使用rpc + Netify 破解boss cookie

首先cookie的值是在main.js里面定义的,我们需要破解这个main.js

使用rpc + Netify 破解boss cookie_第1张图片

使用rpc + Netify 破解boss cookie_第2张图片

在main.js的setGatewayCookie的位置注入代码 注入的代码后续会提供

使用rpc + Netify 破解boss cookie_第3张图片

使用rpc + Netify 破解boss cookie_第4张图片

代码rpc

// https://sekiro.iinti.cn/sekiro-doc/assets/sekiro_web_client.js


  !(function (){

      /*
  Copyright (C) 2020 virjar  for https://github.com/virjar/sekiro

  Redistribution and use in source and binary forms, with or without
  modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.

  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  ARE DISCLAIMED. IN NO EVENT SHALL  BE LIABLE FOR ANY
  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

        //Sekiro 代码开始
        function SekiroClient(wsURL) {
            this.wsURL = wsURL;
            this.handlers = {};
            this.socket = {};
            this.base64 = false;
            // check
            if (!wsURL) {
                throw new Error('wsURL can not be empty!!')
            }
            this.webSocketFactory = this.resolveWebSocketFactory();
            this.connect()
        }

        SekiroClient.prototype.resolveWebSocketFactory = function () {
            if (typeof window === 'object') {
                var theWebSocket = window.WebSocket ? window.WebSocket : window.MozWebSocket;
                return function (wsURL) {

                    function WindowWebSocketWrapper(wsURL) {
                        this.mSocket = new theWebSocket(wsURL);
                    }

                    WindowWebSocketWrapper.prototype.close = function () {
                        this.mSocket.close();
                    };

                    WindowWebSocketWrapper.prototype.onmessage = function (onMessageFunction) {
                        this.mSocket.onmessage = onMessageFunction;
                    };

                    WindowWebSocketWrapper.prototype.onopen = function (onOpenFunction) {
                        this.mSocket.onopen = onOpenFunction;
                    };
                    WindowWebSocketWrapper.prototype.onclose = function (onCloseFunction) {
                        this.mSocket.onclose = onCloseFunction;
                    };

                    WindowWebSocketWrapper.prototype.send = function (message) {
                        this.mSocket.send(message);
                    };

                    return new WindowWebSocketWrapper(wsURL);
                }
            }
            if (typeof weex === 'object') {
                // this is weex env : https://weex.apache.org/zh/docs/modules/websockets.html
                try {
                    console.log("test webSocket for weex");
                    var ws = weex.requireModule('webSocket');
                    console.log("find webSocket for weex:" + ws);
                    return function (wsURL) {
                        try {
                            ws.close();
                        } catch (e) {
                        }
                        ws.WebSocket(wsURL, '');
                        return ws;
                    }
                } catch (e) {
                    console.log(e);
                    //ignore
                }
            }
            //TODO support ReactNative
            if (typeof WebSocket === 'object') {
                return function (wsURL) {
                    return new theWebSocket(wsURL);
                }
            }
            // weex 鍜� PC鐜鐨剋ebsocket API涓嶅畬鍏ㄤ竴鑷达紝鎵€浠ュ仛浜嗘娊璞″吋瀹�
            throw new Error("the js environment do not support websocket");
        };

        SekiroClient.prototype.connect = function () {
            console.log('sekiro: begin of connect to wsURL: ' + this.wsURL);
            var _this = this;
            // 涓峜heck close锛岃
            // if (this.socket && this.socket.readyState === 1) {
            //     this.socket.close();
            // }
            try {
                this.socket = this.webSocketFactory(this.wsURL);
            } catch (e) {
                console.log("sekiro: create connection failed,reconnect after 2s");
                setTimeout(function () {
                    _this.connect()
                }, 2000)
            }

            this.socket.onmessage(function (event) {
                _this.handleSekiroRequest(event.data)
            });

            this.socket.onopen(function (event) {
                console.log('sekiro: open a sekiro client connection')
            });

            this.socket.onclose(function (event) {
                console.log('sekiro: disconnected ,reconnection after 2s');
                setTimeout(function () {
                    _this.connect()
                }, 2000)
            });
        };

