大家好,欢迎来到IT知识分享网。
1.逆向目标
1.搜索商品功能 2.查看商品详情功能
2.版本选择
在这里我选择的版本是识货7.20.1,可以直接在豌豆荚上搜索
我们一打开app,映入眼前的就是要咱强制更新
哼,以我们的脾气肯定不能顺着它,直接绕过
3.绕过强制更新
先用jadx给它反编译
然后咱直接搜索 “升级”
发现第四个很像是更新的请求
发现不是,大失所望,继续寻找,直接搜索新版本
# 1 反编译apk,找到弹框位置的代码 -找到如上图 # 2 写个hook脚本,不让UpdateDialog 的show不执行 # 3 hook脚本如下 # 4 手机端启动frida-server adb shell su cd /data/local/tmp/ ./frida-server # 5 做端口转发---》 # cmd 窗口中执行 adb forward tcp:27042 tcp:27042 adb forward tcp:27043 tcp:27043 #写成python脚本,右键执行 import subprocess subprocess.run('adb forward tcp:27042 tcp:27042') subprocess.run('adb forward tcp:27043 tcp:27043') # 6 真正在电脑端执行hook脚本3.1 hook更新框脚本
# 打印出前台运行的app的包名 # 枚举手机上的所有进程 & 前台进程,找到 识货的包名 import frida # 获取设备信息 rdev = frida.get_remote_device() # 枚举所有的进程 processes = rdev.enumerate_processes() for process in processes: print(process) # 获取在前台运行的APP front_app = rdev.get_frontmost_application() print(front_app)import frida import sys rdev = frida.get_remote_device() pid = rdev.spawn(["com.hupu.shihuo"]) # spwan,需要知道包名 session = rdev.attach(pid) scr = """ Java.perform(function () { var UpdateDialog = Java.use('com.azhon.appupdate.dialog.UpdateDialog'); UpdateDialog.show.implementation = function(ctx){ console.log("执行了"); //this.show(); } }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() rdev.resume(pid) sys.stdin.read()发现一hook就闪退了,很明显,开发者做了frida-hook检测
4 绕过frida反调试
# 写好了hook,运行时,发现,app一执行,里面就崩了,但是不执行hook,app顺利运行 # 识货这款app,做了frida的反调试,检测到只要frida脚本在运行,app就自动结束 # 绕过方式一: # 这种公司,一般情况下,公司的安全人员写了一个so文件,检测是否在运行frida的hook,如果检测到,就把app强制终止 # 安全人员写的so,一般情况下跟app业务无关,只用来做hook的检测,这种情况下,我们可以尝试删除这个so文件尝试一下,如果删除了,app还能顺利运行,说明这个so跟业务是无关的,就可以删除 # 像识货,得物这种app就是这样的 # 于是,我们要找到 是那个so文件,做了检测 # 通过hook安卓底层,依次打印这款app运行时,加载那些so文件---》这个hook脚本,以后拿着用即可 -依次打印出,这款app运行时,加载了那些so文件4.1 hook安卓底层app加载那些so文件的脚本
import frida import sys rdev = frida.get_remote_device() pid = rdev.spawn(["com.hupu.shihuo"]) session = rdev.attach(pid) scr = """ Java.perform(function () { var dlopen = Module.findExportByName(null, "dlopen"); var android_dlopen_ext = Module.findExportByName(null, "android_dlopen_ext"); Interceptor.attach(dlopen, { onEnter: function (args) { var path_ptr = args[0]; var path = ptr(path_ptr).readCString(); console.log("[dlopen:]", path); }, onLeave: function (retval) { } }); Interceptor.attach(android_dlopen_ext, { onEnter: function (args) { var path_ptr = args[0]; var path = ptr(path_ptr).readCString(); console.log("[dlopen_ext:]", path); }, onLeave: function (retval) { } }); }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() rdev.resume(pid) sys.stdin.read()
#1 操作步骤 # adb shell # su # cd 上面的路径 # rm xx.so # 2 再运行绕过强制更新的hook脚本,就可以绕过了
5.抓包分析(绕过app代理检测)
如图,我们要的就是搜索接口
发现识货的包全是乱码,很明显被拦截请求了,利用了Proxy.noproxy
5.1 抓包分析搜索和详情接口
