前言
某宝登入接口:https://login.taobao.com/
一、页面分析
二、参数来源
- loginId:输入的手机号
- password2:加密的登入密码
- ua:根据user-agent生成,可以直接拿来用
- _csrf_token:从进入网页的源码中获取
- umidToken:从进入网页的源码中获取
- hsiz:从进入网页的源码中获取
三、参数破解
我们了解到参数来源后,需要解决的就是password2的生成方式,我们直接搜password2
出来一个,直接点进去再搜一次,找到加密位置,下断点重新请求
我们可以看出是一个典型的Rsa加密
四、扣源码吧
这里需要补上一些环境变量,怎么补?自己运行缺啥补啥
var o, t, e;
var window = {
};
var navigator = {
};
function i(t, e, n) {
null != t && ("number" == typeof t ? this.fromNumber(t, e, n) : null == e && "string" != typeof t ? this.fromString(t, 256) : this.fromString(t, e))
}
function r() {
return new i(null)
}
"Microsoft Internet Explorer" == navigator.appName ? (i.prototype.am = function (t, e, n, o, i, r) {
for (var a = 32767 & e, s = e >> 15; --r >= 0;) {
var c = 32767 & this[t]
, u = this[t++] >> 15
, l = s * c + u * a;
i = ((c = a * c + ((32767 & l) << 15) + n[o] + (1073741823 & i)) >>> 30) + (l >>> 15) + s * u + (i >>> 30),
n[o++] = 1073741823 & c
}
return i
}
,
o = 30) : "Netscape" != navigator.appName ? (i.prototype.am = function (t, e, n, o, i, r) {
for (; --r >= 0;) {
var a = e * this[t++] + n[o] + i;
i = Math.floor(a / 67108864),
n[o++] = 67108863 & a
}
return i
}
,
o = 26) : (i.prototype.am = function (t, e, n, o, i, r) {
for (var a = 16383 & e, s = e >> 14; --r >= 0;) {
var c = 16383 & this[t]
, u = this[t++] >> 14
, l = s * c + u * a;
i = ((c = a * c + ((16383 & l) << 14) + n[o] + i) >> 28) + (l >> 14) + s * u,
n[o++] = 268435455 & c
}
return i
}
,
o = 28),
i.prototype.DB = o,
i.prototype.DM = (1 << o) - 1,
i.prototype.DV = 1 << o;
i.prototype.FV = Math.pow(2, 52),
i.prototype.F1 = 52 - o,
i.prototype.F2 = 2 * o - 52;
var a, s, c = "0123456789abcdefghijklmnopqrstuvwxyz", u = new Array;
for (a = "0".charCodeAt(0),
s = 0; s <= 9; ++s)
u[a++] = s;
for (a = "a".charCodeAt(0),
s = 10; s < 36; ++s)
u[a++] = s;
for (a = "A".charCodeAt(0),
s = 10; s < 36; ++s)
u[a++] = s;
function l(t) {
return c.charAt(t)
}
function f(t, e) {
var n = u[t.charCodeAt(e)];
return null == n ? -1 : n
}
function p(t) {
var e = r();
return e.fromInt(t),
e
}
function d(t) {
var e, n = 1;
return 0 != (e = t >>> 16) && (t = e,
n += 16),
0 != (e = t >> 8) && (t = e,
n += 8),
0 != (e = t >> 4) && (t = e,
n += 4),
0 != (e = t >> 2) && (t = e,
n += 2),
0 != (e = t >> 1) && (t = e,
n += 1),
n
}
function h(t) {
this.m = t
}
function g(t) {
this.m = t,
this.mp = t.invDigit(),
this.mpl = 32767 & this.mp,
this.mph = this.mp >> 15,
this.um = (1 << t.DB - 15) - 1,
this.mt2 = 2 * t.t
}
function y() {
this.i = 0,
this.j = 0,
this.S = new Array
}
h.prototype.convert = function (t) {
return t.s < 0 || t.compareTo(this.m) >= 0 ? t.mod(this.m) : t
}
,
h.prototype.revert = function (t) {
return t
}
,
h.prototype.reduce = function (t) {
