POC:取逼站点击URL

      No Comments on POC:取逼站点击URL

aid和mid自己想办法,要是不会就别用了。
gist.github.com/cnbeining/a3b710bacfdc10074695
即使是packer这坨屎也能挖出花来。
代码下面。

#!/usr/bin/env python
#coding:utf-8
# Author:  Beining --<i#cnbeining.com>
# Purpose: Get Bilibili click URL
# Created: 11/01/2015
#----------------------------------------------------------------------
def get_bilibili_click_url(aid = 0, mid = 0):
    """"""
    js_content = get_count_js(aid, mid)
    key = get_key_from_js(js_content)
    return 'http://interface.bilibili.com/count?key={key}&aid=(aid)&mid={mid}'.format(key = key, aid = aid, mid = mid)
#----------------------------------------------------------------------
def get_count_js(aid = 0, mid = 0):
    """"""
    url = 'http://interface.bilibili.com/count?aid={aid}&mid={mid}'.format(aid = aid, mid = mid)
    import requests
    a = requests.get(url)
    return a.text
#----------------------------------------------------------------------
def get_key_from_js(data):
    """"""
    #https://gist.github.com/lsauer/6088767#file-parseint-py-L17-
    #parseInt = lambda sin: int(''.join( if c.isdigit()])) if sum(map(int,[s.isdigit() for s in str(sin)])) and not callable(sin) and str(sin)[0].isdigit() else None
    import re
    data_list = re.search(r'var(.+)\'\.split', data).group().split('|')
    #magic
    b_list = [39, 18, 19, 20, 21, 22]
    c_list = [24, 27, 28, 32, 37, 38]
    b = [data_list[i] for i in b_list]
    c = [data_list[i] for i in c_list]
    d = ''
    for i in range(len(c)):
        #https://stackoverflow.com/questions/23230368/javascript-int-to-string-in-python
        e = format(int(c[i], 16) ^ int(b[i], 16), 'x')
        j = len(e)
        while j < 4:
            e = "0" + e;
            j += 1
        d += e
    return d

 

Leave a Reply

Your email address will not be published. Required fields are marked *