暗号aHR0cHM6Ly9tYXNoYW5ncGEuY29tL3Byb2JsZW0tZGV0YWlsLzE5Lw题目先对接口进行分析参数中并没有任何加密只是返回的数据是加密的一个R 一个k推测r是数据内容k是解密密钥进入堆栈以后一眼就能够看到这里使用JSON.parse()函数将浏览器数据转为了json, 如果看不到这个函数当然也可以使用JSON.parse hook脚本所以接下来需要扣DES3.decrypt的执行逻辑这里非常简单过程省略几行代码就扣完了然后白那些python代码就能正确解析数据了附上python代码headers和cookie已经删除import requests import execjs import json headers {} cookies {} url https://mashangpa.com/api/problem-detail/19/data/ params { page: 4 } response requests.get(url, headersheaders, cookiescookies, paramsparams).json() r response[r] k response[k] data execjs.compile(open(1.js, r, encodingutf-8).read()).call(result, r, k) data json.dumps(data) print(data)全部JS代码CryptoJS require(crypto-js); formatDate function(v, format) { if (!v) return ; var d v; if (typeof v string) { if (v.indexOf(/Date() -1) d new Date(parseInt(v.replace(/Date(, ).replace()/, ), 10)); else d new Date(Date.parse(v.replace(/-/g, /).replace(T, ).split(.)[0])); // 用来处理出现毫秒的情况截取掉.xxx否则会出错 } else if (typeof v number) { d new Date(v); } var o { M: d.getMonth() 1, // month d: d.getDate(), // day h: d.getHours(), // hour m: d.getMinutes(), // minute s: d.getSeconds(), // second q: Math.floor((d.getMonth() 3) / 3), // quarter S: d.getMilliseconds()// millisecond }; format format || yyyy-MM-dd; if (/(y)/.test(format)) { format format.replace(RegExp.$1, (d.getFullYear() ).substr(4 - RegExp.$1.length)); } for (var k in o) { if (new RegExp(( k )).test(format)) { format format.replace(RegExp.$1, RegExp.$1.length 1 ? o[k] : (00 o[k]).substr(( o[k]).length)); } } return format; } var DES3 { iv: function() { return formatDate(new Date(), yyyyMMdd) }, encrypt: function(b, c, a) { if (c) { return (CryptoJS.TripleDES.encrypt(b, CryptoJS.enc.Utf8.parse(c), { iv: CryptoJS.enc.Utf8.parse(a || DES3.iv()), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })).toString() } return }, decrypt: function(b, c, a) { if (c) { return CryptoJS.enc.Utf8.stringify(CryptoJS.TripleDES.decrypt(b, CryptoJS.enc.Utf8.parse(c), { iv: CryptoJS.enc.Utf8.parse(a || DES3.iv()), mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 })).toString() } return } }; k pwZ5LAbpWW2qNsOAqKuk9XWL r 90t5KsePIFpldULDbeJM2qDMrLUh5qT0V347d81iFb46ZbMADrkNIXB9bA/m6Hn/33HOjzS5FnolCMT7h1jGPgrP8YL5IKWNstfUr4FJxyaa75WCUCm2iXqqqE/dDydEUbIaYsj0d/J72Zek1VaUewUQo8p63knZCWhl5mbfTAqjIsIC6hWr1tJxlvE3dLspUPkHZJuHib0BdDPZkVaWc2WKX0CMZev9y6riB45rxqDdd446fxtwfEv4u8l0kDVSwPIkfabAIjFEwktsguwNj5QdNtpc29bQwDxe6PTdwYdOfcyxZ/9lYn2G18hjvAOAAOttjQOPPAc8aLNDDeRnv67yrzC5XbmZUokf8lI07GKXZATzp0x89VWvs7/9bfd706nY4vQEIydTYMwH32Dt2ulgH1NSOVCgKbffg67kIsmxoenTkAkbBtzL2hdHGmi600BbxzqUZ3AxciHz3aEOU8Xmk5bScAc415fDDa1xOzcJ7Tf3cSlltwcdQfF6ucVezlhJj3erEz5EcsPHqyu7glYncoWabFBWgv1cOrZhTSVgdWMwlIGLhsTxgke5c2/Cqrv6UKGCOq7ZwxCXQE85mmgxqx6xx2fZHY07AT7gonsh41PMaSL0XUl9KrqBlv/ZVurbxHjvkyzyf60eiLsmOh9Fa301uwK9dyaAceAMxXAXmhsmrzsqgolJz/Afgs19vuhufoGxno9mQwnDV1tTjIYsS3GomTYYP4tRd3E3Oy3UCy4su9gRCrUXdKpV1LGxh58 function result(r,k){ console.log(DES3.decrypt(r, k)) return DES3.decrypt(r, k) }
