声明本文章中所有内容仅供学习交流使用不用于其他任何目的抓包内容、敏感网址、数据接口等均已做脱敏处理严禁用于商业用途和非法用途否则由此产生的一切后果均与作者无关逆向分析部分python代码result cp.call(getEnrypt, json_data,a,b) print(result) X_Sign result[X_Sign] t result[t] s result[s] session_sign result[session_sign] session_key result[session-key] print(result) headers { accept: application/json, text/plain, */*, content-type: application/json, country: HK, grey-secret: null, language: zh-hant, pragma: no-cache, priority: u1, i, sec-ch-ua-platform: Windows, sec-fetch-dest: empty, sec-fetch-mode: cors, sec-fetch-site: same-site, td-session-key: session_key, td-session-query: , td-session-sign: session_sign, x-client-country: HK, x-client-namespace: hk, x-device-os-type: web, x-doughnuts: , x-project-id: hk, x-sign: X_Sign, } json_data[s] s json_data[t] t response requests.post(url, headersheaders, jsonjson_data) print(response.text)result cp.call(getEnrypt, json_data,a,b) print(result) X_Sign result[X_Sign] t result[t] s result[s] session_sign result[session_sign] session_key result[session-key] print(result) headers { accept: application/json, text/plain, */*, content-type: application/json, country: HK, grey-secret: null, language: zh-hant, pragma: no-cache, priority: u1, i, sec-ch-ua-platform: Windows, sec-fetch-dest: empty, sec-fetch-mode: cors, sec-fetch-site: same-site, td-session-key: session_key, td-session-query: , td-session-sign: session_sign, x-client-country: HK, x-client-namespace: hk, x-device-os-type: web, x-doughnuts: , x-project-id: hk, x-sign: X_Sign, } json_data[s] s json_data[t] t response requests.post(url, headersheaders, jsonjson_data) print(response.text)结果总结1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。
泡泡玛特 session_sign、session_key分析
声明本文章中所有内容仅供学习交流使用不用于其他任何目的抓包内容、敏感网址、数据接口等均已做脱敏处理严禁用于商业用途和非法用途否则由此产生的一切后果均与作者无关逆向分析部分python代码result cp.call(getEnrypt, json_data,a,b) print(result) X_Sign result[X_Sign] t result[t] s result[s] session_sign result[session_sign] session_key result[session-key] print(result) headers { accept: application/json, text/plain, */*, content-type: application/json, country: HK, grey-secret: null, language: zh-hant, pragma: no-cache, priority: u1, i, sec-ch-ua-platform: Windows, sec-fetch-dest: empty, sec-fetch-mode: cors, sec-fetch-site: same-site, td-session-key: session_key, td-session-query: , td-session-sign: session_sign, x-client-country: HK, x-client-namespace: hk, x-device-os-type: web, x-doughnuts: , x-project-id: hk, x-sign: X_Sign, } json_data[s] s json_data[t] t response requests.post(url, headersheaders, jsonjson_data) print(response.text)result cp.call(getEnrypt, json_data,a,b) print(result) X_Sign result[X_Sign] t result[t] s result[s] session_sign result[session_sign] session_key result[session-key] print(result) headers { accept: application/json, text/plain, */*, content-type: application/json, country: HK, grey-secret: null, language: zh-hant, pragma: no-cache, priority: u1, i, sec-ch-ua-platform: Windows, sec-fetch-dest: empty, sec-fetch-mode: cors, sec-fetch-site: same-site, td-session-key: session_key, td-session-query: , td-session-sign: session_sign, x-client-country: HK, x-client-namespace: hk, x-device-os-type: web, x-doughnuts: , x-project-id: hk, x-sign: X_Sign, } json_data[s] s json_data[t] t response requests.post(url, headersheaders, jsonjson_data) print(response.text)结果总结1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。
