抓包xhr,发现被加密的内容
一直变化的是pwd,Challenge,Validate其中后两个是验证码参数,这里无法模拟。
pwd,直接全局搜索,如下:
其中key_to_encode来源搜不到,直接从页面中搜,搜到了。
跟值encryptedString,进入如下:
?将RSA.js整个扣下来,然后下边是python代码:
import execjs
import requests
import re
index_url = ''
login_url = ''
user_agent = 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36'
session = requests.session()
session.keep_alive = False
headers = {
'User-Agent': user_agent,
'Host': 'passport.fang.com',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'sec-ch-ua': '"Chromium";v="21", " Not;A Brand";v="99"',
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
'X-Requested-With': 'XMLHttpRequest',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'Origin': 'https://passport.fang.com',
'Referer': 'https://passport.fang.com/',
}
def get_key_to_encode():
response = session.get(url=index_url, headers=headers,verify=False)
key_to_encode = re.findall(r'RSAKeyPair\((.*)\);', response.text)[0].replace('"', '').split(', ')
return key_to_encode
def get_encrypted_password(pwd):
with open('RSA.js', 'r', encoding='utf-8') as f:
weibo_js = f.read()
encrypted_password = execjs.compile(weibo_js).call('encryptedString',pwd)
return encrypted_password
def login(encrypted_password):
data = {
'uid': "13333333333",
'pwd': encrypted_password,
'Service': 'soufun-passport-web',
'AutoLogin': 1
}
response = session.post(url=login_url, data=data, headers=headers)
print(response.json())
if __name__ == '__main__':
# main()
rsa_key=get_key_to_encode()
print(rsa_key[0])
encrypted_pwd = get_encrypted_password("666666")
print(encrypted_pwd)
