海关 瑞数 后缀分析 rs

声明
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！

逆向过程

部分python代码

cp = execjs.compile(text)
api_url = ""
data = {"manaType": "C","apanage": "","depCodeChg": "","curPage": "52","pageSize": 20
}
result = cp.call('get_cookie', api_url)
url = result['url']
cookies['CKvDhNH2GZibT'] = result['CKvDhNH2GZibT']
print(url)
print(result['CKvDhNH2GZibT'])
data = json.dumps(data, separators=(',', ':'))
headers = {"Accept": "application/json, text/javascript, */*; q=0.01","Accept-Language": "zh-CN,zh;q=0.9","Cache-Control": "no-cache","Connection": "keep-alive","Content-Type": "application/json; charset=UTF-8","Pragma": "no-cache",
}
response = session.post(url, headers=headers, cookies=cookies, data=data, verify=False)
cp2 = execjs.compile(open('desc.js','r',encoding='utf-8').read())
str1 = response.text.strip('"')
result = cp2.call('decrypt',str1)
print(result)

结果

总结 

  1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。