淘宝js逆向分析

本文仅用于探讨如何实现淘宝的爬虫技术

在开发者工具栏中首先找到携带信息的网址

然后分析负载，很明显的加密参数是sign，或者是appkey，然后全局搜索sign: 

开始打断点，刷新页面，

构成部分js代码如下

var eS = "//" + (ey.prefix ? ey.prefix + "." : "") + (ey.subDomain ? ey.subDomain + "." : "") + ey.mainDomain + "/h5/" + em.api.toLowerCase() + "/" + em.v.toLowerCase() + "/"
                          , eT = em.appKey || ("waptest" === ey.subDomain ? "4272" : "12574478")
                          , eE = (new Date).getTime()
                          , eM = eP(ey.token + "&" + eE + "&" + eT + "&" + em.data)
                          , eI = {
                            jsv: eH,
                            appKey: eT,
                            t: eE,
                            sign: eM
                        };

然后分析每一部分的构成，eH，eT就是一个固定值,eE用时间生成,eM暂时不知道，先点击eP函数，进去分析eP函数，复制这部分js代码给ai分析知道这是一个md5加密，那很简单，继续看eM的构成，最关键的是ey.token，这个东西目前我没有分析出来怎么构成的，看到有的说是后端生成的，并且token是有时效性的，然后em.data这一部分就是我门要传递的信息，em.data可以在控制台输出看到其构成。

然后淘宝的cookie也是非常重要的一部分也是在更新着,下面的代码未解决这部分问题

import hashlib
import requests
import time
import json
def md5_encrypt(input_string):
    return hashlib.md5(input_string.encode('utf-8')).hexdigest()
id = 596547512201
data={"showTrueCount":"false",
      "auctionNumId":id,
      "pageNo":1,
      "pageSize":20,
      "rateType":"",
      "searchImpr":"-8",
      "orderType":"",
      "expression":"",
      "rateSrc":"pc_rate_list"}