t.divRemTo(this.m, null, t)
}
,
h.prototype.mulTo = function (t, e, n) {
t.multiplyTo(e, n),
this.reduce(n)
}
,
h.prototype.sqrTo = function (t, e) {
t.squareTo(e),
this.reduce(e)
}
,
g.prototype.convert = function (t) {
var e = r();
return t.abs().dlShiftTo(this.m.t, e),
e.divRemTo(this.m, null, e),
t.s < 0 && e.compareTo(i.ZERO) > 0 && this.m.subTo(e, e),
e
}
,
g.prototype.revert = function (t) {
var e = r();
return t.copyTo(e),
this.reduce(e),
e
}
,
g.prototype.reduce = function (t) {
for (; t.t <= this.mt2;)
t[t.t++] = 0;
for (var e = 0; e < this.m.t; ++e) {
var n = 32767 & t[e]
, o = n * this.mpl + ((n * this.mph + (t[e] >> 15) * this.mpl & this.um) << 15) & t.DM;
for (t[n = e + this.m.t] += this.m.am(0, o, t, e, 0, this.m.t); t[n] >= t.DV;)
t[n] -= t.DV,
t[++n]++
}
t.clamp(),
t.drShiftTo(this.m.t, t),
t.compareTo(this.m) >= 0 && t.subTo(this.m, t)
}
,
g.prototype.mulTo = function (t, e, n) {
t.multiplyTo(e, n),
this.reduce(n)
}
,
g.prototype.sqrTo = function (t, e) {
t.squareTo(e),
this.reduce(e)
}
,
i.prototype.copyTo = function (t) {
for (var e = this.t - 1; e >= 0; --e)
t[e] = this[e];
t.t = this.t,
t.s = this.s
}
,
i.prototype.fromInt = function (t) {
this.t = 1,
this.s = t < 0 ? -1 : 0,
t > 0 ? this[0] = t : t < -1 ? this[0] = t + this.DV : this.t = 0
}
,
i.prototype.fromString = function (t, e) {
var n;
if (16 == e)
n = 4;
else if (8 == e)
n = 3;
else if (256 == e)
n = 8;
else if (2 == e)
n = 1;
else if (32 == e)
n = 5;
else {
if (4 != e)
return void this.fromRadix(t, e);
n = 2
}
this.t = 0,
this.s = 0;
for (var o = t.length, r = !1, a = 0; --o >= 0;) {
var s = 8 == n ? 255 & t[o] : f(t, o);
s < 0 ? "-" == t.charAt(o) && (r = !0) : (r = !1,
0 == a ? this[this.t++] = s : a + n > this.DB ? (this[this.t - 1] |= (s & (1 << this.DB - a) - 1) << a,
this[this.t++] = s >> this.DB - a) : this[this.t - 1] |= s << a,
(a += n) >= this.DB && (a -= this.DB))
}
8 == n && 0 != (128 & t[0]) && (this.s = -1,
a > 0 && (this[this.t - 1] |= (1 << this.DB - a) - 1 << a)),
this.clamp(),
r && i.ZERO.subTo(this, this)
}
,
i.prototype.clamp = function () {
for (var t = this.s & this.DM; this.t > 0 && this[this.t - 1] == t;)
--this.t
}
,
i.prototype.dlShiftTo = function (t, e) {
var n;
for (n = this.t - 1; n >= 0; --n)
e[n + t] = this[n];
for (n = t - 1; n >= 0; --n)
e[n] = 0;
e.t = this.t + t,
e.s = this.s
}
,
i.prototype.drShiftTo = function (t, e) {
for (var n = t; n < this.t; ++n)
e[n - t] = this[n];
e.t = Math.max(this.t - t, 0),
e.s = this.s
}
,
i.prototype.lShiftTo = function (t, e) {
var n, o = t % this.DB, i = this.DB - o, r = (1 << i) - 1, a = Math.floor(t / this.DB),
s = this.s << o & this.DM;
for (n = this.t - 1; n >= 0; --n)
e[n + a + 1] = this[n] >> i | s,
