVmKEZmIOkJWqXhUkrgpsm0tjJjKBCoRqRp+afkK7hMr2I6tgt0g1IXIf94h22l6dRkiPygMjXtzj5kgLCtaOeg3+fQNnR/u1pMaatRUVkYwHxyYfo9pwQTdpncnjol24o0PMpg74Rv6HCZbqC41/y6OG1QeKdpSGZO1HcRGz+FRKpyzgzlaUnXoB/3J2gmVZucHAAAAAASUVORK5CYII=': '5',
    'iVBORw0KGgoAAAANSUhEUgAAABUAAAAdCAYAAABFRCf7AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAANLSURBVEhLrZZNSFRRFMf/48e8UZtRktFkRsiEdCIKVwaikrlJbZG0MEGDwEWUIPaBQoiIZIJGG4mikoyyIBJKW4gbs4W66WOhtlAXzixq/HzGjG/8eN0378yb+5w3qdAPLnPOmXf/nHfvOfc+U+bR4zL+M/sTrW6F71Ih/CfskAQB2xQ2SyLMU5OwPr+HuEEPRfcSddXB96QeK04BOxQyZg7pWedhJi+GfiOp7sHqwC0s7RKMkyQIwaGfzGdmLFrUAbGlFOsC+ZBwaLwfjqoSZOSeQlpw5MBR1oQjw3NIoKdCGLz+Rfgn72PRTq7khr2tFpbX4TWLwJULTM+QY5Cp/PgGlkOCEJHauYegAieosEuUbUyxU1tDy9c3SOzdQ9AAvWh7ObeOblg7u8k+GJyoA4E8FzbJi5mdhGWCnAPCiVZhM5tMRuLsAFkHJyxakcu6hWy2QcL4pGpW3IR/6AsWZ35iYV4dnvkfWBp7C/+dMvWZ3SglFRzPpuR4WZYRHAtyWsFZ2fFhVha0mPEQFkbljALSoBHO1G7V1hMIQG54Cu+FY6zsVcyhTiI/hOQswq9PfdhyUIChiW7bbWQpOLDOBANMMknppLIcpIc6KasEzrYhJIv0KGPHlo/VrlrydBvFI2CDNXfyu+s4fLkVMdMUDuKBqbcRtvr3SA69BsN/phIByjaKKPvDPQLr7THyDPjcDOuwmxNwYaNBtaKKWse7YSI7GqbO70giWyHgVJdAE431covESipuah/t6fkGMzdNsruCv+FMveuIJzMavpMlEItryIskdGaERYc9XLnYsO0kk2Mr1YG1c3XkRZLgVXc0LDoxAYF7lY28yMm20ZfIbCkij5GfD4mrxFhRPQK5jepjR52XbEW0XCuRaOxcO40/ZLP1g+Wj2tqcKHMesZuRbKVEVl506O4eHRU9WCvWTnPEz47BMqjaOlFMNLJSErVgILsSiyMPsJ3Pp5yLnfY+LHeVclm6kdLWrJWgwR1VCGmkB7+z9V2u9H5wErv3uUZiiEh5xZK5G24UfaZBxiBcaUL6lIhYiigEFLFdgjHsUkztrNEJKvz7Y6K6A76rhfA5lS+TUB1KrHQ8SBztR8LDPpgMemR/nz0HAvgL80YzEyuMQpQAAAAASUVORK5CYII=': '6',
    'iVBORw0KGgoAAAANSUhEUgAAABQAAAAeCAYAAAAsEj5rAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAHhSURBVEhLrZY9LANhGMf/PprDVQkxyFXSVCKIwYStiZoqhoqEhTCQWCwiBBEDiUTMBpOJhKQDkw1L1YDFxoSlBi2tlurrrn2uH9xX2/sll/6f4X557n3e903LWhxtDCZSTr/mIXXY4thgjSHGwEp76o7amOkdmih8BHcMlDAULz4DW3htSlf8+RIaJn3Fd8i2ZxAiGeK3sK34UrE4oTCP6JAT31TWneyg8jmdixKyNQ/eOCqCF7AuBKgoRigs48NlR5LK+rP1PEnBwuRmfnf8Kn0rUZhQWEfEJU/if3cSBQmTmwN4o6zUnYRxobh2kb5sd7X+PcWXDQvZohthee3EfWedy042F4PCCXzmTLbGf4hKyn8xJtwYRthGGU/gd9OnQgkDwh7EXB2ZU2G5v0TVFRUK6At7xxCzUxbhb/YoKaMrTM724J2yNIxqha2Si47Qi1hndqtw9wHFYUS7+hF2jaeytnDKi2jGFwfv36GcT6JRQMg9ncqaF+zPwTVe+mi84uc2t4+qbhcZjQ49+GrN7BVYHu50ZRLqwt5BxLLLh6qHfUraqAtHnIhSFG8CcGfa05VRFSZahcxRQ/wZllPKOqgIPfi2yzeBSPAVFRT1UBF2I5GzflzwEWWU9TD5zxLwC1sVsHrJiVs0AAAAAElFTkSuQmCC': '7',
    'iVBORw0KGgoAAAANSUhEUgAAABQAAAAdCAYAAACqhkzFAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAANtSURBVEhLrZXfS1NhGMe/rumZbR4nOcO2IA1CvQi8UW8y8EJqZCR1IQiKwvRCuiqTfomtkkrqIpN+EFSGNaFECL0IbzQvnH/A6EavNiinJVubO/5a73nPs51zNqf04wPjfJ8X9uV5n/d93ifr8JFjcfxHMhueuYS1dieiFTZIgoAtvihBCAVhnptErvshDAG+qGMHwzJsvh7Cj5MO9vfMGCQ/Ckb6sP/2F1pRMNCXsGPz/Vt8TzEzSiwz/qMFxrbgwEr7I0Tb7LSioDe8OYSVGhHbFOYEZ1DcVIfisuMo4r86ONxTyEsai1jpGcK6xlNj6MRaQznWKTL4p1BU5YLRqy1UAFmvumDtGEN+wlQoR7SnigKd4Qls2EiyDVs/dSGLojRmrsIyF6QAiFQ0ktIaslokspMzMT4gmQFDMEyK1ZO+MqqhL4x9JFn1EK8m+Yeohl4vu2Ok4UCsWa1LOmw3FaWkAbNfvTqaGg4jd86fXAjX34JUS0EK8YGX+FlBARZhfjpJWmfIbnlnHwoX6PiEUiy9mEVkwIV4ubKEWheksVksXSilekvI/9APwcsDTnqn2JsQ81zDikPQFTsdCXmf+2Ht9FCsoMuQE/DAdHkQBeqt2BHz9CDy3XozmZQM7dh+Pozlen3rGViUzRa22COxSWsycj8fcLfA9E69/JoM5T4exTeNWe7CBA6x1rOXKK1XXCK33gSsdBvkfg7eHdX1s5phG8ustxprPJCL3QWxW/+SJLE7Ib25h6WjghKHvCh2tsDIEqUMqxBrT5ixa+3zZDaTCUxCaPXAmtiKWI1f1M+KYXUr1hxcMSRYpvtJ70KgH7k+tdLhGhe/FYphvV1zCHv3cQLjguYlsjn4gSmGooANLv4N+TAUw2AIVF5GIbbaSO7BlqOQFEMK8cdFMRxZhIkLGRGRBhfp3XAhVimSZkbBgMYw8AQmH1ecWGVH2qzQEo3kYfVUGKvqtpA35+EPsmLIDiLn/hQsSsBgs6J3HKHHLYin+p5n47XtLMLP3MleN7DZY+me51rXevE741huLkeM4gQ5bOIp40BgM5qLJAZpEYUdpyHMUKx8FLJunIPtutpaCdZZD8vDPtXM5J/BwUbVTGaHQS9Thu0rF9kUrELEJmKDGSW2J7DTzPbNwzIyiOyPX2lVJYPh3wL8BvLZG6cpuRANAAAAAElFTkSuQmCC': '8',
    'iVBORw0KGgoAAAANSUhEUgAAABQAAAAcCAYAAABh2p9gAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAAAMzSURBVEhLpZZPSBRhGMYfV9dpdV3UHDVXIw1KDUwJVy/VLTAVWugQRJqUpxAkFyuMIBMPWRGYiCGGC7J0KCRKL13Si9pBvKiH9NIYoavgqKvjujt9M/OuM+uustUP3edl9eL/3+7Mbl3fqjIxoFDnhb76Bzcoi7No47FI6QRJxbHYKKQOdSPi8RFmdKIZ2BDt6sHazCNuUiY4E67cXSLvtJq1hojdhx57nPX4fMDOxL3OSMiihwmHzchu8njrSGmGGclc/Vit5BEibxEXw7bdgzy9BZqEyziLP5UH6Cn2AsV3ZBF+DnVTYlBuxNe/CGqcpSHPIdl6DeY60EXsdfCNtWLVp0rQyhhOORrU6vcKOamyEzNgUU4fuRTdTWHIj6fUkLCSDfCl2GrR433CvuAB+ipXqLM8iVzCMd29gFSiGDb4rWi/J0IE9fr88QFhEAoWHMwWzIFLMeplbAaV3ZFiIIPXjb4gXvBQx+Ax1MfUeGuEM1cYKZzMauhFv2Arg2X6k8CgCuRkUKaQgWGOo0CwYHLlS+LocJA7B3oKdMmOfOMi8wdDUy84nxQrrtU8h1egbNpyLkAbr9T1rQO/h5EtYJ0Q9wRVguXsYG30tCFwq1HJ2B4KtPdiY6cfyac3NrD4VJMQpk1ROij7uyJk/dmTIcgxjXT7+aUK27OsFOZN56BWqjIOrf4isWRHxlImOiLSh+0iaJqnCKmTPA4aMpREkVpcjx/UWGdOLSBZDNw0booC0iY/IuVoO6+NxoJjXbyVRK+LwCzYGAp7v+FWprbR5dhDZ1Z1RKowZB/y5+rbhhK/qO2bD/FMncb7kHClGRT07vxRDgGVgSo1iNrTZUnChrIQUm26zA5sUm4QZcJNa/G89bHDD+6SCFkRCem8Vkp9r1114hfbDToaBmlcQH4TMgMSFL0giM4Vww2Z2AqaGsd3qpIQB5We1bxTe7mqsh46ctIjU9kfq/gsRPuWuUfy8XkCCrRzbexTBz0yCpBRMzCzDdRfcgd/mIxdFYveiNsLNOGEMWc6qCDOFA4vCbu7WJmzXOrDF21SjEBz7x2Bm/xisQ90wf5inbCT/dVIiAf4ApbEnkB6qHqsAAAAASUVORK5CYII=': '9'
}
sums = 0
for i in range(5):
    url = 'http://match.yuanrenxue.com/api/match/4?page='+str(i+1)
    response = requests.get(url, headers=headers)
    restext = json.loads(response.text)
    m = hashlib.md5(base64.b64encode((restext['key']+restext['value']).encode()).decode().strip('=').encode()).hexdigest()
    img_list = re.findall('(.*?)', restext['info'])
    # img_list = re.findall('(?<=).+?(?=)', restext['info'])
    for num_img in img_list:
        inum = re.findall('', num_img)
        d = ['', '', '', '']
        s = 0
        for enum in inum:
            num = re.findall('(?<=data:image/png;base64,).+?(?=")', enum)[0]
            # num = re.findall('src="https://img-blog.csdnimg.cn/2022010623515146655.png" ', enum)[0]
            numcode = re.findall('(?<=img_number ).+?(?=")', enum)[0]
            numstep = int(float(re.findall('(?<=style="left:).+?(?=px")', enum)[0]) / 11)
            if numcode != m:
                d[s+numstep] = dict_list[num]
                s += 1
        k = int(str(d[0])+str(d[1])+str(d[2])+str(d[3]))
        print(k)
        sums = sums+k
print(sums)

