某团h5外卖接口几个参数的加密分析
声明:本文内容仅供学习交流,严禁用于商业用途,请于24小时内删除。
分享一下前几天分析某团时候的成果吧,供各位学习研究时参考,某些内容回复后再看哦。
1,targetUrl
https://h5.waimai.meituan.com/waimai/mindex/searchresults?queryType=12002&keyword=%E8%8D%AF%E5%BA%97&entranceId=0&qwTypeId=11002&mode=search
2,请求数据接口
POST
https://i.waimai.meituan.com/openh5/search/poi?_=1586871613519&X-FOR-WITH=duzUTL47ENkYwtLJV8uw1K5WJu1zsDjhR%2BKQ8JghmTgMEi6vIqRh24yuKcNfML7kSNHRs5rM1vDwJYUmiTtzMBKx58ppSJaAa%2BDbJu8IDXIkMwAwj71QEGVaMTClPmV3HFylUsBZOL67l%2FGYl49gqFyduBFbsqQ%2BCsoKB1ihRhBkimwnFm6yZYo3bXsvZoPwrlTx1GfStlR46ZHaczyS9Q%3D%3D
HTTP/1.1
Host: i.waimai.meituan.com
Connection: keep-alive
Content-Length: 1520
Accept: application/json
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
DNT: 1
Content-Type: application/x-www-form-urlencoded
Origin: https://h5.waimai.meituan.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://h5.waimai.meituan.com/waimai/mindex/searchresults?queryType=12002&keyword=%E8%8D%AF%E5%BA%97&entranceId=0&qwTypeId=11002&mode=search
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: wm_order_channel=default; _lx_utm=utm_source%3D60066; _lxsdk_cuid=17178eb30e2c8-0fb35522479496-4313f6a-100200-17178eb30e2c8;
geoType=2&cityId=1&secondCategoryId=&start=0&queryType=12002&keyword=%E8%8D%AF%E5%BA%97&categoryType=&entranceId=0&uuid=17178eb30e2c8-0fb35522479496-4313f6a-100200-17178eb30e2c8&platform=3&partner=4&originUrl=https%3A%2F%2Fh5.waimai.meituan.com%2Fwaimai%2Fmindex%2Fsearchresults%3FqueryType%3D12002%26keyword%3D%25E8%258D%25AF%25E5%25BA%2597%26entranceId%3D0%26qwTypeId%3D11002%26mode%3Dsearch&riskLevel=71&optimusCode=10&wm_latitude=&wm_longitude=&wm_actual_latitude=40115159&wm_actual_longitude=116403531&openh5_uuid=17178eb30e2c8-0fb35522479496-4313f6a-100200-17178eb30e2c8&_token=eJxVkWuPojAUhv8LifNliNByKyZmI4oMNx3Gy6ib%2BYBSFRHkUgTc7H%2FfouMkmzQ5T9%2B%2B5%2BRtzh8mNwOmB3ig8IBlrjhnegz.
o8l2ZYRlS0BcJyUgBMqAGmWV2%2F2mCxKsss82XI6b3GwiyzMpQ%2BmqVDyo8FEVGX%2Bw3QopQpKf1mNTCHAlJix7HHaVu5YexH3ZjHJLST7q7S8w9JC4OkwDXXIH9fHfMcVGeSfErK3HezJsU9wHkefgS4aa65EG%2Fo6MOGnUG444udbRBR1VecEJyP9lhM%2BjzL1nVNlEEoG2LLwHuPybTHzM0WDxvg9GUikgVBbBQUihQOw0OWhIkFkK1JVGgxN8JPklALAT3V4F2APneK7OQv0%2FhFRaoDxIpgSehHw0JT1J%2BNPk%2BD0AWiGKbMWoz0up%2FV%2FK8u3R91FqEh4QStprzQifT6jbwrovyjK29MS%2Ft2Ntanr1YDteHJG8iGIfBaj2P4VukTyvpeCpKD81qpKUZ72yKtJbQTblZh6WwMKLb%2B0Ak7tgzJ2qzOg0175Zoy4OGqiwa7EXtRNbTENhBspK5a1LX15njh36ekynWJaM4nQv9UNeux9VBOvGMIkjP2V5y9GoexXXyPvTWdR2%2BjRW6by%2FZQH9RHj4Ml2jGcqG%2Fxuvt8pZvoX1J0yluxGgMXKtKlru5V5DLq5tFkb1EmrURbf8yCsJyt9%2FIAnpLLeyo%2B8R8y4Soulb8Z4AMWzthx3RR%2Ba4KggnPxVpvbEk7pZlZ%2B9u0GlbAWUxITchGL7yVqp6coaIJoXGMF%2FrnLOTtFCeHnL8Uhexgi3BjsnUmMxWNkOBbnDF%2BtQapdfFm8ZUziJ1NzaFxGw93vDmbyOmxMRASIkM5rnLD7TN%2F%2FwFdkQnC
