1、申 请 I D:Doodlister
2、个人邮箱:doodlister@126.com
3、原创技术文章:记一次对冲顶大会,芝士超人抓包,自动刷复活卡的过程
最近答题很流行,微信的头脑风暴,还有直播答题,可以赚钱的几款APP:冲顶大会、芝士超人。等等
规则模式上是大致相同的,每场设置总奖金,用户在连续答对12道题(每道题10秒答题时间),就可以平分总奖金。设有复活卡,可以抵消一次答错,每场可用一次,需要邀请一位新用户获得。
大体思路:
通过抓包找到 1.向手机号发送验证码的接口 2.通过验证码登陆的接口 3.绑定邀请码的接口,程序通过收码平台接收验证码,并自动绑定.
研究过程:
直接上Fiddler进行抓包。由于当时忘了保存截图。。 抓包过程不再赘述,直接上抓包结果。
冲顶大会:
发码:
URL:http://api.api.chongdingdahui.com/user/requestSmsCode
协议:POST
请求参数:{"phone":"这里填写手机号"}
成功返回参数:{"code":0,"msg":"请求成功"}
程序如下:
public CDDHResult getCode(String userPhone) throws Exception {
String url = "http://api.api.chongdingdahui.com/user/requestSmsCode";
Map jsonMap = new HashMap<String,String>();
jsonMap.put("phone",userPhone);
String jsonString = JSON.toJSONString(jsonMap);
String responseJson = HttpClientUtil.doPost(url, jsonString);
CDDHResult resultEntity = JSON.parseObject(responseJson, CDDHResult.class);
logger.info("短信发送成功");
return resultEntity;
}
登陆:
URLhttp://api.api.chongdingdahui.com/user/login
协议:POST
请求参数:{"phone":"手机号","code","验证码"}
成功返回参数:{"code":0,"msg":"请求成功","data":{"user":{"created":null,"updated":null,"username":"手机用户21970vXk","userId":17549260,"phone":"17336321970","avatarUrl":"https://img4.jiecaojingxuan.com/st/chongding/defaultAvatar.png","balance":0,"income":0,"shareCode":"17649270","inviteCode":null,"lifePoints":0,"wxUnionId":null,"wxAppOpenId":"","sessionToken":"1.17549260.1022164.bZI.7bcbe46bdc4806cd3cde92e819f386f5","lastLoginTs":"2018-01-12T19:56:04.88","pushAlias":"Tdrwqd125sCvBjdK","status":0},"register":true}}
这里需要的是 sessionToken 一会刷复活卡的时候 header 需要带着这个字段。
程序如下:
public CDDHUser login(String userPhone,String code) throws Exception {
String url = "http://api.api.chongdingdahui.com/user/login";
Map jsonMap = new HashMap<String,String>();
jsonMap.put("code",code);
jsonMap.put("phone",userPhone);
String jsonString = JSON.toJSONString(jsonMap);
String responseJson = HttpClientUtil.doPost(url, jsonString);
CDDHResult result = JSON.parseObject(responseJson, CDDHResult.class);
if(result.getCode() == result.SUCCESS){
//登陆成功
JSONObject data = (JSONObject) result.getData();
if(data.containsKey("user")){
JSONObject userObject = (JSONObject) data.get("user");
CDDHUser user = userObject.toJavaObject(CDDHUser.class);
logger.info(userPhone+" 登陆成功");
return user;
}else{
logger.error(userPhone+"登陆失败" +data.toString());
throw new Exception(data.toString());
}
}else if(result.getCode() == result.CODE_ERROR){
//验证码错误
logger.error(userPhone+" 登陆失败"+"验证码错误" );
throw new CodeErrorException(result.getMsg());
}else{
//未知错误
logger.error(userPhone+"登陆失败"+result.toString());
throw new Exception(result.toString());
}
//{"code":3,"msg":"验证码错误","data":null}
//登陆成功json
//{"code":0,"msg":"请求成功","data":{"user":{"created":null,"updated":null,"username":"手机用户21970vXk","userId":17549260,"phone":"17336321970","avatarUrl":"https://img4.jiecaojingxuan.com/st/chongding/defaultAvatar.png","balance":0,"income":0,"shareCode":"17649270","inviteCode":null,"lifePoints":0,"wxUnionId":null,"wxAppOpenId":"","sessionToken":"1.17549260.1022164.bZI.7bcbe46bdc4806cd3cde92e819f386f5","lastLoginTs":"2018-01-12T19:56:04.88","pushAlias":"Tdrwqd125sCvBjdK","status":0},"register":true}}
}
发码:
URL:http://api.api.chongdingdahui.com/user/requestSmsCode
协议:POST
请求参数:{"phone":"这里填写手机号"}
成功返回参数:{"code":0,"msg":"请求成功"}
程序如下:
public CDDHResult getCode(String userPhone) throws Exception {
String url = "http://api.api.chongdingdahui.com/user/requestSmsCode";
Map jsonMap = new HashMap<String,String>();
jsonMap.put("phone",userPhone);
String jsonString = JSON.toJSONString(jsonMap);
String responseJson = HttpClientUtil.doPost(url, jsonString);
CDDHResult resultEntity = JSON.parseObject(responseJson, CDDHResult.class);
logger.info("短信发送成功");
return resultEntity;
}
芝士超人:
发码:
URL:http://service.h7tuho5mf.cn/api/v1/verification_code
协议:POST
请求参数:‘
{
"region": "cn",
"phone": "86xxxxxxxxxxx"
}
成功返回参数:
{
"request_id": "1516111222889829",
"error_msg": "操作成功",
"dm_error": 0,
"channel": "question"
