注意！！！！某XX网站逆向实例仅作为学习案例，禁止其他个人以及团体做谋利用途！！！

第一步：抓包工具第一次请求页面，得到响应。本次我使用的fiddle进行抓包，可以直接请求得到响应，响应内容一样。发现响应内容是不可直接用的内容，但是有明确的cookie关键词，同时响应里的headers得到了set-cookie的值

第二步：抓包工具第二次请求。将第一次请求拿到的cookie放在请求headers 里再次请求，同时将步骤一里响应内容进行解析。也就是图里的cookie的两个值。（看不懂的等下看代码吧）

第三步：抓包工具第三次请求。可以看到得到了正确的页面响应内容，同时cookie值也和前两次的不一样

第四步：这里将是一段描述梳理一下每次请求的作用

第一次请求：响应内容为混淆后的cookie值，该cookie作用为第二次请求的必要条件；

第二次请求：响应内容为混淆后的cookie值，该cookie作用为最终请求的必要条件；

最终请求：响应内容为我们看到的页面内容。

第五步：解析第一次请求的响应内容。通过正则表达式将cookie内容取出，利用eval() 函数直接在本地或者浏览器的console 就可以直接解析。

第步六：注意啦！！！！这步开始容易猪猪迷惑了。分析并解析第二次请求的响应内容。根据观察响应内容为ob 混淆加密建议找个工具或者用什么方法进行解密。(可以参考JS逆向 | ob混淆一键还原工具_js反混淆还原工具_丁仔.的博客-CSDN博客和GitHub - DingZaiHub/ob-decrypt: ob混淆还原工具，欢迎star！亲测用着还可以).这里可以使用hook方式进行解析，在浏览器中按照图所示进行操作

第七步：将一大坨响应内容进行ob混淆解密操作，没有工具这部可以忽略。为方便分析，我将第二次响应内容存在本地.html 文件。将ob混淆代码另存在.js 文件，使用工具进行解密，成功后把解密后的js代码替换本地.html中的js 内容。

第八步：在 .html 中补充 debugger 关键词，同时将.html 文件复制到第六步新建的文件夹中 。此时浏览器上会自动识别，按图勾选即可。由于我们分析解析目的是为了找cookie，因此和cookie有关的就是document ,所以在替换文件里搜索 document ，找到后打上断点。

第九步：清除浏览器上的cookie重新请求，注意清除cookie后会首先断在debugger处，接着按下F8(蓝色的按钮，执行下一个断点)就可以。执行到document['cookie'] 处可以看到已经被赋值，直接看一下被哪些所赋值，可以看到标红处就是我们需要的cooke

第十一步：找cookie出处。

第十二步：cookie生成包含两个参数，均是从同一个对象中获取的，将该对象进行全局所有找到其出处

最后代码展示

# 注意啦！！！！！！！由于go方法传的参数不是固定值且 “ha”加密方式也不一样。因此代码里才有显示三种方式，目前我只遇到三种。后面有的话在补充。


import json
import reimport execjs
import requestss = requests.session()
url = 'https://XXXXX.gov.cn/#/Integrated/index'
headers = {'User-Agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36'}
# 第一次请求
res = s.get(url=url, headers=headers, verify=False)
print(res.text)
n_cookies = requests.utils.dict_from_cookiejar(s.cookies)res.encoding='utf-8'
jsl = ''.join(re.findall(r'document\.cookie=(.*?);location', res.text))
cookie = execjs.eval(jsl)
n_k = cookie.split(';')[0].split('=')[0]
n_v = cookie.split(';')[0].split('=')[1]
n_cookies.update({n_k:n_v})coock = ''
for k, v in n_cookies.items():coock += k+'='+v+';'
headers['Cookie'] = coock.strip(';')# 第二次请求
res = s.get(url=url, headers=headers, verify=False)
res.encoding='utf-8'
with open('./域名.html', 'w', encoding='utf-8')as f:f.write(res.text)
f.close()
go_data = json.loads(''.join(re.findall(r';go\((.*)\)', res.text)))ha = go_data.get('ha','')
if ha == 'md5':file = '域名_md5.js'
elif ha == 'sha1':file = '域名_sha1.js'
elif ha == 'sha256':file = '域名_sha256.js'else:file = '域名'print(res.text)
with open('./{}'.format(file), 'r', encoding='utf-8')as f:infos = ''.join(f.readlines())
f.close()
ctx = execjs.compile(infos)
cookie = ctx.call("go",go_data)# 第三次请求
headers['Cookie'] = headers['Cookie'].split(';')[0]+';__jsl_clearance_s='+cookie
url = 'https://XXXXX.gov.cn/'
res = requests.get(url=url, headers=headers)
res.encoding='utf-8'
print(res.text)

