如何绕过WebSocket加密实现直接通信的长尾?

2026-04-03 06:361阅读0评论SEO问题
  • 内容介绍
  • 文章标签
  • 相关推荐

本文共计1530个文字,预计阅读时间需要7分钟。

如何绕过WebSocket加密实现直接通信的长尾?

目录 + WebSocket--hook + 服务端--WebSocketServer.js + 客户端--注入JS代码 + Python开端口 + get_data.py (文件方式) + get_user_id.py (文件方式) + get_user_id.py (终端方式) + get_user_id.py (终端方式) + 爬虫调用者--WebSocket--hook + 递归思路

目录
  • websocket--hook
  • 服务端--WebSocketServer.js
  • 客户端注入JS代码
  • python开端口
  • get_data.py 文件方式
  • get_user_id.py 文件方式
  • get_data.py 终端方式
  • get_user_id.py 终端方式
  • 爬虫调用者

websocket--hook

大致思路

原理:

浏览器(客户端):在浏览器中注入一段JS代码,与服务端建立连接。调用浏览器中的js方法,把返回的数据发送给服务端

node启动js代码,监听某端口(客户端):服务端把参数(python发过来的)发送给客户端处理,并接收处理结果,再次把接收的结果返回给python处理

python(调用者):把参数发送给node,接收node传回来的数据

优点:

1.对于js混淆加密较深的,可以采用此方法。

2.不用扣js加密代码,直接调用浏览器环境

缺点:
1.如果有selenium监测,要想使用此方法,必须先绕过selenium监测,否则只能使用真机进行js注入

2.需要node环境,写一个websocket服务端和客户端

3.速度没有直接破解js快

服务端--WebSocketServer.js

let iconv = require('iconv-lite') var ws = require("nodejs-websocket"); console.log("开始建立连接...") var server = ws.createServer(function(conn){ let cached = {}; conn.on("text", function (msg) { if (!msg) return; // console.log("msg", msg); var key = conn.key; if ((msg === "Browser") || (msg === "Python")){ // browser或者python第一次连接 cached[msg] = key; // console.log("cached",cached); return; } if (Object.values(cached).includes(key)){ // console.log(server.connections.forEach(conn=>conn.key)); var targetConn = server.connections.filter(function(conn){ return conn.key !== key; }) // console.log("将要发送的实参:",msg); targetConn.forEach(conn=>{ conn.send(msg); }) } }) conn.on("close", function (code, reason) { // console.log("关闭连接") }); conn.on("error", function (code, reason) { console.log("异常关闭") }); conn.on("connection", function (conn) { console.log(conn) }); }).listen(10512) console.log("WebSocket建立完毕")

客户端注入JS代码

createSocket(); function createSocket() { window.ws = new WebSocket('ws://127.0.0.1:10512/'); window.ws.onopen = function (e) { console.log("连接服务器成功"); window.ws.send("Browser"); } window.ws.onclose = function (e) { console.log("服务器关闭"); setTimeout(createSocket, 60000); } window.ws.onerror = function () { console.log("连接出错"); } window.ws.onmessage = function (e) { var xml127.0.0.1:10512/') ws.connect() try: real_arg = f"/api/feed_backflow/profile_share/v1/?category=profile_article&visited_uid={user_id}&stream_api_version=82&request_source=1&offset={offset}&user_id={user_id}&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=288&screen_height=511&browser_language=zh-CN&browser_platform=MacIntel&browser_name=firefox&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: print('异常关闭') ws.close()

get_user_id.py 文件方式

# -*- coding: utf-8 -*- import time from ws4py.client.threadedclient import WebSocketClient import _locale _locale._getdefaultlocale = (lambda *args: ['zh_CN', 'utf8']) import io import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf8') # media_id = sys.argv[1].split(',', 1)[0] # sys.argv--> [get_attention.py,user_id,cursor] class CG_Client(WebSocketClient): def opened(self): self.max_cursor = 0 self.send("Python") def closed(self, code, reason=None): # print("Closed down:", code, reason) pass def received_message(self, resp): data = resp.data.decode("utf-8") write_user(data) ws.close() def write_user(data): with open('./user.txt', 'w', encoding='utf-8') as f: f.write(data) f.close() def get_user(media_id): ws = CG_Client('ws://127.0.0.1:10512/') ws.connect() try: real_arg = f"/user/profile/homepage/share/v7/?media_id={media_id}&request_source=1&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=393&screen_height=882&browser_language=zh-CN&browser_platform=MacIntel&browser_name=Chrome&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: print('异常关闭') ws.close()

