小程序逆向|六六找房|请求头Authorization_微信小程序 authorization
2025-04-12
首先打开开发者调试工具,没有该环境的具体可以参考:
https://github.com/JaveleyQAQ/WeChatOpenDevTools-Python
请求接口:aHR0cHM6Ly82Nm1pbmlhcHAtYXBpLjY2emhpenUuY29tL2NsaWVudC9zZWFyY2gvaG91c2U=
找到对应的接口:
https://66miniapp-api.66zhizu.com/client/search/house
请求的参数为
sequence:1744274642.198%3B1744424408.118
city:%E4%B8%8A%E6%B5%B7
region:
distance:
longitude:
latitude:
stations:
bed_count:
rent_type:
sort:
cost1:
cost2:
请求方式为GET
请求参数没有加密,观察一下,发现请求头中有一个Authorization参数是加密的
然后全局搜索一下Authorization,并在可疑的位置打下断点.然后往下滑动,请求新的数据
断点断在了:
header: {
Authorization: r.generate(t + n, i, u),
Terminal: __wxConfig.platform,
Version: __wxConfig.envVersion
},
这一行代码就是参数的生成位置
Authorization: r.generate(t + n, i, u),
跟栈进去:
function(e, t) {
var n = r()
, s = this.token.getToken(“secret”) ? this.token.getToken(“secret”) : (0,
o.default)(n)
, a = this.token.getToken(“token”) ? this.token.getToken(“token”) : (0,
o.default)(n)
, c = t ? t.toLowerCase() : “get”
, i = this._version ? this._version + e : e.substring(1)
, u = “request_url=”.concat(i, “&content=”).concat(n, “&request_method=”).concat(c, “×tamp=”).concat(n, “&secret=”).concat(s)
, l = (0,
o.default)(u);
return “timestamp=”.concat(n, “;oauth2=”).concat(a, “;signature=”).concat(l, “;secret=”).concat(s)
}
然后仔细分析这个代码,在调试的时候发现,当n=1744426918的时候,执行得到的s的值是\"089de10b39e1ebb753379f2b651d2ae4\",然后找一个在线的加解密的网站对比发现,这个其实就是一个标准的MD5加密,因此不需要扣这个代码,直接利用crypto-js这个库来实现即可
js还原后的结果如下:
然后其实请求传参中还有一个参数:sequence,经过测试发现这个参数并不需要传递,因此可以直接固定死就好了.最终的结果如下:
python完整代码如下:
import requestsheaders = { \"Accept\": \"*/*\", \"Accept-Language\": \"zh-CN,zh;q=0.9\", \"Authorization\": \"timestamp=1744426124;oauth2=646024e1cf4c9ebc51c07aaeb4247990;signature=d8d16a7f0cd9fdf7ed8a80492f2e8211;secret=646024e1cf4c9ebc51c07aaeb4247990\", \"Connection\": \"keep-alive\", \"Content-Type\": \"application/json\", \"Referer\": \"https://servicewechat.com/wxa0545fcd02d93b5d/194/page-frame.html\", \"Sec-Fetch-Dest\": \"empty\", \"Sec-Fetch-Mode\": \"cors\", \"Sec-Fetch-Site\": \"cross-site\", \"Terminal\": \"windows\", \"User-Agent\": \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 MicroMessenger/7.0.20.1781(0x6700143B) NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF WindowsWechat(0x63090a13) XWEB/8555\", \"xweb_xhr\": \"1\"}url = \"https://66miniapp-api.66zhizu.com/client/search/house\"def get_authorization(): # 利用execjs调用js import execjs with open(\"./09_六六找房/main.js\", \"r\", encoding=\"utf-8\") as f: js_code = f.read() ctx = execjs.compile(js_code) result = ctx.call(\"generate_Authorization\") return resultdef parse_data(data): items = data[\"result\"][\"items\"] for item in items: title = item[\"title\"] sub_title_1 = item[\"sub_title_1\"] price_label = item[\"price_label\"] view_number_label = item[\"view_number_label\"] time_label = item[\"time_label\"] print(f\"标题: {title}, 子标题: {sub_title_1}, 价格: {price_label}, 浏览量: {view_number_label}, 发布时间: {time_label}\") if __name__ == \"__main__\": params = { # 经过测试发现sequence没有检测 \"sequence\": \"1744274642.398;1744424408.118\", \"city\": \"广州\", \"region\": \"\", \"distance\": \"\", \"longitude\": \"\", \"latitude\": \"\", \"stations\": \"\", \"bed_count\": \"\", \"rent_type\": \"\", \"sort\": \"\", \"cost1\": \"\", \"cost2\": \"\" } authorization = get_authorization() headers[\"Authorization\"] = authorization response = requests.get(url, headers=headers, params=params) parse_data(response.json()) 
