逆向案例十六——简单webpack逆向，财联社信息

网址链接：财联社A股24小时电报-上市公司动态-今日股市行情报道

数据包sign参数为加密，可以直接搜索找参数的位置，搜索不到的情况下，在断点跟栈：

确定js文件所在位置，并打上断点。点击加载刷新页面。可以发现这个文件是一个多文件的webpack，最上面的代码展现。

在控制台输出：

鼠标放在S上，进入S

这种形式，是一个加载器，在同js文件上面找S生成的位置

其中n为加载器，里面的字符串为webpack后面列表中的字典的键，对应的配置函数。

鼠标放在m上，进入m，发现是一个最后列表函数为空的webpack

复制代码，并在js中稍微改写

var yangxin;
var window=global;
!function(e) {function r(r) {for (var n, u, i = r[0], c = r[1], f = r[2], p = 0, s = []; p < i.length; p++)u = i[p],Object.prototype.hasOwnProperty.call(o, u) && o[u] && s.push(o[u][0]),o[u] = 0;for (n in c)Object.prototype.hasOwnProperty.call(c, n) && (e[n] = c[n]);for (l && l(r); s.length; )s.shift()();return a.push.apply(a, f || []),t()}function t() {for (var e, r = 0; r < a.length; r++) {for (var t = a[r], n = !0, i = 1; i < t.length; i++) {var c = t[i];0 !== o[c] && (n = !1)}n && (a.splice(r--, 1),e = u(u.s = t[0]))}return e}var n = {}, o = {1: 0}, a = [];function u(r) {if (n[r])return n[r].exports;var t = n[r] = {i: r,l: !1,exports: {}}, o = !0;console.log(r)try {e[r].call(t.exports, t, t.exports, u),o = !1} finally {o && delete n[r]}return t.l = !0,t.exports}u.e = function(e) {var r = [], t = o[e];if (0 !== t)if (t)r.push(t[2]);else {var n = new Promise((function(r, n) {t = o[e] = [r, n]}));r.push(t[2] = n);var a, i = document.createElement("script");i.charset = "utf-8",i.timeout = 120,u.nc && i.setAttribute("nonce", u.nc),i.src = function(e) {return u.p + "static/chunks/" + ({}[e] || e) + "." + {64: "f98369126adebd425fa6",65: "c822939a64030dc2b41a",66: "a6f1cad4a3fd3d93d6ad",67: "19ba0ff6a097f7a56d45"}[e] + ".js"}(e);var c = new Error;a = function(r) {i.onerror = i.onload = null,clearTimeout(f);var t = o[e];if (0 !== t) {if (t) {var n = r && ("load" === r.type ? "missing" : r.type), a = r && r.target && r.target.src;c.message = "Loading chunk " + e + " failed.\n(" + n + ": " + a + ")",c.name = "ChunkLoadError",c.type = n,c.request = a,t[1](c)}o[e] = void 0}};var f = setTimeout((function() {a({type: "timeout",target: i})}), 12e4);i.onerror = i.onload = a,document.head.appendChild(i)}return Promise.all(r)},u.m = e,u.c = n,u.d = function(e, r, t) {u.o(e, r) || Object.defineProperty(e, r, {enumerable: !0,get: t})},u.r = function(e) {"undefined" !== typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, {value: "Module"}),Object.defineProperty(e, "__esModule", {value: !0})},u.t = function(e, r) {if (1 & r && (e = u(e)),8 & r)return e;if (4 & r && "object" === typeof e && e && e.__esModule)return e;var t = Object.create(null);if (u.r(t),Object.defineProperty(t, "default", {enumerable: !0,value: e}),2 & r && "string" != typeof e)for (var n in e)u.d(t, n, function(r) {return e[r]}.bind(null, n));return t},u.n = function(e) {var r = e && e.__esModule ? function() {return e.default}: function() {return e};return u.d(r, "a", r),r},u.o = function(e, r) {return Object.prototype.hasOwnProperty.call(e, r)},u.p = "",u.oe = function(e) {throw console.error(e),e};var i = window.webpackJsonp = window.webpackJsonp || [], c = i.push.bind(i);i.push = r,i = i.slice();for (var f = 0; f < i.length; f++)r(i[f]);var l = c;t()yangxin = u;
}([]);
console.log(yangxin))