如何绕过WebSocket加密实现直接通信的长尾?

get_data.py 终端方式

# -*- coding: utf-8 -*- import time from ws4py.client.threadedclient import WebSocketClient import _locale _locale._getdefaultlocale = (lambda *args: ['zh_CN', 'utf8']) import io import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf8') user_id = sys.argv[1].split(',', 1)[0] # sys.argv--> [get_attention.py,user_id,cursor] offset = str(sys.argv[2]) class CG_Client(WebSocketClient): def opened(self): print("连接成功") self.max_cursor = 0 self.send("Python") def closed(self, code, reason=None): print("Closed down:", code, reason) def received_message(self, resp): data = resp.data.decode("utf-8") print(data) ws.close() try: ws = CG_Client('ws://127.0.0.1:10512/') ws.connect() real_arg = f"/api/feed_backflow/profile_share/v1/?category=profile_article&visited_uid={user_id}&stream_api_version=82&request_source=1&offset={offset}&user_id={user_id}&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=288&screen_height=511&browser_language=zh-CN&browser_platform=MacIntel&browser_name=firefox&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: ws.close()

get_user_id.py 终端方式

# -*- coding: utf-8 -*- import time from ws4py.client.threadedclient import WebSocketClient import _locale _locale._getdefaultlocale = (lambda *args: ['zh_CN', 'utf8']) import io import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf8') media_id = sys.argv[1].split(',', 1)[0] # sys.argv--> [get_attention.py,user_id,cursor] class CG_Client(WebSocketClient): def opened(self): print("连接成功") self.max_cursor = 0 self.send("Python") def closed(self, code, reason=None): print("Closed down:", code, reason) def received_message(self, resp): data = resp.data.decode("utf-8") # data = resp.data.decode("gbk") print(data) ws.close() try: ws = CG_Client('ws://127.0.0.1:10512/') ws.connect() real_arg = f"/user/profile/homepage/share/v7/?media_id={media_id}&request_source=1&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=393&screen_height=882&browser_language=zh-CN&browser_platform=MacIntel&browser_name=Chrome&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: ws.close()

爬虫调用者

import time import requests import json import urllib3 from toutiao2_文件方式.get_user_id import get_user, CG_Client urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def open_user(): with open('./user.txt', 'r', encoding='utf-8') as f: user = json.loads(f.read()) f.close() return user def open_data(): with open('./data.txt', 'r', encoding='utf-8') as f: data = json.loads(f.read()) f.close() return data # media_id换user_id def start_ocean_toutiao_user_id(media_id): data = { 'media_id': media_id, } requests.get('127.0.0.1:4007/get_user_id', params=data, timeout=3) time.sleep(2) response = open_user() res_media_id = response.get('data').get('media_id') if int(res_media_id) == int(media_id): user_id = response.get('data').get('user_id') return user_id else: print('media不对应,请检查') return None # 通过websocket获取数据 def start_ocean_toutiao_data(user_id, offset): if user_id == None: print('没有获取到user_id,请检查原因。可能消息堆积错误') return None data = { 'user_id': user_id, 'offset': offset } requests.get('127.0.0.1:4007/get_data', params=data, timeout=3) response = open_data() return response def get_response(media_id,offset): user_id = start_ocean_toutiao_user_id(media_id) print(user_id) data = start_ocean_toutiao_data(user_id, offset) print(data) return data if __name__ == '__main__': for i in range(1): offset = 1587744000 # media_id = 6860767764 media_id = 6989633739 user_id = start_ocean_toutiao_user_id(media_id) print(user_id) # user_id = 6860406890 data = start_ocean_toutiao_data(user_id, offset) print(data) get_response(media_id, offset) pass

以上就是websocket直接绕过JS加密示例及思路原理的详细内容,更多关于websocket绕过JS加密思路的资料请关注自由互联其它相关文章!

标签:Websocket直接绕过加密示例

相关推荐

38832如何用Vue和vue-pdf插件实现PDF在线浏览功能?38835JavaScript中实现sleep函数的常见方法有哪些?38837有没有一款JavaScript打包压缩工具,能高效处理项目文件?38839element中的$confirm如何实现更复杂的确认操作?38841Vue.js中npm run dev后页面显示cannot GET,是什么配置或步骤出了问题?38843如何实现Vue项目中自定义长尾词视频控制条的功能?38845如何将el-menu组件的无限极循环思路代码改写为长尾关键词?38848如何使用jsbarcode生成条形码并保存到本地?38867如何使用JavaScript实现并操作长尾词链表定义?38872如何实现JavaScript中双向链表的创建、增加和查改写操作?38876如何编写JavaScript代码来阻止用户保存网页中的图片?38879Vue全局环境变量和模式如何深入浅析并有效改写?38885Vue、Node.js、MongoDB如何实现图片上传组件,支持预览、删除和修改功能?38890Vue3 Composition API中如何提取和重用逻辑实现代码复用?38891如何深入理解并实现JavaScript图片压缩的原理与技巧?38893如何用JavaScript的find()方法找到长尾词并获取其实例?

