声明
本文写于2025年10月16日,仅做技术学习交流。本文章中所有内容仅供学习交流使用,不用于其他任何目的,不提供完整代码,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
一、前言
网站:https://www.spiderdemo.cn/
入门篇题解,有些朋友做题知其然而不知其所以然,因此我们拆开内容,看题目是怎么反爬的
二、简单题
1).T1 请求头检测挑战
第一题可以看到我们开启f12就会报检测到爬虫模式,访问被拒绝
其实此题检测很简单,我们只需要勾掉禁用缓存即可,然后保持headers头顺序即可用request
可以看到勾掉后就可以了,同理request的时候删掉no_cache即可
2).T8 字体反爬虫挑战
核心就是取GlyphID,然后数值减1即可。
for map_elem in root.findall('.//GlyphID'):
code = map_elem.get('id')
name = map_elem.get('name')
if '.notdef' not in name:
glyph_outlines[name] = int(code) - 1
3).T21 哈希值挑战
没有啥加密反爬手段啥的,核心函数如下
function geturldata(page) {
t = [
"/page/"+page+"/",
page
]
const n = parseInt(t[1])
, s = "hash_challenge"
, a = Date.now()
, k = r(n, s, a);
XRequestToken = k.hmac,
XVerifyCode = k.md5;
url = "/page/"+page+"/?challenge_type=hash_challenge"
const c = url.includes("?") ? "&" : "?";
url += `${c}sign=${k.sha256}&code=${k.sha3_256}&t=${a}`
console.log(url)
return {'token':XRequestToken,'code':XVerifyCode,'url':url}
}
4).T22 对称加密
没有啥加密反爬手段啥的,核心函数如下
function geturldata(page) {
var url = "/page/"+page+"/?challenge_type=symmetry_challenge"
var n, t, r;
var o = ["/page/"+page+"/", page]
var a = parseInt(o[1])
, c = "symmetry_challenge"
, s = Date.now()
, i = "".concat(a, "_").concat(c, "_").concat(s);
XAesToken = (n = i,
t = CryptoJS.enc.Utf8.parse("1234567890123456"),
r = CryptoJS.enc.Utf8.parse("abcdefghijklmnop"),
CryptoJS.AES.encrypt(n, t, {
iv: r,
mode: CryptoJS.mode.CTR,
padding: CryptoJS.pad.NoPadding
}).toString()),
XDesToken = l(i);
var p = function (e) {
var n = CryptoJS.enc.Utf8.parse("12345678901234567890123456789012")
, t = CryptoJS.enc.Utf8.parse("abcdefghijklmnop");
return CryptoJS.AES.encrypt(e, n, {
iv: t,
mode: CryptoJS.mode.OFB,
padding: CryptoJS.pad.NoPadding
}).toString()
}(i)
, f = l(i + "_param")
, d = url.includes("?") ? "&" : "?";
url += "".concat(d, "aes_sign=").concat(encodeURIComponent(p), "&des_sign=").concat(encodeURIComponent(f), "&t=").concat(s)
return {'destoken':XDesToken,'aestoken':XAesToken,'url':url}
}
5).T11 第一代验证码1
没有啥加密反爬手段啥的,利用ddddocr即可。
这时候就有朋友问了,明明他用ddddocr识别不了,为啥你能识别。
核心思路就是切割图片,然后放大,即可
核心代码如下
crop_box = (53, 20, 95, 36)
cropped_img = img.crop(crop_box)
scale_factor = 2
width, height = cropped_img.size
resized_img = cropped_img.resize((width * scale_factor, height * scale_factor), Image.LANCZOS)
resized_img.save("resized.png")
三、入门题
1).T4 WASM挑战
直接,调用wasm即可,但是题目要求是过hook。核心检测代码如下
知道他怎么检测了就能知道怎么hook
function recordBehavior(_0x57bedd, _0x1d62c8) {
console["log"]("行为记录:", {
"action": _0x57bedd,
"data": _0x1d62c8,
"timestamp": Date["now"]()
});
}
function _ÿijjji() {
try {
if (console["table"]["toString"]() !== "function table() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (console["table"]["toString"]() !== Function["prototype"]["toString"]["call"](console["table"])) {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (console["clear"]["toString"]() !== "function clear() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (setInterval["toString"]() !== "function setInterval() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (setTimeout["toString"]() !== "function setTimeout() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (setInterval["toString"]() !== Function["prototype"]["toString"]["call"](setInterval)) {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (setTimeout["toString"]() !== Function["prototype"]["toString"]["call"](setTimeout)) {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (Date["now"]["toString"]() !== "function now() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