# 1 配置好charlse的代理 # 2 打开app,运行程序,抓包 -发现请求都是加密了,原因是使用正常手机代理抓包到 # 3 使用一款app,转发更底层的包,实现抓包:有很多,推荐使用: SocksDroid(推荐)
5.2 SocksDroid(推荐)使用
重点:删除之前手机代理 # 1 安装SocksDroid # 2 打开,配置ip地址和端口 # 3 在charles中配置sockets的端口
6.再次抓包
6.1 搜索接口
6.1.1 请求体
这下面就是请求体
6.1.2 参数分析
# 请求地址: https://sh-api.shihuo.cn/daga/search/goods/v1? minVersion=15670& clientCode=%7Bholder%7D& v=7.20.1& channel=myapp& device=Pixel%202%20XL& platform=android& timestamp=53& token=16c2cbda6873dd0215fc49fd5a # 不带 # 请求方式 post # 请求参数: { "from": "home", "isHot": "false", "keywords": "女鞋", # 搜索关键字 "needAttrs": 1, "page": "1", # 第几页 "pageSize": "20", # 每页显示多条 "page_route": "homeSearchList", "predictSex": "2", "use_type": "2", "user_input": "%E6%A3%8B%E7%9B%98%E6%A0%BC" } # 请求头 经过多次重放攻击,发现headers基本上不用带也能请求成功 platform android timestamp 53 #无需带 app-v 7.20.1 sh-token pgRgP20Ay3MTJhNjU0OTI5NTAyNTc3ODg0yXZbCW9YzSS2UyzKZNGip/JC8r9VF1IVVuYc34lEl7uhps6xWOeCgfbs2qnta7JNqIeAgur9WHZk7XGzuYUTg1kvRsygVDAnMSl1PtdFfI6fDqGF/zEZaH1OJRlbT3JxwPvtXp7X/6TSZZMfkL9tyA== #无需带 sh-id kpcbdb29f68fcc86cb3 #无需带 sh-sign BEA1DAB59E5AC6BEE #无需带 shreqid 3E0FF336F5CDCED59D #无需带 osv 11 network 1 sh_session 29adf1f76fe54268bf13a6efb7e12272_foreground_ #无需带 sk 9MJTD4FFJBgRUPSgNfZIKOA8bCGnv4wt7McVWcxBYyOZBJiez6r4AjzcgGweapZa1GGcamedBEXYqzEOVegB7d2klJ1w #无需带 appid app user-agent Android 11 {Z29vZ2xl} CPU_ABI arm64-v8a CPU_ABI2 HARDWARE taimen MODEL {UGl4ZWwgMiBYTA} network/WIFI shihuo/7.20.1 sc({holder},myapp) minVersion(15670) sh-dv-sign[v1|6bd3e4ffa3ce6c880e6681a9f90775c60d2751f79b8da0aa] #无需带 6.1.3 python代码模拟请求 # -*- coding: utf-8 -*- ''' @IDE : PyCharm @version : 3.9 @Auth : gouzi @time : 2024/2/8 21:19 @Description: ''' import requests import urllib3 urllib3.disable_warnings() # 搜索商品的接口 res = requests.post( url="https://sh-api.shihuo.cn/daga/search/goods/v1", json={ "keywords": "女鞋", # 搜索关键字 "needAttrs": 1, "page": "1", # 第几页 "pageSize": "20", # 每页显示多条 "page_route": "goodsList", "predictSex": "2", "use_type": "2", "pageContext": "{\"pageId\":\"goodsList_1DF64EFB70F703FA43E7A670EA9A454A\",\"ptiRoot\":{\"biz\":\"{\\\"client_cache\\\":true,\\\"layer\\\":\\\"1\\\"}\",\"name\":\"\",\"toInfo\":{\"route\":\"homeSearch\",\"back_keywords\":\"耐克 篮球鞋\"},\"id\":\"home:searchInput\",\"pageId\":\"appHome_80D1DDBE0BA8DEAAC238B1DF0E\",\"pageOptions\":{\"haveSkin\":\"1\"}},\"layer\":\"3\"}", } , verify=False ) print('------') data_dict = res.json() l = [] for item in data_dict['data']['lists']: try: print(item['name']) for ele in item['style_lists']: print('-----', ele['goods_id'], ele['name'], ele['price']) # 通过商品id,获取商品的详情 l.append(ele['goods_id']) except: pass运行结果:
没有啥需要逆向的东西,直接就返回了
6.2商品详情接口
6.2.1 抓包(最难受的一步)
wc,你敢信,我™找这个东西的问题,从年前2月6号一直到年后的2月16号,整整10天啊!!!md,过年都不自在,天天想这个(˚ ˃̣̣̥᷄⌓˂̣̣̥᷅ )
6.2.2 问题发现
这个坑是真™的难受,必须写下来说说,我一开始打开商品详情接口,发现页面打不开
