0x00 抓包分析
目标网站:aHR0cCUzQS8vb3Blbmxhdy5jbi8=
1. 抓包
2. 参数来源分析
通过浏览器的检索工具搜索参数名称
0x01 编写程序
扣取password的加密逻辑,得到加密后的密码
with open('./openlaw_login.js','r',encoding='utf-8') as f:login_js = pile(f.read())session = requests.session()keyEncrypt_password = login_js.call('keyEncrypt',password)
请求页面得到_csrf
login_url = '/login'raw_headers = '''Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Cache-Control: max-age=0Connection: keep-aliveContent-Length: 526Content-Type: application/x-www-form-urlencodedHost: Origin: Referer: /login.jsp?logoutUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36'''headers = dict([line.split(": ",1) for line in raw_headers.split("\n")])res = session.get('/login.jsp?logout')csrf = pile(r'csrf" value="(.*?)"').search(res.text).group(1)
把参数代入进行请求
formdata = {'_csrf': csrf.search(res.text).group(1),'username': userName,'password': keyEncrypt_password,'_spring_security_remember_me': 'true',}_csrf_resp = session.post(login_url,headers=headers,data=formdata,timeout=10,allow_redirects=False)login_result = session.get('/user/profile.jsp')if userName in login_result.text:print('登陆成功!')
0x02
以上就是全部
完整代码可以到我的github
/Bindian9710/Spider-Crack_Login_Js/tree/master/openlaw
查看,顺便公众号求个关注,给公众号发送github也可以获得链接
如果觉得《Python爬虫-openlaw登陆JS加密破解》对你有帮助,请点赞、收藏,并留下你的观点哦!
