通过surp suite分析登录网站的认证关键信息

设置surp suite分析制定网址

登录目标网站用户中心前

• 设置系统代理
• 设置burp suite
  

下面的操作包括：登录账号、登录账号后进入用户中心
burpsuite一次点击Forward实现客户端与服务端的一次交互，并记录交互的内容

POST /gs.gif?page_url=https%3A%2F%2Fwww.gaotu100.com%2F&event_id=34219564&user_id=&track_id=fa74a091-75bb-095f-ad70-0ea7958030c3&user_number=&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

POST /user/v2/login HTTP/1.1
Host: api.gaotu100.com
Connection: close
Content-Length: 105
Accept: application/json, text/plain, /
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

mobile=17701299062&password=dad0634893c35bccf52200ba78438e7b&password_orig=sun3320318shine&isTrusted=true

OPTIONS /noviceGift/configForPC HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: POST
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: content-type,sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

POST /pv0.gif?page_url=https%3A%2F%2Fwww.gaotu100.com%2F&referrer=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile&user_number=8314384&user_id=8409173&page_str=%2Fgaotu%2Fpc%2Frefresh&pre_page_str=%2Fgaotu%2Fpc%2Findex&track_id=fa74a091-75bb-095f-ad70-0ea7958030c3&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/refresh
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

POST /pv0.gif?page_url=https%3A%2F%2Fwww.gaotu100.com%2Frefresh&referrer=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile&user_number=8314384&user_id=8409173&page_str=%2Fgaotu%2Fpc%2Findex&pre_page_str=%2Fgaotu%2Fpc%2Frefresh&track_id=fa74a091-75bb-095f-ad70-0ea7958030c3&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

OPTIONS /course/v7/pc/filter HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: GET
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

扫描二维码关注公众号，回复： 8042260 查看本文章

POST /noviceGift/configForPC HTTP/1.1
Host: api.gaotu100.com
Connection: close
Content-Length: 64
Accept: application/json, text/plain, /
sid: ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/json;charset=UTF-8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

{"headers":{"Content-Type":"application/x-www-form-urlencoded"}}

以上登录完成

接下来我点击用户中心，我的账户，关注客户端在域服务端交互时提交了能标记身份的sid
GET /_nuxt/pages/account/index.7d48bce6f1295717d9a4.js HTTP/1.1
Host: pc-cdn.gaotu100.com
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

POST /pv0.gif?page_url=https%3A%2F%2Fwww.gaotu100.com%2F&referrer=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile&user_number=8314384&user_id=8409173&page_str=%2Fgaotu%2Fpc%2Faccount&pre_page_str=%2Fgaotu%2Fpc%2Findex&track_id=fa74a091-75bb-095f-ad70-0ea7958030c3&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/account
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

POST /pv0.gif?page_url=https%3A%2F%2Fwww.gaotu100.com%2Faccount&referrer=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile&user_number=8314384&user_id=8409173&page_str=%2Fgaotu%2Fpc%2Faccount%2Fprofile&pre_page_str=%2Fgaotu%2Fpc%2Faccount&track_id=fa74a091-75bb-095f-ad70-0ea7958030c3&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/account/profile
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

OPTIONS /user/extra_profile?sid=ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: GET
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

修改昵称
OPTIONS /user/v2/update_profile HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: POST
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

POST /user/v2/update_profile HTTP/1.1
Host: api.gaotu100.com
Connection: close
Content-Length: 74
Accept: application/json, text/plain, /
sid: ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

name=%E5%A4%A7%E6%98%8E&sex=0&grade=13&subject=0&province=&city=&district=

添加收获地址
POST /user/consignee/address/add HTTP/1.1
Host: api.gaotu100.com
Connection: close
Content-Length: 239
Accept: application/json, text/plain, /
sid: ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

name=test&mobile=17700000001&province=%E5%8C%97%E4%BA%AC%E5%B8%82&city=%E5%8C%97%E4%BA%AC&area=%E6%9C%9D%E9%98%B3%E5%8C%BA&address=%E5%93%88%E5%93%88%E5%93%88%E4%BB%8E%E4%B8%9C%E5%9F%8E%E5%A4%A7%E9%81%93%E6%92%92%E5%A4%A7%E5%A3%B0%E5%9C%B0

刷新查看
GET /account/profile/address HTTP/1.1
Host: www.gaotu100.com
Connection: close
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Referer: https://www.gaotu100.com/account/profile
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; TY_SESSION_ID=51a435a4-742f-4332-b698-94b478eacb85; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3; href=https%3A%2F%2Fwww.gaotu100.com%2F; 9755xjdesxxd=32; gdxidpyhxdE=nVu3Z46VsYdkSWgE%2Fsn%2FvoKBnizxx3qIBT9K1r26YpmCWe2dNfu1tXTLCT8N%5ChYvYZSxXYXSq3QLD1xDpegnPXMtn628rp5%2Bt6zKzJoEinPS1DkgyCAa1V1OHPsirNwVGGhYNMONNa6HnrLZtPo0VgPByKOnGJIEPDnuKadODDhUMeEC%3A1575085815745; accessId=98509990-d5eb-11e8-b96a-5995ccc5f91e; ACCOUNT=MTc3MDEyOTkwNjI=; CNZZDATA1271279500=844551988-1575078259-%7C1575191744; pageViewNum=2; user_token=ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB; user_info={%22status%22:0%2C%22error_info%22:%22%22%2C%22academic_credit%22:0%2C%22chat_app_id%22:0%2C%22chat_name%22:%22%22%2C%22chat_user_sig%22:%22%22%2C%22city%22:%22%22%2C%22coin_gold%22:0%2C%22district%22:%22%22%2C%22grade%22:%2213%22%2C%22im_token%22:%22B4IpfHpseWZ2fXVqbXoqQ0E9OUI6QD02LH99b3xqdG8tRUM_PEU9Qz84LoKAcn9sf3x6czBIPz8_OzFwf39ug4mAdTJKMkFHMz0zdIUzTENHSUdEQkRJSkY_NYZ1gIg2TjZHhlt4N0E3eIJ_e4SKdX97OVFHQzmHiod8jXuMOlM7goY7RTuOe4yBf448VT1QPZg%22%2C%22mobile%22:%22MzAwWjNOYmJaZE4%253D%22%2C%22name%22:%22%22%2C%22notify_switch%22:-1%2C%22province%22:%22%22%2C%22role%22:0%2C%22school%22:%22%22%2C%22score%22:0%2C%22session_id%22:%22ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB%22%2C%22sex%22:%222%22%2C%22student_number%22:%229439773%22%2C%22subject%22:%220%22%2C%22teacher_id%22:0%2C%22user_id%22:8409173%2C%22user_number%22:8314384%2C%22wenlike%22:%220%22}