本文共计1530个文字,预计阅读时间需要7分钟。

如何绕过WebSocket加密实现直接通信的长尾?

目录 + WebSocket--hook + 服务端--WebSocketServer.js + 客户端--注入JS代码 + Python开端口 + get_data.py (文件方式) + get_user_id.py (文件方式) + get_user_id.py (终端方式) + get_user_id.py (终端方式) + 爬虫调用者--WebSocket--hook + 递归思路

目录
  • websocket--hook
  • 服务端--WebSocketServer.js
  • 客户端注入JS代码
  • python开端口
  • get_data.py 文件方式
  • get_user_id.py 文件方式
  • get_data.py 终端方式
  • get_user_id.py 终端方式
  • 爬虫调用者

websocket--hook

大致思路

原理:

浏览器(客户端):在浏览器中注入一段JS代码,与服务端建立连接。调用浏览器中的js方法,把返回的数据发送给服务端

node启动js代码,监听某端口(客户端):服务端把参数(python发过来的)发送给客户端处理,并接收处理结果,再次把接收的结果返回给python处理

python(调用者):把参数发送给node,接收node传回来的数据

优点:

1.对于js混淆加密较深的,可以采用此方法。

2.不用扣js加密代码,直接调用浏览器环境

缺点:
1.如果有selenium监测,要想使用此方法,必须先绕过selenium监测,否则只能使用真机进行js注入

2.需要node环境,写一个websocket服务端和客户端

3.速度没有直接破解js快

服务端--WebSocketServer.js

let iconv = require('iconv-lite') var ws = require("nodejs-websocket"); console.log("开始建立连接...") var server = ws.createServer(function(conn){ let cached = {}; conn.on("text", function (msg) { if (!msg) return; // console.log("msg", msg); var key = conn.key; if ((msg === "Browser") || (msg === "Python")){ // browser或者python第一次连接 cached[msg] = key; // console.log("cached",cached); return; } if (Object.values(cached).includes(key)){ // console.log(server.connections.forEach(conn=>conn.key)); var targetConn = server.connections.filter(function(conn){ return conn.key !== key; }) // console.log("将要发送的实参:",msg); targetConn.forEach(conn=>{ conn.send(msg); }) } }) conn.on("close", function (code, reason) { // console.log("关闭连接") }); conn.on("error", function (code, reason) { console.log("异常关闭") }); conn.on("connection", function (conn) { console.log(conn) }); }).listen(10512) console.log("WebSocket建立完毕")

客户端注入JS代码

createSocket(); function createSocket() { window.ws = new WebSocket('ws://127.0.0.1:10512/'); window.ws.onopen = function (e) { console.log("连接服务器成功"); window.ws.send("Browser"); } window.ws.onclose = function (e) { console.log("服务器关闭"); setTimeout(createSocket, 60000); } window.ws.onerror = function () { console.log("连接出错"); } window.ws.onmessage = function (e) { var xml127.0.0.1:10512/') ws.connect() try: real_arg = f"/api/feed_backflow/profile_share/v1/?category=profile_article&visited_uid={user_id}&stream_api_version=82&request_source=1&offset={offset}&user_id={user_id}&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=288&screen_height=511&browser_language=zh-CN&browser_platform=MacIntel&browser_name=firefox&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: print('异常关闭') ws.close()

get_user_id.py 文件方式

# -*- coding: utf-8 -*- import time from ws4py.client.threadedclient import WebSocketClient import _locale _locale._getdefaultlocale = (lambda *args: ['zh_CN', 'utf8']) import io import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) # sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf8') # media_id = sys.argv[1].split(',', 1)[0] # sys.argv--> [get_attention.py,user_id,cursor] class CG_Client(WebSocketClient): def opened(self): self.max_cursor = 0 self.send("Python") def closed(self, code, reason=None): # print("Closed down:", code, reason) pass def received_message(self, resp): data = resp.data.decode("utf-8") write_user(data) ws.close() def write_user(data): with open('./user.txt', 'w', encoding='utf-8') as f: f.write(data) f.close() def get_user(media_id): ws = CG_Client('ws://127.0.0.1:10512/') ws.connect() try: real_arg = f"/user/profile/homepage/share/v7/?media_id={media_id}&request_source=1&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=393&screen_height=882&browser_language=zh-CN&browser_platform=MacIntel&browser_name=Chrome&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: print('异常关闭') ws.close()

