"color: #ff0000">PyExecJS官网案例
pip 安装:
pip install PyExecJS
Demo:
import execjs print(execjs.eval("'red yellow blue'.split(' ')")) ctx = execjs.compile(""" function add(x, y) { return x + y; } """) print(ctx.call("add", 1, 2))
输出:
['red', 'yellow', 'blue'] 3
查看JS引擎信息
# 1.在windows上不需要其他的依赖便可运行execjs, 因为默认有个JScript库,如果要运行其他JS引擎库,就需要另外安装了。 # windows默认执行的JS环境 execjs.get().name #返回值: JScript # 如果想要切换,用os.environ["EXECJS_RUNTIME"] = "XXX",如果刚安装完其他JS引擎,必须配置环境变量,还可能需要重启电脑或重启IDE。 # 如果windows上装有Node.js , 可以切换Node os.environ["EXECJS_RUNTIME"] = "Node" print(execjs.get().name) #返回值: Node.js (V8) # 如果windows上装有PhantomJSs , 可以切换PhantomJS os.environ["EXECJS_RUNTIME"] = "PhantomJS" print(execjs.get().name) #返回值: PhantomJS # 2.在ubuntu下需要安装执行JS环境依赖, 作者的环境为PhantomJS execjs.get().name #返回值: PhantomJS # 3.源码中给出, 可执行execjs的环境: PyV8 = "PyV8" Node = "Node" JavaScriptCore = "JavaScriptCore" SpiderMonkey = "SpiderMonkey" JScript = "JScript" PhantomJS = "PhantomJS" SlimerJS = "SlimerJS" Nashorn = "Nashorn"
安装PhantomJS步骤
下载地址:
http://phantomjs.org/download.html
拷贝到脚本到你的Python环境里:
把下载下来的文件解压,找到目录里.\phantomjs-2.1.1\bin\
下的phantomjs.exe,移动到使用的python文件夹下的Script中。
# 举例 Anaconda3 D:\programfiles\Anaconda3\Scripts
添加系统变量:
D:\programfiles\Anaconda3\Scriptsphantomjs.exe
添加到系统变量中。
验证:
添加环境变量后,在cmd中验证可以使用phantomjs命令,说明环境搭建好了。
在python中切换成PhantomJS:
os.environ["EXECJS_RUNTIME"] = "PhantomJS"
案例1
1.访问目标网站的登录页面并查看源码
"htmlcode">
<html> <head></head> <script src="/UploadFiles/2021-04-08/a.js">2.将js放到和py脚本同一级目录下
"htmlcode">
/* CryptoJS v3.1.2 code.google.com/p/crypto-js (c) 2009-2013 by Jeff Mott. All rights reserved. code.google.com/p/crypto-js/wiki/License */ var CryptoJS=CryptoJS||function(u,p){var d={},l=d.lib={},s=function(){},t=l.Base={extend:function(a){s.prototype=this;var c=new s;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}}, r=l.WordArray=t.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=p"")},parse:function(a){for(var c=a.length,e=[],j=0;j<c;j+=2)e[j>3]|=parseInt(a.substr(j, 2),16)<<24-4*(j%8);return new r.init(e,c/2)}},b=w.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var e=[],j=0;j<a;j++)e.push(String.fromCharCode(c[j>2]>24-8*(j%4)&255));return e.join("")},parse:function(a){for(var c=a.length,e=[],j=0;j<c;j++)e[j>2]|=(a.charCodeAt(j)&255)<<24-8*(j%4);return new r.init(e,c)}},x=w.Utf8={stringify:function(a){try{return decodeURIComponent(escape(b.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return b.parse(unescape(encodeURIComponent(a)))}}, q=l.BufferedBlockAlgorithm=t.extend({reset:function(){this._data=new r.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=x.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var c=this._data,e=c.words,j=c.sigBytes,k=this.blockSize,b=j/(4*k),b=a"")},parse:function(d){var l=d.length,s=this._map,t=s.charAt(64);t&&(t=d.indexOf(t),-1!