本文目标地址如下,使用base64解码获得
aHR0cHM6Ly93d3cucWltYWkuY24vcmFuay9tYXJrZXRSYW5rL21hcmtldC82L2NhdGVnb3J5LzUvY29sbGVjdGlvbi9hbGwvZGF0ZS8yMDI0LTAxLTEy
本文逆向破解分为扣代码版和补环境版,扣代码版请看专栏另一篇文章
废话不多说了,七麦数据,整体只需要分析一个analysis参数,而这个参数的生成在如下位置:
最后这个e生成的位置,就是analysis参数,我们观察整体代码,发现是webpack打包的形式,那么就把整体webpack全扣下,一共有三个文件,三个文件大致如下图所示:
其中最后一个文件就是加载器的位置,这里稍微补一下window环境即可运行,最后我将加载器导出为pengyuyan
然后,将加密代码保存下来,并将其中混淆的名称还原一下,如下:
最后由python调用js代码,如下:
python
import requests
import execjs
jsstr = execjs.compile(open("get_analysis_wpack.js", "r").read())
cookies = {
'PHPSESSID': 'dl3e95eoec4pso0d6tana3n2op',
'qm_check': 'A1sdRUIQChtxen8pI0dAMRcOUFseEHBeQF0JTjVBWCwycRd1QlhAXFEGFUdeS0laHQdKAAkABAsgXyVBWD0TR1JRRAp0BQlFEBQ3TSZKFUdBbwxvBBRFIlQsSUhTFxsQU1FVV1NHXEVYVElWBRsCHAkSSQ%3D%3D',
'gr_user_id': 'de37a14d-e50b-431a-ba94-080f6bd9adad',
'ada35577182650f1_gr_session_id': 'c8bff4c9-3f34-402d-95eb-a93d4796dee6',
'ada35577182650f1_gr_session_id_sent_vst': 'c8bff4c9-3f34-402d-95eb-a93d4796dee6',
'USERINFO': 'MUPtr1fA58Rro1AMGDYXm4wUqu8h2V8Yr5fx0xzVr%2FbbV5WX6LYX71ykpPCOf%2B7Nr3gftQ%2FIR1vzgS%2FQB%2FP1rLKibxSWfTMes%2FgjuSfOevFSX5zuqqpH2Ca1vGAYc4aMBNuPnH5YFvC%2F0Mv7EgUHUwylGZOSMNR1',
'ada35577182650f1_gr_last_sent_sid_with_cs1': 'c8bff4c9-3f34-402d-95eb-a93d4796dee6',
'ada35577182650f1_gr_last_sent_cs1': 'qm20496404733',
'aso_ucenter': 'bd1fJuDZr%2FoOpK6CNq2TZHCWHJs1%2FW%2Bz0361uYAjY9d9fHczT62%2BmDAVF%2FGMcsJv73g',
'AUTHKEY': 'iI8S4dbGPztvUXS9sjPzP0g5AI7co%2BDhjJ1Ty0K41nj9Dc55BX1Ot0A9q9LULjViJ1bDUb2TkXCk6mldxk9kjfKX062k%2B6qTFLyZzLxuVcBh2Kb6Obza8g%3D%3D',
'synct': '1704964055.813',
'syncd': '-593',
'ada35577182650f1_gr_cs1': 'qm20496404733',
}
headers = {
'authority': 'api.qimai.cn',
'accept': 'application/json, text/plain, */*',
'accept-language': 'zh-CN,zh;q=0.9',
'cache-control': 'no-cache',
# 'cookie': 'PHPSESSID=dl3e95eoec4pso0d6tana3n2op; qm_check=A1sdRUIQChtxen8pI0dAMRcOUFseEHBeQF0JTjVBWCwycRd1QlhAXFEGFUdeS0laHQdKAAkABAsgXyVBWD0TR1JRRAp0BQlFEBQ3TSZKFUdBbwxvBBRFIlQsSUhTFxsQU1FVV1NHXEVYVElWBRsCHAkSSQ%3D%3D; gr_user_id=de37a14d-e50b-431a-ba94-080f6bd9adad; ada35577182650f1_gr_session_id=c8bff4c9-3f34-402d-95eb-a93d4796dee6; ada35577182650f1_gr_session_id_sent_vst=c8bff4c9-3f34-402d-95eb-a93d4796dee6; USERINFO=MUPtr1fA58Rro1AMGDYXm4wUqu8h2V8Yr5fx0xzVr%2FbbV5WX6LYX71ykpPCOf%2B7Nr3gftQ%2FIR1vzgS%2FQB%2FP1rLKibxSWfTMes%2FgjuSfOevFSX5zuqqpH2Ca1vGAYc4aMBNuPnH5YFvC%2F0Mv7EgUHUwylGZOSMNR1; ada35577182650f1_gr_last_sent_sid_with_cs1=c8bff4c9-3f34-402d-95eb-a93d4796dee6; ada35577182650f1_gr_last_sent_cs1=qm20496404733; aso_ucenter=bd1fJuDZr%2FoOpK6CNq2TZHCWHJs1%2FW%2Bz0361uYAjY9d9fHczT62%2BmDAVF%2FGMcsJv73g; AUTHKEY=iI8S4dbGPztvUXS9sjPzP0g5AI7co%2BDhjJ1Ty0K41nj9Dc55BX1Ot0A9q9LULjViJ1bDUb2TkXCk6mldxk9kjfKX062k%2B6qTFLyZzLxuVcBh2Kb6Obza8g%3D%3D; synct=1704964055.813; syncd=-593; ada35577182650f1_gr_cs1=qm20496404733',
'origin': 'https://www.qimai.cn',
'pragma': 'no-cache',
'sec-ch-ua': '"Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-site',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
}
params = {
'market': '6',
'category': '5',
'collection': 'all',
'date': '2024-01-11',
}
params['analysis'] = jsstr.call('get_analysis', list(params.values()))
response = requests.get('https://api.qimai.cn/rank/marketRank', params=params, cookies=cookies, headers=headers)
print(response)
print(response.json())
最后,成功生成数据