Python 爬虫进阶必备 | 某水利加密信息逻辑分析 ｜ 8月更文挑战

今日网站

aHR0cDovL3ljLndzd2oubmV0L2Foc3h4L0xPTC9wdWJsaWMvcHVibGljLmh0bWw=

关注水文信息，请勿高频测试

加密定位

这个站是返回信息加密，所以先看看信息返回的请求

找不到的同学，请清空请求，点一下页面上如下的图标

然后在 network 可以看到如下的请求

请求返回的内容如下

现在需要找的就是data的解密逻辑

快速的定位这里不适用xhr断点，使用xhr断点断住的地方是xhr请求发出的地方

我们需要分析的方法是解密方法，在逻辑上在请求发出之后。

所以可以参考我之前说的关联法

“

如果检索参数名得到的结果过多，可以检索 request/response 的其他参数，参数名约特殊越好

这里返回的值是中带有respCode

所以全局检索respCode，结果如下

讲这个文件中涉及respCode逻辑的两处都打上断点，然后刷新

可以看到断点的位置如下

这逻辑比较简单，可以看出解密的逻辑在waterSecurity.decode(e)里

追进去就看到下面的逻辑了

加密逻辑分析

这个逻辑就很简单了，涉及到utf8to16和base64

base64 如何在 js 中直接引用，之前也在文章中写好了，可以翻一下之前的文章看看代码做参考

直接把整个文件拿下来，直接使用waterSecurity.decode(data)这样的形式就可以调用了

感兴趣的可以自己使用 Python 复写算法，非常简单

import base64
def decode(data):
    # data = data.substring(3, data.length)
    data = data[3:len(data)]
    endTag = data[len(data) - 4:]
    tagsStr = data[data.index(endTag):]
    tags = list()
    tagsStr = tagsStr[4: len(tagsStr) - 4]
    print(tagsStr)
    content = dict()
    for i in range(len(tagsStr)):
        if i * 4 >= len(tagsStr):
            break
        if i * 4 + 4 < len(tagsStr):
            tag = tagsStr[i * 4:i * 4 + 4]
        else:
            tag = tagsStr[i * 4:]
        # tags[i] = tag
        tags.append(tag)
        content[tag] = None
    positions = GetTagsPosition(data, tags)
    tags = tags
    index = 0
    for i in range(len(positions)):
        msg = data[index: positions[i]]
        tag = data[positions[i]: positions[i] + 4]
        content[tag] = msg
        index = positions[i] + 4
    result = ""
    for i in range(len(tags)):
        result += content[tags[i]]
    return result


def GetTagsPosition(data, tags):
    positions = list()
    for i in range(len(tags)):
        # positions[i] = data.index(tags[i])
        positions.append(data.index(tags[i]))
    positions.sort()
    return positions


