Python利用PyExecJS库执行JS函数的案例分析

import execjs

print(execjs.eval("'red yellow blue'.split(' ')"))

ctx = execjs.compile("""
  function add(x, y) {
   return x + y;
  }
 """)
print(ctx.call("add", 1, 2))

# 1.在windows上不需要其他的依赖便可运行execjs， 因为默认有个JScript库，如果要运行其他JS引擎库，就需要另外安装了。
 # windows默认执行的JS环境
  execjs.get().name
  #返回值： JScript
 # 如果想要切换，用os.environ["EXECJS_RUNTIME"] = "XXX"，如果刚安装完其他JS引擎，必须配置环境变量，还可能需要重启电脑或重启IDE。
 # 如果windows上装有Node.js ， 可以切换Node
  os.environ["EXECJS_RUNTIME"] = "Node"
  print(execjs.get().name)
  #返回值： Node.js (V8)
 # 如果windows上装有PhantomJSs ， 可以切换PhantomJS
  os.environ["EXECJS_RUNTIME"] = "PhantomJS"
  print(execjs.get().name)
  #返回值： PhantomJS
 
# 2.在ubuntu下需要安装执行JS环境依赖, 作者的环境为PhantomJS
  execjs.get().name
  #返回值： PhantomJS
 
# 3.源码中给出， 可执行execjs的环境：
 PyV8   = "PyV8"
 Node   = "Node"
 JavaScriptCore = "JavaScriptCore"
 SpiderMonkey = "SpiderMonkey"
 JScript  = "JScript"
 PhantomJS  = "PhantomJS"
 SlimerJS  = "SlimerJS"
 Nashorn  = "Nashorn"

# 举例 Anaconda3
D:\programfiles\Anaconda3\Scripts

os.environ["EXECJS_RUNTIME"] = "PhantomJS"