如何绕过WebSocket加密实现直接通信的长尾?

get_data.py 终端方式

# -*- coding: utf-8 -*- import time from ws4py.client.threadedclient import WebSocketClient import _locale _locale._getdefaultlocale = (lambda *args: ['zh_CN', 'utf8']) import io import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf8') user_id = sys.argv[1].split(',', 1)[0] # sys.argv--> [get_attention.py,user_id,cursor] offset = str(sys.argv[2]) class CG_Client(WebSocketClient): def opened(self): print("连接成功") self.max_cursor = 0 self.send("Python") def closed(self, code, reason=None): print("Closed down:", code, reason) def received_message(self, resp): data = resp.data.decode("utf-8") print(data) ws.close() try: ws = CG_Client('ws://127.0.0.1:10512/') ws.connect() real_arg = f"/api/feed_backflow/profile_share/v1/?category=profile_article&visited_uid={user_id}&stream_api_version=82&request_source=1&offset={offset}&user_id={user_id}&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=288&screen_height=511&browser_language=zh-CN&browser_platform=MacIntel&browser_name=firefox&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: ws.close()

get_user_id.py 终端方式

# -*- coding: utf-8 -*- import time from ws4py.client.threadedclient import WebSocketClient import _locale _locale._getdefaultlocale = (lambda *args: ['zh_CN', 'utf8']) import io import sys import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf8') media_id = sys.argv[1].split(',', 1)[0] # sys.argv--> [get_attention.py,user_id,cursor] class CG_Client(WebSocketClient): def opened(self): print("连接成功") self.max_cursor = 0 self.send("Python") def closed(self, code, reason=None): print("Closed down:", code, reason) def received_message(self, resp): data = resp.data.decode("utf-8") # data = resp.data.decode("gbk") print(data) ws.close() try: ws = CG_Client('ws://127.0.0.1:10512/') ws.connect() real_arg = f"/user/profile/homepage/share/v7/?media_id={media_id}&request_source=1&appId=1286&appType=mobile_detail_web&isAndroid=true&isIOS=false&isMobile=true&cookie_enabled=true&screen_width=393&screen_height=882&browser_language=zh-CN&browser_platform=MacIntel&browser_name=Chrome&browser_version=85.0.4183.83&browser_online=true&timezone_name=Asia%2FShanghai" time.sleep(0.1) ws.send(real_arg) ws.run_forever() except KeyboardInterrupt: ws.close()

爬虫调用者

import time import requests import json import urllib3 from toutiao2_文件方式.get_user_id import get_user, CG_Client urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) def open_user(): with open('./user.txt', 'r', encoding='utf-8') as f: user = json.loads(f.read()) f.close() return user def open_data(): with open('./data.txt', 'r', encoding='utf-8') as f: data = json.loads(f.read()) f.close() return data # media_id换user_id def start_ocean_toutiao_user_id(media_id): data = { 'media_id': media_id, } requests.get('127.0.0.1:4007/get_user_id', params=data, timeout=3) time.sleep(2) response = open_user() res_media_id = response.get('data').get('media_id') if int(res_media_id) == int(media_id): user_id = response.get('data').get('user_id') return user_id else: print('media不对应,请检查') return None # 通过websocket获取数据 def start_ocean_toutiao_data(user_id, offset): if user_id == None: print('没有获取到user_id,请检查原因。可能消息堆积错误') return None data = { 'user_id': user_id, 'offset': offset } requests.get('127.0.0.1:4007/get_data', params=data, timeout=3) response = open_data() return response def get_response(media_id,offset): user_id = start_ocean_toutiao_user_id(media_id) print(user_id) data = start_ocean_toutiao_data(user_id, offset) print(data) return data if __name__ == '__main__': for i in range(1): offset = 1587744000 # media_id = 6860767764 media_id = 6989633739 user_id = start_ocean_toutiao_user_id(media_id) print(user_id) # user_id = 6860406890 data = start_ocean_toutiao_data(user_id, offset) print(data) get_response(media_id, offset) pass

以上就是websocket直接绕过JS加密示例及思路原理的详细内容,更多关于websocket绕过JS加密思路的资料请关注自由互联其它相关文章!