本帖最后由 qiucx 于 2021-3-20 11:31 编辑
0. Android app的抓包方式我就不说了,百度一大堆。
1. 登录:https://newappuser.域名.com/user/loginUserNamePassWd.htm?appKey=xxxxx&appVersion=8.9.3&areaId=500&blackBox=eyJvcyI6ImFuZHJvaWQiLCJ2ZXJzaW9uIjoiMy4yLjkiLCJwYWNrYWdlcyI6ImNvbS5qaXV4aWFuYXBrLnVpKiY4LjcuOSIsInByb2ZpbGVfdGltZSI6MTg0LCJpbnRlcnZhbF90aW1lIjozMDE3NCwidG9rZW5faWQiOiJ2c2YzdFI1NCtjdjFKeVwveEU0WFNHSTdxeFpFM2VaSDZLRUN0YXNReG1IMWkyZkhoWHZjK0pjMk52dFRlbDJxQmN3MXBCN3RKNm16VFQwZlBlRlBpeXc9PSJ9&channelCode=0%2C1&cpsId=xiaomi&deviceIdentify=xxxxx&deviceType=ANDROID&deviceTypeExtra=0&equipmentType=m2&lati=0&long=0&netEnv=wifi&passWord=xxxxx&pushToken=xxxxx&screenReslolution=900x1600&supportWebp=1&sysVersion=7.1.2&token=&userName=xxxxx
appKey、blackBox、deviceIdentify、pushToken:抓包到的数据,每个人不同,抓到啥就硬编码这个数据。
appVersion:这个一定要最新版本号。
areaId:地区,可能跟送酒的仓库有关系。
其他数据都看的懂了。
登录最重要的是返回了token,后面都要用的。
2、SettlementUrl=https://newapprerorder.域名.com/reservation/settlement.htm?appKey=xxxxx&appVersion=8.9.3&areaId=500&channelCode=0&cpsId=xiaomi&deviceIdentify=xxxxx&deviceType=ANDROID&deviceTypeExtra=0&equipmentType=m2&netEnv=wifi&orderSetInfo=%7B%22addressId%22%3A0%2C%22anchorId%22%3A0%2C%22deliveryId%22%3A0%2C%22invKind%22%3A-1%2C%22invType%22%3A0%2C%22isBuyImmediately%22%3A1%2C%22isGiftOrder%22%3A-1%2C%22isPresell%22%3A%220%22%2C%22isReservation%22%3A1%2C%22liveId%22%3A0%2C%22payPrice%22%3A0%2C%22payType%22%3A0%2C%22productInfo%22%3A%7B%22normalList%22%3A%5B%7B%22buyNum%22%3A1%2C%22productId%22%3A129136%7D%5D%7D%2C%22toUseAllowance%22%3A-1%2C%22toUseCashBack%22%3A0%2C%22toUseCoupon%22%3A-1%7D&pushToken=xxxxx&screenReslolution=900x1600&supportWebp=1&sysVersion=7.1.2&token=xxxx(登录返回的token)
这个类似于把产品加入购物车,只有调用了这个链接,才能提交order。数据基本上也一眼能看清楚。
3. https://newapprerorder.域名.com/reservation/addorder.htm?appKey=APPKEYXXX&appVersion=8.9.3&areaId=500&channelCode=0&cpsId=xiaomi&deviceIdentify=APPKEYXXX&deviceType=ANDROID&deviceTypeExtra=0&equipmentType=m2&netEnv=wifi&orderAddInfo=%7B%22addressId%22%3A0%2C%22anchorId%22%3A0%2C%22bankAccount%22%3A%22%22%2C%22bankOfDeposit%22%3A%22%22%2C%22buyNum%22%3A%221%22%2C%22deliveryId%22%3A16%2C%22invContent%22%3A%22%22%2C%22invKind%22%3A0%2C%22invMobile%22%3A%221xxx%22%2C%22invTitle%22%3A%22%22%2C%22invType%22%3A0%2C%22isBuyImmediately%22%3A1%2C%22isGiftOrder%22%3A0%2C%22isPresell%22%3A%220%22%2C%22isReservation%22%3A1%2C%22liveId%22%3A0%2C%22payPrice%22%3A0%2C%22payType%22%3A1%2C%22productId%22%3A%22129136%22%2C%22receivingEmailAddress%22%3A%22%22%2C%22reservationToken%22%3A%22RESERVATIONTOKENXXX%22%2C%22stockoutGifts%22%3A%22%22%2C%22taxpayerId%22%3A%22%22%2C%22toUseAllowance%22%3A0%2C%22toUseCashBack%22%3A0%2C%22toUseCoupon%22%3A0%2C%22userLeaveMessage%22%3A%22%22%2C%22workAddresses%22%3A%22%22%2C%22workTelephone%22%3A%22%22%7D&pushToken=PUSHTOKENXXX&screenReslolution=900x1600&supportWebp=1&sysVersion=7.1.2&token=xxxx(登录返回的token)
这个就是提交订单了。 大部分数据都不变,最大的难点是reservationToken。这个数据由 MD5Util.encode("ANDROID" + appkey + DEVICE_ID) 计算获取,appkey,deviceIdentify这两个数有可能一样,也可能不同,反正抓到啥就是啥。"ANDROID"硬编码。 ios跟android的加密算法一样,其实ios跟android都共用一套系统。
[Java] 纯文本查看 复制代码 public class MD5Util {
public static String encode(String str) {
String str2 = "";
try {
MessageDigest instance = MessageDigest.getInstance("MD5");
instance.update(str.getBytes());
byte[] digest = instance.digest();
for (byte b2 : digest) {
String hexString = Integer.toHexString(b2 & 255);
if (hexString.length() == 1) {
str2 = str2 + "0" + hexString;
} else {
str2 = str2 + hexString;
}
}
} catch (Exception e2) {
e2.printStackTrace();
}
return str2;
}
}
打字不易,有帮助就点个赞,加个分。另外,打个小广告,jd抢茅台剩最后一个js加密字段sk(一大段混淆的js代码,有个函数生成了一个字符串,js能力有限,有大神能帮助,愿意将前期研究成果共享。) | 
[复制链接]
发表于 2021-3-19 10:33