歪日,这是啥情况?平常能够打开的呀,我第一时间以为是代理的问题,仔细检查了SocksDroid的代理,发现没问题。
6.2.3 排查问题一—>代理IP
诶,难道SocksDroid代理没用了吗?更新了版本,不行,去掉SocksDroid代理,直接用WIFI上代理手动不行。
换成Drony、ProxyDroid等代理软件,用了各种不同版本,分别用上Charles本地代理的IP,还是不行
换来换去还是不行,放弃了
6.2.4 排查问题二—>识货app的版本问题
之后我以为是识货app的问题,在豌豆荚上找了旧版的app,分别用adb install装上app
发现还是抓不到包,网络错误
又更新到最新版本还是不行
6.2.5 排查问题三—>Charles证书掉了
后来在网上逛,发现了也有人没法登录抓包,网络错误,可能是Charles的证书掉了,或者过期了
那么,我又重新在手机上配置好证书,下载安装
发现之前就存在在系统证书中,我又去更新了一遍
发现还是抓不到,尤其是之后,爱学生、今日南川app都能抓包,但是车智赢+不知道为啥抽风了,又抓不到包
甚至连叫我更新都没有用到
难道我证书安装方式错误了?我又去网上找解决办法,花了一大片时间,配置了各个地方,没有p用
6.2.6 排查问题四—>手机重新刷机看看
之后我又想到了可能是我刷机的问题,因为我买过来的pixel手机本来就让商家刷好了
于是我又去查找资料,观察如何线刷,重新安装面具软件,刷入img文件,twrp recovery
换了好多个版本,终于刷上了,可惜还是抓不到包
6.2.7 排查问题五—>观察识货app商品详情抓包结果
md,真是不信邪了,人家都好好的,凭啥就我不行
去看看返回的结果到底是啥
日,啥意思,请用客户端访问本接口,难道我不是客户端吗?什么离谱的返回结果,还是406
在网上搜索一下,发现返回的都是些啥啊,根本看不懂,问了GPT也不晓得为啥
6.2.8 排查问题六—>观察其它app抓包结果
之后我在接单群看环球网那个app,也遇到了同样的问题
这次再去看看抓包结果
发现返回的是401,得到的说是HMAC signature cannot be verified, the x-date header is out of date for HMAC Authentication”
在网上一搜索,发现时间戳超时
这下子,我突然间意识到,可能是时间设置的问题
6.2.9 问题解决—->系统时间
于是我就调整了系统时间,调整到目前的时间
歪日,成功了,这™谁能想到,我本来以为工作机时间没有啥用,结果发现还那么重要
现在再去试试
终于出来了,不容易,不容易啊!!!知道我这10天是如何度过的吗?哇~(//̀Д/́/)(//̀Д/́/)(//̀Д/́/)
剩下的感觉没啥技术含量了,先抓包吧
发现是明文,可能是我更新到了最高版本的原因,那这个就好弄,直接激活成功教程就行
6.3 如果是明文,直接激活成功教程
utils下的包
# -*- coding: utf-8 -*- ''' @IDE : PyCharm @version : 3.9 @Auth : gouzi @time : 2023/10/12 12:36 @Description: ''' def header_str_to_dict(header_str): res = [item for item in header_str.split('\n')] res = res[1:len(res) - 1] d = {item.split('\t')[0]: item.split('\t')[1] for item in res} return d实际请求下的包
import requests from utils import header_str_to_dict import urllib3 urllib3.disable_warnings() header_str = ''' platform android timestamp 47 app-v 7.20.1 sh-token 57FP4HY1R7MTM1Y2UwZmRiYTExMTVmMzI1Al3TPWc8P4bQyfQYO+qxkcYzvlmwukrvZSuTCSjVWxyix7mPt46ALIpxAJpsIeSWEAA110VChb/JfEi6BRCjamGsg9PGOO3s341BoV3tGKLeOkHxX/dq7/ktzzPhVHkJw+2DMz1ZMHHty7AE/i5khA== sh-id kpcbdb29f68fcc86cb3 sh-sign 7D38C143D1BFC2AB36DCCFC0FE46B29B abtest-control ln=3;eI=3;HN=0;LR=0;Ks=0;eN=2;Gs=2;zF=1;Ta=2;uc=2;aQ=0;Xj=1;zT=0;IG=0;AA=2;Df=13;MQ=1;fK=11;data_community_personal=3;jO=2;UZ=0;fL=0;Lu=1;nY=2;am=0;EQ=2;shrec_is_gdetail=12;RA=2;ev=22;kA=3;kB=11;ay=3;gA=2;mainSearchV3=25;search_wf=3;NI=0;mainSearchV4=27;nj=2;Us=1;nn=0;zz=12;Yz=1;shrec_gdetail_bags=11;Qv=17;Ah=11;data_gdetail_shoes_personal=11;data_gdetail_clothes_personal=11;oZ=12;shoes_ratio_ctrl=0;bn=0;sa=0;Ap=2;gdetail_shoes_brand_rec=11;JZ=1;SD=0;fx=3;sf=12;Av=24;sh=0;Rg=2;cY=1;Rh=15;tK=3;shrec_home_feed=17;Fd=2;gf=12;dD=0;gh=0;CI=1;ou=3;dK=0;Fn=3;CL=2;GP=1;t_s=63;oy=2;gdetail_brand_rec=11;shrec_cf_mine_v2=11;KY=6;hW=3;Wg=12;pa=0;shrec_gdetail_clothes=11;Od=11;yN=8;By=0;Bz=0;uO=0;data_community_relate=11;dc=1 shreqid 802E1E6101C5315E8F389A00A3B294D0 osv 