香港航空 阿里滑块 acw_sc__v3 分析

声明:
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
有相关问题请第一时间头像私信联系我删除博客！
前言

最近有点忙，很久没逆向了主要在打基础看公司文档和项目偷偷学习，过段时间没这么忙再买个安卓机深入学习安卓。

acw_sc__v3 

主要代码

url = "/hxair/ibe/deeplink/ancillary.do"
params = {"PT": "F","MO": "T","SC": "Y","ORI": "SHA","DES": "VTE","DD1": "2024-11-07","TA": "1","TC": "0","TI": "0","ICS": "T","CUR": "CNY","language": "zh","market": "CN","DD2": "2024-11-10","FLC": "2",
}
response = requests.get(url, headers=headers, cookies=cookies, params=params)
print(response.text)
data = json.loads(re.findall('var requestInfo = {.*};', response.text)[0].split('var requestInfo = ')[1][:-1])token = data['token']
CertifyId = data['traceid']
userId = data['userId']
userUserId = data['userUserId']headers = {"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"
}
url = ""
cp = execjs.compile(open('滑块.js', 'r', encoding='utf-8').read())
data = cp.call('init', userUserId, userId, CertifyId)
response = session.post(url, headers=headers, data=data)
data = response.json()
print(data)
CaptchaType = data['CaptchaType']
CertifyId = data['CertifyId']
requestId = data['RequestId']
DeviceConfig = data['DeviceConfig']
StaticPath = data['StaticPath']headers = {}url = ""data = cp.call('log2', DeviceConfig)response = session.post(url, headers=headers, data=data)print(response.text)data = cp.call('log3', DeviceConfig)url = ""response = session.post(url, headers=headers, data=data)print(response.text)result = cp.call('verify', DeviceConfig, CertifyId, userUserId, key)data =result['data']numberList = result['numberList']print(f"轨迹点{numberList}")url = ""response = session.post(url, headers=headers, data=data)print(response.text)if response.json()['Code'] == 'Success':headers = {"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"}cookies = {}url = "hxair/ibe/deeplink/ancillary.do"params = {"PT": "F","MO": "T","SC": "Y","ORI": "SHA","DES": "VTE","DD1": "2024-11-07","TA": "1","TC": "0","TI": "0","ICS": "T","CUR": "CNY","language": "zh","market": "CN","DD2": "2024-11-10","FLC": "2","u_atoken": token,"u_asig": CertifyId}response = session.get(url, headers=headers, cookies=cookies, params=params)print(response.cookies)print(response.headers)print(session.cookies)

结果

轨迹优化了很久成功率基本100%.

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。

侵权首页联系删除博客