百度爱企查旋转验证逆向
作者:互联网
查看重定向的url,获取as, ds, tk 三个值
获取旋转的原图 和 backstr 的值
旋转验证参数提交,dbug 调试参数跟进, 跟进来后发现重点在 r.rzData
控制台打印 r.raData
在r.rzData中ac_c是检测的关键,ac_c=round((o / 212),2),而o是滑动的距离,o=angle*212/360 (angle)是识别的角度。然后backstr是前面返回的,其他的所有参数都可固定,包括轨迹fs是对r.rzData进行aes加密的结果(key是ac+'appsapi0')
重写js文件
var CryptoJS = require('crypto-js');
function encrypt_(angle, as, backstr) {
var tt = {
"cl": [
{
"x": 862,
"y": 287,
"t": 1657760616916
}
],
"mv": [
{
"fx": 987,
"fy": 149,
"t": 1657760613905,
"bf": 2
},
{
"fx": 979,
"fy": 370,
"t": 1657760615529,
"bf": 2
},
{
"fx": 948,
"fy": 339,
"t": 1657760615688,
"bf": 2
},
{
"fx": 911,
"fy": 321,
"t": 1657760615848,
"bf": 2
},
{
"fx": 892,
"fy": 309,
"t": 1657760616008,
"bf": 2
},
{
"fx": 880,
"fy": 299,
"t": 1657760616176,
"bf": 2
},
{
"fx": 869,
"fy": 290,
"t": 1657760616440,
"bf": 2
},
{
"fx": 864,
"fy": 288,
"t": 1657760616641,
"bf": 2
},
{
"fx": 862,
"fy": 287,
"t": 1657760616866,
"bf": 2
},
{
"fx": 864,
"fy": 288,
"t": 1657760617026,
"bf": 1
},
{
"fx": 877,
"fy": 293,
"t": 1657760617186,
"bf": 1
},
{
"fx": 882,
"fy": 295,
"t": 1657760617360,
"bf": 1
},
{
"fx": 891,
"fy": 298,
"t": 1657760617537,
"bf": 1
},
{
"fx": 900,
"fy": 300,
"t": 1657760617688,
"bf": 1
},
{
"fx": 908,
"fy": 301,
"t": 1657760617864,
"bf": 1
},
{
"fx": 910,
"fy": 301,
"t": 1657760618585,
"bf": 1
}
],
"sc": [],
"kb": [
{
"key": "a",
"t": 1657760606047
}
],
"sb": [],
"sd": [],
"sm": [],
"cr": {
"screenTop": 0,
"screenLeft": 0,
"clientWidth": 1920,
"clientHeight": 979,
"screenWidth": 1920,
"screenHeight": 1080,
"availWidth": 1920,
"availHeight": 1050,
"outerWidth": 1920,
"outerHeight": 1050,
"scrollWidth": 1920,
"scrollHeight": 1920
},
"simu": 0,
"ac_c": (angle * 212 / 360 / 212).toFixed(2),
"backstr": backstr
};
var t = as + 'appsapi0'
, n = CryptoJS.enc.Utf8.parse(t)
, i = CryptoJS.enc.Utf8.parse(JSON.stringify(tt))
, r = CryptoJS.AES.encrypt(i, n, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
return [r.toString(), tt['ac_c']];
}
// console.log(encrypt_('175','77af72b4','3665-Px4DcLoit3uVe824uBkHUhYlQRP9J1snLUo3oUo4NCni3QAeNyHrm3CQYE1d0+bG4z2Vv/PQXdv1Qp9j+bImhNo+yvQeYZjOGBVq/fJYQARPO+z357jr0N2VdtJR6PLV/ZF/4vWSekHq0V0F9PvNX4E9FL+bBVTtveoWXlDB3zxsr30wdtMey7lw/HDDDKm05KTU72MoN+B2g6pXkXJLfwXeK557yhbIgeqaUUxYRgI46RjrwoF1Em3LISq+4Ke5TIyH89awQ6ups+DSlxyJZbU/WxmL6wSrpxmVpQ0rYrwgtgO8yAPCE2myWZ7uQnMkWTnNNBThHZHALC3YA4xWkA=='))
调用旋转模型,整体代码
from urllib.parse import unquote
import requests
import execjs
import time
import json
import re
import urllib3
from baidu_aiqicha_rotate.rotate_captcha import fun_get_angle_
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class BaiduAiqichaRotate:
def __init__(self):
self.session = requests.session()
self.headers = {
'Accept': 'text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, '
'*/*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) '