11 network 1 sh_session 29adf1f76fe54268bf13a6efb7e12272_foreground_ sk 9MJTD4FFJBgRUPSgNfZIKOA8bCGnv4wt7McVWcxBYyOZBJiez6r4AjzcgGweapZa1GGcamedBEXYqzEOVegB7d2klJ1w appid app user-agent Android 11 {Z29vZ2xl} CPU_ABI arm64-v8a CPU_ABI2 HARDWARE taimen MODEL {UGl4ZWwgMiBYTA} network/WIFI shihuo/7.20.1 sc({holder},myapp) minVersion(15670) sh-dv-sign[v1|6bd3e4ffa3ce6c880e6681a9f90775c60d2751f79b8da0aa] ''' headers = header_str_to_dict(header_str) res = requests.get( url='https://sh-gateway.shihuo.cn/v4/services/sh-goodsapi/app_swoole_shoe/preload/single?devices=Pixel%202%20XL&dspm=1eca9eb336&gender=2&goods_id=3416&sourceLocation=oneRowOne%3A%5BN%5D&style_id=&top_style_id=&tpExtra=%7B%22sourceTp%22%3A%22home%3Asearch%3A%22%2C%22sourceTpName%22%3A%22%E9%9D%A2%E5%8C%85%E9%9E%8B%22%2C%22wsf%22%3A%22normal_search_words%22%2C%22ast%22%3A%22%E9%9D%A2%E5%8C%85%E9%9E%8B%22%2C%22is_inspire%22%3A0%2C%22dgReqId%22%3A%22SHSS_CG-O7DQPLCN9N0T_SPU_1%3A27%22%2C%22si%22%3A%%22%2C%22skc%22%3A%%22%2C%22layer%22%3A%222%22%7D&access_token=b7EM8Up9VSFJUhkyEJ&minVersion=15670&clientCode=%7Bholder%7D&v=7.20.1&channel=myapp&device=Pixel%202%20XL&platform=android×tamp=47&access_token=b7EM8Up9VSFJUhkyEJ&token=fce7ab2919bee6228a0feeed2b', verify=False, headers=headers ) print(res.text) # print('付款人数:', res.json()['data']['info']['goods_info']['monthSellPoint'])6.4 如果它加密了,如何处理
# 1 目前咱们通过各种hook尝试激活成功教程 -由于加密了,不好破 -尝试各种hook -1 map.put('data','加密串')---》hook--TreeMap来看看--》没有走,失败了 -2 Hook StringBuilder---》没有走,失败了 -3 hook base64----》确实走了---》我们知道,它把密文做了base64编码,但是不知道如何加密的 -4 hook 拦截器---》okhttp---》拦截器---》看有哪些拦截器 -单个hook,尝试让它不走当前拦截器 -在这样尝试的时候,发现了,只要加密发送请求,返回的也是加密的,只要明文发送请求,返回的就是明文 -以后全都强行明文发送,拿到明文即可 -发现他们app机制--》只要加密的拦截器不执行,就是明文发送,返回明文 # 2 后期:咱们学unidbg可以直接把返回的加密数据,跑成明文7 Hook各种尝试
7.1 hook- Map – 失败
import frida import sys rdev = frida.get_remote_device() session = rdev.attach("识货") scr = """ Java.perform(function () { var TreeMap = Java.use('java.util.TreeMap'); var Map = Java.use("java.util.Map"); TreeMap.put.implementation = function (key,value) { if(key=="data"){ console.log(key,value); } var res = this.put(key,value); return res; } }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() sys.stdin.read()7.2 Hook StringBuilder-失败
# com.che168.autotradercloud import frida import sys rdev = frida.get_remote_device() session = rdev.attach("识货") scr = """ Java.perform(function () { var StringBuilder = Java.use("java.lang.StringBuilder"); StringBuilder.toString.implementation = function () { var res = this.toString(); console.log(res); return res; } }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() sys.stdin.read()7.3 使用js的hook
// hook_stringbuilder.js Java.perform(function () { var StringBuilder = Java.use("java.lang.StringBuilder"); StringBuilder.toString.implementation = function () { var res = this.toString(); console.log(res); return res; } }); // frida -UF hook_stringbuilder.js -o string.txt // 发现并没有输出到string.txt中7.4 Hook-base64-成功
