参考文章:
Python和js实现逆向之加密参数破解_js btoa python_biyezuopinvip的博客-CSDN博客
JS逆向——借助playwright实现逆向_lishuangbo0123的博客-CSDN博客
简单方便的 JavaScript 逆向辅助模拟方法_token
自己整理的代码
from playwright.sync_api import sync_playwright
import time
import requestsdef get_token1(offset):result = page.evaluate('''()=>{return window.encrypt("%s","%s")}''' % ( '/api/movie', offset))#print(result)return resultdef get_token(params):result = page.evaluate('()=>{return window.encrypt("%s")}' % params)print(result)return resultBASE_URL = 'https://spa6.scrape.center'
INDEX_URL = BASE_URL + '/api/movie?limit={limit}&offset={offset}&token={token}'
MAX_PAGE = 2LIMIT = 10browser = sync_playwright().start().chromium.launch()
page = browser.new_page()page.route('**/js/chunk-19c920f8.c3a1129d.js', lambda route: route.fulfill(path='./chunk.js'))#print(BASE_URL)page.goto(BASE_URL)
#page.wait_for_load_state('networkidle')
print(page.title())headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36','Connection':'keep-alive',#'sec-ch-ua':'"Chromium";v="21", " Not;A Brand";v="99"','Accept':'application/json, text/plain, */*','sec-ch-ua-mobile':'?0',#'sec-ch-ua-platform':'"Windows"','Sec-Fetch-Site':'same-origin','Sec-Fetch-Mode':'cors','Sec-Fetch-Dest':'empty','Referer':'https://spa6.scrape.center/','Host':'spa6.scrape.center','Accept-Language':'zh-CN,zh;q=0.9'
}for i in range(MAX_PAGE):offset = i * LIMITtoken = get_token(offset)index_url = INDEX_URL.format(limit=LIMIT, offset=offset, token=token)print(index_url)#response = requests.get(index_url)response = requests.get(index_url, headers=headers)print( 'response', response.json)#print(response)结果
然并卵,虽然解密了,但是还是不行。不能返回json。response 还是被服务器返回401认证信息,看上去解密出来的token不被服务器识别。试了2个文章中的get_token1(),get_token(),都不行。
