This article is for study only. Do not use it for illegal activities


preface

Target sites: aHR0cHM6Ly93d3cuYXFpc3R1ZHkuY24vaGlzdG9yeWRhdGEvZGF5ZGF0YS5waHA/Y2l0eT0lRTYlOUQlQUQlRTUlQjclOUUmbW9udGg9MjAyMTA5

Anti – crawling types: anti – debugging, dynamic JS, data encryption


I. Page analysis

After opening the web page, F12 invokes the developer tool, and a prompt box is displayedSolution: Click on the Settings to open developer tools directly, or open a new web page and link to f12

“Never pause here” is skippedThen the page doesn’t give the data, and all this stuff comes outThen click the JS breakpoint and re-enter the page

There are two functions called endebug and txsdefwsw that are used to reverse debugging. After eval is loaded, empty these functions.

Keep going until you get to two more eval below the home pageYou can clearly see some of the detected things, one by one to modify the detection value to avoid detectionDebugging summary

  1. function endebug(off, code) {}; function txsdefwsw() {};
  2. Window. The innerHeight = 1024;
  3. Window. ClearInterval (handler);

Second, data acquisition

After undebugging is resolved, the next XHR breakpoint is blocked to see the request parameters and encrypted dataYou can see the encryption function on the InternetNatural decryption js is also in this

This request js contains the above dynamic encryption and decryption JS, file link in the page source

There are also some functions that you can use to decrypt it, all of which are in eval at the beginning, so you can just button them down

Then the most troublesome is how to get dynamic JS, after the test found that this website will not 10 minutes a dynamic JS, and are at xx: X5 time point, so debug time save as far as possible in the local, unless you can get out 10 minutes

There are approximately three or four sets of js encryption, including direct eval to generate JS, one bs64 decryption and two bS64 decryption, these are not important, and then write a re to match those methods

Third, summary

Eval js directlyA BS64 decryptionBs64 decrypted twiceThe results of