3、js混淆源码乱码

  • 试题连接:http://match.yuanrenxue.com/match/1
  • f12跳过条件断点,查看接口连接发现有特殊m值 查找m值成为解决问题关键
  • 在页面源码发现‘m=var m =oo0O0(timestamp.toString()) + window.f;’关键字,拷贝该部分页面源码到js文件格式化的辅助软件查看
  • 在源码中找到function oo0O0(mw)方法,同时分析window.b发现其为固定值,在接口中得到该值替换掉求window.b的代码
  • 根据function oo0O0(mw)方法中的eval函数知道其中包含某个表达式并返回值,通过node.js模拟得到window.j的方法
  • 最后通过拼接得到yuanrenxue1.js文件,用yuanrenxue1.py文件驱动yuanrenxue1.js求得其解

解决办法:
yuanrenxue1.js文件:

const jsdom = require('jsdom');
const {JSDOM} = jsdom;
const document = new JSDOM('

hello world

'
) window = document.window; function oo0O0(mw) { // window.b = ''; // for (var i = 0, len = window.a.length; i < len; i++) { // console.log(window.a[i]); // window.b += String[document.e + document.g](window.a[i][document.f + document.h]() - i - window.c) // } window.b = 'dmFyIGhleGNhc2U9MDt2YXIgYjY0cGFkPSIiO3ZhciBjaHJzej0xNjtmdW5jdGlvbiBoZXhfbWQ1KGEpe3JldHVybiBiaW5sMmhleChjb3JlX21kNShzdHIyYmlubChhKSxhLmxlbmd0aCpjaHJzeikpfWZ1bmN0aW9uIGI2NF9tZDUoYSl7cmV0dXJuIGJpbmwyYjY0KGNvcmVfbWQ1KHN0cjJiaW5sKGEpLGEubGVuZ3RoKmNocnN6KSl9ZnVuY3Rpb24gc3RyX21kNShhKXtyZXR1cm4gYmlubDJzdHIoY29yZV9tZDUoc3RyMmJpbmwoYSksYS5sZW5ndGgqY2hyc3opKX1mdW5jdGlvbiBoZXhfaG1hY19tZDUoYSxiKXtyZXR1cm4gYmlubDJoZXgoY29yZV9obWFjX21kNShhLGIpKX1mdW5jdGlvbiBiNjRfaG1hY19tZDUoYSxiKXtyZXR1cm4gYmlubDJiNjQoY29yZV9obWFjX21kNShhLGIpKX1mdW5jdGlvbiBzdHJfaG1hY19tZDUoYSxiKXtyZXR1cm4gYmlubDJzdHIoY29yZV9obWFjX21kNShhLGIpKX1mdW5jdGlvbiBtZDVfdm1fdGVzdCgpe3JldHVybiBoZXhfbWQ1KCJhYmMiKT09IjkwMDE1MDk4M2NkMjRmYjBkNjk2M2Y3ZDI4ZTE3ZjcyIn1mdW5jdGlvbiBjb3JlX21kNShwLGspe3Bbaz4+NV18PTEyODw8KChrKSUzMik7cFsoKChrKzY0KT4+PjkpPDw0KSsxNF09azt2YXIgbz0xNzMyNTg0MTkzO3ZhciBuPS0yNzE3MzM4Nzk7dmFyIG09LTE3MzI1ODQxOTQ7dmFyIGw9MjcxNzMzODc4O2Zvcih2YXIgZz0wO2c8cC5sZW5ndGg7Zys9MTYpe3ZhciBqPW87dmFyIGg9bjt2YXIgZj1tO3ZhciBlPWw7bz1tZDVfZmYobyxuLG0sbCxwW2crMF0sNywtNjgwOTc2OTM2KTtsPW1kNV9mZihsLG8sbixtLHBbZysxXSwxMiwtMzg5NTY0NTg2KTttPW1kNV9mZihtLGwsbyxuLHBbZysyXSwxNyw2MDYxMDU4MTkpO249bWQ1X2ZmKG4sbSxsLG8scFtnKzNdLDIyLC0xMDQ0NTI1MzMwKTtvPW1kNV9mZihvLG4sbSxsLHBbZys0XSw3LC0xNzY0MTg4OTcpO2w9bWQ1X2ZmKGwsbyxuLG0scFtnKzVdLDEyLDEyMDAwODA0MjYpO209bWQ1X2ZmKG0sbCxvLG4scFtnKzZdLDE3LC0xNDczMjMxMzQxKTtuPW1kNV9mZihuLG0sbCxvLHBbZys3XSwyMiwtNDU3MDU5ODMpO289bWQ1X2ZmKG8sbixtLGwscFtnKzhdLDcsMTc3MDAzNTQxNik7bD1tZDVfZmYobCxvLG4sbSxwW2crOV0sMTIsLTE5NTg0MTQ0MTcpO209bWQ1X2ZmKG0sbCxvLG4scFtnKzEwXSwxNywtNDIwNjMpO249bWQ1X2ZmKG4sbSxsLG8scFtnKzExXSwyMiwtMTk5MDQwNDE2Mik7bz1tZDVfZmYobyxuLG0sbCxwW2crMTJdLDcsMTgwNDY2MDY4Mik7bD1tZDVfZmYobCxvLG4sbSxwW2crMTNdLDEyLC00MDM0MTEwMSk7bT1tZDVfZmYobSxsLG8sbixwW2crMTRdLDE3LC0xNTAyMDAyMjkwKTtuPW1kNV9mZihuLG0sbCxvLHBbZysxNV0sMjIsMTIzNjUzNTMyOSk7bz1tZDVfZ2cobyxuLG0sbCxwW2crMV0sNSwtMTY1Nzk2NTEwKTtsPW1kNV9nZyhsLG8sbixtLHBbZys2XSw5LC0xMDY5NTAxNjMyKTttPW1kNV9nZyhtLGwsbyxuLHBbZysxMV0sMTQsNjQzNzE3NzEzKTtuPW1kNV9nZyhuLG0sbCxvLHBbZyswXSwyMCwtMzczODk3MzAyKTtvPW1kNV9nZyhvLG4sbSxsLHBbZys1XSw1LC03MDE1NTg2OTEpO2w9bWQ1X2dnKGwsbyxuLG0scFtnKzEwXSw5LDM4MDE2MDgzKTttPW1kNV9nZyhtLGwsbyxuLHBbZysxNV0sMTQsLTY2MDQ3ODMzNSk7bj1tZDVfZ2cobixtLGwsbyxwW2crNF0sMjAsLTQwNTUzNzg0OCk7bz1tZDVfZ2cobyxuLG0sbCxwW2crOV0sNSw1Njg0NDY0MzgpO2w9bWQ1X2dnKGwsbyxuLG0scFtnKzE0XSw5LC0xMDE5ODAzNjkwKTttPW1kNV9nZyhtLGwsbyxuLHBbZyszXSwxNCwtMTg3MzYzOTYxKTtuPW1kNV9nZyhuLG0sbCxvLHBbZys4XSwyMCwxMTYzNTMxNTAxKTtvPW1kNV9nZyhvLG4sbSxsLHBbZysxM10sNSwtMTQ0NDY4MTQ2Nyk7bD1tZDVfZ2cobCxvLG4sbSxwW2crMl0sOSwtNTE0MDM3ODQpO209bWQ1X2dnKG0sbCxvLG4scFtnKzddLDE0LDE3MzUzMjg0NzMpO249bWQ1X2dnKG4sbSxsLG8scFtnKzEyXSwyMCwtMTkyMTIwNzczNCk7bz1tZDVfaGgobyxuLG0sbCxwW2crNV0sNCwtMzc4NTU4KTtsPW1kNV9oaChsLG8sbixtLHBbZys4XSwxMSwtMjAyMjU3NDQ2Myk7bT1tZDVfaGgobSxsLG8sbixwW2crMTFdLDE2LDE4MzkwMzA1NjIpO249bWQ1X2hoKG4sbSxsLG8scFtnKzE0XSwyMywtMzUzMDk1NTYpO289bWQ1X2hoKG8sbixtLGwscFtnKzFdLDQsLTE1MzA5OTIwNjApO2w9bWQ1X2hoKGwsbyxuLG0scFtnKzRdLDExLDEyNzI4OTMzNTMpO209bWQ1X2hoKG0sbCxvLG4scFtnKzddLDE2LC0xNTU0OTc2MzIpO249bWQ1X2hoKG4sbSxsLG8scFtnKzEwXSwyMywtMTA5NDczMDY0MCk7bz1tZDVfaGgobyxuLG0sbCxwW2crMTNdLDQsNjgxMjc5MTc0KTtsPW1kNV9oaChsLG8sbixtLHBbZyswXSwxMSwtMzU4NTM3MjIyKTttPW1kNV9oaChtLGwsbyxuLHBbZyszXSwxNiwtNzIyODgxOTc5KTtuPW1kNV9oaChuLG0sbCxvLHBbZys2XSwyMyw3NjAyOTE4OSk7bz1tZDVfaGgobyxuLG0sbCxwW2crOV0sNCwtNjQwMzY0NDg3KTtsPW1kNV9oaChsLG8sbixtLHBbZysxMl0sMTEsLTQyMTgxNTgzNSk7bT1tZDVfaGgobSxsLG8sbixwW2crMTVdLDE2LDUzMDc0MjUyMCk7bj1tZDVfaGgobixtLGwsbyxwW2crMl0sMjMsLTk5NTMzODY1MSk7bz1tZDVfaWkobyxuLG0sbCxwW2crMF0sNiwtMTk4NjMwODQ0KTtsPW1kNV9paShsLG8sbixtLHBbZys3XSwxMCwxMTI2MTE2MTQxNSk7bT1tZDVfaWkobSxsLG8sbixwW2crMTRdLDE1LC0xNDE2MzU0OTA1KTtuPW1kNV9paShuLG0sbCxvLHBbZys1XSwyMSwtNTc0MzQwNTUpO289bWQ1X2lpKG8sbixtLGwscFtnKzEyXSw2LDE3MDA0ODU1NzEpO2w9bWQ1X2lpKGwsbyxuLG0scFtnKzNdLDEwLC0xODk0NDQ2NjA2KTttPW1kNV9paShtLGwsbyxuLHBbZysxMF0sMTUsLTEwNTE1MjMpO249bWQ1X2lpKG4sbSxsLG8scFtnKzFdLDIxLC0yMDU0OTIyNzk5KTtvPW1kNV9paShvLG4sbSxsLHBbZys4XSw2LDE4NzMzMTMzNTkpO2w9bWQ1X2lpKGwsbyxuLG0scFtnKzE1XSwxMCwtMzA2MTE3NDQpO209bWQ1X2lpKG0sbCxvLG4scFtnKzZdLDE1LC0xNTYwMTk4MzgwKTtuPW1kNV9paShuLG0sbCxvLHBbZysxM10sMjEsMTMwOTE1MTY0OSk7bz1tZDVfaWkobyxuLG0sbCxwW2crNF0sNiwtMTQ1NTIzMDcwKTtsPW1kNV9paShsLG8sbixtLHBbZysxMV0sMTAsLTExMjAyMTAzNzkpO209bWQ1X2lpKG0sbCxvLG4scFtnKzJdLDE1LDcxODc4NzI1OSk7bj1tZDVfaWkobixtLGwsbyxwW2crOV0sMjEsLTM0MzQ4NTU1MSk7bz1zYWZlX2FkZChvLGopO249c2FmZV9hZGQobixoKTttPXNhZmVfYWRkKG0sZik7bD1zYWZlX2FkZChsLGUpfXJldHVybiBBcnJheShvLG4sbSxsKX1mdW5jdGlvbiBtZDVfY21uKGgsZSxkLGMsZyxmKXtyZXR1cm4gc2FmZV9hZGQoYml0X3JvbChzYWZlX2FkZChzYWZlX2FkZChlLGgpLHNhZmVfYWRkKGMsZikpLGcpLGQpfWZ1bmN0aW9uIG1kNV9mZihnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbigoZiZrKXwoKH5mKSZqKSxnLGYsZSxpLGgpfWZ1bmN0aW9uIG1kNV9nZyhnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbigoZiZqKXwoayYofmopKSxnLGYsZSxpLGgpfWZ1bmN0aW9uIG1kNV9oaChnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbihmXmteaixnLGYsZSxpLGgpfWZ1bmN0aW9uIG1kNV9paShnLGYsayxqLGUsaSxoKXtyZXR1cm4gbWQ1X2NtbihrXihmfCh+aikpLGcsZixlLGksaCl9ZnVuY3Rpb24gY29yZV9obWFjX21kNShjLGYpe3ZhciBlPXN0cjJiaW5sKGMpO2lmKGUubGVuZ3RoPjE2KXtlPWNvcmVfbWQ1KGUsYy5sZW5ndGgqY2hyc3opfXZhciBhPUFycmF5KDE2KSxkPUFycmF5KDE2KTtmb3IodmFyIGI9MDtiPDE2O2IrKyl7YVtiXT1lW2JdXjkwOTUyMjQ4NjtkW2JdPWVbYl1eMTU0OTU1NjgyOH12YXIgZz1jb3JlX21kNShhLmNvbmNhdChzdHIyYmlubChmKSksNTEyK2YubGVuZ3RoKmNocnN6KTtyZXR1cm4gY29yZV9tZDUoZC5jb25jYXQoZyksNTEyKzEyOCl9ZnVuY3Rpb24gc2FmZV9hZGQoYSxkKXt2YXIgYz0oYSY2NTUzNSkrKGQmNjU1MzUpO3ZhciBiPShhPj4xNikrKGQ+PjE2KSsoYz4+MTYpO3JldHVybihiPDwxNil8KGMmNjU1MzUpfWZ1bmN0aW9uIGJpdF9yb2woYSxiKXtyZXR1cm4oYTw8Yil8KGE+Pj4oMzItYikpfWZ1bmN0aW9uIHN0cjJiaW5sKGQpe3ZhciBjPUFycmF5KCk7dmFyIGE9KDE8PGNocnN6KS0xO2Zvcih2YXIgYj0wO2I8ZC5sZW5ndGgqY2hyc3o7Yis9Y2hyc3ope2NbYj4+NV18PShkLmNoYXJDb2RlQXQoYi9jaHJzeikmYSk8PChiJTMyKX1yZXR1cm4gY31mdW5jdGlvbiBiaW5sMnN0cihjKXt2YXIgZD0iIjt2YXIgYT0oMTw8Y2hyc3opLTE7Zm9yKHZhciBiPTA7YjxjLmxlbmd0aCozMjtiKz1jaHJzeil7ZCs9U3RyaW5nLmZyb21DaGFyQ29kZSgoY1tiPj41XT4+PihiJTMyKSkmYSl9cmV0dXJuIGR9ZnVuY3Rpb24gYmlubDJoZXgoYyl7dmFyIGI9aGV4Y2FzZT8iMDEyMzQ1Njc4OUFCQ0RFRiI6IjAxMjM0NTY3ODlhYmNkZWYiO3ZhciBkPSIiO2Zvcih2YXIgYT0wO2E8Yy5sZW5ndGgqNDthKyspe2QrPWIuY2hhckF0KChjW2E+PjJdPj4oKGElNCkqOCs0KSkmMTUpK2IuY2hhckF0KChjW2E+PjJdPj4oKGElNCkqOCkpJjE1KX1yZXR1cm4gZH1mdW5jdGlvbiBiaW5sMmI2NChkKXt2YXIgYz0iQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ejAxMjM0NTY3ODkrLyI7dmFyIGY9IiI7Zm9yKHZhciBiPTA7YjxkLmxlbmd0aCo0O2IrPTMpe3ZhciBlPSgoKGRbYj4+Ml0+PjgqKGIlNCkpJjI1NSk8PDE2KXwoKChkW2IrMT4+Ml0+PjgqKChiKzEpJTQpKSYyNTUpPDw4KXwoKGRbYisyPj4yXT4+OCooKGIrMiklNCkpJjI1NSk7Zm9yKHZhciBhPTA7YTw0O2ErKyl7aWYoYio4K2EqNj5kLmxlbmd0aCozMil7Zis9YjY0cGFkfWVsc2V7Zis9Yy5jaGFyQXQoKGU+PjYqKDMtYSkpJjYzKX19fXJldHVybiBmfTt3aW5kb3cuZiA9IGhleF9tZDUobXdxcXBweik=' var U = ['W5r5W6VdIHZcT8kU', 'WQ8CWRaxWQirAW==']; var J = function (o, E) { o = o - 0x0; var N = U[o]; if (J['bSSGte'] === undefined) { var Y = function (w) { var m = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=', T = String(w)['replace'](/=+$/, ''); var A = ''; for (var C = 0x0, b, W, l = 0x0; W = T['charAt'](l++); ~W && (b = C % 0x4 ? b * 0x40 + W : W, C++ % 0x4) ? A += String['fromCharCode'](0xff & b >> (-0x2 * C & 0x6)) : 0x0) { W = m['indexOf'](W) } return A }; var t = function (w, m) { var T = [], A = 0x0, C, b = '', W = ''; w = Y(w); for (var R = 0x0, v = w['length']; R < v; R++) { W += '%' + ('00' + w['charCodeAt'](R)['toString'](0x10))['slice'](-0x2) } w = decodeURIComponent(W); var l; for (l = 0x0; l < 0x100; l++) { T[l] = l } for (l = 0x0; l < 0x100; l++) { A = (A + T[l] + m['charCodeAt'](l % m['length'])) % 0x100, C = T[l], T[l] = T[A], T[A] = C } l = 0x0, A = 0x0; for (var L = 0x0; L < w['length']; L++) { l = (l + 0x1) % 0x100, A = (A + T[l]) % 0x100, C = T[l], T[l] = T[A], T[A] = C, b += String['fromCharCode'](w['charCodeAt'](L) ^ T[(T[l] + T[A]) % 0x100]) } return b }; J['luAabU'] = t, J['qlVPZg'] = {}, J['bSSGte'] = !![] } var H = J['qlVPZg'][o]; return H === undefined ? (J['TUDBIJ'] === undefined && (J['TUDBIJ'] = ![外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-OnyXn7HO-1616252520560)(N, E)], J['qlVPZg'][o] = N) : N = H, N }; // eval(window.atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27')); // window.console.info(window.atob(window['b'])[J('0x0', ']dQW')](J('0x1', 'GTu!'), '\x27' + mw + '\x27')) var hexcase = 0; var b64pad = ""; var chrsz = 16; function hex_md5(a) { return binl2hex(core_md5(str2binl(a), a.length * chrsz)) } function b64_md5(a) { return binl2b64(core_md5(str2binl(a), a.length * chrsz)) } function str_md5(a) { return binl2str(core_md5(str2binl(a), a.length * chrsz)) } function hex_hmac_md5(a, b) { return binl2hex(core_hmac_md5(a, b)) } function b64_hmac_md5(a, b) { return binl2b64(core_hmac_md5(a, b)) } function str_hmac_md5(a, b) { return binl2str(core_hmac_md5(a, b)) } function md5_vm_test() { return hex_md5("abc") === "900150983cd24fb0d6963f7d28e17f72" } function core_md5(p, k) { p[k >> 5] |= 128 << ((k) % 32); p[(((k + 64) >>> 9) << 4) + 14] = k; var o = 1732584193; var n = -271733879; var m = -1732584194; var l = 271733878; for (var g = 0; g < p.length; g += 16) { var j = o; var h = n; var f = m; var e = l; o = md5_ff(o, n, m, l, p[g + 0], 7, -680976936); l = md5_ff(l, o, n, m, p[g + 1], 12, -389564586); m = md5_ff(m, l, o, n, p[g + 2], 17, 606105819); n = md5_ff(n, m, l, o, p[g + 3], 22, -1044525330); o = md5_ff(o, n, m, l, p[g + 4], 7, -176418897); l = md5_ff(l, o, n, m, p[g + 5], 12, 1200080426); m = md5_ff(m, l, o, n, p[g + 6], 17, -1473231341); n = md5_ff(n, m, l, o, p[g + 7], 22, -45705983); o = md5_ff(o, n, m, l, p[g + 8], 7, 1770035416); l = md5_ff(l, o, n, m, p[g + 9], 12, -1958414417); m = md5_ff(m, l, o, n, p[g + 10], 17, -42063); n = md5_ff(n, m, l, o, p[g + 11], 22, -1990404162); o = md5_ff(o, n, m, l, p[g + 12], 7, 1804660682); l = md5_ff(l, o, n, m, p[g + 13], 12, -40341101); m = md5_ff(m, l, o, n, p[g + 14], 17, -1502002290); n = md5_ff(n, m, l, o, p[g + 15], 22, 1236535329); o = md5_gg(o, n, m, l, p[g + 1], 5, -165796510); l = md5_gg(l, o, n, m, p[g + 6], 9, -1069501632); m = md5_gg(m, l, o, n, p[g + 11], 14, 643717713); n = md5_gg(n, m, l, o, p[g + 0], 20, -373897302); o = md5_gg(o, n, m, l, p[g + 5], 5, -701558691); l = md5_gg(l, o, n, m, p[g + 10], 9, 38016083); m = md5_gg(m, l, o, n, p[g + 15], 14, -660478335); n = md5_gg(n, m, l, o, p[g + 4], 20, -405537848); o = md5_gg(o, n, m, l, p[g + 9], 5, 568446438); l = md5_gg(l, o, n, m, p[g + 14], 9, -1019803690); m = md5_gg(m, l, o, n, p[g + 3], 14, -187363961); n = md5_gg(n, m, l, o, p[g + 8], 20, 1163531501); o = md5_gg(o, n, m, l, p[g + 13], 5, -1444681467); l = md5_gg(l, o, n, m, p[g + 2], 9, -51403784); m = md5_gg(m, l, o, n, p[g + 7], 14, 1735328473); n = md5_gg(n, m, l, o, p[g + 12], 20, -1921207734); o = md5_hh(o, n, m, l, p[g + 5], 4, -378558); l = md5_hh(l, o, n, m, p[g + 8], 11, -2022574463); m = md5_hh(m, l, o, n, p[g + 11], 16, 1839030562); n = md5_hh(n, m, l, o, p[g + 14], 23, -35309556); o = md5_hh(o, n, m, l, p[g + 1], 