}
request_id 下面需要继续使用。
程序如下:
public Map<String,String> sendCode(String userPhone) throws Exception {
Map<String,String> dataMap = new HashMap<String, String>();
String url = "http://service.h7tuho5mf.cn/api/v1/verification_code";
dataMap.put("phone","86"+userPhone);
dataMap.put("region","cn");
String jsonString = JSON.toJSONString(dataMap);
String responseJson = HttpClientUtil.doPost(url, jsonString);
JSONObject jsonObject = JSON.parseObject(responseJson);
logger.debug(jsonObject);
if("操作成功".equals(jsonObject.getString("error_msg"))){
logger.info("手机号:"+userPhone+"发送短信成功.等待短信平台接受短信");
dataMap.put("request_id",jsonObject.getString("request_id"));
return dataMap;
}else{
logger.error("手机号:"+dataMap.get("phone")+"短信发送失败.."+jsonObject);
throw new SendCodeException("手机号:"+dataMap.get("phone")+"短信发送失败.."+jsonObject);
}
//请求成功JSON
//{"error_msg":"操作成功","channel":"question","request_id":"1515809554285954","dm_error":0}
//JSON.parseObject(responseJson)
}
登陆:
URL:http://service.h7tuho5mf.cn/api/v1/login
协议:POST
请求参数:‘ code是收到的验证码,request_id是上一步返回的request_id
{
"code": "604051",
"phone": "86xxxxxxxxxxx",
"request_id": "1516104626546963",
"platform": "phone"
}
成功返回参数:
{"uid": 10117380,"first_login": false,"first_register": false,"dm_error": 0,"session": "30li0Efq40rPyUsbwmHVJ1i00KXMrbh7wnG7uzEnSkoi2i2WwBG9Ei3","error_msg": "操作成功"}
程序如下:public Map<String,String> login(String code,Map<String,String> dataMap) throws Exception { //请求数据 {"phone":"8613230282281","platform":"phone","request_id":"1515806403128152","code":"257584"}
//返回数据 {"uid":7871510,"error_msg":"操作成功","session":"308KULlnIWXEgsxYmqmWi2wRw6SIlkRwk5FA2ldGQnY94BMyAi3i3","first_login":true,"first_register":true,"dm_error":0}
String url = "http://service.h7tuho5mf.cn/api/v1/login";
dataMap.put("platform","phone");
dataMap.put("code",code);
String jsonString = JSON.toJSONString(dataMap);
String responseJson = HttpClientUtil.doPost(url, jsonString);
JSONObject jsonObject = JSON.parseObject(responseJson);
logger.debug(jsonObject);
if("操作成功".equals(jsonObject.getString("error_msg"))){
logger.info("手机号:"+dataMap.get("phone")+"登陆成功");
dataMap.put("uid", jsonObject.get("uid").toString());
dataMap.put("session", (String) jsonObject.get("session"));
return dataMap;
}else{
logger.error("手机号:"+dataMap.get("phone")+"登陆失败.."+jsonObject);
throw new LoginFailException("手机号:"+dataMap.get("phone")+"登陆失败.."+jsonObject);
}
}
邀请:
URL:http://service.h7tuho5mf.cn/api/invite_code/bind?code=邀请码&uid=上面返回的UID&sid=登陆返回的session
协议:GET
成功返回参数:
{"revivals": 1,"bind_success": 1,"dm_error": 0,"error_msg": "操作成功"}
request_id 下面需要继续使用。
程序如下:
public Boolean bindInviteCode(String inviteCode,Map<String,String> dataMap) throws Exception {
// String url = "http://service.h7tuho5mf.cn/api/invite_code/bind?sid=30eEE6WcY3XORGn4i1fSCLRVlHAo6eoNQUSnq1WUtGLaM5WeAi3i3&&uid=7852456&code=W6VS4";
String url ="http://service.h7tuho5mf.cn/api/invite_code/bind?sid="+dataMap.get("session")+"&uid="+dataMap.get("uid")+"&code="+inviteCode;
String responseJson = HttpClientUtil.doGet(url);
//{"uid":7871510,"error_msg":"操作成功","session":"308KULlnIWXEgsxYmqmWi2wRw6SIlkRwk5FA2ldGQnY94BMyAi3i3","first_login":true,"first_register":true,"dm_error":0}
//{"error_msg":"请求参数错误","dm_error":499}
//{"error_msg":"操作成功","text":"不能输入自己的邀请码哦~","bind_success":0,"dm_error":0}
JSONObject jsonObject = JSON.parseObject(responseJson);
logger.debug(jsonObject);
logger.info(url);
logger.info(jsonObject);
if("操作成功".equals(jsonObject.getString("error_msg"))){
if(jsonObject.getString("text").contains("您已输入过邀请码哦")){
throw new BindInviteException("手机号:"+dataMap.get("phone")+"绑定失败.."+jsonObject);
}
logger.info("手机号:"+dataMap.get("phone")+"绑定成功");
}else{
logger.error("手机号:"+dataMap.get("phone")+"绑定失败.."+jsonObject);
logger.error(url);
logger.error(dataMap);
throw new BindInviteException("手机号:"+dataMap.get("phone")+"绑定失败.."+jsonObject);
}
return true;
}
完整程序代码我已push到我的github 欢迎大家START。
|
吾爱游客
发表于 2018-1-20 10:48
发表于 2018-1-20 13:16