'Chrome/103.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
'Referer': 'https://wappass.baidu.com/static/captcha/tuxing.html?ak=33c48884b7df83d4230e07cbcd0d07fd&backurl=http%3A%2F%2Fwww.aiqicha.com%2Fs%3Fq%3D%E5%8D%8E%E4%B8%BA%E6%8A%80%E6%9C%AF%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8%26t%3D0%26p_type%3D2×tamp=1658303050&signature=0a25abf3ad473d83e846a510b7b5d1ed',
'sec-ch-ua': '".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
}
def get_image_request_data(self):
"""
:return: 获取需要获取图片的参数
"""
url = "https://wappass.baidu.com/viewlog"
params = {
"callback": "jQuery110205449684422426735_" + str(int(time.time() * 1000)),
"ak": "33c48884b7df83d4230e07cbcd0d07fd",
"_": str(int(time.time() * 1000))
}
response = self.session.get(url, headers=self.headers, params=params)
res_data = re.findall(r'.*?(\{.*?})\)', response.text)[0]
res_data = json.loads(res_data)
item = {
"tk": res_data['data']['tk'],
"as": res_data['data']['as'],
"ds": res_data['data']['ds']
}
return item
def get_img(self, item):
url = "https://wappass.baidu.com/viewlog/getstyle"
params = {
"callback": "jQuery110205449684422426735_" + str(time.time() * 1000),
"ak": '33c48884b7df83d4230e07cbcd0d07fd',
"tk": item["tk"],
"isios": "0",
"type": "spin",
"_": str(time.time() * 1000)
}
response = self.session.get(url, headers=self.headers, params=params)
ret_data = re.findall(r'.*?(\{.*?})\)', response.text)[0]
ret_data = json.loads(ret_data)
item_img = {
"img_url": unquote(ret_data['data']['ext']['img']),
"backstr": ret_data['data']['backstr'],
"tk": item["tk"],
"as": item["as"]
}
response = self.session.get(item_img['img_url'], verify=False)
with open('img.png', 'wb')as f:
f.write(response.content)
return item_img
def verify_data(self, item):
url = "https://wappass.baidu.com/viewlog"
print("angle:", item['angle'])
print("as:", item['as'])
with open('get_encrypt.js', 'r', encoding='utf-8') as f:
js_text = f.read()
fs = execjs.compile(js_text).call('encrypt_', str(item['angle']), str(item['as']), str(item['backstr']))
print("fs:", fs)
params = {
"callback": "jQuery110204100787474351779_" + str(time.time() * 1000),
"ak": "33c48884b7df83d4230e07cbcd0d07fd",
"as": item['as'],
"fs": fs[0],
"tk": item['tk'],
"cv": "submit",
"_": str(time.time() * 1000)
}
response = self.session.get(url, headers=self.headers, params=params)
ret_data = re.findall(r'.*?(\{.*?})\)', response.text)[0]
ret_data = json.loads(ret_data)
print("验证结果:", ret_data)
return ret_data
if __name__ == '__main__':
item = BaiduAiqichaRotate().get_image_request_data()
item_img = BaiduAiqichaRotate().get_img(item)
angle = fun_get_angle_('img.png')
item_img['angle'] = angle
print(item_img)
ret_data = BaiduAiqichaRotate().verify_data(item_img)
if 1 == ret_data['data']['op']:
print("验证通过")
# break
标签:逆向,bf,img,fx,fy,爱企查,item,data,百度 来源: https://www.cnblogs.com/wyh0923/p/16499379.html