A successful interface call
Originally, it was just a call to the wx index interface. The python code is as follows:
urllib3.disable_warnings()
page = SessionPage()
state = page.post(url='https://search.weixin.qq.com/cgi-bin/wxaweb/wxindex',
json={
"openid": "xxxxxxxxxxx",
"search_key": "xxxxxxxxxxxx",
"cgi_name": "GetMultiChannel",
"query": ["母亲节"],
"start_ymd": "20210422",
"end_ymd": "20230518"
},
headers={
'Host': 'search.weixin.qq.com',
'referer': 'https://servicewechat.com/wxc026e7662ec26a3a/42/page-frame.html',
'user-agent': 'Mozilla/5.0 (Linux; Android 7.1.2; SM-G9810 Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/92.0.4515.131 Mobile Safari/537.36 MMWEBID/3687 MicroMessenger/8.0.27.2220(0x28001B36) WeChat/arm32 Weixin NetType/WIFI Language/zh_CN ABI/arm32 MiniProgramEnv/android',
'Content-Type': 'application/json'
}, show_errmsg=True,
verify=False)
print('state:' + str(state))
print('响应:' + page.html)
The code is very simple. According to the interception of Charles, the parameters are assembled, and the request succeeds directly!
A failed interface call
Just when I was happy, I sent another request, and the response became: {"code":-10000, "msg": "auth failed."}, failed!
Unbelievable, I tried a few more times, but auth failed all the time, I am sure, it really failed!
So I started looking for the reason for the failure.
After comparing the parameters of Charles many times, it is found that the search_key in the request is a dynamic parameter that will change periodically.
So the following content is to study why and how the search_key changes.
reverse source
The wx index data comes from the small program wx index, so it is necessary to reverse wxapkg and explore the source code.
Find the corresponding applet wxapkg package on the emulator, drag it out, unpack it with wxappUnpacker, and find a lot of errors.
The main reason is app.json configuration error, Error: xxx.js, _typeof3 is not a function and other errors. After solving them one by one, use the wx development tool to open the source code and view the corresponding code:
i = require("./login"),
r = i.checkLogin
! function a(h) {
return r().then(function (r) {
h && n.setId();
var l = t(t({
openid: r.openid,
search_key: r.search_key
}, n.data), e);
n.log("➡️", "request\n", l), n.timestamp = Date.now(),
wx.request({
url: "https://search.weixin.qq.com/cgi-bin/wxaweb/".concat(n.cgi),
data: l,
method: "POST",
header: {
"Content-Type": "application/json"
},
success: function (t) {
......
It can be seen that the requested parameter search_key comes from r.search_key, r comes from i.checkLogin, i comes from login, find login.js, and checkLogin is defined as follows:
checkLogin: function () {
var n = wx.getStorageSync(e);
return n ? new Promise(function (e) {
e(JSON.parse(n));
}) : r();
}
Therefore, the search_key in the parameter is a value obtained from the cache, and its storage location is:
return wx.login({
success: function (o) {
! function t() {
return wx.request({
url: "https://search.weixin.qq.com/cgi-bin/searchweb/weapplogin",
data: {
appid: "appidxxxxxxxxxxxxxxxxxx",
js_code: o.code
},
success: function (o) {
var r = o.data,
u = void 0 === r ? {} : r;
try {
0 == u.errcode ? (wx.setStorageSync(e, JSON.stringify(u.data)), c = 0, i = null,
n(u.data)) : a(u, "weapplogin", t);
} catch (n) {
a(n, "weapplogin", t);
}
},
fail: function (n) {
a(n, "weapplogin", t);
}
});
}();
},
Therefore, the stored value comes from the response of the cgi-bin/searchweb/weapplogin interface, and this interface needs to pass in the two parameters of appid and js_code. The appid is easy to say, and the js_code comes from the code of wx.login, which is not easy to do. .
After searching for a long time, I did not see the detailed description of wx.login(), but according to some posts on the Internet, it is said that there is already a mature wx authorization platform, and the code can be obtained through its platform without calling wx .login().
Therefore, the attempt to call the wx index through the interface ultimately fails.
at last
So, finally, which bigwig introduces an authorization platform?