目标网站:aHR0cHM6Ly9xLjEwanFrYS5jb20uY24v

这个网站是对cookie进行反爬虫的，可以看到cookie中有一个加密参数v

二、分析参数
可以使用hook方法，来hook住cookie中v生成的位置，可以直接在控制台中输入hook函数

(function () {'use strict';var cookie_cache = document.cookie;Object.defineProperty(document, 'cookie', {get: function () {return cookie_cache;},set: function (val) {console.log('Setting cookie', val);// 填写cookie名if (val.indexOf('v') != -1) {debugger;}var cookie = val.split(";")[0];var ncookie = cookie.split("=");var flag = false;var cache = cookie_cache.split("; ");cache = cache.map(function (a) {if (a.split("=")[0] === ncookie[0]) {flag = true;return cookie;}return a;})cookie_cache = cache.join("; ");if (!flag) {cookie_cache += cookie + "; ";}return cookie_cache;}});
})();

当js执行到生成v的时候，就会被hook到，然后就能根据堆栈来寻找v生成的位置了

进入rt.updata()方法

三、补环境：
我们可以把整个JS代码复制下来，放到编译器中执行

第一次执行：在编译器中执行，报了一个document未定义的错误
在这里插入图片描述
我们就需要补document了，可以这样补 document = {}

这个我们可以用代理，让它自动吐环境

function get_enviroment(proxy_array) {for(var i=0; i<proxy_array.length; i++){handler = '{\n' +'    get: function(target, property, receiver) {\n' +'        console.log("方法:", "get  ", "对象:", ' +'"' + proxy_array[i] + '" ,' +'"  属性:", property, ' +'"  属性类型:", ' + 'typeof property, ' +// '"  属性值:", ' + 'target[property], ' +'"  属性值类型:", typeof target[property]);\n' +'        return target[property];\n' +'    },\n' +'    set: function(target, property, value, receiver) {\n' +'        console.log("方法:", "set  ", "对象:", ' +'"' + proxy_array[i] + '" ,' +'"  属性:", property, ' +'"  属性类型:", ' + 'typeof property, ' +// '"  属性值:", ' + 'target[property], ' +'"  属性值类型:", typeof target[property]);\n' +'        return Reflect.set(...arguments);\n' +'    }\n' +'}'eval('try{\n' + proxy_array[i] + ';\n'+ proxy_array[i] + '=new Proxy(' + proxy_array[i] + ', ' + handler + ')}catch (e) {\n' + proxy_array[i] + '={};\n'+ proxy_array[i] + '=new Proxy(' + proxy_array[i] + ', ' + handler + ')}')}
}
proxy_array = ['window','document','navigator','location']get_enviroment(proxy_array)

四、完整环境

document = {}
window = global
location = {}
head = {}
div = {}
addBehavior = {}
getElementsByTagName = function (val) {if(val === 'head'){return [head]}
}
createElement = function(val){if(val === 'div'){return div}
}
null_function = function(){}
document.getElementsByTagName = getElementsByTagName
document.createElement = createElement
document.attachEvent = null_function
document.documentElement = addBehavior
Plugin = {}
Plugin1 = {}
Plugin2 = {}
Plugin3 = {}
Plugin4 = {}
navigator = {plugins: [Plugin, Plugin1, Plugin2, Plugin3, Plugin4]
}
navigator.userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36'
navigator.javaEnabled = null_function
location.href = 'http://q.10jqka.com.cn/'
location.protocol = 'http:'
location.hostname = 'q.10jqka.com.cn'
location.host = 'q.10jqka.com.cn'

参考:https://zhuanlan.zhihu.com/p/628987841