# 配置参数
data=json.dumps(data)
time = int(time.time() * 1000)  # 毫秒级时间戳
token = "0ff7d7972ef82526dcc8d4e6101d467f"  # 从 Cookie 中提取 _m_h5_tk 的前半部分
appkey = '自己的appkey'
# 计算签名
sign = md5_encrypt(token + '&' + str(time) + '&' + appkey + '&' + data)
cookies = {
    'thw': 'cn',
    'tracknick': 'tb531120208',
    '_hvn_lgc_': '0',
    'useNativeIM': 'false',
    't': 'ea4f5dbe63ca81a8b9efa1970d38296f',
    'havana_lgc2_0': 'eyJoaWQiOjIyMTQyNDYyMzY2MDYsInNnIjoiZjNjOGViNTgzYWRlZjdlYjg4ZjQ2ODVhODBkOGEyNjMiLCJzaXRlIjowLCJ0b2tlbiI6IjF4LWZ6QXliVW11X0RhNzRhWE9RNW1nIn0',
    'wk_cookie2': '1b7fd19b7d7c48869bc88bf18871b83a',
    'wk_unb': 'UUpgQhI3B7aGpRoAhg%3D%3D',
    'sn': '',
    'lgc': 'tb531120208',
    'cancelledSubSites': 'empty',
    'dnk': 'tb531120208',
    'cna': 'DjwIH2BTwS8CAZ0AzyWUGoe3',
    'xlly_s': '1',
    'mtop_partitioned_detect': '1',
    '_m_h5_tk': str(token)+'_1735658617549',#要更新
    '_m_h5_tk_enc': '058c3ad97f5b56dcf8b7584f1e129f24',#要更新
    '_tb_token_': 'e876b0eef1131',
    '_samesite_flag_': 'true',
    'sgcookie': 'E1009A%2FiNKpYLTKMq16I8tRY6RohtWbIsWzzsziudwLnZ4D4BC9jT7iLBbx186%2B2TRYwcRbg3n3FP%2F6G6IXjUN1rnKpkpKy%2FmnQRz5%2FEHsGoAazIkgQdBo1RIWGMxmI65%2Bph',
    'havana_lgc_exp': '1766718864833',
    'unb': '2214246236606',
    'uc1': 'cookie16=VFC%2FuZ9az08KUQ56dCrZDlbNdA%3D%3D&cookie14=UoYdWNVDTzV6Ug%3D%3D&pas=0&cookie21=W5iHLLyFe3xm&cookie15=UtASsssmOIJ0bQ%3D%3D&existShop=false',
    'uc3': 'nk2=F5RAQUgx8YnGjLI%3D&vt3=F8dD37DjrX3xhzsVA%2FM%3D&id2=UUpgQhI3B7aGpRoAhg%3D%3D&lg2=UIHiLt3xD8xYTw%3D%3D',
    'csg': 'c8e1aed8',
    'cookie17': 'UUpgQhI3B7aGpRoAhg%3D%3D',
    'skt': 'ad86e85a3c471cbc',
    'cookie2': '2c66510ed86703d9720d3cc71d26f00c',
    'existShop': 'MTczNTYxNDg2NA%3D%3D',
    'uc4': 'nk4=0%40FY4L7QcciPZyVexfMi%2FpdFmH9yonLA%3D%3D&id4=0%40U2gqzcKwBo9KiCZzQnIWA0kbXEQCJA4X',
    '_cc_': 'WqG3DMC9EA%3D%3D',
    '_l_g_': 'Ug%3D%3D',
    'sg': '868',
    '_nk_': 'tb531120208',
    'cookie1': 'UIXz8rVWewjy3KlJ22UIXggmWZR%2FgRVza%2F5ed3tNbMc%3D',
    'sdkSilent': '1735734581207',
    'havana_sdkSilent': '1735734581207',
    '3PcFlag': '1735619721231',
    'tfstk': 'gJlrv2ZLgQdyw0hyxrVF_wRfZfF8T7x1tXZQ-203PuqoA7seTmrbFJqBeDyEAmenN7gS0woI5UeBe7MFTom0V0MSRm8Emc37d2cQ-XP-GY1QV3FE-cNefhO61438pWx6fwhHvGFgW94hAJq0nWae6EE-W4389ZpRwVvZyMunS5o3tDV0nyzTtyfnxof0DyUhqyfkuqqYm_fu-J2cnP4NEzm3tEu0DyV3xxiuSy7QJ8YnA9_TPCrQUl0u01uxgzv0bCEAtGh4zqrirNfhtjzzUXF-OZQ7Fv0TBbGWTsFS7xV054dPg50u70ZjjCf4iqgmARHvv1wx0XytZ8bHjl0ZrAVmOebT3m4UIW2V-604womEZ5AG0rHmPvc-4w53ybG_Lle2-6eQifwiI07pWqVu-DetOhC8q20t6ANwGTViuvmZLgzGvrx-BXHPx9yukrr6uE7Hlii46Pddi9BLF_U4fUAOp9eukrr6uEWdp8s4ulTk6',
    'isg': 'BAAA-44Rc7BC_w5GZI2l1KPC0Y7SieRTmTDOBXqRzZuv9aAfIpt348TDDV01xZwr',
}

