目标地址

URL
1
aHR0cHM6Ly93d3cueGluaXVkYXRhLmNvbS8=

分析过程

查找接口和查看加密参数
1
刷新页面找到接口api/...

(1)

1
payload的加密参数

(2)

找JS代码并补全
1
请求调用堆栈

(3)

1
进入js打断点调试找到对应数据

(4)

(5)

(5.1)

扣代码
1
先把代码扣出来运行看看发现报错了,提示u没有定义

(6)

1
从这进入扣代码

(6.1)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
这里是完整的js代码
const CryptoJS = require('crypto-js')
l = {
    "tag_names": [],
    "corporate_regionIds": [1],
    "corporate_provinceIds": [],
    "corporate_cityIds": [],
    "corporate_districtIds": [],
    "corporate_establishDate_start": 1640966400000,
    "corporate_establishDate_end": 1672416000000,
    "funding_fundingDate_start": null,
    "funding_fundingDate_end": null,
    "corporate_locationIds": [],
    "corporate_rounds": [],
    "operator": "and",
    "notFromGongshang": true,
    "sort": 76006,
    "order": -1,
    "start": 0,
    "limit": 20
}

//f
function e2(e) {
    if (null == (e = _u_e(e)))
        return null;
    for (var t = "", n = 0; n < e.length; n++) {
        var r = _p.charCodeAt(n % _p.length);
        t += String.fromCharCode(e.charCodeAt(n) ^ r)
    }
    return t
}

function e1(e) {
    if (null == e)
        return null;
    for (var t, n, r, o, i, a, u, c = "", l = 0; l < e.length;)
        o = (t = e.charCodeAt(l++)) >> 2,
            i = (3 & t) << 4 | (n = e.charCodeAt(l++)) >> 4,
            a = (15 & n) << 2 | (r = e.charCodeAt(l++)) >> 6,
            u = 63 & r,
            isNaN(n) ? a = u = 64 : isNaN(r) && (u = 64),
            c = c + _keyStr.charAt(o) + _keyStr.charAt(i) + _keyStr.charAt(a) + _keyStr.charAt(u);
    return c
}

var _keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="
    , _p = "W5D80NFZHAYB8EUI2T649RT2MNRMVE2O";

function _u_e(e) {
    if (null == e)
        return null;
    e = e.replace(/\r\n/g, "\n");
    for (var t = "", n = 0; n < e.length; n++) {
        var r = e.charCodeAt(n);
        r < 128 ? t += String.fromCharCode(r) : r > 127 && r < 2048 ? (t += String.fromCharCode(r >> 6 | 192),
            t += String.fromCharCode(63 & r | 128)) : (t += String.fromCharCode(r >> 12 | 224),
            t += String.fromCharCode(r >> 6 & 63 | 128),
            t += String.fromCharCode(63 & r | 128))
    }
    return t
}

//p
function md5(text) {
    const encryptedText = CryptoJS.MD5(text).toString();
    return encryptedText;
}

function sig(e) {
    return md5(e + _p).toUpperCase()
}

function get_data(l) {
    f = e1(e2(JSON.stringify(l)))
//console.log(f)
    p = sig(f)
//console.log(p)
    dit = {
        payload: f, //s.payload = f
        sig: p //s.sig = p
    }
    return dit
}
console.log(get_data(l))
1
运行一下看看

(8)

编写python代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import execjs
import requests


url = 'https://www.xiniudata.com/api/search3/company/search_company_for_lib'
headers = {
    'Cookie':'btoken=VFEBS0A2YOHCMRTVLP70XX50XSEJ39BE; Hm_lvt_42317524c1662a500d12d3784dbea0f8=1726710001; HMACCOUNT=8692A1A16E6CF939; hy_data_2020_id=19207efae9211a6-0ca1df27386bc2-26001151-1327104-19207efae931209; hy_data_2020_js_sdk=%7B%22distinct_id%22%3A%2219207efae9211a6-0ca1df27386bc2-26001151-1327104-19207efae931209%22%2C%22site_id%22%3A211%2C%22user_company%22%3A105%2C%22props%22%3A%7B%7D%2C%22device_id%22%3A%2219207efae9211a6-0ca1df27386bc2-26001151-1327104-19207efae931209%22%7D; sajssdk_2020_cross_new_user=1; utoken=IXSKECLMWL79WK27BU9V5DZKDUB35A75; username=%E8%B7%B3%E8%B7%B3%E8%99%8E; Hm_lpvt_42317524c1662a500d12d3784dbea0f8=1726717307',
    'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36'
}
l = {
    "tag_names": [],
    "corporate_regionIds": [1],
    "corporate_provinceIds": [],
    "corporate_cityIds": [],
    "corporate_districtIds": [],
    "corporate_establishDate_start": 1640966400000,
    "corporate_establishDate_end": 1672416000000,
    "funding_fundingDate_start": "null",
    "funding_fundingDate_end": "null",
    "corporate_locationIds": [],
    "corporate_rounds": [],
    "operator": "and",
    "notFromGongshang": "true",
    "sort": 76006,
    "order": -1,
    "start": 0,
    "limit": 20
}
#读取
f = open('xiniu.js', encoding='utf-8').read()
#编译
js_code = execjs.compile(f)
#调用
res = js_code.call('get_data', l)
#构建请求参数
data = {
    'payload': res['payload'],
    'sig': res['sig'],
    'v': 1
}
respone = requests.post(url=url,json=data, headers=headers)
json_data = respone.json()
print(json_data)
1
完成

(9)