附件：生成cookie的js ----- sha1(直接在本地执行即可)

// sha1
function hash(_0x3e501b) {var _0x1fb4f5 = {};_0x1fb4f5['vcJIZ'] = function (_0x5e23c5, _0x29f030) {return _0x5e23c5 ^ _0x29f030;};_0x1fb4f5['nnILZ'] = function (_0x589c24, _0x27233f) {return _0x589c24 + _0x27233f;};_0x1fb4f5['tTwDl'] = function (_0x3cfed1, _0x22a05a) {return _0x3cfed1 & _0x22a05a;};_0x1fb4f5['MfRVd'] = function (_0x3fc96c, _0x32c2a5) {return _0x3fc96c >= _0x32c2a5;};_0x1fb4f5['fDweB'] = function (_0x808b4c, _0x45d31f) {return _0x808b4c * _0x45d31f;};_0x1fb4f5['tUtAf'] = function (_0x2b4b54, _0x47bf25) {return _0x2b4b54 >> _0x47bf25;};_0x1fb4f5['GlcUf'] = function (_0x56ff28, _0x51f0d9) {return _0x56ff28 << _0x51f0d9;};_0x1fb4f5['Egxmp'] = function (_0x17e4a7, _0x154189) {return _0x17e4a7 - _0x154189;};_0x1fb4f5['WtxKA'] = function (_0x13f1da, _0xcedb20) {return _0x13f1da * _0xcedb20;};_0x1fb4f5['AUjcG'] = function (_0x56ede6, _0xce5419) {return _0x56ede6 << _0xce5419;};_0x1fb4f5['aImhj'] = function (_0x15103f, _0x4d991e) {return _0x15103f * _0x4d991e;};_0x1fb4f5['LZbSM'] = function (_0xbc81cb, _0x673e4) {return _0xbc81cb - _0x673e4;};_0x1fb4f5['PCjCU'] = function (_0x30f142, _0x3add8c) {return _0x30f142 < _0x3add8c;};_0x1fb4f5['uQyRR'] = function (_0x1bb4b9, _0xbd0d67) {return _0x1bb4b9 | _0xbd0d67;};_0x1fb4f5['rBwUP'] = function (_0x50526a, _0x1b9c16) {return _0x50526a & _0x1b9c16;};_0x1fb4f5['CVCuK'] = function (_0x1474de, _0x5433e8) {return _0x1474de ^ _0x5433e8;};_0x1fb4f5['hMtHv'] = function (_0x144411, _0x566ba2) {return _0x144411 < _0x566ba2;};_0x1fb4f5['OjxgU'] = function (_0x32770d, _0x584a87) {return _0x32770d + _0x584a87;};_0x1fb4f5['kxupd'] = function (_0x5a63ba, _0x1a75ca, _0x11cb71) {return _0x5a63ba(_0x1a75ca, _0x11cb71);};_0x1fb4f5['QZBIa'] = function (_0x36d06d, _0x573dc0) {return _0x36d06d - _0x573dc0;};_0x1fb4f5['ahQNH'] = function (_0x521c6a, _0x44faed, _0x975942) {return _0x521c6a(_0x44faed, _0x975942);};_0x1fb4f5['gZCtm'] = function (_0x3ecc1d, _0x683115, _0x26b6fb, _0x30262f, _0x3a4a9e) {return _0x3ecc1d(_0x683115, _0x26b6fb, _0x30262f, _0x3a4a9e);};_0x1fb4f5['rXdRR'] = function (_0xd234a, _0x90bdc3, _0x433aa7) {return _0xd234a(_0x90bdc3, _0x433aa7);};_0x1fb4f5['QTmzZ'] = function (_0x187211, _0x490abd) {return _0x187211(_0x490abd);};_0x1fb4f5['RnoGt'] = function (_0x2e7670, _0x3f1cd3) {return _0x2e7670(_0x3f1cd3);};var _0x43e73a = _0x1fb4f5;function _0x2b41b9(_0x533e58, _0x74964d) {return _0x43e73a['vcJIZ'](_0x43e73a['nnILZ'](_0x43e73a['tTwDl'](_0x533e58, 0x7fffffff), _0x43e73a['tTwDl'](_0x74964d, 0x7fffffff)), _0x43e73a['tTwDl'](_0x533e58, 0x80000000)) ^ _0x74964d & 0x80000000;}function _0x537251(_0x4c333c) {var _0x52058c = '0123456789abcdef';var _0x4661a5 = '';for (var _0x3c067f = 0x7; _0x43e73a['MfRVd'](_0x3c067f, 0x0); _0x3c067f--) {_0x4661a5 += _0x52058c['charAt'](_0x43e73a['tTwDl'](_0x4c333c >> _0x43e73a['fDweB'](_0x3c067f, 0x4), 0xf));}return _0x4661a5;}function _0xb227e2(_0x55acf7) {var _0x59cbf2 = (_0x43e73a['nnILZ'](_0x55acf7['length'], 0x8) >> 0x6) + 0x1,_0x1cf031 = new Array(_0x43e73a['fDweB'](_0x59cbf2, 0x10));for (var _0x30e700 = 0x0; _0x30e700 < _0x59cbf2 * 0x10; _0x30e700++) {_0x1cf031[_0x30e700] = 0x0;}for (_0x30e700 = 0x0; _0x30e700 < _0x55acf7['length']; _0x30e700++) {_0x1cf031[_0x43e73a['tUtAf'](_0x30e700, 0x2)] |= _0x43e73a['GlcUf'](_0x55acf7['charCodeAt'](_0x30e700), _0x43e73a['Egxmp'](0x18, _0x43e73a['WtxKA'](_0x30e700 & 0x3, 0x8)));}_0x1cf031[_0x43e73a['tUtAf'](_0x30e700, 0x2)] |= _0x43e73a['AUjcG'](0x80, 0x18 - _0x43e73a['aImhj'](_0x30e700 & 0x3, 0x8));_0x1cf031[_0x43e73a['LZbSM'](_0x59cbf2 * 0x10, 0x1)] = _0x43e73a['aImhj'](_0x55acf7['length'], 0x8);return _0x1cf031;}function _0x3a304e(_0x5a8556, _0x130fdf) {return _0x5a8556 << _0x130fdf | _0x5a8556 >>> 0x20 - _0x130fdf;}function _0x520671(_0x2d8c1c, _0x40483b, _0x15ba0f, _0x38aa47) {if (_0x2d8c1c < 0x14) return _0x40483b & _0x15ba0f | _0x43e73a['tTwDl'](~_0x40483b, _0x38aa47);if (_0x43e73a['PCjCU'](_0x2d8c1c, 0x28)) return _0x43e73a['vcJIZ'](_0x40483b ^ _0x15ba0f, _0x38aa47);if (_0x2d8c1c < 0x3c) return _0x43e73a['uQyRR'](_0x40483b & _0x15ba0f, _0x40483b & _0x38aa47) | _0x43e73a['rBwUP'](_0x15ba0f, _0x38aa47);return _0x43e73a['CVCuK'](_0x40483b, _0x15ba0f) ^ _0x38aa47;}function _0x29ed(_0x3d4ecb) {return _0x3d4ecb < 0x14 ? 0x5a827999 : _0x3d4ecb < 0x28 ? 0x6ed9eba1 : _0x3d4ecb < 0x3c ? -0x70e44324 : -0x359d3e2a;}var _0x35db9f = _0xb227e2(_0x3e501b);var _0xa676a2 = new Array(0x50);var _0x1fe9ed = 0x67452301;var _0x30040d = -0x10325477;var _0x15967b = -0x67452302;var _0x184d43 = 0x10325476;var _0x441ea8 = -0x3c2d1e10;for (var _0x2527e = 0x0; _0x43e73a['hMtHv'](_0x2527e, _0x35db9f['length']); _0x2527e += 0x10) {var _0x242d65 = _0x1fe9ed;var _0x111547 = _0x30040d;var _0x570546 = _0x15967b;var _0x36025e = _0x184d43;var _0x56cb39 = _0x441ea8;for (var _0x56c656 = 0x0; _0x56c656 < 0x50; _0x56c656++) {if (_0x56c656 < 0x10) {_0xa676a2[_0x56c656] = _0x35db9f[_0x43e73a['OjxgU'](_0x2527e, _0x56c656)];} else {_0xa676a2[_0x56c656] = _0x43e73a['kxupd'](_0x3a304e, _0x43e73a['CVCuK'](_0xa676a2[_0x43e73a['LZbSM'](_0x56c656, 0x3)] ^ _0xa676a2[_0x43e73a['LZbSM'](_0x56c656, 0x8)], _0xa676a2[_0x56c656 - 0xe]) ^ _0xa676a2[_0x43e73a['QZBIa'](_0x56c656, 0x10)], 0x1);}t = _0x43e73a['ahQNH'](_0x2b41b9, _0x2b41b9(_0x43e73a['ahQNH'](_0x3a304e, _0x1fe9ed, 0x5), _0x43e73a['gZCtm'](_0x520671, _0x56c656, _0x30040d, _0x15967b, _0x184d43)), _0x2b41b9(_0x43e73a['rXdRR'](_0x2b41b9, _0x441ea8, _0xa676a2[_0x56c656]), _0x29ed(_0x56c656)));_0x441ea8 = _0x184d43;_0x184d43 = _0x15967b;_0x15967b = _0x3a304e(_0x30040d, 0x1e);_0x30040d = _0x1fe9ed;_0x1fe9ed = t;}_0x1fe9ed = _0x2b41b9(_0x1fe9ed, _0x242d65);_0x30040d = _0x43e73a['rXdRR'](_0x2b41b9, _0x30040d, _0x111547);_0x15967b = _0x2b41b9(_0x15967b, _0x570546);_0x184d43 = _0x2b41b9(_0x184d43, _0x36025e);_0x441ea8 = _0x43e73a['rXdRR'](_0x2b41b9, _0x441ea8, _0x56cb39);}return _0x43e73a['OjxgU'](_0x43e73a['OjxgU'](_0x43e73a['OjxgU'](_0x43e73a['QTmzZ'](_0x537251, _0x1fe9ed) + _0x43e73a['RnoGt'](_0x537251, _0x30040d), _0x43e73a['RnoGt'](_0x537251, _0x15967b)), _0x537251(_0x184d43)), _0x43e73a['RnoGt'](_0x537251, _0x441ea8));
}function go(_0x268948) {var _0x225662 = {};_0x225662['yYDkD'] = function (_0x5126f0, _0x3b3575) {return _0x5126f0 < _0x3b3575;};_0x225662['kvFwD'] = function (_0x16a4ff, _0x530f7e) {return _0x16a4ff != _0x530f7e;};_0x225662['frrXH'] = function (_0x32c21a, _0x14e517) {return _0x32c21a < _0x14e517;};_0x225662['SpsfD'] = function (_0x3e7e11, _0x1d6dba) {return _0x3e7e11 == _0x1d6dba;};_0x225662['CoTAd'] = function (_0x31c498, _0x2b21b3) {return _0x31c498(_0x2b21b3);};_0x225662['qvRxI'] = function (_0x489d0c, _0x2103a3) {return _0x489d0c + _0x2103a3;};_0x225662['XOBkW'] = function (_0xd7f68f, _0x449d27) {return _0xd7f68f + _0x449d27;};_0x225662['jjOHZ'] = function (_0x362da3) {return _0x362da3();};_0x225662['KtJNL'] = function (_0x5a35c5, _0x102625, _0x42b3f4) {return _0x5a35c5(_0x102625, _0x42b3f4);};_0x225662['sRcCE'] = function (_0x45e436, _0x1a4b8a) {return _0x45e436 > _0x1a4b8a;};_0x225662['fjvps'] = function (_0xcd3d09, _0x797f52) {return _0xcd3d09 - _0x797f52;};_0x225662['RFwHe'] = '请求验证失败';var _0x55796d = _0x225662;function _0x21c0a0() {var _0x8c81c5 = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36',_0x4f9c34 = ['Phantom'];for (var _0x663d22 = 0x0; _0x55796d['yYDkD'](_0x663d22, _0x4f9c34['length']); _0x663d22++) {if (_0x55796d['kvFwD'](_0x8c81c5['indexOf'](_0x4f9c34[_0x663d22]), -0x1)) {return !![];}}if (undefined) {return !![];}};if (_0x55796d['jjOHZ'](_0x21c0a0)) {return;}var _0x5eb57d = new Date();function _0x6c8612(_0x46fd88, _0xdc1245) {var _0x3fca5a = _0x268948['chars']['length'];for (var _0x35b219 = 0x0; _0x55796d['frrXH'](_0x35b219, _0x3fca5a); _0x35b219++) {for (var _0x252718 = 0x0; _0x252718 < _0x3fca5a; _0x252718++) {var _0x236c3d = _0xdc1245[0x0] + _0x268948['chars']['substr'](_0x35b219, 0x1) + _0x268948['chars']['substr'](_0x252718, 0x1) + _0xdc1245[0x1];if (_0x55796d['SpsfD'](_0x55796d['CoTAd'](hash, _0x236c3d), _0x46fd88)) {return [_0x236c3d, new Date() - _0x5eb57d];}}}};var _0x375f7d = _0x55796d['KtJNL'](_0x6c8612, _0x268948['ct'], _0x268948['bts']);return _0x375f7d[0]
};cookie = go({"bts": ["1690516426.653|0|rRT", "DKS8EVDzKevNzhePIdloyU%3D"],"chars": "pycPPMayT9bXKYdZdnURpd","ct": "1073cc6066c93a07c810a5451165a7654310858a","ha": "sha1","tn": "__jsl_clearance_s","vt": "3600","wt": "1500"
})
console.log(cookie)