案例-易酒批
网址: https://www.yijiupi.com/
输入错误的账号密码,然后抓包:
然后点击登录:
看看参数:
看请求头:
根据经验,我们可以从x-sign 开始搜:
点击进去:再看看这个x-sign ,没啥用。所以搜索 x-sign 不太行。
换一个内容来搜,找URL关键字试试:
点进去,看到有一个地方有:打上断点。
点击登录:
看到 t的值:没什么特别多的内容
r = '2e763d32_6ec1_4519_a5c5_91afcc813e99'
, c = (new Date)["getTime"]() / 1e3 - 7 // 也可以是当前系统时间.. server_init_time
, i = (c + 150); // 16745641.125
i = (i + "")['split'](".")[0], // 拿到16745641
t['data'] = t['data'] || {}; // 有数据
var u = JSON['stringify'](t['data']) // 数据进行json的处理
, s = La(u) // sha1计算
, l = ('POST' + t['url'] + s); // 做拼接
// 上面都正确额. 除了i...
// 我们处理的是POST. 下面这行没用
// (t['method'] == 'get') && (l = ('GET' + t['url']));
// 1677856491
// 1677856503
var d = ""
, f = (d || i);
t['headers']['token'] = d,
(t['noRequireToken'] || t['url']['startsWith']('/himalaya-ApiService-UA2')) && (f = i,
t['headers']['token'] = "");
var h = xa['HmacSHA1'](i + r + l, i);
t['headers']['x-sign-nonce'] = r,
t['headers']['x-sign-version'] = '1.0',
t['headers']['x-sign-timestamp'] = i;
var p = h['toString']();
t['headers']['x-sign'] = p
i["default"].load().then(function(data){console.log(data)})
Python代码:
import subprocess
from functools import partial
subprocess.Popen = partial(subprocess.Popen, encoding="utf-8")
import execjs
import requests
import json
f = open("05_易酒批.js", mode='r', encoding="utf-8")
js_code = f.read()
f.close()
js = execjs.compile(js_code)
url = "https://www.yijiupi.com/himalaya-ApiService-UA2/user/login"
data = {
"appCode": "ShoppingMallPC",
"appVersion": "4",
"deviceId": "74eef1864f4b2f537c56429cebcb0160",
"deviceType": 3,
"mobileNo": "15544441111",
"password": "1231232131",
"cityId": "701",
"userClassId": 1,
"userDisplayClass": 0,
"addressId": ""
}
headers = js.call("Ea", "/himalaya-ApiService-UA2/user/login", data)
headers["Device-Series"] = '74eef1864f4b2f537c56429cebcb0160'
headers["Security-Token"] = ""
headers["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"
headers["Content-Type"] = "application/json"
headers["Referer"] = "https://www.yijiupi.com/"
resp = requests.post(url, data=json.dumps(data, separators=(',', ':')), headers=headers)
print(resp.text)
# 逆向错误: Authorization failed
# 逆向成功: 可以看到json数据
浙公网安备 33010602011771号