};
if (performance["now"]["toString"]() !== "function now() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
}
if (console["log"]["toString"]() !== "function log() { [native code] }") {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
}
return false;
} catch (_0x43ee34) {
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
return true;
}
}
function _ÿbgbad() {
var _0x1d1aeb = performance["now"]();
_ÿijjji();
var _0x29fa91 = Array(1000)["fill"]()["map"](function (_0x31947b, _0x3b4860) {
return {
"id": _0x3b4860,
"name": "test" + _0x3b4860,
"value": Math["random"]()
};
});
console["table"](_0x29fa91);
console["clear"]();
var _0x1a88d8 = performance["now"]();
var _0x33304b = _0x1a88d8 - _0x1d1aeb;
console["log"]("执行时间:", _0x33304b);
if (_0x33304b > 10) {
recordBehavior("debugger_detected", {
"executionTime": _0x33304b,
"timestamp": Date["now"]()
});
location["href"] = "https://yuanshen.com/";
document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。";
}
}
_ÿaedfa = setInterval(_ÿbgbad, 1000);
2).T5 柳暗花明又一墙
实体debugger直接不执行就行
检测代码如下
const _fnStr_check = OoO0ooo0["toString"]();
const _first50_check = "debugger;";
if (!_first50_check["includes"]("deb")) {
throw new Error("检测到反调试代码被修改");
}
过掉检测核心代码也没啥,如下
function O0o0O0O0() {
const config = {
url: "/authentication/api/ob1_challenge/page",
params: {
float: "down",
genre: "5000",
device: "iphone",
type: "one",
brand: "paid",
},
};
function encodeBase64(str) {
const encoded = encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, (_, hex) =>
String.fromCharCode("0x" + hex)
);
return btoa(encoded);
}
function xorEncrypt(text, key) {
key = key || buildCookie();
const textArr = text.split("");
for (let i = 0; i < textArr.length; i++) {
textArr[i] = String.fromCharCode(
textArr[i].charCodeAt(0) ^ key[(i + 10) % key.length].charCodeAt(0)
);
}
return textArr.join("");
}
function buildCookie() {
const base =
"ob1_check=A1sdRUIQChtxen8pI0dANi8zcX5zHBl+YnEhLyZIPxw8WkVRVRliYGBFVVdeSFkuXBcaAEEABAhVVFNQQVBacV5AVVpEB3xUV0ceCyZPagcSQEpvAWdVSkcsSz1LBB4QHBtTXF0GDUVSWklWBRsCHAkcBBoY; USERINFO=GjVY0ItO7GCcMQqJQdiJcHnqwmrT%2FMyNl3IO%2F%2FO11KRRtitnMdY2EWmeRWzFHHoKNSJf3k6Urd0Kx3ukCblegf4MNXBWmlhD0g8IATKMKM%2FpkXh%2BAc8%2Ft1SAjiV2fojSb%2FCAzvXGid4vRLpMfbw%2FgA%3D%3D; AUTHKEY=Y%2BgRYdRRsyNDhA0dru%2BQzEZanYUOYKoNJGaPj7Vi3ymWOgXdt2BA%2BJ%2FGe78Z2oPfZjajGjM725yUJdMMstrjyzVUhYfWOicfFgbHQHE%2BBpgCsoP4gIxU8w%3D%3D;";
const tail =
" ada35577182650f1_gr_cs1=ob122414085964; synct=" +
Date.now() +
".223; syncd=-1530";
return base + tail;
}
const cookie = buildCookie();
const syncdMatch = cookie.match(/syncd=(-?\d+)/);
const syncd = syncdMatch ? -parseInt(syncdMatch[1]) : 0;
const offset = Date.now() - syncd - 1661224081041;
const delimiter = "@#";
const params = Object.values(config.params)
.filter((v) => v !== undefined)
.sort()
.join("");
const base64Params = encodeBase64(params);
const joined =
base64Params +
delimiter +
config.url +
delimiter +
offset +
delimiter +
3;
const randomKey = "xyz517cda96efgh" + Math.floor(Math.random() * 10);
const encrypted = encodeBase64(xorEncrypt(joined, randomKey));
const result = btoa(encrypted + Date.now());
return result;
}
// console.log(O0o0O0O0());
