本帖最后由 Schwarz 于 2023-10-20 00:12 编辑
新代码已更新在新帖子,【js逆向】某习通座位预约加密分析(新手向)
https://www.52pojie.cn/thread-1793208-1-1.html
(出处: 吾爱破解论坛)
自己写的,比较懒,代码比较粗糙,见谅
流程大概是:
- 加密data
- 登录获取cookies
- 获取必要的token
- 定时
- 抢座
写完后才看到有人以前写过,但是貌似流程中的url结构与我的有点不同,只能保证我自己能直接使用,其他人仅做参考。
以下代码需要自己抓包改所有url中的seatId,有了seatId就可以直接在web端登录访问https://office.chaoxing.com/data/apps/seatengine/reservelist?cpage=1&pageSize=10&type=2&seatId=xxx,
这样就可以获取到以前预约过的roomid和座位号seatNum,当然,懒得抓包可以直接遍历一波seatId
总结就是需要自己找到需要的seatid、roomid、seatNum,定时抢可以自己改时间
抢多个人的可以用aiohttp修改,放到服务器上定时运行更舒服
[Python] 纯文本查看 复制代码
```python
import requests
import requests.utils
from lxml import etree
import re
from Crypto.Cipher import AES
import base64
from datetime import datetime
import time
def encrpytByAES(message, key):
key = "u2oh6Vu^HWe4_AES"
iv = key.encode("utf-8")
message = message.encode("utf-8")
# 使用PKCS7Padding填充
BS = AES.block_size
padding = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS).encode()
cipher = AES.new(iv, AES.MODE_CBC, iv)
ciphertext = cipher.encrypt(padding(message))
return base64.b64encode(ciphertext).decode('utf-8')
def getCookies(data, headers):
url = "https://passport2.chaoxing.com/fanyalogin"
# proxy = {"http": "http://127.0.0.1:8080"}
resp = requests.session()
resp.headers = headers
resp.post(url, data=data)
url1 = "https://office.chaoxing.com/front/apps/seatengine/index?seatId=796"
resp.get(url=url1)
cookies = dict(resp.cookies.items())
name = requests.utils.unquote(cookies['oa_name'])
print(name)
return resp
def getToken(session, today):
# proxy = {"http": "http://127.0.0.1:8080"}
url = f"http://office.chaoxing.com/front/third/apps/seatengine/select?id=1901&day={today}&backLevel=2&seatId=796"
resp = session.get(url)
res = etree.HTML(resp.text)
script = res.xpath('/html/body/script[3]/text()')[0]
pattern = re.compile("token = '(?P<token>.*?)'")
token = pattern.search(script)
if token:
token = token.group('token')
return token
else:
return None
def getSeat(session, roomId, startTime, endTime, day, seatNum, token):
# proxy = "http://127.0.0.1:8080"
seatNum = str(seatNum).rjust(3, '0')
url = f'http://office.chaoxing.com/data/apps/seatengine/submit?roomId={roomId}&startTime={startTime}&endTime={endTime}&day={day}&captcha=&seatNum={seatNum}&token={token}'
# resp = requests.get(url, cookies=cookies, headers=headers, proxies=proxy)
# print(resp.text)
resp = session.get(url)
print(resp.text)
# print(cookies)
def getData(info):
data = {'fid': '-1', 'uname': encrpytByAES(info[0], 0), 'password': encrpytByAES(info[1], 0),
'refer': 'https://office.chaoxing.com/front/apps/seatengine/index?seatId=796', 't': 'true',
'forbidotherlogin': '0', 'validate': '', 'doubleFactorLogin': '0', 'independentId': '0'}
return data
def main():
headers = {
'user-agent': 'Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)'
}
info = [['手机号', '密码']] # 填写信息
# 获取data
wdata = getData(info[0])
# 获取cookie
wsession = getCookies(wdata, headers)
today = datetime.now().strftime('%Y-%m-%d')
# 获取必要的token
wtoken = getToken(wsession, today)
while True:
t = datetime.now().strftime("%H:%M:%S")
if t == "07:45:01": # 指定时间抢
print(datetime.now())
getSeat(wsession, 1888, "08:00", "21:30", today, 14, wtoken) # 需要修改信息
print(datetime.now())
break
else:
time.sleep(0.2)
if __name__ == '__main__':
main()
# 10 15 * * * /home/ubuntu/chaoxing.py >> /home/ubuntu/script.log # 在服务器上定时任务更加舒服
``` | 
发表于 2023-4-30 17:27
|
发表于 2023-4-30 22:53
