美团小程序 mtgsig1.2 拼好饭案例 分析 mtgsig

声明
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
逆向分析

美团网页、小程序、app全是指纹检测。app的只会补老版本的，新版本一直初始化失败4096。直接放弃先了补补基础。小程序和app都差不多都是云函数都需要hook。我这个是"a6":"w1.3开头的。w1.2之后在分析。

cp = execjs.compile(open('phf.js', 'r', encoding='utf-8').read()) result = cp.call('getMtgsig',data,openId,page) mtgsig = result['header']['mtgsig'] print(mtgsig) headers = { "Accept": "*/*", "Accept-Language": "zh-CN,zh;q=0.9", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded", "Referer": "", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "cross-site", "User-Agent": "", "X-Requested-With": "XMLHttpRequest", "content-personalized-switch": "0", "csecuserid": "", "swimlane;": "", "wm-user-id-deregistration": "-1", "wm-uuid-deregistration": "-1", "x-env": "online", "xweb_xhr": "1" } url = "v1/search/detail" params = { "ui": "", "region_id": "", } data = { "loc_addr_name": "", "page_size": "20", "page_num": "0", "keyword": "饺子", "rc_app": "4", "rc_platform": "13", "optimusCode": "20", "riskLevel": "71", "partner": "4", "waimai_sign": "/" } response = requests.post(url, headers=headers, params=params, data=data) print(response.text) print(response)

结果

挺多坑的，我就不细说了。

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。