地址:https://www.python-spider.com/challenge/1 逆向参数:safe
比对第2,3页headers,只有safe变化,timestamp是时间戳
fiddler,等待一段时间后,重放攻击失效 全局搜safe,就是一个md5,9622 +时间戳处理
二、还原
就是一个时间戳+9622参数,经base64,然后md5
直接用python代码还原
# -*- coding: utf-8 -*-
"""
-------------------------------------------------
# @Project :js_pro
# @File :demo
# @Date :2022/2/21 14:17
# @Author :wenwenc9
# @Email :1095581956@qq.com
# @Software :PyCharm
-------------------------------------------------
"""
import requests
import hashlib
import time
import base64
timestamp = str(int(time.time()))
sr = '9622' + str(timestamp)
sr = base64.encodebytes(sr.encode('utf-8')).decode().strip()
pwd = hashlib.md5()
pwd.update(sr.encode('utf-8'))
safe = pwd.hexdigest()
print(safe)
# import execjs
# with open('md5.js') as f:
# js = f.read()
# safe = execjs.compile(js).call('hex_md5', sr)
headers = {
'authority': 'www.python-spider.com',
'pragma': 'no-cache',
'cache-control': 'no-cache',
'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36',
'accept': 'application/json, text/javascript, */*; q=0.01',
'timestamp': timestamp,
'x-requested-with': 'XMLHttpRequest',
'sec-ch-ua-platform': '"Windows"',
'safe': safe,
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
'referer': 'https://www.python-spider.com/challenge/1',
'accept-language': 'zh-CN,zh;q=0.9',
'cookie': 'Hm_lvt_337e99a01a907a08d00bed4a1a52e35d=1644291145,1645424028; no-alert=true; sessionid=mh0eqnz1ncov0mlsjfzbbl7so4wf893w; Hm_lpvt_337e99a01a907a08d00bed4a1a52e35d=1645424118',
}
params = (
('page', '2'),
('count', '14'),
)
response = requests.get('https://www.python-spider.com/challenge/api/json', headers=headers, params=params)
print(response.json())
或者用它本身的md5.js
|