Python爬虫实践:优志愿 院校列表
迪丽瓦拉
2024-05-29 14:58:35
0次
https://www.youzy.cn/tzy/search/colleges/collegeList
获取目标网址等信息
打开开发人员工具(F12),拿到调用接口的地址,以及接口请求参数等信息,如下
curl 'https://uwf7de983aad7a717eb.youzy.cn/youzy.dms.basiclib.api.college.query' \-H 'Accept: */*' \-H 'Accept-Language: zh-CN,zh;q=0.9' \-H 'Connection: keep-alive' \-H 'Content-Type: application/json' \-H 'Origin: https://pv4y-pc.youzy.cn' \-H 'Referer: https://pv4y-pc.youzy.cn/' \-H 'Sec-Fetch-Dest: empty' \-H 'Sec-Fetch-Mode: cors' \-H 'Sec-Fetch-Site: same-site' \-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.63' \-H 'sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Microsoft Edge";v="110"' \-H 'sec-ch-ua-mobile: ?0' \-H 'sec-ch-ua-platform: "macOS"' \-H 'u-sign: e79c2c67e9060725be683594244ec10f' \-H 'u-token;' \--data-raw '{"keyword":"","provinceNames":[],"natureTypes":[],"eduLevel":"","categories":[],"features":[],"pageIndex":4,"pageSize":20,"sort":11}' \--compressed
接口调用
第一次调用,按最简单的方案来进行:直接使用curl中的请求头以及参数,不做任何改动
该方法的好处是先将接口调通,不掺和其他外部因素
来,直接上代码
import requestsurl = 'https://uwf7de983aad7a717eb.youzy.cn/youzy.dms.basiclib.api.college.query'data = '{"keyword":"","provinceNames":[],"natureTypes":[],"eduLevel":"","categories":[],"features":[],"pageIndex":4,"pageSize":20,"sort":11}'headers = {'Accept': '*/*','Accept-Language': 'zh-CN,zh;q=0.9','Connection': 'keep-alive','Content-Type': 'application/json','Origin': 'https://pv4y-pc.youzy.cn','Referer': 'https://pv4y-pc.youzy.cn/','Sec-Fetch-Dest': 'empty','Sec-Fetch-Mode': 'cors','Sec-Fetch-Site': 'same-site','User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.63','sec-ch-ua': '"Chromium";v="110", "Not A(Brand";v="24", "Microsoft Edge";v="110"','sec-ch-ua-mobile': '?0','sec-ch-ua-platform': 'macOS','Accept-Encoding': 'gzip, deflate, br','Host': 'uwf7de983aad7a717eb.youzy.cn','u-sign': 'e79c2c67e9060725be683594244ec10f'
}response = requests.post(url, headers=headers, data=data)
print('response-->', response.text)
代码执行结果如下
进阶调用
通过从curl中获取相关参数,成功的进行了接口调用
此时,我们修改一下分页参数,来获取第2页的数据,提示身份鉴权失败
response--> {"code":"401","message":"身份授权失败","fullMessage":"","timestamp":"2023-03-06T16:10:56.1799746+08:00","isSuccess":false}通过实验发现,修改任意参数,都会提示鉴权失败
所有证据都证明着这里有猫腻
观察请求体,参数都挺正常,除了u-sign
寻找u-sign
使用开发人员工具里的搜索功能,来看下u-sign是在哪里赋值
找到文件之后,继续在文件内搜索u-sign
可能会找到多个符合项,这时可以通过数据翻页debug的方式,来确定具体哪一项符合我们的预期
分析u-sign生成代码
return e.headers = {"Content-Type": "application/json","u-sign": o(e.url, e.data), // 生成u-sign"u-token": p.getOrLoadUToken()}继续debug,找到方法o的代码
"339a": function(e, t, r) {r("ac1f"),r("1276"),r("159b"),r("99af"),r("1e25"),r("b64b");var n = r("6821");e.exports = function(e, t) {var r, i = "9SASji5OWnG41iRKiSvTJHlXHmRySRp1", o = "", a = t || {}, s = (e = e || "").split("?");if (s.length > 0 && (r = s[1]),r) {var u = r.split("&"), c = "";u.forEach((function(e) {var t = e.split("=");c += "".concat(t[0], "=").concat(encodeURI(t[1]), "&")})),o = "".concat(_.trimEnd(c, "&"), "&").concat(i)} else// 走的这里!!o = Object.keys(a).length > 0 ? "".concat(JSON.stringify(a), "&").concat(i) : "&".concat(i);return o = o.toLowerCase(),n(o) // 做了一次加密操作}},方法o中做了一个字符串拼接,并执行了方法n(加密操作),代码如下
e.exports = function(e, r) {if (null == e)throw new Error("Illegal argument " + e);var n = t.wordsToBytes(a(e, r));return r && r.asBytes ? n : r && r.asString ? o.bytesToString(n) : t.bytesToHex(n)}加密代码没有完全看明白
通过网上的案例+使用加密工具,强行试出来是加密方式是md5
在线加密工具:在线加密解密 - chahuo.com
最后附上完整代码
from hashlib import md5import requestsurl = 'https://uwf7de983aad7a717eb.youzy.cn/youzy.dms.basiclib.api.college.query'data = '{"keyword":"","provinceNames":[],"natureTypes":[],"eduLevel":"","categories":[],"features":[],"pageIndex":2,"pageSize":20,"sort":11}'def u(tt):en_key = '9SASji5OWnG41iRKiSvTJHlXHmRySRp1'result = tt.lower() + '&' + en_key.lower()print('result', result)return resultdef get_u_sign(data):sign_data = u(data)return md5(sign_data.encode()).hexdigest()headers = {'Accept': '*/*','Accept-Language': 'zh-CN,zh;q=0.9','Connection': 'keep-alive','Content-Type': 'application/json','Origin': 'https://pv4y-pc.youzy.cn','Referer': 'https://pv4y-pc.youzy.cn/','Sec-Fetch-Dest': 'empty','Sec-Fetch-Mode': 'cors','Sec-Fetch-Site': 'same-site','User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.63','sec-ch-ua': '"Chromium";v="110", "Not A(Brand";v="24", "Microsoft Edge";v="110"','sec-ch-ua-mobile': '?0','sec-ch-ua-platform': 'macOS','Accept-Encoding': 'gzip, deflate, br','Host': 'uwf7de983aad7a717eb.youzy.cn','u-sign': get_u_sign(data)
}response = requests.post(url, headers=headers, data=data)
print('response-->', response.text)