s = (this[n] & r) << o;
for (n = a - 1; n >= 0; --n)
e[n] = 0;
e[a] = s,
e.t = this.t + a + 1,
e.s = this.s,
e.clamp()
}
,
i.prototype.rShiftTo = function (t, e) {
e.s = this.s;
var n = Math.floor(t / this.DB);
if (n >= this.t)
e.t = 0;
else {
var o = t % this.DB
, i = this.DB - o
, r = (1 << o) - 1;
e[0] = this[n] >> o;
for (var a = n + 1; a < this.t; ++a)
e[a - n - 1] |= (this[a] & r) << i,
e[a - n] = this[a] >> o;
o > 0 && (e[this.t - n - 1] |= (this.s & r) << i),
e.t = this.t - n,
e.clamp()
}
}
,
i.prototype.subTo = function (t, e) {
for (var n = 0, o = 0, i = Math.min(t.t, this.t); n < i;)
o += this[n] - t[n],
e[n++] = o & this.DM,
o >>= this.DB;
if (t.t < this.t) {
for (o -= t.s; n < this.t;)
o += this[n],
e[n++] = o & this.DM,
o >>= this.DB;
o += this.s
} else {
for (o += this.s; n < t.t;)
o -= t[n],
e[n++] = o & this.DM,
o >>= this.DB;
o -= t.s
}
e.s = o < 0 ? -1 : 0,
o < -1 ? e[n++] = this.DV + o : o > 0 && (e[n++] = o),
e.t = n,
e.clamp()
}
,
i.prototype.multiplyTo = function (t, e) {
var n = this.abs()
, o = t.abs()
, r = n.t;
for (e.t = r + o.t; --r >= 0;)
e[r] = 0;
for (r = 0; r < o.t; ++r)
e[r + n.t] = n.am(0, o[r], e, r, 0, n.t);
e.s = 0,
e.clamp(),
this.s != t.s && i.ZERO.subTo(e, e)
}
,
i.prototype.squareTo = function (t) {
for (var e = this.abs(), n = t.t = 2 * e.t; --n >= 0;)
t[n] = 0;
for (n = 0; n < e.t - 1; ++n) {
var o = e.am(n, e[n], t, 2 * n, 0, 1);
(t[n + e.t] += e.am(n + 1, 2 * e[n], t, 2 * n + 1, o, e.t - n - 1)) >= e.DV && (t[n + e.t] -= e.DV,
t[n + e.t + 1] = 1)
}
t.t > 0 && (t[t.t - 1] += e.am(n, e[n], t, 2 * n, 0, 1)),
t.s = 0,
t.clamp()
}
,
i.prototype.divRemTo = function (t, e, n) {
var o = t.abs();
if (!(o.t <= 0)) {
var a = this.abs();
if (a.t < o.t)
return null != e && e.fromInt(0),
void (null != n && this.copyTo(n));
null == n && (n = r());
var s = r()
, c = this.s
, u = t.s
, l = this.DB - d(o[o.t - 1]);
l > 0 ? (o.lShiftTo(l, s),
a.lShiftTo(l, n)) : (o.copyTo(s),
a.copyTo(n));
var f = s.t
, p = s[f - 1];
if (0 != p) {
var h = p * (1 << this.F1) + (f > 1 ? s[f - 2] >> this.F2 : 0)
, g = this.FV / h
, y = (1 << this.F1) / h
, m = 1 << this.F2
, v = n.t
, M = v - f
, w = null == e ? r() : e;
for (s.dlShiftTo(M, w),
n.compareTo(w) >= 0 && (n[n.t++] = 1,
n.subTo(w, n)),
i.ONE.dlShiftTo(f, w),
w.subTo(s, s); s.t < f;)
s[s.t++] = 0;
for (; --M >= 0;) {
var b = n[--v] == p ? this.DM : Math.floor(n[v] * g + (n[v - 1] + m) * y);
if ((n[v] += s.am(0, b, n, M, 0, f)) < b)
for (s.dlShiftTo(M, w),
n.subTo(w, n); n[v] < --b;)
n.subTo(w, n)
}
null != e && (n.drShiftTo(f, e),
c != u && i.ZERO.subTo(e, e)),
n.t = f,
n.clamp(),
l > 0 && n.rShiftTo(l, n),
c < 0 && i.ZERO.subTo(n, n)
}
}
}
,
i.prototype.invDigit = function () {
if (this.t < 1)
return 0;
