当前位置:网站首页>First issue of JS reverse tutorial
First issue of JS reverse tutorial
2022-07-07 09:35:00 【Little w who learns programming】
JS The first issue of reverse tutorial
Project brief introduction
- This article is suitable for novice crawlers js Read in reverse , Preliminary contact JS reverse , Not very familiar with reverse operation , This article can be used as a reference , First step , If there's a big guy , Criticism and correction are also welcome
- This article takes Enterprise name Technology Take this website as an example , A preliminary introduction JS Reverse basic operation
Environmental preparation
- This project involves JS Debugging verification of , So there needs to be Chrome browser ,Nodejs(js Operating environment ),WebStorm(IDE)
- nodejs Download and install it directly from the official website , After installation, enter node --version, If the version number appears, the installation is successful .
- WebStorm Activation is required after installation , There are many Baidu activation tutorials , Search by yourself , if necessary , You can also comment or send me a private letter to get the tutorial .
The analysis process
First , Go to the website https://www.qimingpian.cn/finosda/project/pinvestment:
View the source code :
It's all js A file called , Data cannot be obtained directly through source code . Open developer tools , Carry out the bag , choice Fetch/XHR And documentation , To view the requests sent by the website :
You can see that there is productListVip and industryFiledVip Two documents , Blind guess the first file is the tag list of the page , The second file is the company data of the page *-.-*, Click the first file and find that there is data encrypt_data, But it's encrypted data , So you need to js Document analysis :
First , We can blindly guess that the data is the data we need , Then we can run for the purpose of decrypting the data js debugging ,
First , since js There is a code that encrypts the data in the file , Then there must be code to decrypt the data , Because at last, it will be displayed again html Come on , If not decrypted , How to display it ?
therefore , We can... Again source Find the... Used by the page in the panel js Code file :
Choose what we need to debug js file , Check the source code of the previous page , We can choose first app.c68… This js File debugging , On the right side of the source code page “XHR/ Extract breakpoints ”, Its function is to request data on the page , Stop it . If the code is stacked on one line , You can click {} Format symbols .
We set up XHR The breakpoint :
When the request data URL contains industryFiledVip Time is truncated , Refresh the page , You can find that debugging has started :
We can keep going , If you find suspicious code , You can place the mouse over the variable to view the value of the variable :
You can also output the value of this variable directly on the console :
here , We debugged , You can locate suspicious data in the statement in the following figure :
Output this parameter , View the data :
You can find , This data seems to be what we need industryFiledVip In the document encrypt_data Parameters , At this point, our goal is very clear , Is to find the function that decrypts this parameter .
At this time, function call execution , Check the function called in this statement :
At this time, we can see that there is a s(e) function , There are pairs json Code for parsing , At this time, we output this on the console s(e) The result of function execution :
here , We can see it clearly , The return value of this function is the data we want , That is, the result of decrypting the previously encrypted data , So this function is internal o() The function must be used to decrypt encrypted data , And only one of the parameters is the result of function execution , The rest are written dead .
Now we turn it on WebStorm, Create a new one js file , Copy all the functions involved to js In file :
The final will be entry_data Bring it into the function to perform the operation , You can get the data you want , You can proceed to the next step :
thus , This time, it is relatively simple js Reverse is the end , Welcome to criticize and correct .(*.*)
边栏推荐
猜你喜欢
[bw16 application] Anxin can realize mqtt communication with bw16 module / development board at instruction
Pycharm create a new file and add author information
Nested (multi-level) childrn routes, query parameters, named routes, replace attribute, props configuration of routes, params parameters of routes
VSCode+mingw64
Oracle安装增强功能出错
Unittest simple project
12、 Sort
Variable parameter of variable length function
[4g/5g/6g topic foundation-146]: Interpretation of white paper on 6G overall vision and potential key technologies-1-overall vision
Using JWT to realize login function
随机推荐
【云原生】DevOps(一):DevOps介绍及Code工具使用
Leetcode daily questions (2316. count unreachable pairs of nodes in an undirected graph)
Yapi test plug-in -- cross request
Add new item after the outbound delivery order of SAP mm sto document is created?
[4G/5G/6G专题基础-146]: 6G总体愿景与潜在关键技术白皮书解读-1-总体愿景
网易云微信小程序
Loxodonframework quick start
如何成为一名高级数字 IC 设计工程师(5-2)理论篇:ULP 低功耗设计技术精讲(上)
Entity of cesium data visualization (Part 1)
scrapy爬虫mysql,Django等
华为HCIP-DATACOM-Core_03day
Jmeters use
JMeter JDBC batch references data as input parameters (the simplest method for the whole website)
Nested (multi-level) childrn routes, query parameters, named routes, replace attribute, props configuration of routes, params parameters of routes
Error: selenium common. exceptions. WebDriverException: Messag‘geckodriver‘ execute
H5网页播放器EasyPlayer.js如何实现直播视频实时录像?
asp. How to call vb DLL function in net project
Liunx command
NATAPP内网穿透
華為HCIP-DATACOM-Core_03day