qx宝Headers参数破解
2020-06-09 本文已影响0人
_weepie
- 仅作学习研究使用
启信宝请求headers会有个变动的值,参考的简书这篇文章 https://www.jianshu.com/p/953cdb93fddc
,不过密钥参数已经变了,加密部分仍然是hmac sha512,试了下代码直接跑通了[其他api就改url和请求正文部分]
- 仅作学习研究使用
加密参数.png
启信宝2.png
import hashlib
import hmac
import json
def getkey(code):
codes={0: "C",1: "i",2: "C",3: "O",4: "g",5: "l",6: "I",7: "R",8: "N",9: "p",10: "e",11: "v",12: "C",13: "7",14: "P",15: "0",16: "m",17: "B",18: "J",19: "2"}
n = code*2
_str = ''
for i in range(len(n)):
a = ord(n[i]) % 20
_str += codes[a]
return _str.encode()
host = 'https://www.qixin.com'
api_url = "/api/search"
item = {}
item['key'] = "faker"
item['page'] = 2
item['isformadvancedfilter'] = True
data = json.dumps(item,ensure_ascii=False).replace(' ','')
secret = getkey(api_url)
sign_key = hmac.new(secret, "/api/search".encode(), hashlib.sha512).hexdigest()
sign_value = hmac.new(secret,f'{api_url}{api_url}{data}'.encode(), hashlib.sha512).hexdigest()
print({sign_key[10:30]:sign_value})