headers = {
    'accept': '*/*',
    'accept-language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
    # 'cookie': 'thw=cn; tracknick=tb531120208; _hvn_lgc_=0; useNativeIM=false; t=ea4f5dbe63ca81a8b9efa1970d38296f; havana_lgc2_0=eyJoaWQiOjIyMTQyNDYyMzY2MDYsInNnIjoiZjNjOGViNTgzYWRlZjdlYjg4ZjQ2ODVhODBkOGEyNjMiLCJzaXRlIjowLCJ0b2tlbiI6IjF4LWZ6QXliVW11X0RhNzRhWE9RNW1nIn0; wk_cookie2=1b7fd19b7d7c48869bc88bf18871b83a; wk_unb=UUpgQhI3B7aGpRoAhg%3D%3D; sn=; lgc=tb531120208; cancelledSubSites=empty; dnk=tb531120208; cna=DjwIH2BTwS8CAZ0AzyWUGoe3; xlly_s=1; mtop_partitioned_detect=1; _m_h5_tk=ebd39c98a1012eafdb65d7cdc44fa112_1735623863625; _m_h5_tk_enc=b55f362592c88d6defccb677078746cd; _tb_token_=e876b0eef1131; _samesite_flag_=true; sgcookie=E1009A%2FiNKpYLTKMq16I8tRY6RohtWbIsWzzsziudwLnZ4D4BC9jT7iLBbx186%2B2TRYwcRbg3n3FP%2F6G6IXjUN1rnKpkpKy%2FmnQRz5%2FEHsGoAazIkgQdBo1RIWGMxmI65%2Bph; havana_lgc_exp=1766718864833; unb=2214246236606; uc1=cookie16=VFC%2FuZ9az08KUQ56dCrZDlbNdA%3D%3D&cookie14=UoYdWNVDTzV6Ug%3D%3D&pas=0&cookie21=W5iHLLyFe3xm&cookie15=UtASsssmOIJ0bQ%3D%3D&existShop=false; uc3=nk2=F5RAQUgx8YnGjLI%3D&vt3=F8dD37DjrX3xhzsVA%2FM%3D&id2=UUpgQhI3B7aGpRoAhg%3D%3D&lg2=UIHiLt3xD8xYTw%3D%3D; csg=c8e1aed8; cookie17=UUpgQhI3B7aGpRoAhg%3D%3D; skt=ad86e85a3c471cbc; cookie2=2c66510ed86703d9720d3cc71d26f00c; existShop=MTczNTYxNDg2NA%3D%3D; uc4=nk4=0%40FY4L7QcciPZyVexfMi%2FpdFmH9yonLA%3D%3D&id4=0%40U2gqzcKwBo9KiCZzQnIWA0kbXEQCJA4X; _cc_=WqG3DMC9EA%3D%3D; _l_g_=Ug%3D%3D; sg=868; _nk_=tb531120208; cookie1=UIXz8rVWewjy3KlJ22UIXggmWZR%2FgRVza%2F5ed3tNbMc%3D; sdkSilent=1735701264863; havana_sdkSilent=1735701264863; 3PcFlag=1735619721231; tfstk=gJlrv2ZLgQdyw0hyxrVF_wRfZfF8T7x1tXZQ-203PuqoA7seTmrbFJqBeDyEAmenN7gS0woI5UeBe7MFTom0V0MSRm8Emc37d2cQ-XP-GY1QV3FE-cNefhO61438pWx6fwhHvGFgW94hAJq0nWae6EE-W4389ZpRwVvZyMunS5o3tDV0nyzTtyfnxof0DyUhqyfkuqqYm_fu-J2cnP4NEzm3tEu0DyV3xxiuSy7QJ8YnA9_TPCrQUl0u01uxgzv0bCEAtGh4zqrirNfhtjzzUXF-OZQ7Fv0TBbGWTsFS7xV054dPg50u70ZjjCf4iqgmARHvv1wx0XytZ8bHjl0ZrAVmOebT3m4UIW2V-604womEZ5AG0rHmPvc-4w53ybG_Lle2-6eQifwiI07pWqVu-DetOhC8q20t6ANwGTViuvmZLgzGvrx-BXHPx9yukrr6uE7Hlii46Pddi9BLF_U4fUAOp9eukrr6uEWdp8s4ulTk6; isg=BAAA-44Rc7BC_w5GZI2l1KPC0Y7SieRTmTDOBXqRzZuv9aAfIpt348TDDV01xZwr',
    'referer': 'https://item.taobao.com/',
    'sec-ch-ua': '"Microsoft Edge";v="131", "Chromium";v="131", "Not_A Brand";v="24"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
    'sec-fetch-dest': 'script',
    'sec-fetch-mode': 'no-cors',
    'sec-fetch-site': 'same-site',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0',
}

params = {
    'jsv': '2.7.4',
    'appKey': str(appkey),
    't': str(time),
    'sign': str(sign),
    'api': 'mtop.taobao.rate.detaillist.get',
    'v': '6.0',
    'isSec': '0',
    'ecode': '1',
    'timeout': '20000',
    'type': 'jsonp',
    'dataType': 'jsonp',
    'jsonpIncPrefix': 'pcdetail',
    'callback': 'mtopjsonppcdetail3',
    'data': data,
}

response = requests.get(
    'https://h5api.m.taobao.com/h5/mtop.taobao.rate.detaillist.get/6.0/',
    params=params,
    cookies=cookies,
    headers=headers,
)
print(response.text)