香港航空 阿里滑块 acw_sc__v3 分析

声明:
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
有相关问题请第一时间头像私信联系我删除博客！
前言

最近有点忙，很久没逆向了主要在打基础看公司文档和项目偷偷学习，过段时间没这么忙再买个安卓机深入学习安卓。

acw_sc__v3 

主要代码

url = "/hxair/ibe/deeplink/ancillary.do"
params = {
    "PT": "F",
    "MO": "T",
    "SC": "Y",
    "ORI": "SHA",
    "DES": "VTE",
    "DD1": "2024-11-07",
    "TA": "1",
    "TC": "0",
    "TI": "0",
    "ICS": "T",
    "CUR": "CNY",
    "language": "zh",
    "market": "CN",
    "DD2": "2024-11-10",
    "FLC": "2",
}
response = requests.get(url, headers=headers, cookies=cookies, params=params)
print(response.text)
data = json.loads(re.findall('var requestInfo = {.*};', response.text)[0].split('var requestInfo = ')[1][:-1])

token = data['token']
CertifyId = data['traceid']
userId = data['userId']
userUserId = data['userUserId']

headers = {

    "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"
}
url = ""
cp = execjs.compile(open('滑块.js', 'r', encoding='utf-8').read())
data = cp.call('init', userUserId, userId, CertifyId)
response = session.post(url, headers=headers, data=data)
data = response.json()
print(data)
CaptchaType = data['CaptchaType']
CertifyId = data['CertifyId']
requestId = data['RequestId']
DeviceConfig = data['DeviceConfig']
StaticPath = data['StaticPath']

        headers = {

        }
        url = ""
        data = cp.call('log2', DeviceConfig)
        response = session.post(url, headers=headers, data=data)
        print(response.text)
        data = cp.call('log3', DeviceConfig)
        url = ""
        response = session.post(url, headers=headers, data=data)
        print(response.text)
        result = cp.call('verify', DeviceConfig, CertifyId, userUserId, key)
        data =result['data']
        numberList = result['numberList']
        print(f"轨迹点{numberList}")


        url = ""
        response = session.post(url, headers=headers, data=data)
        print(response.text)
        if response.json()['Code'] == 'Success':
            headers = {
                "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"
            }
            cookies = {

            }
            url = "hxair/ibe/deeplink/ancillary.do"
            params = {
                "PT": "F",
                "MO": "T",
                "SC": "Y",
                "ORI": "SHA",
                "DES": "VTE",
                "DD1": "2024-11-07",
                "TA": "1",
                "TC": "0",
                "TI": "0",
                "ICS": "T",
                "CUR": "CNY",
                "language": "zh",
                "market": "CN",
                "DD2": "2024-11-10",
                "FLC": "2",
                "u_atoken": token,
                "u_asig": CertifyId
            }
            response = session.get(url, headers=headers, cookies=cookies, params=params)
            print(response.cookies)
            print(response.headers)
            print(session.cookies)

结果

轨迹优化了很久成功率基本100%.

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。

侵权首页联系删除博客