if __name__ == "__main__":
    a = "2.1IiwNCiAgICAgICJ0eXBlIjogIuWunuWGtSIsDQogICAgICAiZm9yZWlutx*vIuawlOixoSIsDQogICAgICAidGltZSI6ICIyMDIxLTA3LTI4IDEwOjAwu*xQMjggMTA6MDA6MDAiDQogICAgfQ0KICBdLA0KICAiZGF0YTEyIjogWw0KO*cOMyI6IFtdLA0KICAiZGF0YTYiOiBbDQogICAgew0KICAgICAgIngiOiAiwHb*ICAgIHsNCiAgICAgICJ4IjogIjExNi4xNzU4MzMiLA0KICAgICAgInkiV*gONjExIiwNCiAgICAgICJ6bSI6ICLpk4HlhrIiLA0KICAgICAgInpoIjoggAD*nuWGtSIsDQogICAgICAiZm9yZWluZm8iOiAiMjAyMS83LzI3IDIyOjAwy*ziIjogIuaAgOWugeWOvyIsDQogICAgICAieGlhbmciOiAi5bCP5biC6ZWHQC*V54G155Kn5Y6/5rC05Yip5bGAIiwNCiAgICAgICJ0aW1lIjogIjIwMjEtcxp*NC44IiwNCiAgICAgICJnbGR3IjogIuawlOixoSIsDQogICAgICAidGltU*GP6ZOB5Yay5LmhIiwNCiAgICAgICJyYWluIjogIjE0Ny4xIiwNCiAgICAgOC*wICAieGlhbmciOiAi5bu66aKN5LmhIiwNCiAgICAgICJyYWluIjogIjE1Atb*IiwNCiAgICAgICJyYWluIjogIjIwMS44IiwNCiAgICAgICJnbGR3Ijog*RztLTI4IDEwOjAwIiwNCiAgICAgICJ0eXBlIjogIuWunuWGtSIsDQogICAgd*vgNi42NzUyNzgiLA0KICAgICAgInkiOiAiMzAuNjA1ODMzIiwNCiAgICAgIhr*ICAgInpoIjogIjUwNTQwMDY0IiwNCiAgICAgICJzaGkiOiAi5YWt5a6JH*ZK5biCIiwNCiAgICAgICJ4aWFuIjogIumHkeWvqOWOvyIsDQogICAgICAi*ADFICAgIHsNCiAgICAgICJ4IjogIjExNS42ODA5OTMiLA0KICAgICAgInkiyZQ*ICAiZm9yZWluZm8iOiAiMjAyMS83LzI3IDIyOjAwOjAwLDIwMjEvNy8y*IkSICAgICAgInpoIjogIjk5Mjc2NlFYIiwNCiAgICAgICJzaGkiOiAi6ZicGR*TeGlhbmciOiAi6ZOB5Yay5LmhIiwNCiAgICAgICJyYWluIjogIjE2OS41Qb*CICJnbGR3IjogIuawlOixoSIsDQogICAgICAidGltZSI6ICIyMDIxLTA3q*WqICJ6bSI6ICLlm5vogZTlnKkiLA0KICAgICAgInpoIjogIjk5Njg3MlFYc*LtMCINCiAgICB9DQogIF0NCn0=nTY*OiAiMzIuNzUxMTExIiwNCiAgICAgICJ6bSI6ICLlu7rpoo3kuaEiLA0KKZT*eXBlIjogIuWunuWGtSIsDQogICAgICAiZm9yZWluZm8iOiAiMjAyMS83u*jBZm8iOiAiMjAyMS83LzI3IDIyOjAwOjAwLDIwMjEvNy8yOCAxMDowMDowv*PP6Ziz5biCIiwNCiAgICAgICJ4aWFuIjogIumijeS4iuWOvyIsDQogICAgU*kBMTE3LjY1Mzc1MCIsDQogICAgICAieSI6ICIzMy45NTYzOTAiLA0KICAgTi*BICAgICJmb3JlaW5mbyI6ICIyMDIxLzcvMjggNDowMDowMCwyMDIxLzcvY*zUICAgICJ4aWFuIjogIumHkeWvqOWOvyIsDQogICAgICAieGlhbmciOiAi*INJZSI6ICIyMDIxLTA3LTI4IDEwOjAwIiwNCiAgICAgICJ0eXBlIjogIuWuBwV*OjAwLDIwMjEvNy8yOCAxMDowMDowMCINCiAgICB9LA0KICAgIHsNCiAgDo*OLzI3IDIyOjAwOjAwLDIwMjEvNy8yOCAxMDowMDowMCINCiAgICB9LA0K*ZQaIiwNCiAgICAgICJzaGkiOiAi5a6J5bqG5biCIiwNCiAgICAgICJ4aWFua*LQew0KICAiZGF0YTEiOiBbXSwNCiAgImRhdGEyIjogW10sDQogICJkYXRhWlb*OiAi54G155Kn5Y6/IiwNCiAgICAgICJ4aWFuZyI6ICLmnJ3pmLPplYcin*OLICAgICAidGltZSI6ICIyMDIxLTA3LTI4IDEwOjAwIiwNCiAgICAgICJ0*VsIIjk5NDQxNVFYIiwNCiAgICAgICJzaGkiOiAi5YWt5a6J5biCIiwNCiAg*ynwMDctMjggMTA6MDAiLA0KICAgICAgInR5cGUiOiAi5a6e5Ya1IiwNCiAgEq*ZICAgICJ4IjogIjExNS42NzU1NTYiLA0KICAgICAgInkiOiAiMzEuNzQzmK*LOCAxMDowMDowMCINCiAgICB9LA0KICAgIHsNCiAgICAgICJ4IjogIjExvR*AOiAiMzEuNzQ0NjI4IiwNCiAgICAgICJ6bSI6ICLpk4HlhrIiLA0KICAglk*NICAgInptIjogIuS5nemhtiIsDQogICAgICAiemgiOiAiNTA5MTEwMzQiAV*MLA0KICAgICAgInJhaW4iOiAiMTI4LjUiLA0KICAgICAgImdsZHciOiAiq*LRIiwNCiAgICAgICJnbGR3IjogIumHkeWvqOWOv+awtOWIqeWxgCIsDQogT*afLA0KICAgICAgInNoaSI6ICLlrr/lt57luIIiLA0KICAgICAgInhpYW4iQp*Akd*nWlb*wHb*Ti*BAV*MQp*An*OLq*LRcxp*Eq*ZY*zUO*cOyZQ*lk*NH*ZK*ADFQb*CT*af*VsIu*jB*ZQaV*gOKZT*GR*TU*kBAtb*U*GPBwV*y*ziDo*OmK*LgAD**ynw*INJOC*wq*Wqd*vg*IkSvR*AIhr*c*Lta*LQQC*V*Rztu*xQtx*vv*PPnTY*kd*n"
    result = decode(a)
    kk = base64.b64decode(result.encode("utf-8")).decode("utf-8")
    print(kk)

以上就是今天的全部内容了，咱们下次再会~