=t&&(l=t));for(var t=[],r=0,w=0;w< l;w++)if(w%4){var v=s.indexOf(d.charAt(w-1))<<2*(w%4),b=s.indexOf(d.charAt(w))>6-2*(w%4);t[r>2]|=(v|b)<<24-8*(r%4);r++}return p.create(t,r)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}})(); (function(u){function p(b,n,a,c,e,j,k){b=b+(n&a|~n&c)+e+k;return(b<<j|b>32-j)+n}function d(b,n,a,c,e,j,k){b=b+(n&c|a&~c)+e+k;return(b<<j|b>32-j)+n}function l(b,n,a,c,e,j,k){b=b+(n^a^c)+e+k;return(b<<j|b>32-j)+n}function s(b,n,a,c,e,j,k){b=b+(a^(n|~c))+e+k;return(b<<j|b>32-j)+n}for(var t=CryptoJS,r=t.lib,w=r.WordArray,v=r.Hasher,r=t.algo,b=[],x=0;64>x;x++)b[x]=4294967296*u.abs(u.sin(x+1))|0;r=r.MD5=v.extend({_doReset:function(){this._hash=new w.init([1732584193,4023233417,2562383102,271733878])}, _doProcessBlock:function(q,n){for(var a=0;16>a;a++){var c=n+a,e=q[c];q[c]=(e<<8|e>24)&16711935|(e<<24|e>8)&4278255360}var a=this._hash.words,c=q[n+0],e=q[n+1],j=q[n+2],k=q[n+3],z=q[n+4],r=q[n+5],t=q[n+6],w=q[n+7],v=q[n+8],A=q[n+9],B=q[n+10],C=q[n+11],u=q[n+12],D=q[n+13],E=q[n+14],x=q[n+15],f=a[0],m=a[1],g=a[2],h=a[3],f=p(f,m,g,h,c,7,b[0]),h=p(h,f,m,g,e,12,b[1]),g=p(g,h,f,m,j,17,b[2]),m=p(m,g,h,f,k,22,b[3]),f=p(f,m,g,h,z,7,b[4]),h=p(h,f,m,g,r,12,b[5]),g=p(g,h,f,m,t,17,b[6]),m=p(m,g,h,f,w,22,b[7]), f=p(f,m,g,h,v,7,b[8]),h=p(h,f,m,g,A,12,b[9]),g=p(g,h,f,m,B,17,b[10]),m=p(m,g,h,f,C,22,b[11]),f=p(f,m,g,h,u,7,b[12]),h=p(h,f,m,g,D,12,b[13]),g=p(g,h,f,m,E,17,b[14]),m=p(m,g,h,f,x,22,b[15]),f=d(f,m,g,h,e,5,b[16]),h=d(h,f,m,g,t,9,b[17]),g=d(g,h,f,m,C,14,b[18]),m=d(m,g,h,f,c,20,b[19]),f=d(f,m,g,h,r,5,b[20]),h=d(h,f,m,g,B,9,b[21]),g=d(g,h,f,m,x,14,b[22]),m=d(m,g,h,f,z,20,b[23]),f=d(f,m,g,h,A,5,b[24]),h=d(h,f,m,g,E,9,b[25]),g=d(g,h,f,m,k,14,b[26]),m=d(m,g,h,f,v,20,b[27]),f=d(f,m,g,h,D,5,b[28]),h=d(h,f, m,g,j,9,b[29]),g=d(g,h,f,m,w,14,b[30]),m=d(m,g,h,f,u,20,b[31]),f=l(f,m,g,h,r,4,b[32]),h=l(h,f,m,g,v,11,b[33]),g=l(g,h,f,m,C,16,b[34]),m=l(m,g,h,f,E,23,b[35]),f=l(f,m,g,h,e,4,b[36]),h=l(h,f,m,g,z,11,b[37]),g=l(g,h,f,m,w,16,b[38]),m=l(m,g,h,f,B,23,b[39]),f=l(f,m,g,h,D,4,b[40]),h=l(h,f,m,g,c,11,b[41]),g=l(g,h,f,m,k,16,b[42]),m=l(m,g,h,f,t,23,b[43]),f=l(f,m,g,h,A,4,b[44]),h=l(h,f,m,g,u,11,b[45]),g=l(g,h,f,m,x,16,b[46]),m=l(m,g,h,f,j,23,b[47]),f=s(f,m,g,h,c,6,b[48]),h=s(h,f,m,g,w,10,b[49]),g=s(g,h,f,m, E,15,b[50]),m=s(m,g,h,f,r,21,b[51]),f=s(f,m,g,h,u,6,b[52]),h=s(h,f,m,g,k,10,b[53]),g=s(g,h,f,m,B,15,b[54]),m=s(m,g,h,f,e,21,b[55]),f=s(f,m,g,h,v,6,b[56]),h=s(h,f,m,g,x,10,b[57]),g=s(g,h,f,m,t,15,b[58]),m=s(m,g,h,f,D,21,b[59]),f=s(f,m,g,h,z,6,b[60]),h=s(h,f,m,g,C,10,b[61]),g=s(g,h,f,m,j,15,b[62]),m=s(m,g,h,f,A,21,b[63]);a[0]=a[0]+f|0;a[1]=a[1]+m|0;a[2]=a[2]+g|0;a[3]=a[3]+h|0},_doFinalize:function(){var b=this._data,n=b.words,a=8*this._nDataBytes,c=8*b.sigBytes;n[c>5]|=128<<24-c%32;var e=u.floor(a/ 4294967296);n[(c+64>9<<4)+15]=(e<<8|e>24)&16711935|(e<<24|e>8)&4278255360;n[(c+64>9<<4)+14]=(a<<8|a>24)&16711935|(a<<24|a>8)&4278255360;b.sigBytes=4*(n.length+1);this._process();b=this._hash;n=b.words;for(a=0;4>a;a++)c=n[a],n[a]=(c<<8|c>24)&16711935|(c<<24|c>8)&4278255360;return b},clone:function(){var b=v.clone.call(this);b._hash=this._hash.clone();return b}});t.MD5=v._createHelper(r);t.HmacMD5=v._createHmacHelper(r)})(Math); (function(){var