美团外卖小程序 _token、mtgsig分析 mtgsig1.2

声明
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
wx a15018601872 q 2766958292
逆向过程
cp = execjs.compile(open('_token.js','r',encoding='utf-8').read())
_token = cp.call('getToken',token_params)
print(_token)

result = cp.call('getMtgsig',sessionId, data1)
mtgsig = result['header']['mtgsig']
headers = {
"Accept": "/",
"Accept-Language": "zh-CN,zh;q=0.9",
"Connection": "keep-alive",
"Content-Type": "application/x-www-form-urlencoded",
"M-APPKEY": "wxmp_mt-weapp",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "cross-site",
"clientversion": "3.2.4",
"csecuserid": "4020786754",
"csecuuid": cuid,
"mtgsig": mtgsig,
"utm_medium;": "",

"wm-ctype": "mt_mp",
"xweb_xhr": "1"

}
url = "v1/poi/food"
params = {
"yodaReady": "wx",
"csecplatform": "3",
"csecversionname": "",
"csecversion": ""
}

response = requests.post(url, headers=headers, params=params, data=data)

print(response.text)
print(response)
结果

总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。