美团小程序 mtgsig1.2 拼好饭案例 分析 mtgsig

声明
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
逆向分析

美团网页、小程序、app全是指纹检测。app的只会补老版本的，新版本一直初始化失败4096。直接放弃先了补补基础。小程序和app都差不多都是云函数都需要hook。我这个是"a6":"w1.3开头的。w1.2之后在分析。

cp = execjs.compile(open('phf.js', 'r', encoding='utf-8').read())
result = cp.call('getMtgsig',data,openId,page)
mtgsig = result['header']['mtgsig']
print(mtgsig)
headers = {
    "Accept": "*/*",
    "Accept-Language": "zh-CN,zh;q=0.9",
    "Connection": "keep-alive",
    "Content-Type": "application/x-www-form-urlencoded",
    "Referer": "",
    "Sec-Fetch-Dest": "empty",
    "Sec-Fetch-Mode": "cors",
    "Sec-Fetch-Site": "cross-site",
    "User-Agent": "",
    "X-Requested-With": "XMLHttpRequest",
    "content-personalized-switch": "0",
    "csecuserid": "",
    "swimlane;": "",
    "wm-user-id-deregistration": "-1",
    "wm-uuid-deregistration": "-1",
    "x-env": "online",
    "xweb_xhr": "1"
}
url = "v1/search/detail"
params = {
    "ui": "",
    "region_id": "",
}
data = {
    "loc_addr_name": "",
    "page_size": "20",
    "page_num": "0",
    "keyword": "饺子",
    "rc_app": "4",
    "rc_platform": "13",
    "optimusCode": "20",
    "riskLevel": "71",
    "partner": "4",
    "waimai_sign": "/"
}
response = requests.post(url, headers=headers, params=params, data=data)

print(response.text)
print(response)

结果

挺多坑的，我就不细说了。

总结

  1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。