var t = this[0];
if (0 == (1 & t))
return 0;
var e = 3 & t;
return (e = (e = (e = (e = e * (2 - (15 & t) * e) & 15) * (2 - (255 & t) * e) & 255) * (2 - ((65535 & t) * e & 65535)) & 65535) * (2 - t * e % this.DV) % this.DV) > 0 ? this.DV - e : -e
}
,
i.prototype.isEven = function () {
return 0 == (this.t > 0 ? 1 & this[0] : this.s)
}
,
i.prototype.exp = function (t, e) {
if (t > 4294967295 || t < 1)
return i.ONE;
var n = r()
, o = r()
, a = e.convert(this)
, s = d(t) - 1;
for (a.copyTo(n); --s >= 0;)
if (e.sqrTo(n, o),
(t & 1 << s) > 0)
e.mulTo(o, a, n);
else {
var c = n;
n = o,
o = c
}
return e.revert(n)
}
,
i.prototype.toString = function (t) {
if (this.s < 0)
return "-" + this.negate().toString(t);
var e;
if (16 == t)
e = 4;
else if (8 == t)
e = 3;
else if (2 == t)
e = 1;
else if (32 == t)
e = 5;
else {
if (4 != t)
return this.toRadix(t);
e = 2
}
var n, o = (1 << e) - 1, i = !1, r = "", a = this.t, s = this.DB - a * this.DB % e;
if (a-- > 0)
for (s < this.DB && (n = this[a] >> s) > 0 && (i = !0,
r = l(n)); a >= 0;)
s < e ? (n = (this[a] & (1 << s) - 1) << e - s,
n |= this[--a] >> (s += this.DB - e)) : (n = this[a] >> (s -= e) & o,
s <= 0 && (s += this.DB,
--a)),
n > 0 && (i = !0),
i && (r += l(n));
return i ? r : "0"
}
,
i.prototype.negate = function () {
var t = r();
return i.ZERO.subTo(this, t),
t
}
,
i.prototype.abs = function () {
return this.s < 0 ? this.negate() : this
}
,
i.prototype.compareTo = function (t) {
var e = this.s - t.s;
if (0 != e)
return e;
var n = this.t;
if (0 != (e = n - t.t))
return this.s < 0 ? -e : e;
for (; --n >= 0;)
if (0 != (e = this[n] - t[n]))
return e;
return 0
}
,
i.prototype.bitLength = function () {
return this.t <= 0 ? 0 : this.DB * (this.t - 1) + d(this[this.t - 1] ^ this.s & this.DM)
}
,
i.prototype.mod = function (t) {
var e = r();
return this.abs().divRemTo(t, null, e),
this.s < 0 && e.compareTo(i.ZERO) > 0 && t.subTo(e, e),
e
}
,
i.prototype.modPowInt = function (t, e) {
var n;
return n = t < 256 || e.isEven() ? new h(e) : new g(e),
this.exp(t, n)
}
,
i.ZERO = p(0),
i.ONE = p(1),
y.prototype.init = function (t) {
var e, n, o;
for (e = 0; e < 256; ++e)
this.S[e] = e;
for (n = 0,
e = 0; e < 256; ++e)
n = n + this.S[e] + t[e % t.length] & 255,
o = this.S[e],
this.S[e] = this.S[n],
this.S[n] = o;
this.i = 0,
this.j = 0
}
,
y.prototype.next = function () {
var t;
return this.i = this.i + 1 & 255,
this.j = this.j + this.S[this.i] & 255,
t = this.S[this.i],
this.S[this.i] = this.S[this.j],
this.S[this.j] = t,
this.S[t + this.S[this.i] & 255]
}
;
var m, v, M, w = 256;
function b() {
!function (t) {
v[M++] ^= 255 & t,
v[M++] ^= t >> 8 & 255,
v[M++] ^= t >> 16 & 255,
v[M++] ^= t >> 24 & 255,
M >= w && (M -= w)
}((new Date).getTime())