        SekiroClient.prototype.handleSekiroRequest = function (requestJson) {
            console.log("receive sekiro request: " + requestJson);
            var request = JSON.parse(requestJson);
            var seq = request['__sekiro_seq__'];

            if (!request['action']) {
                this.sendFailed(seq, 'need request param {action}');
                return
            }
            var action = request['action'];
            if (!this.handlers[action]) {
                this.sendFailed(seq, 'no action handler: ' + action + ' defined');
                return
            }

            var theHandler = this.handlers[action];
            var _this = this;
            try {
                theHandler(request, function (response) {
                    try {
                        _this.sendSuccess(seq, response)
                    } catch (e) {
                        _this.sendFailed(seq, "e:" + e);
                    }
                }, function (errorMessage) {
                    _this.sendFailed(seq, errorMessage)
                })
            } catch (e) {
                console.log("error: " + e);
                _this.sendFailed(seq, ":" + e);
            }
        };

        SekiroClient.prototype.sendSuccess = function (seq, response) {
            var responseJson;
            if (typeof response == 'string' ) {
                try {
                    responseJson = JSON.parse(response);
                } catch (e) {
                    responseJson = {};
                    responseJson['data'] = response;
                }
            } else if (typeof response == 'object') {
                responseJson = response;
            } else {
                responseJson = {};
                responseJson['data'] = response;
            }

            if (typeof response == 'string' ) {
                 responseJson = {};
                responseJson['data'] = response;
            }

            if (Array.isArray(responseJson)) {
                responseJson = {
                    data: responseJson,
                    code: 0
                }
            }

            if (responseJson['code']) {
                responseJson['code'] = 0;
            } else if (responseJson['status']) {
                responseJson['status'] = 0;
            } else {
                responseJson['status'] = 0;
            }
            responseJson['__sekiro_seq__'] = seq;
            var responseText = JSON.stringify(responseJson);
            console.log("response :" + responseText);


            if (responseText.length < 1024 * 6) {
                this.socket.send(responseText);
                return;
            }

            if (this.base64) {
                responseText = this.base64Encode(responseText)
            }

            //澶ф姤鏂囪鍒嗘浼犺緭
            var segmentSize = 1024 * 5;
            var i = 0, totalFrameIndex = Math.floor(responseText.length / segmentSize) + 1;

            for (; i < totalFrameIndex; i++) {
                var frameData = JSON.stringify({
                        __sekiro_frame_total: totalFrameIndex,
                        __sekiro_index: i,
                        __sekiro_seq__: seq,
                        __sekiro_base64: this.base64,
                        __sekiro_is_frame: true,
                        __sekiro_content: responseText.substring(i * segmentSize, (i + 1) * segmentSize)
                    }
                );
                console.log("frame: " + frameData);
                this.socket.send(frameData);
            }
        };

        SekiroClient.prototype.sendFailed = function (seq, errorMessage) {
            if (typeof errorMessage != 'string') {
                errorMessage = JSON.stringify(errorMessage);
            }
            var responseJson = {};
            responseJson['message'] = errorMessage;
            responseJson['status'] = -1;
            responseJson['__sekiro_seq__'] = seq;
            var responseText = JSON.stringify(responseJson);
            console.log("sekiro: response :" + responseText);
            this.socket.send(responseText)
        };

        SekiroClient.prototype.registerAction = function (action, handler) {
            if (typeof action !== 'string') {
                throw new Error("an action must be string");
            }
            if (typeof handler !== 'function') {
                throw new Error("a handler must be function");
            }
            console.log("sekiro: register action: " + action);
            this.handlers[action] = handler;
            return this;
        };

        SekiroClient.prototype.encodeWithBase64 = function () {
            this.base64 = arguments && arguments.length > 0 && arguments[0];
        };

        SekiroClient.prototype.base64Encode = function (s) {
            if (arguments.length !== 1) {
                throw "SyntaxError: exactly one argument required";
            }

            s = String(s);
            if (s.length === 0) {
                return s;
            }

            function _get_chars(ch, y) {
                if (ch < 0x80) y.push(ch);
                else if (ch < 0x800) {
                    y.push(0xc0 + ((ch >> 6) & 0x1f));
                    y.push(0x80 + (ch & 0x3f));
                } else {
                    y.push(0xe0 + ((ch >> 12) & 0xf));
                    y.push(0x80 + ((ch >> 6) & 0x3f));
                    y.push(0x80 + (ch & 0x3f));
                }
            }

            var _PADCHAR = "=",
                _ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
                _VERSION = "1.1";//Mr. Ruan fix to 1.1 to support asian char(utf8)

