zoukankan      html  css  js  c++  java
  • js逆向相关内容

    js中常用方法

    如果遇到aes或者rsa这种比较常规的加密,可以引入一个js的加密解密包进行解密,如果报错可能是需要安装

    var CryptoJS = require("crypto-js")



    如果提示缺少windows,那么可以下载另一个包
     const jsdom = require("jsdom");
    const { JSDOM } = jsdom;
    const dom = new JSDOM('<!DOCTYPE html><p>Hello world</p>');
    window = dom.window;

    也有人使用window={}或者window=this之类的方法,不过容易暴毙。
    如果有数据压缩可以用,最典型的是中医智库
    pako = require('pako')
    decrypted = pako.inflate(decrypted, {to: "string"});



    有些网站会对浏览器环境做进一步检测,可以使用下面方法进行伪造

    window = global;
    var document = new Object();
    var params = {
    location:{
    hash: "",
    host: "localhost:63342",
    hostname: "localhost",
    // href: "http://localhost:63342/SpiderTest/index.html?_ijt=cbm25vhb9cva9uad3qdo901n7u",
    origin: "http://localhost:63342",
    pathname: "/SpiderTest/index.html",
    port: "63342",
    protocol: "http:",
    search: "?_ijt=cbm25vhb9cva9uad3qdo901n7u"
    },
    navigator:{
    appCodeName: "Mozilla",
    appName: "Netscape",
    appVersion: "5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
    cookieEnabled: true,
    deviceMemory: 8,
    doNotTrack: null,
    hardwareConcurrency: 4,
    language: "zh-CN",
    languages: ["zh-CN", "zh"],
    maxTouchPoints: 0,
    onLine: true,
    platform: "Win32",
    product: "Gecko",
    productSub: "20030107",
    userAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36",
    vendor: "Google Inc.",
    vendorSub: "",
    }
    };

    Object.assign(window,params);





    python 文件中执行js函数的方法:
    def get_js():
    f = open("core.js", 'r', encoding='utf-8') # 打开JS文件
    line = f.readline()
    htmlstr = ''
    while line:
    htmlstr = htmlstr+line
    line = f.readline()
    return htmlstr

    def get_des_psswd(g):

    jsstr = get_js()
    ctx = execjs.compile(jsstr) # 加载JS文件
    params = ctx.call('get_song',g).split('+++++++')
    param = params[0]
    encSecKey = params[1]

    get_js()函数用来读取js文件的内容
    get_des_passwd函数用来执行js函数,ctx.call为具体调用的方法,get_song为js里自己定义的函数的名字,g为传给这个函数的参数
    使用上述方法之前要引入包
    import requests
    import execjs
    node = execjs.get()
    之前需要安装node.js,安装node.js请参考网上的教程,安装完毕后大部分的机器需要重启才能生效
    node = execjs.get()
    用来检测是否生效



  • 相关阅读:
    Tree UVA
    stringstream的使用
    Trees on the level UVA
    strchr和strstr函数
    sscanf的用法
    Dropping Balls UVA
    Boxes in a Line UVA
    Broken Keyboard (a.k.a. Beiju Text) UVA
    Matrix Chain Multiplication (堆栈)
    出栈次序
  • 原文地址:https://www.cnblogs.com/mypath/p/14016052.html
Copyright © 2011-2022 走看看