写在最前,这是作者第一次完全自主的尝试。喜悦之余,做出分享。
确定具体路由:
验证一下
这里作者猜想要搞x-apikey和cookie
Cookie:
aliyungf_tc=8bb106195f76d060d2bc50d94ccdb4ee2af3ca6615e102756ef83fcdd20e89d6; locale=zh_CN; browserVersionLevel=v5.6ad2a8e37c01; devId=0043c414-e905-423e-b85c-6831e880f500; oklink.unaccept_cookie=1; okg.currentMedia=xl; _monitor_extras={"deviceId":"0sdHD_HgOyr9Kzo456LV1P","eventId":6,"sequenceNumber":6}; amp_d77757=uhYmNWO5fkVAhodpep-5ZZ...1hjjeukdo.1hjjeuppn.5.0.5; ok-ses-id=+Q9AwN5MO4rkQGT3uYuiP6xT6o0KcfAr3mY0fLF2yRp26e2iXb5oWMGlbO7p90/Zkt6KgFLTtZH4Cmzx6Q2M7PnVTQIj/b88Cti8PTsgCszJ4VmmkOtIcsTpzvxDKTkc
X-Apikey:
LWIzMWUtNDU0Ny05Mjk5LWI2ZDA3Yjc2MzFhYmEyYzkwM2NjfDI4MTU3OTI2MjIzNjAzMzg=
#此时我换一下浏览器
Cookie:
aliyungf_tc=cb924d5f43f76dd92c2555cde8752cdddc4feb981c191449faff5a8c93b4f348; locale=zh_CN; browserVersionLevel=v5.6ad2a8e37c01; devId=d32648d8-8f76-4ba5-b161-3d41dc164020; okg.currentMedia=xl; oklink.unaccept_cookie=1; _monitor_extras={"deviceId":"S-Qe5r6iiLFjxsOPOGjNsZ","eventId":11,"sequenceNumber":11}; amp_d77757=3aMkVffFQv199zIAIqyUMx...1hjjfgv6l.1hjjfh6c0.a.0.a; ok-ses-id=NFp8WeIJCyYgQ87CQJ+GJw1touTV0ULWuojjM2vVenhVFhAPf6V6lNTz40n8AXkbbinNpIm9jnMzoBk4dGZjkqaR3dIY6URu5IZrZVT0T78ScZl0lcZuvnRyHiTqEO9W
X-Apikey:
LWIzMWUtNDU0Ny05Mjk5LWI2ZDA3Yjc2MzFhYmEyYzkwM2NjfDI4MTU3OTMyMzE4OTk0NjQ=
#确实在变化,只能抠js代码了
这个时候控制变量法看到底哪个是被检验的,发现是x-apikey。简单说就是你换着发请求
X-Apikey:
我这里犯了错误,搜索x-apikey,浪费了很多时间。又跟着启动器,死活找不到。这里只需要搜索apikey就行了
给一个断点:
扒下来:
function res() {
var e = (new Date).getTime()
, t = this.encryptApiKey();
return this.comb(t, e);
}
const result = res();
console.log(result);
根据提示补充环境
function encryptApiKey() {
var e = "a2c903cc-b31e-4547-9299-b6d07b7631ab"
, t = e.split("")
, n = t.splice(0, 8);
return e = t.concat(n).join("")
}
function comb(e, t) {
var n = "".concat(e, "|").concat(t);
return i.Z.btoa(n)
}
function res() {
var e = (new Date).getTime()
, t = encryptApiKey();
return comb(t, e);
}
let result = res();
console.log(result);
我这里被编辑器坑了,把this.comb(t, e)中的e当成了当前时间(左键+ctrl可以追踪变量,把加密的操作删除了),最后发现长度不一。
最终的js代码, apikey.js:
function encryptTime(e) {
let a = 1111111111111
var t = (1 * e + a).toString().split("")
, n = parseInt(10 * Math.random(), 10)
, r = parseInt(10 * Math.random(), 10)
, o = parseInt(10 * Math.random(), 10);
return t.concat([n, r, o]).join("")
}
function encryptApiKey() {
var e = "a2c903cc-b31e-4547-9299-b6d07b7631ab"
, t = e.split("")
, n = t.splice(0, 8);