}
if (null == v) {
var N;
if (v = new Array,
M = 0,
window.crypto && window.crypto.getRandomValues) {
var C = new Uint8Array(32);
for (window.crypto.getRandomValues(C),
N = 0; N < 32; ++N)
v[M++] = C[N]
}
if ("Netscape" == navigator.appName && navigator.appVersion < "5" && window.crypto && window.crypto.random) {
var T = window.crypto.random(32);
for (N = 0; N < T.length; ++N)
v[M++] = 255 & T.charCodeAt(N)
}
for (; M < w;)
N = Math.floor(65536 * Math.random()),
v[M++] = N >>> 8,
v[M++] = 255 & N;
M = 0,
b()
}
function I() {
if (null == m) {
for (b(),
(m = new y).init(v),
M = 0; M < v.length; ++M)
v[M] = 0;
M = 0
}
return m.next()
}
function j() {
}
function D() {
this.n = null,
this.e = 0,
this.d = null,
this.p = null,
this.q = null,
this.dmp1 = null,
this.dmq1 = null,
this.coeff = null
}
j.prototype.nextBytes = function (t) {
var e;
for (e = 0; e < t.length; ++e)
t[e] = I()
}
,
D.prototype.doPublic = function (t) {
return t.modPowInt(this.e, this.n)
}
,
D.prototype.setPublic = function (t, e) {
null != t && null != e && t.length > 0 && e.length > 0 ? (this.n = function (t, e) {
return new i(t, e)
}(t, 16),
this.e = parseInt(e, 16)) : alert("Invalid RSA public key")
}
,
D.prototype.encrypt = function (t) {
var e = function (t, e) {
// if (e < t.length + 11)
// return alert("Message too long for RSA"),
// null;
for (var n = new Array, o = t.length - 1; o >= 0 && e > 0;) {
var r = t.charCodeAt(o--);
r < 128 ? n[--e] = r : r > 127 && r < 2048 ? (n[--e] = 63 & r | 128,
n[--e] = r >> 6 | 192) : (n[--e] = 63 & r | 128,
n[--e] = r >> 6 & 63 | 128,
n[--e] = r >> 12 | 224)
}
n[--e] = 0;
for (var a = new j, s = new Array; e > 2;) {
for (s[0] = 0; 0 == s[0];)
a.nextBytes(s);
n[--e] = s[0]
}
return n[--e] = 2,
n[--e] = 0,
new i(n)
}(t, this.n.bitLength() + 7 >> 3);
if (null == e)
return null;
var n = this.doPublic(e);
if (null == n)
return null;
var o = n.toString(16);
return 0 == (1 & o.length) ? o : "0" + o
}
;
var rsa = new D();
rsa.setPublic("d3bcef1f00424f3261c89323fa8cdfa12bbac400d9fe8bb627e8d27a44bd5d59dce559135d678a8143beb5b8d7056c4e1f89c4e1f152470625b7b41944a97f02da6f605a49a93ec6eb9cbaf2e7ac2b26a354ce69eb265953d2c29e395d6d8c1cdb688978551aa0f7521f290035fad381178da0bea8f9e6adce39020f513133fb", "10001");
var password = '你的淘宝密码';
var password2 = rsa.encrypt(password);
console.log(password2);
五、运行调试
将生成的password2加入请求中,可以看出请求是成功的
{
'content': {
'data': {
'redirect': True,
'redirectUrl': 'https://i.taobao.com/my_taobao.htm?nekot=ztK90NChxcWwoQ==1604478854770',
'asyncUrls': ['https://passport.alibaba.com/mini_apply_st.js?callback=callback&site=0&token=1dTZ4Upbuq4RXpbG9xAP9nA'],
'resultCode': 100
},
'status': 0,
'success': True
},
'hasError': False
}
六、请求源码
import requests
