声明:本文只作学习研究,禁止用于非法用途,否则后果自负,如有侵权,请告知删除,谢谢!
前言
目标网站:某酷搜索页--实战面试题
一、页面分析
直接进入网页,要搞xhr这里的数据,然后sign是加密的
还有需要这些动态的cookie
二、参数定位
直接走栈跟到这里就有了,l就是加密的函数
然后我们看看加密的参数有哪些,youku这个搜索接口主要是这些参数的获取
token参数是在ck里的,a这个appKey是page.chunk的js版本,动态的哦
然后n.data是页面参数
给他格式化下看看哈,有个aaid,这个是根据ck里的cna加密来的,utdId就是ck里的cna
三、加密函数
这里就直接找aaid这个参数吧,ck这些就自己获取哈,是要请求其他链接获取的响应ck
最终找到在这个位置,jn是MD5,然后参数是13位时间戳+ck的cna
然后那个l加密整个参数的直接扣下即可
总结
该说的都说了,直接扣吧,然后看看结果,直接拿下哈~
# 拼接参数
data = js.call('get_sign',token,'{"searchType":1,"keyword":"love","pg":1,"pz":20,"site":1,"appCaller":"pc","appScene":"mobile_multi","userTerminal":2,"sdkver":313,"userFrom":1,"noqc":0,"aaid":"'+aaid+'","ftype":0,"duration":"","categories":"","ob":"","utdId":"'+cookies['cna']+'","userType":"guest","userNumId":0,"searchFrom":"1","sourceFrom":"home"}')
print(data)
params = (
('jsv', '2.5.1'),
('appKey', appKey[1]), # 动态
('t', str(data[1])),
('sign', data[0]),
('api', 'mtop.youku.soku.yksearch'),
('type', 'originaljson'),
('v', '2.0'),
('ecode', '1'),
('dataType', 'json'),
('jsonpIncPrefix', 'headerSearch'),
('data', '{"searchType":1,"keyword":"love","pg":1,"pz":20,"site":1,"appCaller":"pc","appScene":"mobile_multi","userTerminal":2,"sdkver":313,"userFrom":1,"noqc":0,"aaid":"'+aaid+'","ftype":0,"duration":"","categories":"","ob":"","utdId":"'+cookies['cna']+'","userType":"guest","userNumId":0,"searchFrom":"1","sourceFrom":"home"}'),
)
res = session.get(url, headers=headers, params=params)
print(res.text)
复制代码
近期评论