七麦数据js逆向（补环境版）

本文目标地址如下，使用base64解码获得
aHR0cHM6Ly93d3cucWltYWkuY24vcmFuay9tYXJrZXRSYW5rL21hcmtldC82L2NhdGVnb3J5LzUvY29sbGVjdGlvbi9hbGwvZGF0ZS8yMDI0LTAxLTEy

本文逆向破解分为扣代码版和补环境版，扣代码版请看专栏另一篇文章

废话不多说了，七麦数据，整体只需要分析一个analysis参数，而这个参数的生成在如下位置：

最后这个e生成的位置，就是analysis参数，我们观察整体代码，发现是webpack打包的形式，那么就把整体webpack全扣下，一共有三个文件，三个文件大致如下图所示：

其中最后一个文件就是加载器的位置，这里稍微补一下window环境即可运行，最后我将加载器导出为pengyuyan

然后，将加密代码保存下来，并将其中混淆的名称还原一下，如下：

最后由python调用js代码，如下：

import requests
import execjs

jsstr = execjs.compile(open("get_analysis_wpack.js", "r").read())
cookies = {
    'PHPSESSID': 'dl3e95eoec4pso0d6tana3n2op',
    'qm_check': 'A1sdRUIQChtxen8pI0dAMRcOUFseEHBeQF0JTjVBWCwycRd1QlhAXFEGFUdeS0laHQdKAAkABAsgXyVBWD0TR1JRRAp0BQlFEBQ3TSZKFUdBbwxvBBRFIlQsSUhTFxsQU1FVV1NHXEVYVElWBRsCHAkSSQ%3D%3D',
    'gr_user_id': 'de37a14d-e50b-431a-ba94-080f6bd9adad',
    'ada35577182650f1_gr_session_id': 'c8bff4c9-3f34-402d-95eb-a93d4796dee6',
    'ada35577182650f1_gr_session_id_sent_vst': 'c8bff4c9-3f34-402d-95eb-a93d4796dee6',
    'USERINFO': 'MUPtr1fA58Rro1AMGDYXm4wUqu8h2V8Yr5fx0xzVr%2FbbV5WX6LYX71ykpPCOf%2B7Nr3gftQ%2FIR1vzgS%2FQB%2FP1rLKibxSWfTMes%2FgjuSfOevFSX5zuqqpH2Ca1vGAYc4aMBNuPnH5YFvC%2F0Mv7EgUHUwylGZOSMNR1',
    'ada35577182650f1_gr_last_sent_sid_with_cs1': 'c8bff4c9-3f34-402d-95eb-a93d4796dee6',
    'ada35577182650f1_gr_last_sent_cs1': 'qm20496404733',
    'aso_ucenter': 'bd1fJuDZr%2FoOpK6CNq2TZHCWHJs1%2FW%2Bz0361uYAjY9d9fHczT62%2BmDAVF%2FGMcsJv73g',
    'AUTHKEY': 'iI8S4dbGPztvUXS9sjPzP0g5AI7co%2BDhjJ1Ty0K41nj9Dc55BX1Ot0A9q9LULjViJ1bDUb2TkXCk6mldxk9kjfKX062k%2B6qTFLyZzLxuVcBh2Kb6Obza8g%3D%3D',
    'synct': '1704964055.813',
    'syncd': '-593',
    'ada35577182650f1_gr_cs1': 'qm20496404733',
}

headers = {
    'authority': 'api.qimai.cn',
    'accept': 'application/json, text/plain, */*',
    'accept-language': 'zh-CN,zh;q=0.9',
    'cache-control': 'no-cache',
    # 'cookie': 'PHPSESSID=dl3e95eoec4pso0d6tana3n2op; qm_check=A1sdRUIQChtxen8pI0dAMRcOUFseEHBeQF0JTjVBWCwycRd1QlhAXFEGFUdeS0laHQdKAAkABAsgXyVBWD0TR1JRRAp0BQlFEBQ3TSZKFUdBbwxvBBRFIlQsSUhTFxsQU1FVV1NHXEVYVElWBRsCHAkSSQ%3D%3D; gr_user_id=de37a14d-e50b-431a-ba94-080f6bd9adad; ada35577182650f1_gr_session_id=c8bff4c9-3f34-402d-95eb-a93d4796dee6; ada35577182650f1_gr_session_id_sent_vst=c8bff4c9-3f34-402d-95eb-a93d4796dee6; USERINFO=MUPtr1fA58Rro1AMGDYXm4wUqu8h2V8Yr5fx0xzVr%2FbbV5WX6LYX71ykpPCOf%2B7Nr3gftQ%2FIR1vzgS%2FQB%2FP1rLKibxSWfTMes%2FgjuSfOevFSX5zuqqpH2Ca1vGAYc4aMBNuPnH5YFvC%2F0Mv7EgUHUwylGZOSMNR1; ada35577182650f1_gr_last_sent_sid_with_cs1=c8bff4c9-3f34-402d-95eb-a93d4796dee6; ada35577182650f1_gr_last_sent_cs1=qm20496404733; aso_ucenter=bd1fJuDZr%2FoOpK6CNq2TZHCWHJs1%2FW%2Bz0361uYAjY9d9fHczT62%2BmDAVF%2FGMcsJv73g; AUTHKEY=iI8S4dbGPztvUXS9sjPzP0g5AI7co%2BDhjJ1Ty0K41nj9Dc55BX1Ot0A9q9LULjViJ1bDUb2TkXCk6mldxk9kjfKX062k%2B6qTFLyZzLxuVcBh2Kb6Obza8g%3D%3D; synct=1704964055.813; syncd=-593; ada35577182650f1_gr_cs1=qm20496404733',
    'origin': 'https://www.qimai.cn',
    'pragma': 'no-cache',
    'sec-ch-ua': '"Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
    'sec-fetch-dest': 'empty',
    'sec-fetch-mode': 'cors',
    'sec-fetch-site': 'same-site',
    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
}

params = {

    'market': '6',
    'category': '5',
    'collection': 'all',
    'date': '2024-01-11',
}
params['analysis'] = jsstr.call('get_analysis', list(params.values()))
response = requests.get('https://api.qimai.cn/rank/marketRank', params=params, cookies=cookies, headers=headers)
print(response)
print(response.json())

最后，成功生成数据