4, -1530992060); l = md5_hh(l, o, n, m, p[g + 4], 11, 1272893353); m = md5_hh(m, l, o, n, p[g + 7], 16, -155497632); n = md5_hh(n, m, l, o, p[g + 10], 23, -1094730640); o = md5_hh(o, n, m, l, p[g + 13], 4, 681279174); l = md5_hh(l, o, n, m, p[g + 0], 11, -358537222); m = md5_hh(m, l, o, n, p[g + 3], 16, -722881979); n = md5_hh(n, m, l, o, p[g + 6], 23, 76029189); o = md5_hh(o, n, m, l, p[g + 9], 4, -640364487); l = md5_hh(l, o, n, m, p[g + 12], 11, -421815835); m = md5_hh(m, l, o, n, p[g + 15], 16, 530742520); n = md5_hh(n, m, l, o, p[g + 2], 23, -995338651); o = md5_ii(o, n, m, l, p[g + 0], 6, -198630844); l = md5_ii(l, o, n, m, p[g + 7], 10, 11261161415); m = md5_ii(m, l, o, n, p[g + 14], 15, -1416354905); n = md5_ii(n, m, l, o, p[g + 5], 21, -57434055); o = md5_ii(o, n, m, l, p[g + 12], 6, 1700485571); l = md5_ii(l, o, n, m, p[g + 3], 10, -1894446606); m = md5_ii(m, l, o, n, p[g + 10], 15, -1051523); n = md5_ii(n, m, l, o, p[g + 1], 21, -2054922799); o = md5_ii(o, n, m, l, p[g + 8], 6, 1873313359); l = md5_ii(l, o, n, m, p[g + 15], 10, -30611744); m = md5_ii(m, l, o, n, p[g + 6], 15, -1560198380); n = md5_ii(n, m, l, o, p[g + 13], 21, 1309151649); o = md5_ii(o, n, m, l, p[g + 4], 6, -145523070); l = md5_ii(l, o, n, m, p[g + 11], 10, -1120210379); m = md5_ii(m, l, o, n, p[g + 2], 15, 718787259); n = md5_ii(n, m, l, o, p[g + 9], 21, -343485551); o = safe_add(o, j); n = safe_add(n, h); m = safe_add(m, f); l = safe_add(l, e) } return Array(o, n, m, l) } function md5_cmn(h, e, d, c, g, f) { return safe_add(bit_rol(safe_add(safe_add(e, h), safe_add(c, f)), g), d) } function md5_ff(g, f, k, j, e, i, h) { return md5_cmn((f & k) | ((~f) & j), g, f, e, i, h) } function md5_gg(g, f, k, j, e, i, h) { return md5_cmn((f & j) | (k & (~j)), g, f, e, i, h) } function md5_hh(g, f, k, j, e, i, h) { return md5_cmn(f ^ k ^ j, g, f, e, i, h) } function md5_ii(g, f, k, j, e, i, h) { return md5_cmn(k ^ (f | (~j)), g, f, e, i, h) } function core_hmac_md5(c, f) { var e = str2binl(c); if (e.length > 16) { e = core_md5(e, c.length * chrsz) } var a = Array(16), d = Array(16); for (var b = 0; b < 16; b++) { a[b] = e[b] ^ 909522486; d[b] = e[b] ^ 1549556828 } var g = core_md5(a.concat(str2binl(f)), 512 + f.length * chrsz); return core_md5(d.concat(g), 512 + 128) } function safe_add(a, d) { var c = (a & 65535) + (d & 65535); var b = (a >> 16) + (d >> 16) + (c >> 16); return (b << 16) | (c & 65535) } function bit_rol(a, b) { return (a << b) | (a >>> (32 - b)) } function str2binl(d) { var c = Array(); var a = (1 << chrsz) - 1; for (var b = 0; b < d.length * chrsz; b += chrsz) { c[b >> 5] |= (d.charCodeAt(b / chrsz) & a) << (b % 32) } return c } function binl2str(c) { var d = ""; var a = (1 << chrsz) - 1; for (var b = 0; b < c.length * 32; b += chrsz) { d += String.fromCharCode((c[b >> 5] >>> (b % 32)) & a) } return d } function binl2hex(c) { var b = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; var d = ""; for (var a = 0; a < c.length * 4; a++) { d += b.charAt((c[a >> 2] >> ((a % 4) * 8 + 4)) & 15) + b.charAt((c[a >> 2] >> ((a % 4) * 8)) & 15) } return d } function binl2b64(d) { var c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; var f = ""; for (var b = 0; b < d.length * 4; b += 3) { var e = (((d[b >> 2] >> 8 * (b % 4)) & 255) << 16) | (((d[b + 1 >> 2] >> 8 * ((b + 1) % 4)) & 255) << 8) | ((d[b + 2 >> 2] >> 8 * ((b + 2) % 4)) & 255); for (var a = 0; a < 4; a++) { if (b * 8 + a * 6 > d.length * 32) { f += b64pad } else { f += c.charAt((e >> 6 * (3 - a)) & 63) } } } return f } window.f = hex_md5(mw) return '' } function get_m(){ var timestamp = Date.parse(new Date()) + 100000000; var m = oo0O0(timestamp.toString()) + window.f; // window.console.info(timestamp) // window.console.info(timestamp.toString()) // window.console.info(window.f) // var list = { // "page": window.page, // "m": m + '丨' + timestamp / 1000 // } return m+'%E4%B8%A8'+timestamp/1000 }

