文章总结: 本文探讨了sdenv环境被反爬虫机制识别的问题。作者通过复用针对jsdom的检测代码,对sdenv进行了环境指纹测试,涵盖Navigator对象、DOM属性及原生函数特征等。测试结果显示sdenv在document类型、open函数及prompt等方面与真实浏览器存在差异,导致被识别,最后指出需针对这些差异进行修改以模拟真实浏览器环境,从而规避检测。 综合评分: 85 文章分类: 爬虫,免杀,WEB安全
听闻sdenv被反爬
原创
邓世龙
静夜随想
2025年2月27日 21:02 浙江
听闻sdenv被反爬,垂死病中惊坐起,去看了下sdenv的源码, 整理了下以前写的针对jsdom检测的简单测试代码
const jsdom = require("jsdom"); // 引入 jsdomconst { JSDOM } = jsdom; // 引出 JSDOM 类, 等同于 JSDOM = jsdom.JSDOMconst userAgent = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'const resourceLoader = new jsdom.ResourceLoader({ userAgent: userAgent});let dom = new JSDOM(``, { url: "https://example.org/", referrer: "https://example.com/", resources: resourceLoader,});window = dom.window;debugger;console.log(window.navigator.userAgent);
function detectForm(document) { let url = 'https://www.baidu.com/' let form = document.createElement('form'); form.action = ''; let input = document.createElement('input'); input.name = 'action'; form.appendChild(input) input = document.createElement('input'); input.name = 'textContent'; input.id = 'password'; form.appendChild(input) return form.action != url && form.action.__proto__.toString() == '[object HTMLInputElement]'}
console.log('test _globalObject', (typeof window._globalObject != "undefined" && typeof window != "undefined" && window._globalObject == window) === false);console.log('test document ', window.document.toString() === '[object HTMLDocument]')console.log('test open ', window.open.toString() === 'function open() { [native code] }')console.log('test fetch ', window.fetch !== undefined && window.fetch.toString() === 'function fetch() { [native code] }')console.log('test prompt ', window.prompt.toString() === 'function prompt() { [native code] }')console.log('test Event ', window.Event.toString() === 'function Event() { [native code] }')console.log('test Request', window.Request !== undefined && window.Request.toString() === 'function Request() { [native code] }')console.log('test XPathException', window.XPathException === undefined)console.log('test webdriver ', window.navigator.webdriver === false)console.log('test webdriver ', (Object.getOwnPropertyDescriptor(window.navigator.__proto__, 'webdriver') && Object.getOwnPropertyDescriptor(window.navigator.__proto__, 'webdriver').get.toString()) === 'function get webdriver() { [native code] }')console.log('test document.all ', typeof window.document.all === 'undefined')console.log('test document.all ', window.document.all !== undefined && (window.document.all.__proto__.toString() === '[object HTMLAllCollection]'))console.log('test form ', detectForm(window.document) === true)
针对sdenv, 写了一个简单的测试代码,放在sdenv源码的example目录下跑
const { jsdomFromText} = require('../utils/jsdom');const browser = require('../browser/');
let index_url = "https://www.example.com/"const [jsdomer, cookieJar] = jsdomFromText({ url: `${index_url}`, referrer: `${index_url}`, contentType: "text/html", runScripts: 'dangerously', beforeParse(window) { browser(window, 'chrome') }, })
const dom = jsdomer('<html></html>');window = dom.window;
debugger;console.log(window.navigator.userAgent);function detectForm(document) { let url = 'https://www.baidu.com/' let form = document.createElement('form'); form.action = ''; let input = document.createElement('input'); input.name = 'action'; form.appendChild(input) input = document.createElement('input'); input.name = 'textContent'; input.id = 'password'; form.appendChild(input) return form.action != url && form.action.__proto__.toString() == '[object HTMLInputElement]'}
console.log('test _globalObject', (typeof window._globalObject != "undefined" && typeof window != "undefined" && window._globalObject == window) === false);console.log('test document ', window.document.toString() === '[object HTMLDocument]')console.log('test open ', window.open.toString() === 'function open() { [native code] }')console.log('test fetch ', window.fetch !== undefined && window.fetch.toString() === 'function fetch() { [native code] }')console.log('test prompt ', window.prompt.toString() === 'function prompt() { [native code] }')console.log('test Event ', window.Event.toString() === 'function Event() { [native code] }')console.log('test Request', window.Request !== undefined && window.Request.toString() === 'function Request() { [native code] }')console.log('test XPathException', window.XPathException === undefined)console.log('test webdriver ', window.navigator.webdriver === false)console.log('test webdriver ', (Object.getOwnPropertyDescriptor(window.navigator.__proto__, 'webdriver') && Object.getOwnPropertyDescriptor(window.navigator.__proto__, 'webdriver').get.toString()) === 'function get webdriver() { [native code] }')console.log('test document.all ', typeof window.document.all === 'undefined')console.log('test document.all ', window.document.all !== undefined && (window.document.all.__proto__.toString() === '[object HTMLAllCollection]'))console.log('test form ', detectForm(window.document) === true)
测试结果如下
test _globalObject truetest document falsetest open falsetest fetch truetest prompt falsetest Event truetest Request truetest XPathException truetest webdriver truetest webdriver truetest document.all truetest document.all falsetest form true
可以看到几个测试结果是false的,而浏览器里都是true, 得针对修改下
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:静夜随想 邓世龙《听闻sdenv被反爬》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论