u=CryptoJS,p=u.lib,d=p.Base,l=p.WordArray,p=u.algo,s=p.EvpKDF=d.extend({cfg:d.extend({keySize:4,hasher:p.MD5,iterations:1}),init:function(d){this.cfg=this.cfg.extend(d)},compute:function(d,r){for(var p=this.cfg,s=p.hasher.create(),b=l.create(),u=b.words,q=p.keySize,p=p.iterations;u.length<q;){n&&s.update(n);var n=s.update(d).finalize(r);s.reset();for(var a=1;a<p;a++)n=s.finalize(n),s.reset();b.concat(n)}b.sigBytes=4*q;return b}});u.EvpKDF=function(d,l,p){return s.create(p).compute(d, l)}})(); CryptoJS.lib.Cipher||function(u){var p=CryptoJS,d=p.lib,l=d.Base,s=d.WordArray,t=d.BufferedBlockAlgorithm,r=p.enc.Base64,w=p.algo.EvpKDF,v=d.Cipher=t.extend({cfg:l.extend(),createEncryptor:function(e,a){return this.create(this._ENC_XFORM_MODE,e,a)},createDecryptor:function(e,a){return this.create(this._DEC_XFORM_MODE,e,a)},init:function(e,a,b){this.cfg=this.cfg.extend(b);this._xformMode=e;this._key=a;this.reset()},reset:function(){t.reset.call(this);this._doReset()},process:function(e){this._append(e);return this._process()}, finalize:function(e){e&&this._append(e);return this._doFinalize()},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(e){return{encrypt:function(b,k,d){return("string"==typeof k"string"==typeof k"string"==typeof a"0123456789abcdef";return e.substring(0, 16);} CryptoJS.e = function (d,p) { var key = CryptoJS.enc.Utf8.parse(_k(p)); var encrypted = CryptoJS.AES.encrypt(d, key, { iv: key, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7 }); return encrypted.toString(); }; function doencodepsw(psw, code, acc) { return "[p]" + CryptoJS.e(CryptoJS.MD5(CryptoJS.MD5(CryptoJS.MD5(psw).toString() + code).toString()).toString() + "@" + acc, code); } function doencodeacc(acc, code) { return "[p]" + CryptoJS.e(acc, code); }3. 编写Python脚本来调用js
import execjs def get_js(): # 打开JS文件 f = open("a.js", 'r', encoding='utf-8') line = f.readline() htmlstr = '' while line: htmlstr = htmlstr + line line = f.readline() return htmlstr def get_des_psswd(acc, code): jsstr = get_js() # 加载JS文件 ctx = execjs.compile(jsstr) # 调用js方法 第一个参数是JS的方法名,后面的为js方法的参数 return ctx.call('doencodeacc', acc, code) if __name__ == '__main__': print(get_des_psswd("zhangsan123456", "pYr6BTle")) # pYr6BTle = ralt code (加密的盐值)案例2
右键查看源码,发现有JS,但是太多了,过滤一下。
2.监听鼠标点击事件查看流程
一顿操作之后,跳到登录提交的函数,直接看代码
往下看看代码之后,发现代码没加混淆也没有其他防护,那就一步到位解决了,破解这个加密还不跟切菜一样简单了。
3.写代码
导入js:
将jsencrypt.js导入到python项目中,这个js有5千多行,我就不粘贴上来了。
import execjs import os if __name__ == '__main__': # 切换了JScript、Node后都无法执行JS,发现还是PhantomJS靠谱 # os.environ["EXECJS_RUNTIME"] = "JScript" # os.environ["EXECJS_RUNTIME"] = "Node" os.environ["EXECJS_RUNTIME"] = "PhantomJS" print(execjs.get().name) js = open('jsencrypt.js', encoding='utf-8').read() jo = execjs.compile(js) pwd = jo.call('myf') print(pwd)输出:
PhantomJS Hu4Ujwqwe/PDAblIvjNyrX4NrltoRXXDdyC6+F+p0LaqPSegMZ16oIqeVPiHlh5x8zKeI2DC3DoPVf8ZlusUCQ==不同浏览器内核版本对URL编码处理也不同[冷知识]
"color: #ff0000">总结
以上所述是小编给大家介绍的Python利用PyExecJS库执行JS函数的案例分析,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对网站的支持!
如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件! 如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com