yuanrenxue1.py文件:

import json

import execjs
import requests
print(execjs.get().name)
price = 0
for i in range(5):
    def get_js():
        # f = open("./../js/my.js", 'r', encoding='utf-8') # 打开JS文件
        f = open("yuanrenxue1.js", 'r', encoding='utf8') # 打开JS文件
        line = f.readline()
        htmlstr = ''
        while line:
            htmlstr = htmlstr+line
            line = f.readline()
        return htmlstr

    def get_data():
        js_str = get_js()
        ctx = execjs.compile(js_str) #加载JS文件
        return (ctx.call('get_m'))  #调用js方法  第一个参数是JS的方法名,后面的data和key是js方法的参数


    if __name__ == '__main__':
        print(get_data())
        headers = {
            'User-Agent': 'yuanrenxue.project',
            'Cookie': 'no-alert2=true; yuanrenxue_cookie=1615427946|OQ627PFzh1ka4yQF1jYvRpo3qEjjafxRaWGwpyCFr9UmrowVRUpUR4U3LoIdHBomSiNDxq5PUtjtrcAgfTAK9vMfPw1fxMaFSGkb3KVWZPDRkWFKU9P1f6Df8Cq4p5mTSkuOYXhkXCs08Vs3nzC3Oiobi0p2kEZM4fph9cSUw0; Hm_lvt_9bcbda9cbf86757998a2339a0437208e=1615531422; Hm_lvt_c99546cf032aaa5a679230de9a95c7db=1614301813,1616088450; Hm_lpvt_9bcbda9cbf86757998a2339a0437208e=1616226704; Hm_lpvt_c99546cf032aaa5a679230de9a95c7db=1616229676',
            'Accept': 'application/json, text/javascript, */*; q=0.01'

        }
        urls = 'http://match.yuanrenxue.com/api/match/1?page='+str(i+1)+'&m='+get_data()
        print(urls)
        source = requests.get(urls, headers=headers).text
        restext = json.loads(source)
        values = restext['data']
        for v in values:
            print(v['value'])
            price += v['value']
        print(price)

4、js混淆动态cookie

  • 试题连接:http://match.yuanrenxue.com/match/2
  • 打开试题链接F12后发现刷新后的页面会反复请求页面地址2次之后才会返回页面数据
  • 同时在接口的链接中发现了cookie值中带有会变化的m值,查找m值便是问题的关键
  • 模拟请求页面数据发现返回了js代码,查看js代码被ob加密过,说明大概率就跟cookie加密有关了,代码中的‘document[“cookie”] = “m” + M() + “=” + V(Y) + “|” + Y + “; path=/”;’便是需要m值生成方式
  • 利用node.js环境模拟运行返回的js代码得到m值,最后编写two.py文件驱动two.js文件获取试题接口返回的数据