import frida import sys rdev = frida.get_remote_device() session = rdev.attach("识货") scr = """ Java.perform(function () { var Base64 = Java.use("android.util.Base64"); Base64.encodeToString.overload('[B', 'int').implementation = function (bArr,val) { var res = this.encodeToString(bArr,val); console.log("加密了-->",res); return res; } }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() sys.stdin.read() # 通过查看输出,那请求的数据搜索,发现hook到了7.5 hook 拦截器
# 请求加密,返回的数据解密,很有可以能是在拦截器中完成处理
7.5.1 js的hook拦截器,hook所有
// hook_Interceptor.js Java.perform(function () { var Builder = Java.use('okhttp3.OkHttpClient$Builder'); Builder.addInterceptor.implementation = function (inter) { console.log(JSON.stringify(inter) ); return this.addInterceptor(inter); }; }) //frida -Uf com.hupu.shihuo -l hook_Interceptor.js -o all_interceptor3.txt"<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.h>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.imageview.loader.c.b$a>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.e>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.d>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.b>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.h>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.g>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.a>" "<instance: okhttp3.Interceptor, $className: cn.shihuo.modulelib.utils.f1.a$a>" "<instance: okhttp3.Interceptor, $className: cn.shihuo.modulelib.startup.core.c.b>" "<instance: okhttp3.Interceptor, $className: cn.shihuo.modulelib.startup.core.c.a>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.d>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.h>" "<instance: okhttp3.Interceptor, $className: com.shizhi.shihuoapp.library.net.h.g>" "<instance: okhttp3.Interceptor, $className: cn.shihuo.modulelib.utils.f1.a$a>" "<instance: okhttp3.Interceptor, $className: cn.shihuo.modulelib.startup.core.c.b>" "<instance: okhttp3.Interceptor, $className: cn.shihuo.modulelib.startup.core.c.a>"
7.5.2 一个个尝试拦截器–查找
import frida import sys rdev = frida.get_remote_device() session = rdev.attach("识货") scr = """ Java.perform(function () { var a = Java.use("cn.shihuo.modulelib.startup.core.c.a"); a.intercept.implementation = function (chain) { var req = chain.request(); var httpUrl = req.url().toString(); if( httpUrl.indexOf("https://sh-gateway.shihuo.cn/v4/services/sh-goodsapi/app_swoole_shoe/preload/single") != -1 ){ console.log('执行前',httpUrl); } var res = this.intercept(chain); // 执行自己这个拦截器 return