1.目标
目标网址:https://www.douchacha.com/bloggerRankingRise
切换日期出现目标请求
import requests
import jsonheaders = {"accept": "application/json, text/plain, */*","accept-language": "zh-CN,zh;q=0.9","cache-control": "no-cache","content-type": "application/json;charset=UTF-8","d-t": "1748263914419","d-v": "NSxHSGZjdzRkS2ZUVnplVFZyZkhiandyR1RyTVFxdzdaeFprZHpaSGI0Y1BVVU54Q1ROT1lUcld6VW1qT1R0QmNUcmRidXc3dlROeVZ3WkhiJTJCRGRiYVc4ZjVpMXdMS2xJaXc2NTV3NllVcUhiNnc3N1VRc2JtaFhDVHN4UFRFc2ZId29jVXI4Znp3N3JVbXg3VU5QblRzVVlUTThiZ3c1WlNUWHJVdjBsSEFYQ1V1c2IxQllPVHVzZk5FSGZld3FBSnc3WVVOQ2k0d3BjVU9ZWVVzSGZCdzVVVVBRVkpld1YydzdIcFRTMUM=","dcc-href": "https://www.douchacha.com/bloggerRankingRise","dcc-r": "https://www.douchacha.com/","dcc-v": "1.0","origin": "https://www.douchacha.com","pragma": "no-cache","priority": "u=1, i","referer": "https://www.douchacha.com/","sec-ch-ua": "\"Chromium\";v=\"136\", \"Google Chrome\";v=\"136\", \"Not.A/Brand\";v=\"99\"","sec-ch-ua-mobile": "?0","sec-ch-ua-platform": "\"Windows\"","sec-fetch-dest": "empty","sec-fetch-mode": "cors","sec-fetch-site": "same-site","user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
}
url = "https://api.douchacha.com/api/tiktok/ranking/user_list_gain"
params = {"ts": "1748263914419","he": "gna8CHfKV3DJw45/WClWw7zUNsbzW8bFYdfJV0vTOOs=","sign": "74330c908d7ef526","secret": "110376408a9ef1f92f1c060100080a570a5c57055e0b0b1a011f07"
}
data = {"page_no": 1,"page_size": 30,"params_data": {"label_name": "","period": "DAY","period_value": "20250524"}
}
data = json.dumps(data, separators=(',', ':'))
response = requests.post(url, headers=headers, params=params, data=data)print(response.text)
print(response)
需要解决:
- 请求头参数:
'd-t'和'd-v' - 请求参数:
"ts": "1748263914419","he": "gna8CHfKV3DJw45/WClWw7zUNsbzW8bFYdfJV0vTOOs=","sign": "74330c908d7ef526","secret": "110376408a9ef1f92f1c060100080a570a5c57055e0b0b1a011f07"
且'd-t'和'ts'需要一致
2.参数定位
-
方法一:
点击请求拦截器
在代码
n = n.then(t.shift(), t.shift());中,t 是一个存储着请求和响应拦截器的回调函数(成功回调fulfilled和失败回调rejected)的数组。
点击第一个方法
可以看到请求头部加密参数'd-v' -
方法二
搜索关键词定位:
尝试搜索请求参数'sign'、secret等
和请求头参数'd-t'、'd-v'
这里选择搜索请求参数'd-v'
在搜请求头相关的加密参数可以根据
js代码的习惯搜headers.common["d-v"]
如果搜不到可以搜他们的“未加密的兄弟参数”,比如"dcc-href"、"dcc-v"等
3.逆向分析
var d = window.btoa(window.v() + "," + window.hi("dt"));
t.headers.common["d-v"] = d
可以发现window.v()返回值固定为5,进入window.hi()方法可以看到混淆的
_0x1ad0d3.t = new Date().getTime();_0x1ad0d3.h = window.location.host;_0x1ad0d3.p = navigator.plugins.length;_0x1ad0d3.e = eval.toString().length;_0x1ad0d3.w = 0; // 代表没有用自动化
function hi(_0x2632b7) {var _0x1ad0d3 = {"t": new Date().getTime(),"h": "www.douchacha.com","p": 5,"e": 33,"w": 0}return se(JSON.stringify(_0x1ad0d3), _0x2632b7);
}var dv = btoa(5 + "," + hi("dt"));
console.log(dv)
其他扣代码,缺什么补什么
如果参数不对,就会返回`
成功返回数据
深度讲解)
:入门)
在线预览)
)