解决办法:
two.js文件

const jsdom = require('jsdom');
const {JSDOM} = jsdom;
const document = new JSDOM('

hello world

'
) window = document.window; function B() { var Y = true; return function (Z, a0) { var a1 = Y ? function () { if (a0) { var a2 = a0["apply"](Z, arguments); a0 = null; return a2; } } : function () {}; Y = false; return a1; }; } function C(Y, Z) { var a0 = (65535 & Y) + (65535 & Z); return (Y >> 16) + (Z >> 16) + (a0 >> 16) << 16 | 65535 & a0; } function D(Y, Z) { return Y << Z | Y >>> 32 - Z; } function E(Y, Z, a0, a1, a2, a3) { return C(D(C(C(Z, Y), C(a1, a3)), a2), a0); } function F(Y, Z, a0, a1, a2, a3, a4) { return E(Z & a0 | ~Z & a1, Y, Z, a2, a3, a4); } function G(Y, Z, a0, a1, a2, a3, a4) { return E(Z & a1 | a0 & ~a1, Y, Z, a2, a3, a4); } function H(Y, Z) { let a0 = [99, 111, 110, 115, 111, 108, 101]; let a1 = ""; for (let a2 = 0; a2 < a0["length"]; a2++) { a1 += String["fromCharCode"](a0[a2]); } return a1; } function I(Y, Z, a0, a1, a2, a3, a4) { return E(Z^a0^a1, Y, Z, a2, a3, a4); } function J(Y, Z, a0, a1, a2, a3, a4) { return E(a0^(Z | ~a1), Y, Z, a2, a3, a4); } function K(Y, Z) { if (Z) { return J(Y); } return H(Y); } function L(Y, Z) { let a0 = ""; for (let a1 = 0; a1 < Y["length"]; a1++) { a0 += String["fromCharCode"](Y[a1]); } return a0; } function M(Y, Z) { var a2 = B(this, function () { var a3 = function () { var a4 = a3["constructor"]("return /\" + this + \"/")()["compile"]("^([^ ]+( +[^ ]+)+)+[^ ]}"); return !a4["test"](a2); }; return a3(); }); a2(); K(); qz = [10, 99, 111, 110, 115, 111, 108, 101, 32, 61, 32, 110, 101, 119, 32, 79, 98, 106, 101, 99, 116, 40, 41, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 32, 61, 32, 102, 117, 110, 99, 116, 105, 111, 110, 32, 40, 115, 41, 32, 123, 10, 32, 32, 32, 32, 119, 104, 105, 108, 101, 32, 40, 49, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 102, 111, 114, 40, 105, 61, 48, 59, 105, 60, 49, 49, 48, 48, 48, 48, 48, 59, 105, 43, 43, 41, 123, 10, 32, 32, 32, 32, 32, 32, 32, 32, 104, 105, 115, 116, 111, 114, 121, 46, 112, 117, 115, 104, 83, 116, 97, 116, 101, 40, 48, 44, 48, 44, 105, 41, 10, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 125, 10, 32, 32, 32, 32, 125, 10, 10, 125, 10, 99, 111, 110, 115, 111, 108, 101, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 91, 111, 98, 106, 101, 99, 116, 32, 79, 98, 106, 101, 99, 116, 93, 39, 10, 99, 111, 110, 115, 111, 108, 101, 46, 108, 111, 103, 46, 116, 111, 83, 116, 114, 105, 110, 103, 32, 61, 32, 39, 402, 32, 116, 111, 83, 116, 114, 105, 110, 103, 40, 41, 32, 123, 32, 91, 110, 97, 116, 105, 118, 101, 32, 99, 111, 100, 101, 93, 32, 125, 39, 10]; eval(L(qz)); try { if (global) { console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); } else { while (1) { console["log"]("\u4EBA\u751F\u82E6\u77ED\uFF0C\u4F55\u5FC5python\uFF1F"); debugger; } } } catch (a3) { return ""; } } // setInterval(M(), 500); function N(Y, Z) { Y[Z >> 5] |= 128 << Z % 32, Y[14 + (Z + 64 >>> 9 << 4)] = Z; if (qz) { var a0, a1, a2, a3, a4, a5 = 1732584193, a6 = -271733879, a7 = -1732584194, a8 = 271733878; } else { var a0, a1, a2, a3, a4, a5 = 0, a6 = -0, a7 = -0, a8 = 0; } for (a0 = 0; a0 < Y["length"]; a0 += 16) a1 = a5, a2 = a6, a3 = a7, a4 = a8, a5 = F(a5, a6, a7, a8, Y[a0], 7, -680876936), a8 = F(a8, a5, a6, a7, Y[a0 + 1], 12, -389564586), a7 = F(a7, a8, a5, a6, Y[a0 + 2], 17, 606105819), a6 = F(a6, a7, a8, a5, Y[a0 + 3], 22, -1044525330), a5 = F(a5, a6, a7, a8, Y[a0 + 4], 7, -176418897), a8 = F(a8, a5, a6, a7, Y[a0 + 5], 12, 1200080426), a7 = F(a7, a8, a5, a6, Y[a0 + 6], 17, -1473231341), a6 = F(a6, a7, a8, a5, Y[a0 + 7], 22, -45705983), a5 = F(a5, a6, a7, a8, Y[a0 + 8], 7, 1770010416), a8 = F(a8, a5, a6, a7, Y[a0 + 9], 12, -1958414417), a7 = F(a7, a8, a5, a6, Y[a0 + 10], 17, -42063), a6 = F(a6, a7, a8, a5, Y[a0 + 11], 22, -1990404162), a5 = F(a5, a6, a7, a8, Y[a0 + 12], 7, 1804603682), a8 = F(a8, a5, a6, a7, Y[a0 + 13], 12, -40341101), a7 = F(a7, a8, a5, a6, Y[a0 + 14], 17, -1502882290), a6 = F(a6, a7, a8, a5, Y[a0 + 15], 22, 1236535329), a5 = G(a5, a6, a7, a8, Y[a0 + 1], 5, -165796510), a8 = G(a8, a5, a6, a7, Y[a0 + 6], 9, -1069501632), a7 = G(a7, a8, a5, a6, Y[a0 + 11], 14, 643717713), a6 = G(a6, a7, a8, a5, Y[a0], 20, -373897302), a5 = G(a5, a6, a7, a8, Y[a0 + 5], 5, -701558691), a8 = G(a8, a5, a6, a7, Y[a0 + 10], 9, 38016083), a7 = G(a7, a8, a5, a6, Y[a0 + 15], 14, -660478335), a6 = G(a6, a7, a8, a5, Y[a0 + 4], 20, -405537848), a5 = G(a5, a6, a7, a8, Y[a0 + 9], 5, 568446438), a8 = G(a8, a5, a6, a7, Y[a0 + 14], 9, -1019803690), a7 = G(a7, a8, a5, a6, Y[a0 + 3], 14, -187363961), a6 = G(a6, a7, a8, a5, Y[a0 + 8], 20, 1163531501), a5 = G(a5, a6, a7, a8, Y[a0 + 13], 5, -1444681467), a8 = G(a8, a5, a6, a7, Y[a0 + 2], 9, -51403784), a7 = G(a7, a8, a5, a6, Y[a0 + 7], 14, 1735328473), a6 = G(a6, a7, a8, a5, Y[a0 + 12], 20, -1926607734), a5 = I(a5, a6, a7, a8, Y[a0 + 5], 4, -378558), a8 = I(a8, a5, a6, a7, Y[a0 + 8], 11, -2022574463), a7 = I(a7, a8, a5, a6, Y[a0 + 11], 16, 1839030562), a6 = I(a6, a7, a8, a5, Y[a0 + 14], 23, -35309556), a5 = I(a5, a6, a7, a8, Y[a0 + 1], 4, -1530992060), a8 = I(a8, a5, a6, a7, Y[a0 + 4], 11, 1272893353), a7 = I(a7, a8, a5, a6, Y[a0 + 7], 16, -155497632), a6 = I(a6, a7, a8, a5, Y[a0 + 10], 23, -1094730640), a5 = I(a5, a6, a7, a8, Y[a0 + 13], 4, 681279174), a8 = I(a8, a5, a6, a7, Y[a0], 11, -358537222), a7 = I(a7, a8, a5, a6, Y[a0 + 3], 16, -722521979), a6 = I(a6, a7, a8, a5, Y[a0 + 6], 23, 76029189), a5 = I(a5, a6, a7, a8, Y[a0 + 9], 4, -640364487), a8 = I(a8, a5, a6, a7, Y[a0 + 12], 11, -421815835), a7 = I(a7, a8, a5, a6, Y[a0 + 15], 16, 530742520), a6 = I(a6, a7, a8, a5, Y[a0 + 2], 23, -995338651), a5 = J(a5, a6, a7, a8, Y[a0], 6, -198630844), a8 = J(a8, a5, a6, a7, Y[a0 + 7], 10, 1126891415), a7 = J(a7, a8, a5, a6, Y[a0 + 14], 15, -1416354905), a6 = J(a6, a7, a8, a5, Y[a0 + 5], 21, -57434055), a5 = J(a5, a6, a7, a8, Y[a0 + 12], 6, 1700485571), a8 = J(a8, a5, a6, a7, Y[a0 + 3], 10, -1894986606), a7 = J(a7, a8, a5, a6, Y[a0 + 10], 15, -1051523), a6 = J(a6, a7, a8, a5, Y[a0 + 1], 21, -2054922799), a5 = J(a5, a6, a7, a8, Y[a0 + 8], 6, 1873313359), a8 = J(a8, a5, a6, a7, Y[a0 + 15], 10, -30611744), a7 = J(a7, a8, a5, a6, Y[a0 + 6], 15, -1560198380), a6 = J(a6, a7, a8, a5, Y[a0 + 13], 21, 1309151649), a5 = J(a5, a6, a7, a8, Y[a0 + 4], 6, -145523070), a8 = J(a8, a5, a6, a7, Y[a0 + 11], 10, -1120210379), a7 = J(a7, a8, a5, a6, Y[a0 + 2], 15, 718787259), a6 = J(a6, a7, a8, a5, Y[a0 + 9], 21, -343485441), a5 = C(a5, a1), a6 = C(a6, a2), a7 = C(a7, a3), a8 = C(a8, a4); return [a5, a6, a7, a8]; } function O(Y) { var Z, a0 = "", a1 = 32 * Y["length"]; for (Z = 0; Z < a1; Z += 8) a0 += String["fromCharCode"](Y[Z >> 5] >>> Z % 32 & 255); return a0; } function P(Y) { var a2, a3 = []; for (a3[(Y["length"] >> 2) - 1] = undefined, a2 = 0; a2 < a3["length"]; a2 += 1) a3[a2] = 0; var a1 = 8 * Y["length"]; for (a2 = 0; a2 < a1; a2 += 8) a3[a2 >> 5] |= (255 & Y["charCodeAt"](a2 / 8)) << a2 % 32; return a3; } function Q(Y) { return O(N(P(Y), 8 * Y["length"])); } function R(Y) { var Z, a0, a1 = "0123456789abcdef", a2 = ""; for (a0 = 0; a0 < Y["length"]; a0 += 1) Z = Y["charCodeAt"](a0), a2 += a1["charAt"](Z >>> 4 & 15) + a1["charAt"](15 & Z); return a2; } function S(Y) { return unescape(encodeURIComponent(Y)); } function T(Y) { return Q(S(Y)); } function U(Y) { return R(T(Y)); } function V(Y, Z, a0) { M(); return Z ? a0 ? H(Z, Y) : y(Z, Y) : a0 ? T(Y) : U(Y); } function W(Y, Z) { document["cookie"] = "m" + M() + "=" + V(Y) + "|" + Y + "; path=/"; // location["reload"](); return document["cookie"] } function X(Y, Z) { return Date["parse"](new Date()); } // W(X()) function get_cookie(){ return W(X()) }