<html>
<head></head>
<script src="/UploadFiles/2021-04-08/a.js">


2.将js放到和py脚本同一级目录下
"htmlcode">

/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
var CryptoJS=CryptoJS||function(u,p){var d={},l=d.lib={},s=function(){},t=l.Base={extend:function(a){s.prototype=this;var c=new s;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}},
r=l.WordArray=t.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=p"")},parse:function(a){for(var c=a.length,e=[],j=0;j<c;j+=2)e[j>3]|=parseInt(a.substr(j,
2),16)<<24-4*(j%8);return new r.init(e,c/2)}},b=w.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var e=[],j=0;j<a;j++)e.push(String.fromCharCode(c[j>2]>24-8*(j%4)&255));return e.join("")},parse:function(a){for(var c=a.length,e=[],j=0;j<c;j++)e[j>2]|=(a.charCodeAt(j)&255)<<24-8*(j%4);return new r.init(e,c)}},x=w.Utf8={stringify:function(a){try{return decodeURIComponent(escape(b.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return b.parse(unescape(encodeURIComponent(a)))}},
q=l.BufferedBlockAlgorithm=t.extend({reset:function(){this._data=new r.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=x.parse(a));this._data.concat(a);this._nDataBytes+=a.sigBytes},_process:function(a){var c=this._data,e=c.words,j=c.sigBytes,k=this.blockSize,b=j/(4*k),b=a"")},parse:function(d){var l=d.length,s=this._map,t=s.charAt(64);t&&(t=d.indexOf(t),-1!=t&&(l=t));for(var t=[],r=0,w=0;w<
l;w++)if(w%4){var v=s.indexOf(d.charAt(w-1))<<2*(w%4),b=s.indexOf(d.charAt(w))>6-2*(w%4);t[r>2]|=(v|b)<<24-8*(r%4);r++}return p.create(t,r)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}})();
(function(u){function p(b,n,a,c,e,j,k){b=b+(n&a|~n&c)+e+k;return(b<<j|b>32-j)+n}function d(b,n,a,c,e,j,k){b=b+(n&c|a&~c)+e+k;return(b<<j|b>32-j)+n}function l(b,n,a,c,e,j,k){b=b+(n^a^c)+e+k;return(b<<j|b>32-j)+n}function s(b,n,a,c,e,j,k){b=b+(a^(n|~c))+e+k;return(b<<j|b>32-j)+n}for(var t=CryptoJS,r=t.lib,w=r.WordArray,v=r.Hasher,r=t.algo,b=[],x=0;64>x;x++)b[x]=4294967296*u.abs(u.sin(x+1))|0;r=r.MD5=v.extend({_doReset:function(){this._hash=new w.init([1732584193,4023233417,2562383102,271733878])},
_doProcessBlock:function(q,n){for(var a=0;16>a;a++){var c=n+a,e=q[c];q[c]=(e<<8|e>24)&16711935|(e<<24|e>8)&4278255360}var a=this._hash.words,c=q[n+0],e=q[n+1],j=q[n+2],k=q[n+3],z=q[n+4],r=q[n+5],t=q[n+6],w=q[n+7],v=q[n+8],A=q[n+9],B=q[n+10],C=q[n+11],u=q[n+12],D=q[n+13],E=q[n+14],x=q[n+15],f=a[0],m=a[1],g=a[2],h=a[3],f=p(f,m,g,h,c,7,b[0]),h=p(h,f,m,g,e,12,b[1]),g=p(g,h,f,m,j,17,b[2]),m=p(m,g,h,f,k,22,b[3]),f=p(f,m,g,h,z,7,b[4]),h=p(h,f,m,g,r,12,b[5]),g=p(g,h,f,m,t,17,b[6]),m=p(m,g,h,f,w,22,b[7]),
f=p(f,m,g,h,v,7,b[8]),h=p(h,f,m,g,A,12,b[9]),g=p(g,h,f,m,B,17,b[10]),m=p(m,g,h,f,C,22,b[11]),f=p(f,m,g,h,u,7,b[12]),h=p(h,f,m,g,D,12,b[13]),g=p(g,h,f,m,E,17,b[14]),m=p(m,g,h,f,x,22,b[15]),f=d(f,m,g,h,e,5,b[16]),h=d(h,f,m,g,t,9,b[17]),g=d(g,h,f,m,C,14,b[18]),m=d(m,g,h,f,c,20,b[19]),f=d(f,m,g,h,r,5,b[20]),h=d(h,f,m,g,B,9,b[21]),g=d(g,h,f,m,x,14,b[22]),m=d(m,g,h,f,z,20,b[23]),f=d(f,m,g,h,A,5,b[24]),h=d(h,f,m,g,E,9,b[25]),g=d(g,h,f,m,k,14,b[26]),m=d(m,g,h,f,v,20,b[27]),f=d(f,m,g,h,D,5,b[28]),h=d(h,f,
m,g,j,9,b[29]),g=d(g,h,f,m,w,14,b[30]),m=d(m,g,h,f,u,20,b[31]),f=l(f,m,g,h,r,4,b[32]),h=l(h,f,m,g,v,11,b[33]),g=l(g,h,f,m,C,16,b[34]),m=l(m,g,h,f,E,23,b[35]),f=l(f,m,g,h,e,4,b[36]),h=l(h,f,m,g,z,11,b[37]),g=l(g,h,f,m,w,16,b[38]),m=l(m,g,h,f,B,23,b[39]),f=l(f,m,g,h,D,4,b[40]),h=l(h,f,m,g,c,11,b[41]),g=l(g,h,f,m,k,16,b[42]),m=l(m,g,h,f,t,23,b[43]),f=l(f,m,g,h,A,4,b[44]),h=l(h,f,m,g,u,11,b[45]),g=l(g,h,f,m,x,16,b[46]),m=l(m,g,h,f,j,23,b[47]),f=s(f,m,g,h,c,6,b[48]),h=s(h,f,m,g,w,10,b[49]),g=s(g,h,f,m,
E,15,b[50]),m=s(m,g,h,f,r,21,b[51]),f=s(f,m,g,h,u,6,b[52]),h=s(h,f,m,g,k,10,b[53]),g=s(g,h,f,m,B,15,b[54]),m=s(m,g,h,f,e,21,b[55]),f=s(f,m,g,h,v,6,b[56]),h=s(h,f,m,g,x,10,b[57]),g=s(g,h,f,m,t,15,b[58]),m=s(m,g,h,f,D,21,b[59]),f=s(f,m,g,h,z,6,b[60]),h=s(h,f,m,g,C,10,b[61]),g=s(g,h,f,m,j,15,b[62]),m=s(m,g,h,f,A,21,b[63]);a[0]=a[0]+f|0;a[1]=a[1]+m|0;a[2]=a[2]+g|0;a[3]=a[3]+h|0},_doFinalize:function(){var b=this._data,n=b.words,a=8*this._nDataBytes,c=8*b.sigBytes;n[c>5]|=128<<24-c%32;var e=u.floor(a/
4294967296);n[(c+64>9<<4)+15]=(e<<8|e>24)&16711935|(e<<24|e>8)&4278255360;n[(c+64>9<<4)+14]=(a<<8|a>24)&16711935|(a<<24|a>8)&4278255360;b.sigBytes=4*(n.length+1);this._process();b=this._hash;n=b.words;for(a=0;4>a;a++)c=n[a],n[a]=(c<<8|c>24)&16711935|(c<<24|c>8)&4278255360;return b},clone:function(){var b=v.clone.call(this);b._hash=this._hash.clone();return b}});t.MD5=v._createHelper(r);t.HmacMD5=v._createHmacHelper(r)})(Math);
(function(){var u=CryptoJS,p=u.lib,d=p.Base,l=p.WordArray,p=u.algo,s=p.EvpKDF=d.extend({cfg:d.extend({keySize:4,hasher:p.MD5,iterations:1}),init:function(d){this.cfg=this.cfg.extend(d)},compute:function(d,r){for(var p=this.cfg,s=p.hasher.create(),b=l.create(),u=b.words,q=p.keySize,p=p.iterations;u.length<q;){n&&s.update(n);var n=s.update(d).finalize(r);s.reset();for(var a=1;a<p;a++)n=s.finalize(n),s.reset();b.concat(n)}b.sigBytes=4*q;return b}});u.EvpKDF=function(d,l,p){return s.create(p).compute(d,
l)}})();
CryptoJS.lib.Cipher||function(u){var p=CryptoJS,d=p.lib,l=d.Base,s=d.WordArray,t=d.BufferedBlockAlgorithm,r=p.enc.Base64,w=p.algo.EvpKDF,v=d.Cipher=t.extend({cfg:l.extend(),createEncryptor:function(e,a){return this.create(this._ENC_XFORM_MODE,e,a)},createDecryptor:function(e,a){return this.create(this._DEC_XFORM_MODE,e,a)},init:function(e,a,b){this.cfg=this.cfg.extend(b);this._xformMode=e;this._key=a;this.reset()},reset:function(){t.reset.call(this);this._doReset()},process:function(e){this._append(e);return this._process()},
finalize:function(e){e&&this._append(e);return this._doFinalize()},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(e){return{encrypt:function(b,k,d){return("string"==typeof k"string"==typeof k"string"==typeof a"0123456789abcdef";return e.substring(0, 16);}
CryptoJS.e = function (d,p) {
 var key = CryptoJS.enc.Utf8.parse(_k(p));
 var encrypted = CryptoJS.AES.encrypt(d, key, {
  iv: key,
  mode: CryptoJS.mode.CBC,
  padding: CryptoJS.pad.Pkcs7
 });
 return encrypted.toString();
};

function doencodepsw(psw, code, acc) {
   return "[p]" + CryptoJS.e(CryptoJS.MD5(CryptoJS.MD5(CryptoJS.MD5(psw).toString() + code).toString()).toString() + "@" + acc, code);
}

function doencodeacc(acc, code) {
 return "[p]" + CryptoJS.e(acc, code);
}


3. 编写Python脚本来调用js


import execjs

def get_js():
 # 打开JS文件
 f = open("a.js", 'r', encoding='utf-8')
 line = f.readline()
 htmlstr = ''
 while line:
  htmlstr = htmlstr + line
  line = f.readline()
 return htmlstr

def get_des_psswd(acc, code):
 jsstr = get_js()
 # 加载JS文件
 ctx = execjs.compile(jsstr)
 # 调用js方法 第一个参数是JS的方法名，后面的为js方法的参数
 return ctx.call('doencodeacc', acc, code)

if __name__ == '__main__': 
 print(get_des_psswd("zhangsan123456", "pYr6BTle")) # pYr6BTle = ralt code (加密的盐值)


案例2
"text-align: center">






"text-align: center">




右键查看源码，发现有JS，但是太多了，过滤一下。
2.监听鼠标点击事件查看流程



一顿操作之后，跳到登录提交的函数，直接看代码



往下看看代码之后，发现代码没加混淆也没有其他防护，那就一步到位解决了，破解这个加密还不跟切菜一样简单了。



3.写代码
导入js:


将jsencrypt.js导入到python项目中，这个js有5千多行，我就不粘贴上来了。





import execjs
import os

if __name__ == '__main__':
 # 切换了JScript、Node后都无法执行JS，发现还是PhantomJS靠谱
 # os.environ["EXECJS_RUNTIME"] = "JScript"
 # os.environ["EXECJS_RUNTIME"] = "Node"
 os.environ["EXECJS_RUNTIME"] = "PhantomJS"
 print(execjs.get().name)

 js = open('jsencrypt.js', encoding='utf-8').read()
 jo = execjs.compile(js)
 pwd = jo.call('myf')
 print(pwd)


输出：


PhantomJS
Hu4Ujwqwe/PDAblIvjNyrX4NrltoRXXDdyC6+F+p0LaqPSegMZ16oIqeVPiHlh5x8zKeI2DC3DoPVf8ZlusUCQ==


不同浏览器内核版本对URL编码处理也不同[冷知识]
"color: #ff0000">总结
以上所述是小编给大家介绍的Python利用PyExecJS库执行JS函数的案例分析，希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对网站的支持！

如果你觉得本文对你有帮助，欢迎转载，烦请注明出处，谢谢！