网址:https://www.qizhidao.com/

解析流程

首先抓包发现有反调试无限debug,先使用永不在此暂停先过掉它

image-20230517145648758

多次请求发现请求头中有个user-agent-web字段需要携带,这个字段好像和user-agent没啥关系,且可以固定

image-20230517150538440

然后是cookie,有些时候全部不带都行,如果不用随机代理的话,多请求几次就会出现疯狂滑块页面

image-20230517151335064

wz_uuid 应该是游客id,用ua + 时间戳 + 随机字符串生成

image-20230517151621379

image-20230517151828185

z.i 和 a.m

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
function O(t) {
   var e = (t || window.navigator.userAgent || Object(a.m)(4, 8)) + (new Date).getTime() + Object(a.m)(4, 8);
   return s()(e)
}

function a_m(t, e, n) {
    var r, o = "";
    void 0 === t && (t = 6),
    "string" == typeof e && (n = e),
    r = e && "number" == typeof e ? Math.round(Math.random() * (e - t)) + t : t,
    n = n || "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    for (var i = 0; i < r; i++) {
        var a = Math.round(Math.random() * (n.length - 1));
        o += n.substring(a, a + 1)
    }
    return o
}

s()(e):

image-20230517152038492

使用js完整生成, 随机代理加上这个游客id,一般都没有什么问题:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
const crypto = require('crypto');

window = {}
window.navigator ={
    userAgent:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36'
}

function md5(data){
    return crypto.createHash('md5').update(String(data)).digest('hex');
}

function z_i(t) {
    var e = (t || window.navigator.userAgent || Object(a_m)(4, 8)) + (new Date).getTime() + Object(a_m)(4, 8);
    return 'X/'.concat(md5(e))
}

function a_m(t, e, n) {
    var r, o = "";
    void 0 === t && (t = 6),
    "string" == typeof e && (n = e),
    r = e && "number" == typeof e ? Math.round(Math.random() * (e - t)) + t : t,
    n = n || "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    for (var i = 0; i < r; i++) {
        var a = Math.round(Math.random() * (n.length - 1));
        o += n.substring(a, a + 1)
    }
    return o    
}

console.log(z_i(undefined))