当前位置：首页 > news >正文

【码上爬】题十九：法外狂徒相应数据加密还原，堆栈分析，扣代码

news 2026/5/24 1:56:19

暗号：aHR0cHM6Ly9tYXNoYW5ncGEuY29tL3Byb2JsZW0tZGV0YWlsLzE5Lw==

题目：

先对接口进行分析，参数中并没有任何加密，只是返回的数据是加密的，一个R 一个k

推测r是数据内容，k是解密密钥，进入堆栈以后，一眼就能够看到这里使用JSON.parse()函数将浏览器数据转为了json, 如果看不到这个函数，当然也可以使用JSON.parse hook脚本：

所以接下来需要扣，DES3.decrypt的执行逻辑，这里非常简单，过程省略，几行代码就扣完了：

然后白那些python代码就能正确解析数据了：

附上python代码（headers和cookie已经删除）：

import requests import execjs import json headers = {} cookies = {} url = "https://mashangpa.com/api/problem-detail/19/data/" params = { "page": "4" } response = requests.get(url, headers=headers, cookies=cookies, params=params).json() r = response['r'] k = response['k'] data = execjs.compile(open('1.js', 'r', encoding='utf-8').read()).call('result', r, k) data = json.dumps(data) print(data)

全部JS代码：

CryptoJS = require("crypto-js"); formatDate= function(v, format) { if (!v) return ""; var d = v; if (typeof v === 'string') { if (v.indexOf("/Date(") > -1) d = new Date(parseInt(v.replace("/Date(", "").replace(")/", ""), 10)); else d = new Date(Date.parse(v.replace(/-/g, "/").replace("T", " ").split(".")[0])); // 用来处理出现毫秒的情况，截取掉.xxx，否则会出错 } else if (typeof v === "number") { d = new Date(v); } var o = { "M+": d.getMonth() + 1, // month "d+": d.getDate(), // day "h+": d.getHours(), // hour "m+": d.getMinutes(), // minute "s+": d.getSeconds(), // second "q+": Math.floor((d.getMonth() + 3) / 3), // quarter "S": d.getMilliseconds()// millisecond }; format = format || "yyyy-MM-dd"; if (/(y+)/.test(format)) { format = format.replace(RegExp.$1, (d.getFullYear() + "").substr(4 - RegExp.$1.length)); } for (var k in o) { if (new RegExp("(" + k + ")").test(format)) { format = format.replace(RegExp.$1, RegExp.$1.length == 1 ? o[k] : ("00" + o[k]).substr(("" + o[k]).length)); } } return format; } var DES3 = { iv: function() { return formatDate(new Date(), "yyyyMMdd") }, encrypt: function(b, c, a) { if (c) { return (CryptoJS.TripleDES.encrypt(b, CryptoJS.enc.Utf8.parse(c), { iv: CryptoJS.enc.Utf8.parse(a || DES3.iv()), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })).toString() } return "" }, decrypt: function(b, c, a) { if (c) { return CryptoJS.enc.Utf8.stringify(CryptoJS.TripleDES.decrypt(b, CryptoJS.enc.Utf8.parse(c), { iv: CryptoJS.enc.Utf8.parse(a || DES3.iv()), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })).toString() } return "" } }; k = "pwZ5LAbpWW2qNsOAqKuk9XWL" r = "90t5KsePIFpldULDbeJM2qDMrLUh5+qT0V347d81iFb46ZbMADrkNIXB9bA/m6Hn/33HOjzS5FnolCMT7h1jGPgrP8YL5IKWNstfUr4FJxyaa75WCUCm2iXqqqE/dDydEUbIaYsj0d/J72Zek1VaUewUQo8p63knZCWhl5mbfTAqjIsIC6hWr1tJxlvE3dLspUPkHZJuHib0BdDPZk+VaWc2WKX0CMZev9y6riB45rxqDdd446fxtwfEv4u8l0kDVSwPIkfabAIjFEwktsguwNj5QdNtpc29bQwDxe6PTdwYdOfcyxZ/9lYn2G18hjvAOAAOttjQOPPAc8aLNDDeRnv67yrzC5XbmZUokf8lI07GKXZATzp0x89VWvs7/9bfd706nY4vQEIydTYMwH32Dt+2ulgH1NSOVCgKbffg67kIsmxoenTkAkbB+tzL2hdHGmi600BbxzqUZ3AxciHz3aEOU8Xmk5bScAc415fDDa1xOzcJ7Tf3cSlltwcdQfF6ucVezlhJj3erEz5EcsPHqyu7glYncoWabFBWgv1cOrZhTSVgdWM+wlIGLhsTxgke5c2/Cqrv6UKGCOq7ZwxCXQE85mmgxqx6xx2fZHY07AT7gonsh41PMaSL0XUl9KrqBlv/ZVurbxHjvkyzyf60eiLsmOh9Fa301uwK9dy+aAceAM+xXAXmhsmrzsqgolJz/Afgs19vuhufoGxno9mQwnDV1tTjIYsS3GomTYYP4tR+d3E3Oy3UCy4su9gRCrUXdKpV1LGxh58=" function result(r,k){ console.log(DES3.decrypt(r, k)) return DES3.decrypt(r, k) }

查看全文

http://www.jsqmd.com/news/874470/