我记录的反爬专题并未涉及到scrapy等爬虫框架,也未涉及到和数据库的交互,仅仅是模拟接口,最后拿有效cookie,然后塞到浏览器中。不知道后面我会不会去做这个方向,之前我也看过相关的书籍,但是实际工作中没用过,卵用没有。
由于工作性质,始终会涉及到一些爬虫问题,在年初刚结束的项目中,对爬虫又有了进一步的认识,时隔许久,即使我存有当时的开发说明文档,我决定还是要以这种方式记录下来,以供review。
防攀登的方法因地区而异。根据我在多个地区的经验,主要的综合反爬行方法有:隐性:前端加密算法;显性:验证码、短信。
[En]
Anti-climbing methods vary from region to region. Based on my experience in many regions, the main comprehensive anti-crawling methods are: * recessive: front-end encryption algorithm; dominance: CAPTCHA, SMS. *
稍后,我将从各种前端加密算法和验证码入手,表达我的拙见。如果我必须绕过短信,反正我当时没有绕过项目涉及的任何东西,我拦截并转发(如果能做到,那就好了。我觉得有点不规范,但我还是想看看可以绕过短信登录的接口是如何实现的)。
[En]
Later, I will start with a variety of front-end encryption algorithms and CAPTCHAs to express my humble opinion. If I have to bypass SMS messages, anyway, I didn't bypass anything involved in the project at that time, and I intercepted and forwarded them (if it can be done, it's good. I think it's a bit irregular, but I still want to see how the interface that can bypass SMS login is implemented).
接口实现思路: 1、正常登录跑一遍流程2、看接口3、打断点分析,后面就看怎么实现了。
辅助工具:抓包工具:fiddler;接口测试工具:postman。
一、前端加密算法
AES(ECB模式、CBC模式)
RSA
MD5