京东滑块 分析

声明:
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
逆向分析
python代码
session = requests.session()
headers = {
"accept": "application/json, text/plain, */*",
"accept-language": "zh-CN,zh;q=0.9",
"cache-control": "no-cache",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"sec-ch-ua": "\"Not A(Brand\";v=\"8\", \"Chromium\";v=\"132\", \"Microsoft Edge\";v=\"132\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-site",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0"
}
cookies = {

}
url = "/getImgVerifyCodeSessionId"
data = {
"functionId": "getImgVerifyCodeSessionId",
"appid": "dr-platform",
"client": "pc",
"loginType": "3",
"body": "{}"
}
response = session.post(url, headers=headers, data=data, cookies=cookies)
data = response.json()
# print(data)
result = data['result']
sessionId = result['sessionId']
url = "/api/fp"
cp = execjs.compile(open('run.js', 'r', encoding='utf-8').read())
data = cp.call('getFp', sessionId)

response = session.post(url, headers=headers, data=data)
# print(response.text)
data = response.json()
st = data['st']
fp = data['fp']
url = "/api/check"
data = cp.call('getBg', st, sessionId)

response = session.post(url, headers=headers, data=data)
data = response.json()
print(data)
img = data['img']
b1 = json.loads(img)['b1']
base_b1 = b1.replace('data:image/png;base64,', '')
with open('bg.png', 'wb') as fp:
fp.write(base64.b64decode(base_b1))

结果

总结

总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。