res; } }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() sys.stdin.read() import frida import sys rdev = frida.get_remote_device() session = rdev.attach("识货") scr = """ Java.perform(function () { var a = Java.use("cn.shihuo.modulelib.utils.f1.a$a"); a.intercept.implementation = function (chain) { var req = chain.request(); var httpUrl = req.url().toString(); if( httpUrl.indexOf("https://sh-gateway.shihuo.cn/v4/services/sh-goodsapi/app_swoole_shoe/preload/single") != -1 ){ console.log('执行前',httpUrl); } // 不走自己的拦截器了,跳过该拦截器执行,继续执行下面的拦截器 var response = chain.proceed(req); return response; } }); """ script = session.create_script(scr) def on_message(message, data): print(message, data) script.on("message", on_message) script.load() sys.stdin.read() #这个拦截器找到了可以发送明文的地址8 python直接发送请求获取详情
import requests headers = { # 'platform': 'android', # 'timestamp': '91', # 'app-v': '7.20.1', # 'osv': '11', # 'network': '1', # 'appid': 'app' 'sk': '9MJTD4FFJBgRUPSgNfZIKOA8bCGnv4wt7McVWcxBYyOZBJiez6r4AjzcgGweapZa1GGcamedBEXYqzEOVegB7d2klJ1w', } res = requests.get( 'https://sh-gateway.shihuo.cn/v4/services/sh-goodsapi/app_swoole_shoe/preload/single', params={ 'goods_id': '', 'v': '7.20.1', # 'devices': 'Pixel 2 XL', # 'dspm': 'b073a42a1f6a7180', # 'gender': '2', # 'sourceLocation': 'oneRowOne:[N]', # 'style_id': '', # 'top_style_id': '', # 'tpExtra': '''{"sourceTp":"home:search:","sourceTpName":"男士凉鞋","wsf":"normal_search_words","ast":"男士凉鞋","is_inspire":0,"dgReqId":"SHSS_CG-NEU5QK4E76J2_SPU_1:24","si":"8001","skc":"","layer":"2"}''', # 'access_token': 'b7EM8Up9VSFJUhkyEJ', # 'minVersion': '15670', # 'clientCode': '{holder}', # 'channel': 'myapp', # 'device': 'Pixel 2 XL', # 'platform': 'android', # 'timestamp': '91' }, verify=False, headers=headers) print(res.json())9 代码整合
# -*- coding: utf-8 -*- ''' @IDE : PyCharm @version : 3.9 @Auth : gouzi @time : 2024/2/16 12:45 @Description: ''' import requests from utils import header_str_to_dict import urllib3 urllib3.disable_warnings() header_str = ''' sh-token 07YHP1RqF2ZjZiZDRlMjg0ZWJlNmY5OWRiVrVJil+FyNFpPfAYRwUnQZjD7Y0EMrH0URCKv764zx2HrJrYl7RugWdY2JZP2mlh2o63ZQhD9f2BlkbdZzS3eRaVNn+LfKaM+2xWa3yAnTwDsBJq658HFt7VNjuaBKnX+e9kjFcgtdCl2h0kIgZyFA==''' headers = header_str_to_dict(header_str) # 搜索商品的接口 res = requests.post( url="https://sh-api.shihuo.cn/daga/search/goods/v1?minVersion=15670&clientCode=%7Bholder%7D&v=7.20.1&channel=myapp&device=Pixel%202%20XL&platform=android×tamp=36&token=3dec51dedd1f", # headers=headers, json={ "keywords": "帆布鞋", "pageSize": "20", "page": "1", }, verify=False ) print(res.text) data_dict = res.json() print('------') l = [] for item in data_dict['data']['lists']: try: print(item['name']) for ele in item['style_lists']: print('-----', ele['goods_id'], ele['name'], ele['price']) # 