return e = t.concat(n).join("");
}
function comb(e, t) {
var n = "".concat(e, "|").concat(t);
return btoa(n);
}
function res() {
const e = encryptTime((new Date).getTime())
, t = encryptApiKey();
return comb(t, e);
}
let result = res();
console.log(result)
最后的python代码:
import execjs
import requests
import time
with open("apikey.js") as fp:
JSCode = fp.read()
JS = execjs.compile(JSCode)
apikey = JS.call("res")
print(apikey)
cookies = {
'aliyungf_tc': '8bb106195f76d060d2bc50d94ccdb4ee2af3ca6615e102756ef83fcdd20e89d6',
'locale': 'zh_CN',
'browserVersionLevel': 'v5.6ad2a8e37c01',
'devId': '0043c414-e905-423e-b85c-6831e880f500',
'oklink.unaccept_cookie': '1',
'okg.currentMedia': 'xl',
'_monitor_extras': '{"deviceId":"0sdHD_HgOyr9Kzo456LV1P","eventId":6,"sequenceNumber":6}',
'amp_d77757': 'uhYmNWO5fkVAhodpep-5ZZ...1hjjeukdo.1hjjeuppn.5.0.5',
'ok-ses-id': '+Q9AwN5MO4rkQGT3uYuiP6xT6o0KcfAr3mY0fLF2yRp26e2iXb5oWMGlbO7p90/Zkt6KgFLTtZH4Cmzx6Q2M7PnVTQIj/b88Cti8PTsgCszJ4VmmkOtIcsTpzvxDKTkc',
}
headers = {
'authority': 'www.oklink.com',
'accept': 'application/json',
'accept-language': 'zh-CN,zh;q=0.9',
'app-type': 'web',
# 'cookie': 'aliyungf_tc=8bb106195f76d060d2bc50d94ccdb4ee2af3ca6615e102756ef83fcdd20e89d6; locale=zh_CN; browserVersionLevel=v5.6ad2a8e37c01; devId=0043c414-e905-423e-b85c-6831e880f500; oklink.unaccept_cookie=1; okg.currentMedia=xl; _monitor_extras={"deviceId":"0sdHD_HgOyr9Kzo456LV1P","eventId":6,"sequenceNumber":6}; amp_d77757=uhYmNWO5fkVAhodpep-5ZZ...1hjjeukdo.1hjjeuppn.5.0.5; ok-ses-id=+Q9AwN5MO4rkQGT3uYuiP6xT6o0KcfAr3mY0fLF2yRp26e2iXb5oWMGlbO7p90/Zkt6KgFLTtZH4Cmzx6Q2M7PnVTQIj/b88Cti8PTsgCszJ4VmmkOtIcsTpzvxDKTkc',
'devid': '0043c414-e905-423e-b85c-6831e880f500',
'referer': 'https://www.oklink.com/cn/eth/block-list/page/6',
'sec-ch-ua': '"Chromium";v="118", "Google Chrome";v="118", "Not=A?Brand";v="99"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-dest': 'empty',
'sec-fetch-mode': 'cors',
'sec-fetch-site': 'same-origin',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36',
'x-apikey': apikey,
'x-cdn': 'https://static.oklink.com',
'x-locale': 'zh_CN',
'x-site-info': '{}',
'x-utc': '8',
'x-zkdex-env': '0',
}
start_time = int(time.time() * 1000)
params = {
't': start_time,
'offset': '100',
'limit': '20',
}
response = requests.get('https://www.oklink.com/api/explorer/v1/eth/blocks', params=params, cookies=cookies, headers=headers)
print(response.text)
效果: