Browser automation frameworks–like Puppeteer, Selenium, Marionette, and Nightmare.js–strive to provide rich APIs for configuring and interacting with Web browsers. These generally work quite well, but you’re inevitably going to end up running into API limitations if you do a lot of testing or Web scraping. You might find yourself wanting to conceal the fact that you’re using a headless browser, extract image resources from a Web page, set the seed for Math.random(), or mock the browser’s geolocation before running your test suite. Your specific automation framework might provide a built-in way to accomplish some of these, but they all have their limitations.
mitmproxy 是一个支持 HTTP 和 HTTPS 的抓包程序,有类似 Fiddler、Charles 的功能,只不过它是一个控制台的形式操作。
mitmproxy 还有两个关联组件。一个是 mitmdump,它是 mitmproxy 的命令行接口,利用它我们可以对接 Python 脚本,用 Python 实现监听后的处理。另一个是 mitmweb,它是一个 Web 程序,通过它我们可以清楚观察 mitmproxy 捕获的请求。
使用 selenium 模拟浏览器进行数据抓取无疑是当下最通用的数据采集方案,它通吃各种数据加载方式,能够绕过客户 JS 加密,绕过爬虫检测,绕过签名机制。它的应用,使得许多网站的反采集策略形同虚设。由于 selenium 不会在 HTTP 请求数据中留下指纹,因此无法被网站直接识别和拦截。
这是不是就意味着 selenium 真的就无法被网站屏蔽了呢?非也。selenium 在运行的时候会暴露出一些预定义的 JavaScript 变量(特征字符串),例如"window.navigator.webdriver",在非 selenium 环境下其值为 undefined,而在 selenium 环境下,其值为 true(如下图所示为 selenium 驱动下 Chrome 控制台打印出的值)。
An interactive console program that allows traffic flows to be intercepted, inspected, modified and replayed. So basically it gives the proxy administartor the power to modify any traffic that goes through the proxy. You can play with HTML content, inject elements, get header data, modify headers, dns spoofing, traffic filteration, redirection and a lot more things you can do with mitmproxy.
我的开源