通过商品id,获取商品的详情 l.append(ele['goods_id']) except: pass # header_str = ''' # platform android # timestamp 24 # app-v 7.20.1 # sh-token 19Zo0LudYxM2M3NDBiZThjNmNjNTM1ZGMwnqndf6tomH872jLQjhgYbdFdIyqJGmWsdG6mb1tPj5mcB/3l6G58H274IwjqbjH09QyGMZg/QEqYOjTFSXdZ6SqroQY0+7KrhcoExdS0hlCpdaSb4FF9/sPivU2Eh9ZoPRaufuOMqX08wzYTIF4eug== # sh-id kpcbdb29f68fcc86cb3 # sh-sign DF380FBA1CF473B2FDD4BC570F6EB5B1 # abtest-control ln=3;eI=3;HN=0;LR=0;Ks=0;eN=2;Gs=2;zF=1;Ta=2;uc=2;aQ=0;Xj=1;zT=0;IG=0;AA=2;Df=13;MQ=1;fK=11;data_community_personal=3;jO=2;UZ=0;fL=0;Lu=1;nY=2;am=0;EQ=2;shrec_is_gdetail=12;RA=2;ev=22;kA=3;kB=11;ay=3;gA=2;mainSearchV3=25;search_wf=3;NI=0;mainSearchV4=27;nj=2;Us=1;nn=0;zz=12;Yz=1;shrec_gdetail_bags=11;Qv=17;Ah=11;data_gdetail_shoes_personal=11;data_gdetail_clothes_personal=11;oZ=12;shoes_ratio_ctrl=0;bn=0;sa=0;Ap=2;gdetail_shoes_brand_rec=11;JZ=1;SD=0;fx=3;sf=12;Av=24;sh=0;Rg=2;cY=1;Rh=15;tK=3;shrec_home_feed=17;Fd=2;gf=12;dD=0;gh=0;CI=1;ou=3;dK=0;Fn=3;CL=2;GP=1;t_s=50;oy=2;gdetail_brand_rec=11;shrec_cf_mine_v2=11;KY=6;hW=3;Wg=12;pa=0;shrec_gdetail_clothes=11;Od=11;yN=8;By=0;Bz=0;uO=0;data_community_relate=11;dc=1 # shreqid 57F9D010EF0EA0A05EBA6B3E1F # osv 11 # network 1 # sh_session 7804c48b010b40f699adcc4b4aaa89f0_foreground_ # sk 9MJTD4FFJBgRUPSgNfZIKOA8bCGnv4wt7McVWcxBYyOZBJiez6r4AjzcgGweapZa1GGcamedBEXYqzEOVegB7d2klJ1w # appid app # cookie acw_tc=76b20fee60da603e28e89a17d213f16b5b87b95b3433 # user-agent Android 11 {Z29vZ2xl} CPU_ABI arm64-v8a CPU_ABI2 HARDWARE taimen MODEL {UGl4ZWwgMiBYTA} network/WIFI shihuo/7.20.1 sc({holder},myapp) minVersion(15670) sh-dv-sign[v1|6bd3e4ffa3ce6c880e6681a9f90775c60d2751f79b8da0aa] # ''' # for good_id in l: # print(good_id) # headers = header_str_to_dict(header_str) # res = requests.get( # url=f'https://sh-gateway.shihuo.cn/v4/services/sh-goodsapi/app_swoole_shoe/preload/single?devices=Pixel%202%20XL&dspm=95e6ece77a&gender=2&goods_id={good_id}&sourceLocation=oneRowOne%3A%5BN%5D&style_id=&top_style_id=&tpExtra=%7B%22sourceTp%22%3A%22home%3Asearch%3A%22%2C%22sourceTpName%22%3A%22%E5%B8%86%E5%B8%83%E9%9E%8B%22%2C%22wsf%22%3A%22normal_search_words%22%2C%22ast%22%3A%22%E5%B8%86%E5%B8%83%E9%9E%8B%22%2C%22is_inspire%22%3A0%2C%22dgReqId%22%3A%22SHSS_CG-O7CKNHGTO8RT_SPU_1%3A27%22%2C%22si%22%3A%%22%2C%22skc%22%3A%%22%2C%22layer%22%3A%222%22%7D&access_token=b7EM8Up9VSFJUhkyEJ&minVersion=15670&clientCode=%7Bholder%7D&v=7.20.1&channel=myapp&device=Pixel%202%20XL&platform=android×tamp=24&access_token=b7EM8Up9VSFJUhkyEJ&token=570a49e713cc2b3a2a3a1eb86b', # verify=False, # headers=headers # ) # print(res.text) # break # print('付款人数:', res.json()['data']['info']['goods_info']['monthSellPoint']) 免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://haidsoft.com/121954.html