1,cookie分析
Cookie: cssVersion=e12a4f9b;(与css字体反爬相关, 删除后就没有字体混淆了)
wm_order_channel=default;(与labelList相关)
_lx_utm=utm_source%3D60066;
_lxsdk_cuid=17178eb30e2c8-0fb35522479496-4313f6a-100200-17178eb30e2c8;(两个与访问接口权限相关)
2,cuid生成
var Re = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36";
var screen = {
height:768,
width:1366
}
zr = function() {
for (var t = 1 * new Date, n = 0; t === 1 * new Date && n < 200; )
n++;
return t.toString(16) + n.toString(16)
}
function createCookie() {
var t = (screen.height * screen.width).toString(16);
return zr() + "-" + Math.random().toString(16).replace(".", "") + "-" + function() {
var t = Re
, n = void 0
, e = void 0
, i = []
, r = 0;
function o(t, n) {
var e = void 0
, r = 0;
for (e = 0; e < n.length; e++)
r |= i << 8 * e;
return t ^ r
}
for (n = 0; n < t.length; n++)
e = t.charCodeAt(n),
i.unshift(255 & e),
4 <= i.length && (r = o(r, i),
i = []);
return 0 < i.length && (r = o(r, i)),
r.toString(16)
}() + "-" + t + "-" + zr()
}
console.log(createCookie());
x-for-word 加密与解密: (aes)
var cryptoJS = require("crypto-js");
// 加密
function aesEncrypt(mingText) {
var mtMode = cryptoJS.mode.CBC;
var mtPad = cryptoJS.pad.Pkcs7;
var key = cryptoJS.enc.Latin1.parse("jvzempodf8f9anyt");
mingText = cryptoJS.enc.Utf8.parse(mingText);
var encrypt = cryptoJS.AES.encrypt(mingText, key, {
mode: mtMode,
padding: mtPad,
iv:key
}).toString();
return encrypt;
}
// 解密
function aesDecrypt(miText) {
var mtMode = cryptoJS.mode.CBC;
var mtPad = cryptoJS.pad.Pkcs7;
var key = cryptoJS.enc.Latin1.parse("jvzempodf8f9anyt");
var decrypt = cryptoJS.AES.decrypt(miText, key, {
mode: mtMode,
padding: mtPad,
iv:key
});
return decrypt.toString(cryptoJS.enc.Utf8);
}
以上都是加密的逻辑,但是你可以根据某些词在控制台里直接搜,就能定位到加密的位置,然后接下来的分析就看你喽。
最最后,我得出的结果:
似乎什么加密参数都不需要,只需要把ip激活就能返回数据。不信?试着用下面的请求一下。。。
关键词可以替换成自己的,中文关键词的话记得urlEncode一下。
POST https://i.waimai.meituan.com/openh5/search/poi?_=&X-FOR-WITH= HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: openh5_uuid=123456
keyword=%E8%8D%AF%E5%BA%97&wm_actual_latitude=替换成你的&wm_actual_longitude=替换成你的
是不是也返回数据。。。
https://bbs.nightteam.cn/upload/attach/202004/1616_YUYFD7MH9FAT3MA.png
这是何等的卧槽,加密我都研究完了你给我看这个。。。
Hello
暂时分享到这,主要是几个参数加密的学习,关于ip注册的逻辑,我测试的成功率不高,所以就先不分享了,也欢迎大家就此评论交流。
[动画表情] 手动握草 11 这几个参数好整,但是老被限流,不晓得咋整 手动握草+1 我手动翻几页列表页都会提示登录的 大佬,ip激活是啥意思。是要在浏览器打开一次美团h5页面吗 浏览器打开一次美团h5页面可以做到"激活ip",但是本质其实还是浏览器发送了一系列请求,你把那几个特殊的请求分析一下应该会有收获. 手动握草