3).T13 计算题验证码
没有啥加密反爬手段啥的,利用ddddocr即可。
核心思路跟上面一样就是切割图片,然后放大,即可
核心代码如下
crop_box = (53, 20, 95, 36)
cropped_img = img.crop(crop_box)
scale_factor = 2
width, height = cropped_img.size
resized_img = cropped_img.resize((width * scale_factor, height * scale_factor), Image.LANCZOS)
resized_img.save("resized.png")
3).T23 非对称加密
核心检测代码如下
let debug_str = "debugger";
function debug() {
if (setInterval["toString"]() !== "function setInterval() { [native code] }") return location["href"] = "https://yuanshen.com/", document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。", true;
if (setInterval["toString"]() !== Function["prototype"]["toString"]["call"](setInterval)) return location["href"] = "https://yuanshen.com/", document["body"]["innerHTML"] = "检测到调试环境,页面已被保护。", true;
Function(debug_str)["call"]();
Function(debug_str)["apply"]();
Function(debug_str)["bind"]()();
Function(debug_str + ';' + Date["now"]());
eval(debug_str + ';' + Date["now"]());
Function["constructor"]("debugger")();
(function () {
return true;
})["constructor"]("debugger")();
}
setInterval(debug, 500);
还有一个检测,总共两个
fetch(window.location.href).then(function(e) {
return e.text()
}).then(function(e) {
var n = CryptoJS.SHA256(e).toString();
"299e4d96f573e044dcfc6fb07052d1bd5821ff9acde1b7ac9fb54c832225023d" !== n && "4625c53d967b825be9f7780fe44ec9ea4ec8d0c3a8ea0bf284f2914a040c472e" !== n && (window.location.href = "https://yuanshen.com/")
}).catch(function(e) {
"HTML integrity check failed" === e.message || console.warn("HTML 完整性校验失败(网络错误):", e)
})
加密代码如下,没啥混淆
function geturldata(page) {
var n, t, r = [
"/page/"+page+"/",
page
];
var url= '/page/'+page+'/?challenge_type=fsymmetry_challenge'
if (r) {
var c = parseInt(r[1])
, a = new URLSearchParams(url.split("?")[1] || "").get("challenge_type") || "fsymmetry_challenge"
, o = Date.now()
, s = "".concat(c, "_").concat(a, "_").concat(o);
XAuthKey= u(s),
XSignature = (n = s,
(t = new JSEncrypt).setPrivateKey("-----BEGIN RSA PRIVATE KEY-----\nMIICXAIBAAKBgQC1vKwZUIv7pgpJUXXPpDlD4+VEon3a0ANOrNmqAESrcGfkmYzD\nCo2JeuYezhBGjBNjwVmSct/Y3BBOCRGT2bvtCJGdS12RMvHbFcdbwS/Adh48+rhL\niMNYXLm+7pI3e2k6TlScxKa7EeeZpVtew/Cv5z6ol0llNPp6BdqAlOa8DwIDAQAB\nAoGAS0GaWI9AsFAFEXBgoz/jkMf14DKTgEFEJVexeNLMnNuawhCNuBSOIMCaO2Zk\nWfpWaygdUeYs6M3UGKRruXhf92g/BRmJK5FzR0kWW4qw6WwlYob3TPc3c9MFOjmp\nVtWQ0VSeEPrnBNoQRccKl0dGBnToHGuV+KEuKx8oWZc/JM0CQQDH/cvlx0BKz2zN\n6PM8FidAvc+Wgon8YW81KJgC7iJIrK9FOpctOE3L1pdF7guOQNVGRqN4HCIgLfHE\ncqxWJKJtAkEA6KIkwHe/Q23uWH5GP8DHtVkLVfohTumYkpb0rk05EYQ0dsWSNzWH\nXDH/kD6ayNq+fscnS8g+59onzvfhJ0bq6wJBAKNFkDEHenWY4js481sauvEgBVnb\nOMvSv/emLHQ39cVfNbhPHRzN2rWPe/CbZtO8GmJFSS/FyBZ9a+P1uryZLAECQAaw\nApZ12s25b0yj9KkIhbU05hqGokZ+eKBeLpKELcvPHSL88wMbStTfqxUed5ymjStf\n1kVbcFOB9fsBLTvP0hkCQFCON0l1VjFli+vqfN0lypgIqCf85V6FZFN19creGCCd\n76pX/X2FIBbUSDN1z48SM5I/RKdCkTx7FY+509q2Mek=\n-----END RSA PRIVATE KEY-----"),
t.sign(n, CryptoJS.SHA256, "sha256") || "");
var i = function(e) {
return CryptoJS.HmacSHA256(e, "dsa_secret_key_2025").toString()
}(s)
, l = u(s + "_param")
, f = url.includes("?") ? "&" : "?";
url += "".concat(f, "data=").concat(encodeURIComponent(l), "&verify=").concat(i, "&t=").concat(o)
// console.log(url)
return {'XAuthKey':XAuthKey,'XSignature':XSignature,'url':url}
}}
中等及后面还没看,有时间再看吧
本文章未经许可禁止转载,禁止任何修改后二次传播,擅自使用本文讲解的技术而导致的任何意外,作者均不负责,若有侵权,请在公众号联系作者立即删除!
[复制链接]
发表于 2025-10-17 17:35
分享到朋友圈
吾爱破解 也有防火墙 爬猛了 也不行。