请求抓包:
POST /special-topic/pc-vert/getVertDetails/v4180 HTTP/1.1 Host: dian.ysbang.cn Connection: keep-alive Content-Length: 179 sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="102", "Google Chrome";v="102" Accept: */* Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 sentry-trace: 9c5b69199bc245ac9f1e58372b918b4c-9bc24694271a88a3-1 sec-ch-ua-platform: "Windows" Origin: https://dian.ysbang.cn Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://dian.ysbang.cn/ Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: sensorsdata2015jssdkcross=%7B%22distinct_id%22%3A%221847a5d9161728-0a8f8e80cec43b8-26021b51-2073600-1847a5d9162ad%22%2C%22first_id%22%3A%22%22%2C%22props%22%3A%7B%22%24latest_traffic_source_type%22%3A%22%E5%BC%95%E8%8D%90%E6%B5%81%E9%87%8F%22%2C%22%24latest_search_keyword%22%3A%22%E6%9C%AA%E5%8F%96%E5%88%B0%E5%80%BC%22%2C%22%24latest_referrer%22%3A%22https%3A%2F%2Fkb.yuncai998.com%2F%22%7D%2C%22identities%22%3A%22eyIkaWRlbnRpdHlfY29va2llX2lkIjoiMTg0N2E1ZDkxNjE3MjgtMGE4ZjhlODBjZWM0M2I4LTI2MDIxYjUxLTIwNzM2MDAtMTg0N2E1ZDkxNjJhZCJ9%22%2C%22history_login_id%22%3A%7B%22name%22%3A%22%22%2C%22value%22%3A%22%22%7D%2C%22%24device_id%22%3A%221847a5d9161728-0a8f8e80cec43b8-26021b51-2073600-1847a5d9162ad%22%7D; rcfp=bcb430d5f1f8433fa1495b11080f20fc75bd
{"platform":"pc","version":"5.18.0","ua":"Chrome102","ex":"2022-10-31 10:3 login 11-16 14:18:46 11-16 14:18:46","trafficType":0,"ex1":"3sqgij7g2","authcode":"123456","types":[41]}
搜索关键参数:trafficType
定位到代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25 case 12:
return void 0 === t.data && (t.data = {}),
console.log("test=>", f.Z.currentRoute.query.trafficType),
n = E(n = {
platform: "pc",
version: "5.18.0",
ua: (0,
p.Vk)().browserName + (0,
p.Vk)().version,
ex: "2022-10-31 10:3 " + (f.Z.currentRoute && f.Z.currentRoute.name || "") + " ".concat(_()(V).format("MM-DD HH:mm:ss"), " ").concat(_()().format("MM-DD HH:mm:ss")),
trafficType: Number(f.Z.currentRoute.query.trafficType || "0")
}),
t.data = Object.assign(n, t.data),
"post" === t.method && (0,
d.LP)() && !t.data.token && (t.data.token = (0,
d.LP)()),
"get" === t.method && (t.params = t.data,
(0,
d.LP)() && !t.data.token && (t.params.token = (0,
d.LP)(),
t.data.token = (0,
d.LP)())),
u.Z.getters.token && (t.headers["X-Token"] = (0,
d.LP)()),
e.abrupt("return", t);
打印E函数,定位到E函数代码:
1
2
3
4
5
6
7
8
9
10
11
12 function E() {
var e = arguments.length > 0 && void 0 !== arguments[0] ? arguments[0] : {}
, t = "e"
, n = "x"
, a = "1"
, r = w();
return e[t + n + a] = O(r),
t = null,
n = null,
a = null,
e
}
打印w函数,定位到w函数代码:
1
2
3 function w() {
return String(parseInt((new Date).getTime()) + u.Z.getters.systemTimeDValue)
}
打印O函数,定位到O函数代码:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 function O(e) {
for (var t = T.wR.split("").map((function(e) {
return Number(e)
}
)), n = e.split("").map((function(e) {
return Number(e)
}
)), a = 7 * n.reduce((function(e, t) {
return e + t
}
), 0) % 10, r = [], o = 0, i = 0; i < n.length; i++)
r[i] = (n[i] + t[o]) % 10,
o = (o + 1) % t.length;
for (var c = t.length % n.length, s = Array.apply(null, {
length: 10
}), l = 0; l < c; l++)
s[l] = r[r.length - l - 1];
s[c] = a;
for (var u = c + 1; u < r.length + 1; u++)
s[u] = r[r.length - u];
return P(s.join(""))
}
打印参数T.wR,得到具体数值:
1 T.wR="9527"
打印P函数,定位到P函数代码:
1
2
3
4
5
6
7
8
9
10
11
12 function P(e) {
for (var t = [], n = function() {
for (var e = [], t = 0; t < 36; t++)
t >= 0 && t <= 9 ? e.push(t) : e.push(String.fromCharCode(t + 87));
return e
}(); e; ) {
var a = e % 36;
t.unshift(n[a]),
e = parseInt(e / 36)
}
return t.join("")
}
至此全部所需函数整理完毕。
归纳总结ex1参数算法:
w函数得到13位时间戳
再调用O函数传入时间戳算出ex1参数