本文主要是介绍python、go、node的ja3指纹实现,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
一.初识
1.什么是ja3相信大家都有所耳闻,这里就不做太多概述,简单来讲就是就是基于tls/ssl协议的客户端指纹特征识别技术。
2.绕过ja3的四种方法
- 1.访问ip指定host绕过waf
- 2.代理中转请求(go版本有实现可以去了解下)
- 3.更换request工具库
- 4.魔改requests
3.tls检测网站
- akamai 1.75
- akamai2.0
- Cloudflare(5秒盾)
这里我们讲解各语言版本的实现,详细了解ja3的可以移步到一下文章。
参考1
参考2
参考3
二.语言实现——(案例猿人学19题)
-
python
一.pyhttpx
import pyhttpx
sess= pyhttpx.HttpSession()
url = f"https://match.yuanrenxue.com/api/match/19?page=1"
response = sess.get(url,headers=Headers)
二. Pycurl(pycurl是curl的一个python版本)
import pycurl, json
from io import BytesIOClass getAll():def __init__(self):self.pyc=pycurl.Curl()self.buffer=BytesIO()def getoutPut():self.pyc.setopt(pycurl.URL, 'http://some-url')#跳过验证self.pyc.setopt(pycurl.SSL_VERIFYHOST,0)self.pyc.setopt(pycurl.SSL_VERIFYPEER,0)self.pyc.setopt(pycurl.POST,1)self.pyc.setopt(pycurl.WRITEDATA,self.buffer)self.pyc.setopt(pycurl.HTTPHEADER, ['content-type: application/json','content-type:multipart/form-data'])data = json.dumps({"name": "abc", "path": "def", "target": "ghi"})self.pyc.setopt(pycurl.POSTFIELDS, data)self.pyc.perform()self.pyc.close()print(self.buffer.getvalue().decode('utf-8')) 三.魔改open_ssl
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import create_urllib3_contextORIGIN_CIPHERS = ('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:'
'DH+HIGH:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+HIGH:RSA+3DES')class DESAdapter(HTTPAdapter):def __init__(self, *args, **kwargs):"""A TransportAdapter that re-enables 3DES support in Requests."""CIPHERS = ORIGIN_CIPHERS.split(':')random.shuffle(CIPHERS)CIPHERS = ':'.join(CIPHERS)self.CIPHERS = CIPHERS + ':!aNULL:!eNULL:!MD5'super().__init__(*args, **kwargs)def init_poolmanager(self, *args, **kwargs):context = create_urllib3_context(ciphers=self.CIPHERS)kwargs['ssl_context'] = contextreturn super(DESAdapter, self).init_poolmanager(*args, **kwargs)def proxy_manager_for(self, *args, **kwargs):context = create_urllib3_context(ciphers=self.CIPHERS)kwargs['ssl_context'] = contextreturn super(DESAdapter, self).proxy_manager_for(*args, **kwargs)import requests
headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67'}
s = requests.Session()
s.headers.update(headers)for _ in range(5):s.mount('https://ja3er.com', DESAdapter())resp = s.get('https://ja3er.com/json').json()print(resp)提示:cycletls是一个针对go和node的ja3实现
项目地址:cycletls
-
go(cycletls)
1.安装:go get github.com/Danny-Dasilva/CycleTLS/cycletls
2.使用
package mainimport ("github.com/Danny-Dasilva/CycleTLS/cycletls""log"
)func main() {client := cycletls.Init()response, err := client.Do("https://match.yuanrenxue.com/api/match/19?page=1", cycletls.Options{Body: "",Ja3: "771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162- 49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28- 21,29-23-24-25-256-257,0",UserAgent: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0",}, "GET")if err != nil {log.Print("Request Failed: " + err.Error())}log.Println(response)
}
-
node(cycletls)
1.安装:npm install cycletls
2.使用
const initCycleTLS = require('cycletls');
// Typescript: import initCycleTLS from 'cycletls';(async () => {// Initiate CycleTLSconst cycleTLS = await initCycleTLS();// Send requestconst response = await cycleTLS('https://match.yuanrenxue.com/api/match/19?page=1', {body: '',ja3: '771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161- 49171-49172-51-57-47-53-10,0-23-65281-10-11-35-16-5-51-43-13-45-28-21,29-23- 24-25-256-257,0',userAgent: 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0',timeout: 2,// proxy: 'http://username:password@hostname.com:443'}, 'get');console.log(response);// Cleanly exit CycleTLScycleTLS.exit();})();
效果
三.结语
好了,上面列举的这些ja3指纹工具实现相信能够应付绝大多是情况,兄弟们可以自行测试效果,如果遇到更多的情况,还得详细的分析,去进行魔改测试。
这篇关于python、go、node的ja3指纹实现的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
