这个网易云JS解密,老网抑云看了都直呼内行(2)

我点进v0x.gP3x函数看了看:

在这里插入图片描述


从代码中可以看出csrf_token来自于Cookie中的__csrf:

在这里插入图片描述


那这个值就可以在请求网页的时候从cookie中获取到,继续调试window.asrsea吧。一路点击下一步,进入函数中。

在这里插入图片描述


跳到一个d(d,e,f,g)函数里,稍微往下一看,发现window.asrsea就等于这个d函数,哦了,那就调试这个d函数就行:

function d(d, e, f, g) { var h = {} , i = a(16); return h.encText = b(d, g), h.encText = b(h.encText, i), h.encSecKey = c(i, e, f), h }

进入a函数:

在这里插入图片描述


大概看出来a函数是产生随机数的,继续运行,进入b函数:

在这里插入图片描述


熟悉的AES加密,继续运行进入c函数:

在这里插入图片描述


又是熟悉的RSA加密,网易可真谨慎,各种加密。到这里总的框架已经调试完了,剩下的无非就是抠JS代码了。

python运行

这次不是单单运行了结果哦,还带上了爬取与入库:

获取params和encSecKey def get_enc(self,a): with open('..//js//wangyiyun.js', encoding='utf-8') as f: wangyiyun = f.read() js = execjs.compile(wangyiyun) logid = js.call('get_pwd', a) print(logid) return logid 抓取 def get_fans(self): resp = self.get_home_page() print(resp.cookies) print(resp.status_code) time.sleep(6) limit = 20 for i in range(1,110): print("第{}页".format(i+1)) offset = limit*i a = {"userId": "46991111", "offset": str(offset), "total": "false", "limit": str(limit), "csrf_token": ""} print(a) logid = self.get_enc(a) data = { "params":logid["encText"], "encSecKey":logid["encSecKey"], } print(data) fans_url = "https://music.163.com/weapi/user/getfolloweds?csrf_token=" resp = self.session.post(url=fans_url,data=data,headers=self.headers) followed = json.loads(resp.text) followed_list = [] for foll in followed["followeds"]: foll_dict = {} foll_dict["short_name"] = foll.get("py","") #缩写 foll_dict["userId"] = foll.get("userId","") #用户ID foll_dict["nickname"] = foll.get("nickname","") #昵称 foll_dict["vipType"] = foll.get("vipType","") # vip foll_dict["eventCount"] = foll.get("eventCount","")#动态 foll_dict["vipRights"] = str(foll.get("vipRights","")) #VIP权益 foll_dict["gender"] = foll.get("gender","") #性别 foll_dict["avatarUrl"] = foll.get("avatarUrl","") #头像 foll_dict["followed"] = foll.get("followed","") foll_dict["followeds"] = foll.get("followeds","") #粉丝 foll_dict["follows"] = foll.get("follows","") #关注 foll_dict["playlistCount"] = foll.get("playlistCount","") #歌单 foll_dict["mutual"] = foll.get("mutual","") # foll_dict["expertTags"] = str(foll.get("expertTags","")) foll_dict["experts"] = str(foll.get("experts","")) print(foll_dict) followed_list.append(foll_dict) self.mysql.insert("music",followed_list) tm = random.randint(10,30) time.sleep(tm)

这里要注意一下,要抓取指定的页面你还得先访问这个页面,不能直接请求"https://music.163.com/weapi/user/getfolloweds?csrf_token=这个链接,因为它根本就没有带关于哪个页面的信息。

请求指定网页 def get_home_page(self): url = "https://music.163.com/#/user/home?id=1737833656" resp = self.session.get(url) return resp 表结构 @property def create_table_sql(self): create_table = """ CREATE TABLE IF NOT EXISTS music ( short_name varchar(30) , userId varchar(100) NOT NULL, nickname varchar(30), vipType varchar(30) , eventCount varchar(200), vipRights varchar(900), gender varchar(900), avatarUrl varchar(200), followed varchar(30), followeds varchar(30), follows varchar(30), playlistCount varchar(30), mutual varchar(30), expertTags varchar(30), experts varchar(30), PRIMARY KEY (userId) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4""" return create_table 入库 def insert(self,table,data_list): if len(data_list) > 0: data_list = [{k: v for k, v in data.items() if v is not None} for data in data_list] keys = ", ".join(data_list[0].keys()) values = ", ".join(["%s"] * len(data_list[0])) sql = """INSERT INTO {table}({keys}) VALUES ({values}) ON DUPLICATE KEY UPDATE""".format(table=table, keys=keys, values=values) update = ",".join([ " {key} = values({key})".format(key=key) for key in data_list[0] ]) sql += update print(sql) self.connect() try: ret = self.cursor.executemany(sql, [tuple(data.values()) for data in data_list]) self.conn.commit() except Exception as e: self.conn.rollback() print("Error: ", e) traceback.print_exc() finally: self.close() 过程

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/169f69f214f72750c43566d14a2c0789.html