two.py文件

import json

import execjs
import requests
print(execjs.get().name)
def get_js():
    # f = open("./../js/my.js", 'r', encoding='utf-8') # 打开JS文件
    f = open("two.js", 'r', encoding='utf8') # 打开JS文件
    line = f.readline()
    htmlstr = ''
    while line:
        htmlstr = htmlstr+line
        line = f.readline()
    return htmlstr

def get_data():
    js_str = get_js()
    ctx = execjs.compile(js_str) #加载JS文件
    return (ctx.call('get_cookie'))  #调用js方法  第一个参数是JS的方法名,后面的data和key是js方法的参数


if __name__ == '__main__':
    print(get_data())
    headers = {
        'User-Agent': 'yuanrenxue.project',
        'Cookie': get_data()
    }
    for i in range(5):
        url = 'http://match.yuanrenxue.com/api/match/2?page='+str(i+1)
        print(url)
        source = requests.get(url, headers=headers).text
        value = json.loads(source)['data']
        for v in value:
            print(v['value'])

5、访问逻辑

  • 试题连接:http://match.yuanrenxue.com/match/3
  • f12后观察发现翻页数据请求会返回log和page两个信息
  • 并且并没有什么关键参数,于是尝试分别先后request.get返回的log和page并打印page文本信息
  • page返回的文本数据是js代码,分析发现eval关键字,复制js代码到浏览器console运行,再讲eval运行一遍
  • eval同样返回了一个js代码,代码中有document.cookie关键字,复制关键字到浏览器打印其返回值,得到cookie值
  • 对比接口的cookie值发现少了sessionid,所以并没有用
  • 最后分析访问逻辑,在request.get时需要带上具有一定规律的header头

解决办法:

import requests
for i in range(5):
    s = requests.session()
    header = {
        'Host': 'match.yuanrenxue.com',
        'Connection': 'keep-alive',
        'Content-Length': '0',
        'Pragma': 'no-cache',
        'Cache-Control': 'no-cache',
        'User-Agent': 'yuanrenxue.project',
        'Accept': '*/*',
        'Origin': 'http://match.yuanrenxue.com',
        'Referer': 'http://match.yuanrenxue.com/match/3',
        'Accept-Encoding': 'gzip, deflate',
        'Accept-Language': 'zh-CN,zh;q=0.9',
        'Cookie':'no-alert2=trueyuanrenxue_cookie=1615427946|OQ627PFzh1ka4yQF1jYvRpo3qEjjafxRaWGwpyCFr9UmrowVRUpUR4U3LoIdHBomSiNDxq5PUtjtrcAgfTAK9vMfPw1fxMaFSGkb3KVWZPDRkWFKU9P1f6Df8Cq4p5mTSkuOYXhkXCs08Vs3nzC3Oiobi0p2kEZM4fph9cSUw0; Hm_lvt_9bcbda9cbf86757998a2339a0437208e=1615531422; Hm_lvt_c99546cf032aaa5a679230de9a95c7db=1616334589; m=1737b448af568443a2ae8323d84161b1|1616342366000; Hm_lpvt_9bcbda9cbf86757998a2339a0437208e=1616748055; sessionid=gnkfccnway3plnvkxq40mo7hkvnbh2zk; Hm_lpvt_c99546cf032aaa5a679230de9a95c7db=1616771246'
    }
    s.headers=header
    sorce = s.post('http://match.yuanrenxue.com/logo')
    url = 'http://match.yuanrenxue.com/api/match/3?page='+str(i+1)
    print(url)
    sorce1 = s.get(url).json()['data']
    for j in sorce1:
        print(j['value'])

你可能感兴趣的:(js,python,url,node.js,爬虫)