《Python爬虫逆向实战》加密方法远程调用(RPC)

加密方法远程调用采用了RPC (Remote Procedure Call)协议，即远程过程调用协议。我们让浏览器充当客户端，并通过WebSocket将加密参数值发送给服务端(用Python写一个)，这样的话我们就不需要花费大量时间去逆向了。下面我们就通过一个微博登录示例来演示下RPC的用法。

了解登录加密参数

首先打开微博页面，点击右边的立即登录按钮后就会在新窗口中打开登录页面。

随便用什么账号密码登录下后，就可以抓到登录请求链接(验证码通过不在本文考虑范围内)。

接着我们就可以看到加密参数了。

定位加密参数生成位置

我们全局搜索下加密参数rsakv即可快速定位到加密参数生成位置。

添加断点后验证无误。而且现在我们可以知道变量b中就包含了所有加密参数的值。因此，我们将b的值通过RPC发送给服务端即可。

编写客户端和服务端代码

将js文件覆盖重写，然后添加WebSocket客户端代码。

代码目的很明确，就是连接到服务端，接收服务端传过来的账号密码并将加密后的值返回给服务端。

var ws = new WebSocket("ws://127.0.0.1:9999");
ws.open = function(e){};
ws.onmessage = function(e) {
    var data= e.data;
    var result = data.split(",");
    i.form.username = result[0];
    i.form.password = result[1];
    console.log(i.form)
    
    b.username = i.form.username,
    b.pass = Jh("".concat([rp(), np()].join("	"), "\n").concat(i.form.password), s.pubkey),
    b.cid = i.form.mfaId,
    b.pwencode = "rsa",
    b.rsakv = s.rsakv,
    i.showCode && (b.ccode = i.form.ccode)
    
    ws.send(JSON.stringify(b));
}; 

服务端代码编写如下：

import asyncio
from websockets.server import serve


async def send_msg(websocket):
    username_password_list = [
        '11111111111,111',
        '12345678900,123',
        '66666666666,666',
    ]

    for username_password in username_password_list:
        await websocket.send(username_password)


async def recv_msg(websocket):
    while 1:
        recv_text = await websocket.recv()
        print(recv_text)


async def execute(websocket):
    await send_msg(websocket)
    await recv_msg(websocket)


async def main():
    async with serve(execute, "localhost", 9999):
        await asyncio.get_running_loop().create_future()


asyncio.run(main())

先运行服务端代码，然后在登录页面按下Ctrl+Shift+R重新加载被覆写的js文件。

接着点击登录按钮后就可以看到控制台输出了我们需要的信息。

服务端接收到的值。

{"method":"POST","entry":"miniblog","source":"miniblog","type":1,"url":"https://weibo.com/newlogin?tabtype=weibo&gid=102803&openLoginLayer=0&url=https%3A%2F%2Fweibo.com%2F","username":"11111111111","pass":"1d66f2b206809a66a3a3c8e8a1c164153695ba9e4a7c9ae042b94b740cd609589a9d8d2cebea85dd3f9b0fcd367e29097d60dc6a3ffad801078c48dbef7b549ba4cbc59ae175fc5248f6c45ba9f5df976c91d29b9c2004131bfa5e4dd0d25976275aed9a4ede2f5b050cf2d998b42122ffe6a4988c47b8daf48beb630dccf83a","cid":"","pwencode":"rsa","rsakv":"1330428213","disp":"popup"}
{"method":"POST","entry":"miniblog","source":"miniblog","type":1,"url":"https://weibo.com/newlogin?tabtype=weibo&gid=102803&openLoginLayer=0&url=https%3A%2F%2Fweibo.com%2F","username":"12345678900","pass":"8dc06ec4644537c6a5cee88a392966ff4b5131b7f59eec2dccb97784f860689159f6c0eaa8dae841f7a4f5aae942c81c1397193a506833069f2724bf5ed00bbf3e68f5b5b591fb724d863bc04a279812d7ae8a604bb6791480720d2a432bcad08f979215e145a6c24f84d76e83b3a26a5e002bfcfdf08e03bafa06ef47dff8ec","cid":"","pwencode":"rsa","rsakv":"1330428213","disp":"popup"}
{"method":"POST","entry":"miniblog","source":"miniblog","type":1,"url":"https://weibo.com/newlogin?tabtype=weibo&gid=102803&openLoginLayer=0&url=https%3A%2F%2Fweibo.com%2F","username":"66666666666","pass":"d494239ec4610ec299c390fb62a8970e0110661ab95ba02899c4b92777698c792dd5ba49b9a79c84ad7823722d86a0f918bb328c53137883d3839cb119ce1fba376ee62b694349c6cce4d59bb9e44e67e1f03df4fe36be8f53241ef19106962d7a3eda950e357d0c0486c443ceebf59db71ce91c47df79a6df2018adc9c35c3d","cid":"","pwencode":"rsa","rsakv":"1330428213","disp":"popup"}