headers = {
'authority': 'login.taobao.com',
'sec-ch-ua': '"Chromium";v="86", "\\"Not\\\\A;Brand";v="99", "Google Chrome";v="86"',
'accept': 'application/json, text/plain, */*',
'sec-ch-ua-mobile': '?0',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36',
'content-type': 'application/x-www-form-urlencoded',
'origin': 'https://login.taobao.com',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
'referer': 'https://login.taobao.com/',
'accept-language': 'zh-CN,zh;q=0.9',
}
params = (
('appName', 'taobao'),
('fromSite', '0'),
)
data = {
'loginId': '',
'password2': '',
'keepLogin': 'false',
'ua': '137#2uE9hE9o9u4Cg2EEs9HOVJoGInqNnP1QzrmU4UDuamux/Z+8T30RZ5TGqgGqLi9rbAqTkn5UQVlBccGQgyTQds+RdNh/L41RQl4XevrzjwcAVYgRus2VSSrY3YmHl/B9iwkV7m/JxOpv5kp0/tsimY/e714UiccWYGgf1w8T5ulXikKgarPvheMvFyaFWf2XiOXUYEfFOAyKzg4hTaO37XROCFbpwNVwScLk8IFYqh3U0e7cOB/ygWSDVJ+hWlvt6qPwXJ+tGjq/JnycZd4r7/qOL8Z7PeKa5SZ+35FGKFeO6sh23bX7vL+B8GrU/lWMWU34kcoJECOhCYB9BQ0bQnMKSh36CRkFTvjjkhUTZ/B08JAAVPV0aGfuftxITXJX7gpj18nIhu7J6pz1M6bSz8wsd8eEoyQ/Eylwb3gbQM+lx5ESWCwysiuc7MsfqHCc4XAnGyGjMskZFFZPExLWJyHhmkYnZS3LvBo99syVtwUIU7ghP0Jc1IeivXyD8yJxTlEIPGWhQDf3+qEh90JmEAEi+z8wqWjQ1qgipXicQonJ+Z6VpRSFTDtEWpipMTJS1lQypXpcQvnH+ZDVpXJ8pAiU8o8vJyTJ1gxoppimQofo+qFVpkUm1AlN5tipYSUS1qQipXpcQeno+ww/xe6WiBqXEnezPEyPKgEGz8lwVYOTwfdHcN2IXa/Rhwanv/jLjnhXWGC8KF5oVZbhd2t7K6tEviSjQ3ZKJrBW8smq+2N3pGX5snP3ErVpkuwif/EKs6fWpnvxoB2Bv+MbgPiVGk723DLyShOtdlBSz19h2pXgslUYxR6UuIgBZON66lTNpvezB0zWNsY59oceUrYjize+tEu0aMAlkL5gC84t2BtHk+bu/DR1OWvr4qisFT/vf4uq+AAUSZZ+sh0VNh3R2tJJAbaKU4A/EB3z3aAdgJ98riRO38P+hL+D7sOuh07Xp3t0Bqi/uDUWDnmrbBA91xstmWVxm2bWlHTvvCTr74fc/2n+U6B=',
'umidGetStatusVal': '255',
'screenPixel': '1920x1080',
'navlanguage': 'zh-CN',
'navUserAgent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36',
'navPlatform': 'Win32',
'appName': 'taobao',
'appEntrance': 'taobao_pc',
'_csrf_token': 'P2fjbLRJAnx7Vk8APtHIC4',
'umidToken': '4466865c1979c4886767c5dc45530c7fd367ed93',
'hsiz': '1192b46a4501bb2efb6da1fe1a985485',
'bizParams': '',
'style': 'default',
'appkey': '00000000',
'from': 'tb',
'isMobile': 'false',
'lang': 'zh_CN',
'returnUrl': '',
'fromSite': '0'
}
session = requests.session()
data['loginId'] = '你的手机号'
data['password2'] = '加密密码'
response = session.post('https://login.taobao.com/newlogin/login.do', headers=headers, params=params, data=data)
data = response.json()
print(data)
# 请求重定向链接
session.get(url=data['content']['data']['redirectUrl'], headers=headers)
# 请求搜索页
res = session.get(
url='https://s.taobao.com/search?q=%E6%89%8B%E6%9C%BA&imgfile=&commend=all&ssid=s5-e&search_type=item&sourceId=tb.index&spm=a21bo.2017.201856-taobao-item.1&ie=utf8&initiative_id=tbindexz_20170306',
headers=headers)
print(res.text)