diff --git a/img/75.png b/img/75.png new file mode 100644 index 0000000..a5674cb Binary files /dev/null and b/img/75.png differ diff --git a/猿人学第16题-调试跳转-指纹-window删除陷阱/readme.md b/猿人学第16题-调试跳转-指纹-window删除陷阱/readme.md new file mode 100644 index 0000000..c1345eb --- /dev/null +++ b/猿人学第16题-调试跳转-指纹-window删除陷阱/readme.md @@ -0,0 +1,213 @@ +# 任务十六:抓取这5页的数字,计算加和并提交结果 + +打开f12发现直接跳转到首页 + + https://blog.csdn.net/sonichty/article/details/106337097 + +添加新书签,网址为以下JS: + + javascript:window.addEventListener('beforeunload', function (e) { e.preventDefault();e.returnValue = '' }); + +网页加载完后,点击这个书签注入JS + +下面开始查请求内容 + + https://match.yuanrenxue.com/api/match/16?page=1&m=yRGKX8mcMrTseFH04e67aa2178c08b2cbead16007e5bd66DSJ6YzK5KF&t=1650734803000 + https://match.yuanrenxue.com/api/match/16?page=1&m=x6SpyZZMNySDd7td1f3ce3d0c4c6bde96f904d2d8a428aaYDCZS2Sdxk&t=1650734804000 + https://match.yuanrenxue.com/api/match/16?page=1&m=x2BFAdXwr7d4G6md1f3ce3d0c4c6bde96f904d2d8a428aaBDe5nNDkmX&t=1650734805000 + +m 就是一个变量值 + +开始打断点 + + r.m = n[e(528)](btoa, p_s) + +找到主逻辑 + + window[u(208)] = function(e) { + var t = u + , r = {}; + r.TGmSp = t(244) + "ARACTER_ERR", + r[t(238)] = t(224) + t(250) + "/", + r[t(205)] = "^([^ ]+( +" + t(230) + t(259), + r.aYkvo = function(e) { + return e() + } + , + r[t(254)] = function(e, t) { + return e % t + } + , + r.evetF = function(e, t) { + return e >> t + } + , + r.GfTek = t(196), + r[t(260)] = function(e, t) { + return e << t + } + , + r[t(229)] = function(e, t) { + return e | t + } + , + r[t(242)] = function(e, t) { + return e << t + } + , + r[t(228)] = function(e, t) { + return e & t + } + , + r[t(207)] = function(e, t) { + return e << t + } + , + r[t(202)] = function(e, t) { + return e & t + } + , + r.jdwcO = function(e, t) { + return e === t + } + , + r.kPdGe = t(231), + r[t(195)] = t(213), + r[t(201)] = function(e, t) { + return e & t + } + , + r[t(206)] = function(e, t) { + return e == t + } + , + r[t(219)] = function(e, t) { + return e + t + } + , + r[t(220)] = function(e, t) { + return e(t) + } + ; + var i = r; + if (/([^\u0000-\u00ff])/.test(e)) + throw new Error(i.TGmSp); + for (var o, a, s, l = 0, c = []; l < e[t(261)]; ) { + switch (a = e[t(237)](l), + s = i.kukBH(l, 6)) { + case 0: + delete window, + delete document, + c[t(246)](f[t(245)](i[t(212)](a, 2))); + break; + case 1: + try { + "WhHMm" === i[t(198)] || n.g && c[t(246)](f[t(245)](i.pHtmC(2 & o, 3) | i.evetF(a, 4))) + } catch (e) { + c[t(246)](f[t(245)](i[t(229)](i.cVCcp(3 & o, 4), a >> 4))) + } + break; + case 2: + c[t(246)](f[t(245)](i[t(229)](i[t(242)](15 & o, 2), i.evetF(a, 6)))), + c[t(246)](f[t(245)](i[t(228)](a, 63))); + break; + case 3: + c[t(246)](f[t(245)](i[t(212)](a, 3))); + break; + case 4: + c.push(f[t(245)](i[t(229)](i[t(207)](i.OWUOc(o, 4), 6), i[t(212)](a, 6)))); + break; + case 5: + c[t(246)](f[t(245)](i[t(229)](i[t(207)](i[t(202)](o, 15), 4), a >> 8))), + c.push(f.charAt(i[t(202)](a, 63))) + } + o = a, + l++ + } + return 0 == s ? i[t(226)](i[t(241)], i[t(195)]) || (c[t(246)](f[t(245)](i[t(201)](o, 3) << 4)), + c.push("FM")) : i.eMnqD(s, 1) && (c[t(246)](f[t(245)]((15 & o) << 2)), + c[t(246)]("K")), + i[t(219)](i.aQCDK(d(15), window.md5(c[t(234)](""))), i[t(220)](d, 10)) + } + +这里的 u(208) 就是 btoa ,就是一个base65函数,接下来就是缺啥补啥。 + +关键点,当你都补全了后会发现,请求还是不行,问题在于 + + switch (a = e[t(237)](l), + s = i.kukBH(l, 6)) { + case 0: + delete window, + delete document, + c[t(246)](f[t(245)](i[t(212)](a, 2))); + break; + case 1: + try { + "WhHMm" === i[t(198)] || n.g && c[t(246)](f[t(245)](i.pHtmC(2 & o, 3) | i.evetF(a, 4))) + } catch (e) { + c[t(246)](f[t(245)](i[t(229)](i.cVCcp(3 & o, 4), a >> 4))) + } + break; + case 2: + c[t(246)](f[t(245)](i[t(229)](i[t(242)](15 & o, 2), i.evetF(a, 6)))), + c[t(246)](f[t(245)](i[t(228)](a, 63))); + break; + case 3: + c[t(246)](f[t(245)](i[t(212)](a, 3))); + break; + case 4: + c.push(f[t(245)](i[t(229)](i[t(207)](i.OWUOc(o, 4), 6), i[t(212)](a, 6)))); + break; + case 5: + c[t(246)](f[t(245)](i[t(229)](i[t(207)](i[t(202)](o, 15), 4), a >> 8))), + c.push(f.charAt(i[t(202)](a, 63))) + } + o = a, + l++ + +问题就在于控制流平坦,delete window和delete document,这就是用来搞爬虫工程师的 + +![debugger](../img/75.png) + +这里的 n 生成 + + function n(r) { + if (t[r]) + return t[r].exports; + var i = t[r] = { + exports: {} + }; + return e[r].call(i.exports, i, i.exports, n), + i.exports + } + n.g = function() { + if ("object" == typeof globalThis) + return globalThis; + try { + return this || new Function("return this")() + } catch (e) { + if ("object" == typeof window) + return window + } + }(), + n(454), + window.ScrollReveal = n(859), + jQuery = n(46), + window.jQuery = jQuery, + window.$ = jQuery, + n(127), + n(98), + n(129), + n(772), + n(639), + n(732), + n(58), + n(570) + } + +代码实现 + +[js代码](./btoa.js) + +[python代码实现](./案例.py) +