秘鑰已經換了,不保證按照此方法能否破解
- 替換原壓縮后的js代碼离斩,https://paste.ubuntu.com/p/CHcy3R6wv7/
-
此代碼塊用于生成加密header字段的key
image.png - 此塊代碼用于生成加密header字段的value
搜索_createHmacHelper找到
第一步
第二步
- 最終代碼如下:
# coding=utf-8
import hashlib
import hmac
import requests
import json
secret = b'21HP2vfjvFHFPQv2CvjH1CPfCFPQ2PfnS21HP2vfjvFHFPQv2CvjH1CPfCFPQ2PfnS'
host = 'https://www.qixin.com'
data = {"eid": "b4c69da8-b346-401f-a131-c03f953da9db", "type": 4, "page": 3, "hit": 5}
uri = '/api/enterprise/getPagingRiskInfo'
sign_key = hmac.new(secret, uri.lower().encode(), hashlib.sha512).hexdigest()
header_key = sign_key[10:30] # 加密header字段的key, 從10開始,取20個
paybytes = (uri.lower()+uri.lower() + json.dumps(data, separators=(',', ':'))).encode()
sign = hmac.new(secret, paybytes, hashlib.sha512).hexdigest() # 加密header字段的value
r = requests.post(host+uri, data=json.dumps(data),
headers={'Content-Type': 'application/json',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36',
header_key: sign})
print(r.url, r.text)
