本文仅用于技术学习交流。以有道翻译为例,先找到翻译接口,确定关键参数salt、sign、lts、bv。猜测参数为加密生成后,在js里查找加密信息,明确参数加密方式。最后用Python改写代码,成功破解。总结是找到加密参数后去js找加密方法。
声明:仅用于技术学习交流,不针对任何网站,不得用于非法用途,本人不负任何相关责任。
一:准备阶段
有道翻译网址:http://fanyi.youdao.com/
打开终端network,多次输入内容进行翻译,可见翻译接口:http://fanyi.youdao.com/translate_o?smartresult=dict&smartresult=rule,
查看请求体内容如下:
经多次测试,发现关键参数应有四个:
- salt:变化
- sign:变化
- lts:变化
- bv:猜测是个固定值或值段时间内不变化,生成规则待定
二:猜测salt,sign,lts应为加密生成,前往js查找加密信息,ctrl+shift+L全局搜索关键词 sign,发现fanyi.min.js中有相关信息,格式化内容如下,相关参数的加密方式显而易见,ts时间戳,salt为时间戳拼接随机数,sign为"fanyideskweb" + str(key) + str(salt) + “]BjuETDhU)zqSxf-=B#7m"的MD5签名值。注意:此处的”]BjuETDhU)zqSxf-=B#7m"应是个定期改变的字符串。
function(e, t) {
var n = e("./jquery-1.7");
e("./utils");
e("./md5");
var r = function(e) {
var t = n.md5(navigator.appVersion),
r = "" + (new Date).getTime(),
i = r + parseInt(10 * Math.random(), 10);
return {
ts: r,
bv: t,
salt: i,
sign: n.md5("fanyideskweb" + e + i + "]BjuETDhU)zqSxf-=B#7m")
}
};
三:用python改写,代码如下
import time, random
import requests
ts = str(int((time.time()*1000)))
salt = str(ts) + str(random.randint(0, 10))
# print(ts)
print(salt)
def getmd5(v):
import hashlib
md5 = hashlib.md5()
md5.update(v.encode('utf8'))
sign = md5.hexdigest()
return sign
def getSign(key, salt):
sign = "fanyideskweb" + str(key) + str(salt) + "]BjuETDhU)zqSxf-=B#7m"
sign = getmd5(sign)
return sign
def youdao(key):
url = "http://fanyi.youdao.com/translate_o?smartresult=dict&smartresult=rule"
data = {
"i":key,
"from":"AUTO",
"to":"AUTO",
"smartresult":"dict",
"client":"fanyideskweb",
"salt": str(salt),
"sign":getSign(key, salt),
"lts":ts,
"bv":"f7d97c24a497388db1420108e6c3537b",
"doctype":"json",
"version":"2.1",
"keyfrom":"fanyi.web",
"action":"FY_BY_REALTIME",
"typoResult":"false",
}
headers = {
"Host":"fanyi.youdao.com",
# "Proxy-Connection":"keep-alive",
"Content-Length":str(len(data)),
"Accept":"application/json, text/javascript, */*; q=0.01",
"Origin":"http://fanyi.youdao.com",
"X-Requested-With":"XMLHttpRequest",
"User-Agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36",
"Content-Type":"application/x-www-form-urlencoded; charset=UTF-8",
"Referer":"http://fanyi.youdao.com/",
"Accept-Encoding":"gzip, deflate",
"Accept-Language":"zh-CN,zh;q=0.9",
"Cookie":"OUTFOX_SEARCH_USER_ID=119019685@10.168.8.63; JSESSIONID=aaaAioBu8RNDK46QQgoKw; OUTFOX_SEARCH_USER_ID_NCOO=585978009.1173552; UM_distinctid=1690e1aeb4938-0e3d396c4bdd96-551f3c12-100200-1690e1aeb4b7e; ___rl__test__cookies=1550723437154",
}
result =requests.post(url=url, data=data, headers=headers)
print(result.text)
if __name__ == '__main__':
youdao("给我点个赞吧")
运行结果:破解成功
总结:找到加密参数,再去js中查找加密方法
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