            //s = _encode_utf8(s);
            var i,
                b10,
                y = [],
                x = [],
                len = s.length;
            i = 0;
            while (i < len) {
                _get_chars(s.charCodeAt(i), y);
                while (y.length >= 3) {
                    var ch1 = y.shift();
                    var ch2 = y.shift();
                    var ch3 = y.shift();
                    b10 = (ch1 << 16) | (ch2 << 8) | ch3;
                    x.push(_ALPHA.charAt(b10 >> 18));
                    x.push(_ALPHA.charAt((b10 >> 12) & 0x3F));
                    x.push(_ALPHA.charAt((b10 >> 6) & 0x3f));
                    x.push(_ALPHA.charAt(b10 & 0x3f));
                }
                i++;
            }


            switch (y.length) {
                case 1:
                    var ch = y.shift();
                    b10 = ch << 16;
                    x.push(_ALPHA.charAt(b10 >> 18) + _ALPHA.charAt((b10 >> 12) & 0x3F) + _PADCHAR + _PADCHAR);
                    break;

                case 2:
                    var ch1 = y.shift();
                    var ch2 = y.shift();
                    b10 = (ch1 << 16) | (ch2 << 8);
                    x.push(_ALPHA.charAt(b10 >> 18) + _ALPHA.charAt((b10 >> 12) & 0x3F) + _ALPHA.charAt((b10 >> 6) & 0x3f) + _PADCHAR);
                    break;
            }

            return x.join("");
        };

        //Sekiro 代码结束

    function startRpc(){
        function guid() {
            function S4() {
                  return (((1+Math.random())*0x10000)|0).toString(16).substring(1);
            }
            return (S4()+S4()+"-"+S4()+"-"+S4()+"-"+S4()+"-"+S4()+S4()+S4());
        }
        var client = new SekiroClient("ws://127.0.0.1:5620/business-demo/register?group=boss&clientId=" + guid());
        client.registerAction("get_cookie",function(request, resolve,reject ){
            e = request['seed']
            t = request['ts']
            n = (new a).z(e, parseInt(t) + 60 * (480 + (new Date).getTimezoneOffset()) * 1e3)
            resolve(encodeURIComponent(n));
        })
        }
        setTimeout(startRpc,1000)
    })()


先启动sekiro

使用rpc + Netify 破解boss cookie_第5张图片

将修改后的main.js代码复制到netify中 点击save

使用rpc + Netify 破解boss cookie_第6张图片

可以看到listening

使用rpc + Netify 破解boss cookie_第7张图片 

可以看到建立的rpc链接

使用rpc + Netify 破解boss cookie_第8张图片

使用python代码测试

from urllib import parse
import random
import urllib3,requests
urllib3.disable_warnings()

def get_seed_ts():
    url = f"https://www.zhipin.com/job_detail/"
    headers = {
        "user-agent": f"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/{random.randint(1, 999)}.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36",
    }
    response = requests.get(url, headers=headers )
    query_str = parse.urlparse(response.url).query
    query_dict = {i.split("=")[0]: i.split("=")[1] for i in query_str.split("&")}
    seed = parse.unquote(query_dict.get("seed"))
    ts = query_dict.get("ts")
    return seed,ts

def get_sig():
    seed,ts = get_seed_ts()
    data = {
        "group": "boss",
        "action": "get_cookie",
        'seed':seed,
        'ts': ts
    }
    res = requests.post(url="http://127.0.0.1:5620/business-demo/invoke", data=data, verify=False)
    if res.status_code == 200:
        return res.json().get('data')

def get_index():
    url = 'https://www.zhipin.com/job_detail/c59e3a17447d62721XN72NW7EVVV.html?lid=4f36M76to34.search.1&securityId=p35MsfaUta4LW-k1_xFf_Z7qtp5N92hRxO0bPFmTrm_tNusGjRqKwKSv0-pmwqAUNaJT67olFeqUMoGnQyhN-MGULeUq290qcaZWuXkFvh-WeSxB_A%7E%7E&sessionId='
    token = get_sig()
    print(token)
    headers = {
        "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
        "cookie": f"__zp_stoken__={token}"
    }
    res =requests.get(url,headers=headers)
    print(res.text)

get_index()
# print(get_seed_ts())


正常输出

使用rpc + Netify 破解boss cookie_第9张图片

 

你可能感兴趣的:(爬虫基础知识,前端,爬虫)