结果为：

现在的目标就是复制 W2Yj函数，直接在sign所在的js文件搜索并复制粘贴。j将后面的列表改为字典格式

代码展现：

var yangxin;
var window=global;
!function(e) {function r(r) {for (var n, u, i = r[0], c = r[1], f = r[2], p = 0, s = []; p < i.length; p++)u = i[p],Object.prototype.hasOwnProperty.call(o, u) && o[u] && s.push(o[u][0]),o[u] = 0;for (n in c)Object.prototype.hasOwnProperty.call(c, n) && (e[n] = c[n]);for (l && l(r); s.length; )s.shift()();return a.push.apply(a, f || []),t()}function t() {for (var e, r = 0; r < a.length; r++) {for (var t = a[r], n = !0, i = 1; i < t.length; i++) {var c = t[i];0 !== o[c] && (n = !1)}n && (a.splice(r--, 1),e = u(u.s = t[0]))}return e}var n = {}, o = {1: 0}, a = [];function u(r) {if (n[r])return n[r].exports;var t = n[r] = {i: r,l: !1,exports: {}}, o = !0;console.log(r)try {e[r].call(t.exports, t, t.exports, u),o = !1} finally {o && delete n[r]}return t.l = !0,t.exports}u.e = function(e) {var r = [], t = o[e];if (0 !== t)if (t)r.push(t[2]);else {var n = new Promise((function(r, n) {t = o[e] = [r, n]}));r.push(t[2] = n);var a, i = document.createElement("script");i.charset = "utf-8",i.timeout = 120,u.nc && i.setAttribute("nonce", u.nc),i.src = function(e) {return u.p + "static/chunks/" + ({}[e] || e) + "." + {64: "f98369126adebd425fa6",65: "c822939a64030dc2b41a",66: "a6f1cad4a3fd3d93d6ad",67: "19ba0ff6a097f7a56d45"}[e] + ".js"}(e);var c = new Error;a = function(r) {i.onerror = i.onload = null,clearTimeout(f);var t = o[e];if (0 !== t) {if (t) {var n = r && ("load" === r.type ? "missing" : r.type), a = r && r.target && r.target.src;c.message = "Loading chunk " + e + " failed.\n(" + n + ": " + a + ")",c.name = "ChunkLoadError",c.type = n,c.request = a,t[1](c)}o[e] = void 0}};var f = setTimeout((function() {a({type: "timeout",target: i})}), 12e4);i.onerror = i.onload = a,document.head.appendChild(i)}return Promise.all(r)},u.m = e,u.c = n,u.d = function(e, r, t) {u.o(e, r) || Object.defineProperty(e, r, {enumerable: !0,get: t})},u.r = function(e) {"undefined" !== typeof Symbol && Symbol.toStringTag && Object.defineProperty(e, Symbol.toStringTag, {value: "Module"}),Object.defineProperty(e, "__esModule", {value: !0})},u.t = function(e, r) {if (1 & r && (e = u(e)),8 & r)return e;if (4 & r && "object" === typeof e && e && e.__esModule)return e;var t = Object.create(null);if (u.r(t),Object.defineProperty(t, "default", {enumerable: !0,value: e}),2 & r && "string" != typeof e)for (var n in e)u.d(t, n, function(r) {return e[r]}.bind(null, n));return t},u.n = function(e) {var r = e && e.__esModule ? function() {return e.default}: function() {return e};return u.d(r, "a", r),r},u.o = function(e, r) {return Object.prototype.hasOwnProperty.call(e, r)},u.p = "",u.oe = function(e) {throw console.error(e),e};var i = window.webpackJsonp = window.webpackJsonp || [], c = i.push.bind(i);i.push = r,i = i.slice();for (var f = 0; f < i.length; f++)r(i[f]);var l = c;t()yangxin = u;
}({W2Yj: function(e, t, n) {var r = n("p0XB"), o = n("pLtp"), i = n("KjvB"), u = n("aCH8"), a = !0;function s(e) {return String(e)}function c(e) {return o(e).sort()}function f(e) {return e.filter((function(e) {return e})).join("&")}function p(e, t) {var n = typeof t, o = null;return t === o ? o = a ? o : "".concat(s(e), "=").concat(o) : /string|number|boolean/.test(n) ? o = "".concat(s(e), "=").concat(s(t)) : r(t) ? o = function(e, t) {return t.length ? f(t.map((function(t, n) {return p("".concat(e, "[").concat(n, "]"), t)}))) : s("".concat(e, "[]"))}(e, t) : "object" === n && (o = function(e, t) {return f(c(t).map((function(n) {return p("".concat(e, "[").concat(n, "]"), t[n])})))}(e, t)),o}e.exports = function(e) {var t = e && f(c(e).map((function(t) {return p(t, e[t])})));return t = i.sync(t),t = u(t)}}
});
console.log(yangxin('W2Yj'))

结果展现：