Java爬虫，破解Js加密的Cookie

 如果你要获得的cookie形如：

_ydclearance=efad3fbba88e7738d15cc25b-5203-428b-b273-5d6459ee5246-1506330645

 并且返回的数据如下：

window.onload=setTimeout("dv(43)", 200); function dv(VC) {var qo, mo="", no="", oo = [0x43,0xe5,0xb0,0x27,0x71,0x6f,0xe9,0x58,0xd8,0x21,0x55,0x56,0xd0,0x4f,0xcd,0x91,0x1c,0x9e,0x09,0xe7,0x80,0x6f,0x8d,0xf3,0x60,0x73,0xe9,0x66,0xd4,0x47,0x1e,0x76,0xec,0x69,0xe3,0xbc,0x27,0x02,0x70,0xe0,0xf2,0x65,0xd1,0xac,0x19,0xf3,0x6c,0xe4,0x57,0x3c,0xc3,0xa8,0x13,0xe1,0xb4,0x37,0x0e,0xf2,0x5f,0x32,0x43,0x0e,0x88,0xfe,0xd7,0x99,0x68,0xe0,0xdb,0xa6,0xd2,0xab,0x80,0x57,0x52,0xd6,0xa3,0x7c,0x5d,0xd5,0x29,0x28,0xa0,0x75,0x48,0x3d,0x18,0x13,0xdd,0x4a,0x21,0xf1,0xbe,0x89,0x70,0x72,0xe0,0x4b,0x16,0xee,0xa7,0x74,0x41,0x40,0x13,0xb3,0x7e,0x53,0x24,0xfa,0x12,0xec,0xbd,0x8e,0x5b,0x37,0x02,0xec,0xdd,0x4c,0xf8,0x59,0xad,0x34,0x8c,0x93,0xfd,0x58,0x33,0x6d,0xc6,0x45,0xc5,0xc2,0xb7,0xac,0x81,0x50,0x4b,0x61,0x98,0x03,0x57,0x52,0x25,0x8d,0x60,0x51,0x26,0x09,0xa2,0x8b,0x5e,0x33,0x1c,0xaa,0x77,0x42,0x37,0x65,0x35,0x73,0x7f,0x66,0x5b,0xae,0x1b,0x99,0x18,0x8a,0x18,0x9a,0x1b,0xf5,0xf6,0x66,0xf0,0x3b,0xad,0x34,0x50,0xbc,0x2f,0xb1,0x2e,0xd9,0x60,0x5d,0xd7,0x56,0x5f,0xd9,0xc4,0xb5,0x0a,0xf9,0x70,0xbc,0x3d,0x1c,0xae,0xad,0xa0,0x87,0x7c,0x47,0x95,0x1c,0x9c,0x05,0x45,0xc7,0x16,0x17,0x83,0x33,0xb1,0x2c,0x76,0xf4,0x2e,0x9c,0x19,0x65,0x66,0x3d,0xb9,0x3c,0xb2,0x25,0xbd,0x0a,0x90,0x0f,0x8f,0xce,0xa9,0x16,0x98,0x0f,0xc5,0x14,0x8e,0xfc,0x79,0xe1,0x2e,0x2f,0x39,0x51,0x42,0x94,0x3b];qo = "qo=251; do{oo[qo]=(-oo[qo])&0xff; oo[qo]=(((oo[qo]>>2)|((oo[qo]<<6)&0xff))-180)&0xff;} while(--qo>=2);"; eval(qo);qo = 250; do { oo[qo] = (oo[qo] - oo[qo - 1]) & 0xff; } while (-- qo >= 3 );qo = 1; for (;;) { if (qo > 250) break; oo[qo] = ((((((oo[qo] + 162) & 0xff) + 32) & 0xff) << 1) & 0xff) | (((((oo[qo] + 162) & 0xff) + 32) & 0xff) >> 7); qo++;}po = ""; for (qo = 1; qo < oo.length - 1; qo++) if (qo % 5) po += String.fromCharCode(oo[qo] ^ VC);eval("qo=eval;qo(po);");} </script> </body></html>

那么恭喜你。这篇文章应该可帮到你。

思路：

此Cookie是由上边那段js代码生成，我们要获得它并且在程序中，获得它的运行结果。

在这里，我使用了HtmlUnit，maven地址如下：

<!-- https://mvnrepository.com/artifact/net.sourceforge.htmlunit/htmlunit -->
<dependency>
	<groupId>net.sourceforge.htmlunit</groupId>
	<artifactId>htmlunit</artifactId>
	<version>2.33</version>
</dependency>

 解析Js的代码：

try {
			URL link = new URL(
					"http://www.66ip.cn/mo.php?sxb=&tqsl=1000&ports%5B%5D2=&ktip=&sxa=&radio=radio&submit=%CC%E1++%C8%A1");
			WebRequest request = new WebRequest(link);
			request.setCharset(Charset.forName("UTF-8"));
			request.setAdditionalHeader("Referer",
					"http://www.66ip.cn/mo.php?sxb=&tqsl=1000&ports%5B%5D2=&ktip=&sxa=&radio=radio&submit=%CC%E1++%C8%A1");// 设置请求报文头里的refer字段
			request.setAdditionalHeader("User-Agent",
					"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0");
			WebClient wc = new WebClient();
			wc.getCookieManager().setCookiesEnabled(true);// 开启cookie管理
			wc.getOptions().setJavaScriptEnabled(true);// 开启js解析。对于变态网页，这个是必须的
			wc.getOptions().setCssEnabled(false);// 关闭css解析。
			wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
			wc.getOptions().setThrowExceptionOnScriptError(false);
			wc.getOptions().setRedirectEnabled(true);
			wc.getOptions().setTimeout(10000);
			wc.setJavaScriptTimeout(50000);
			for (int i = 0; i < cookie.length; i++) {//此处的cookie是我第一次正常访问获取到的cookie
				Header ck = cookie[i];
				com.gargoylesoftware.htmlunit.util.Cookie ucookies = new com.gargoylesoftware.htmlunit.util.Cookie(
						"www.66ip.cn", ck.getName(), ck.getValue());
				wc.getCookieManager().addCookie(ucookies);
			}

			HtmlPage hp = wc.getPage(request);
			String body = hp.getBody().asXml();
			// 截取js函数
			String function = body.substring(body.indexOf("function"), body.lastIndexOf("}") + 1);
			// 把设置cookie的函数替换成返回
			function = function.replace("eval(\"qo=eval;qo(po);\")", "return po");
			// 提取js函数参数(正则表达式匹配)
			String regx = "setTimeout\\(\\\"\\D+\\((\\d+)\\)\"";
			Pattern pattern = Pattern.compile(regx);
			Matcher matcher = pattern.matcher(body);
			String call = "";
			while (matcher.find()) {
				String group = matcher.group();
				call = group.substring(group.indexOf("\"") + 1, group.lastIndexOf("\""));
			}
			ScriptResult ckstr = hp.executeJavaScript(function + call);//拼接Js,运行
			String cookie = ckstr.getJavaScriptResult().toString();
			cookie = cookie.substring(cookie.indexOf("'") + 1, cookie.indexOf(";") + 1);
			//此处已拿到需要的cookie：_ydclearance=efad3fbba88e7738d15cc25b-5203-428b-b273-5d6459ee5246-1506330645
			wc.close();
		} catch (ClientProtocolException e2) {
			System.out.println("66IP解密Js失败");
		} catch (IOException e3) {
			System.out.println("66IP解密Js失败");
		}

使用获得的cookie，再次发送请求，就能获取正确的页面代码了。

如果能帮到你，请右上角点个赞哦。