POST /pv0.gif?page_url=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile%2Faddress&referrer=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile&user_number=8314384&user_id=8409173&page_str=%2Fgaotu%2Fpc%2Faccount%2Fprofile-address&pre_page_str=%2Fgaotu%2Fpc%2Faccount%2Fprofile-address&track_id=fa74a091-75bb-095f-ad70-0ea7958030c3&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

OPTIONS /user/consignee/address/list HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: GET
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

OPTIONS /noviceGift/configForPC HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: POST
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: content-type,sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

OPTIONS /search/getHotWords HTTP/1.1
Host: api.gaotu100.com
Connection: close
Access-Control-Request-Method: GET
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Access-Control-Request-Headers: sid
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7

POST /perf.gif?url=https%3A%2F%2Fwww.gaotu100.com%2Faccount%2Fprofile%2Faddress&uuid=&uid=&path=%2Faccount%2Fprofile%2Faddress&dns=0&tcp=76&resp=2&ready=64480&tree=3062&ttfb=62356&ttsr=62523&ttfp=64085&ttdc=65590&nt=unknown&net=4g&nrtt=150&ndlm=0&ndl=10&name=gaotu-PC&ver=1.4.2 HTTP/1.1
Host: click.gaotu100.com
Connection: close
Content-Length: 0
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: /
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3

GET /favicon.ico HTTP/1.1
Host: www.gaotu100.com
Connection: close
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Accept: image/webp,image/apng,image/,/*;q=0.8
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
Cookie: UM_distinctid=16eba2b3adb145-02281dd2237ba1-1c3c6a5c-fa000-16eba2b3adc1af; TY_SESSION_ID=51a435a4-742f-4332-b698-94b478eacb85; _gaotu_trackid=fa74a091-75bb-095f-ad70-0ea7958030c3; href=https%3A%2F%2Fwww.gaotu100.com%2F; 9755xjdesxxd=32; gdxidpyhxdE=nVu3Z46VsYdkSWgE%2Fsn%2FvoKBnizxx3qIBT9K1r26YpmCWe2dNfu1tXTLCT8N%5ChYvYZSxXYXSq3QLD1xDpegnPXMtn628rp5%2Bt6zKzJoEinPS1DkgyCAa1V1OHPsirNwVGGhYNMONNa6HnrLZtPo0VgPByKOnGJIEPDnuKadODDhUMeEC%3A1575085815745; accessId=98509990-d5eb-11e8-b96a-5995ccc5f91e; ACCOUNT=MTc3MDEyOTkwNjI=; user_token=ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB; user_info={%22status%22:0%2C%22error_info%22:%22%22%2C%22academic_credit%22:0%2C%22chat_app_id%22:0%2C%22chat_name%22:%22%22%2C%22chat_user_sig%22:%22%22%2C%22city%22:%22%22%2C%22coin_gold%22:0%2C%22district%22:%22%22%2C%22grade%22:%2213%22%2C%22im_token%22:%22B4IpfHpseWZ2fXVqbXoqQ0E9OUI6QD02LH99b3xqdG8tRUM_PEU9Qz84LoKAcn9sf3x6czBIPz8_OzFwf39ug4mAdTJKMkFHMz0zdIUzTENHSUdEQkRJSkY_NYZ1gIg2TjZHhlt4N0E3eIJ_e4SKdX97OVFHQzmHiod8jXuMOlM7goY7RTuOe4yBf448VT1QPZg%22%2C%22mobile%22:%22MzAwWjNOYmJaZE4%253D%22%2C%22name%22:%22%22%2C%22notify_switch%22:-1%2C%22province%22:%22%22%2C%22role%22:0%2C%22school%22:%22%22%2C%22score%22:0%2C%22session_id%22:%22ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB%22%2C%22sex%22:%222%22%2C%22student_number%22:%229439773%22%2C%22subject%22:%220%22%2C%22teacher_id%22:0%2C%22user_id%22:8409173%2C%22user_number%22:8314384%2C%22wenlike%22:%220%22}; CNZZDATA1271279500=844551988-1575078259-%7C1575202606; qimo_seosource_98509990-d5eb-11e8-b96a-5995ccc5f91e=%E7%AB%99%E5%86%85; qimo_seokeywords_98509990-d5eb-11e8-b96a-5995ccc5f91e=; pageViewNum=3

GET /user/consignee/address/list HTTP/1.1
Host: api.gaotu100.com
Connection: close
Accept: application/json, text/plain, /
sid: ciIUZcsFdFHoljR8eQGUfxufMGqh5ceB
Origin: https://www.gaotu100.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Referer: https://www.gaotu100.com/account/profile/address
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7