Recently, because I wrote an article "Those things about Jingdong's grabbing Moutai", I have gained a lot of fans. I think most people may be interested in the so-called Moutai grabbing software, so today I will talk about what technologies are used in this type of software. .
Data capture
Generally speaking, a data packet is like you are chatting with a person, the content you send and the content of the other party’s reply, each sentence counts as a data packet. It's just that we change the role into a chat between your mobile application and the software's server, and the content of the chat is set, just like a password. Will reply you "Pagoda Town River Demon". Taking this software on GitHub as an example, the packet capture here is actually the chat between the browser and the JD server, because these "passwords" are relatively fixed, and we capture packets to see what they are talking about. What. If you want to know what are the packet capture tools, you can read the "Recommendation of Common Network Packet Capture Tools" I posted before, choose the software according to your actual situation, and test the packet capture.
http protocol
http protocol, the role of learning is to translate the data packets captured above.
The most commonly used HTTP protocol is GET request and POST request. In fact, there are two ways to carry information. It can be compared to three rounds of express delivery and box delivery. The cargo capacity and privacy are different. There must be a difference.
To learn the http protocol, mainly learn the following three points,
The first one is to analyze which parameters are sent with the data packet to request, which is what is mainly said in the "secret code" in the data packet mentioned above;
The second is to learn the HTTP header, which is actually like what tone you should use to chat, and where did you talk in the last sentence (referer);
The third is to understand the cookie. The cookie is told by the server after logging in, which means that you are logged in. To make a metaphor, it is very similar to your work permit. You can only communicate with the company with this work permit, and you will often add some marks to your work permit according to the work you do. With these marks, you can Which opens the doors of certain offices.
Front-end knowledge
The main purpose of learning the front end is to analyze the key information of the chat in the data packet, and the non-fixed words in the fixed "password" are all generated by js.
The front end mainly refers to web pages and js scripts. Looking at the web page is convenient for understanding the content of the web page during the process, and js is the part of the "secret code" that is dynamically generated during the interaction.
Difficulty: processing after js obfuscation or encryption
JavaScript (also referred to as js) itself is a scripting language, which is plain text, but in order to prevent people from seeing what it executes at will, js can be confused and encrypted, making it incomprehensible to human eyes, but browsers can recognize it. In this case, if you want to understand what is executed, you must learn to debug js code with a browser, reverse the specific logic of js, de-obfuscate, restore some original strings, and make them relatively readable code.
APP reverse (optional)
Because now Jingdong has to use the mobile phone to snap up, and now those dynamic "passwords" are no longer simply generated by JavaScript, some software is generated by itself, so you must learn to shell the software, and then decompile the app code to get The key request parameter (cipher) generation method, and then find the generation algorithm of the "cipher".
a development language
In fact, after analyzing the above communication methods, knowing what they talked about, and wanting to achieve our goal, just pick out the main content and chat with the server, such as telling the server with the appropriate expression and "signature
" I want to grab Moutai", it saw your sincerity, and gave you a bottle.
The development language is just a tool, which is used to simulate the chat between the browser (or App) and the server. It can be python, java, go, nodejs, etc. In fact, it is enough to simulate the desired process according to the above analysis. , so it will definitely be faster than hand movements. Among them, python should be faster to get started, and the available libraries are more complete. When you learn a language and use it to achieve what you want to do, you can become this kind of snap-off software.
Note: To make this kind of tool software, it is best not to use it for profit, it can be used as learning, and it is okay to play by yourself, and it must not be used for illegal purposes.
Writing this article is not to encourage everyone to buy software, but to arouse some people's interest in learning some technologies. Anyway, I am like this, whenever I lose motivation to study, I will find something that I am interested in, and then study, how to do it, can I try to do it, and I have learned a lot in this way.
