jsonpCallbackb770({code: 0, data: {tk: "8016Kzycp+GQ3kI/uAoVvVOz/kiwN3UrRnrmtz/22RuUQ58=", as: "6e8eb328",…}})
code:0
data:{tk: "8016Kzycp+GQ3kI/uAoVvVOz/kiwN3UrRnrmtz/22RuUQ58=", as: "6e8eb328",…}
as:"6e8eb328"
ds:"JcXUIDsjOM2GBUMUbkaht+BXxcoiU2xXWpyUkjTvVI+fDmy6BUpiKtfN7q/Uq6spgnEn+Fd1zi8hou5pdCKGk8egB6+Yj2lIYBXkN6clSmAmGdq6O9zhbmmJWOOxG+IBx5x6QoOYc1pnjLoCj7r9AtocQnLCZXVhgMLvJH7hGhCK6IbDjHPXLoRAKq5/EPUW62yelMz/cR4D7C4qU8eG3pIuUfaMPe1arjVYbljSgLB7/rF8ENlXLszMrD1TYFwQo6PjYW0fPJQ7mwcCVc+MRd2uriUv6Va7/MxcuAH3nosGW5I52GmnLCxEp7AA5lx1cPpq6Asvo1iq+oqQPpSqxAhtGIU3ilnjM/JfAzpxUGR3lvBKbsN0GHDBUzFgk3aSLtpTObD0Rtip21qYL6auGMd9VE4wWNa9ND1uolHIA/mvT90g/nMLTLV3TjaIe51Y7LrdONmVp2j+1ZW78fUPYFDv+bn4gYN7/YIoMpFQOnA4KJ5BY944uU+CEFQHWG1Oz5/Jgf0XRWVp6p54hSfr6Qdu60k3eFvRMaaZ+6ODmImX0tSY8zu5AmPxNtspOmvdsfUDUetaQ/8eOKIoiLLZMiLuFPGqpyKjs+DVJDHSfteJBmYuz2xqgBOWyGw8ldkO0Hb+M30zkg9ELVv1eH6HMdDBlAm8WFcPdrHcIGWnTCcQJJnCqIy7OF1chuweDhPmZgfD98YtIykgekTjA8mPIvm1TDXOT4ExMAGGamSm9eijlMrlT8M3YSJsjHmbzj+HonQfFvdCQQ6oIdmG1jQmpnAaeznXcQy//rM/ngQZFIJavel866B6UdnjAydX2GdEOssPQndGJH8gRcCJIDtyoES874rdoArPj/CFge3qwxZ6A+/Uss6Jm8QuP6D0FUFYv9JgAi6/fkeblNoL73VI2TryHA8QYe2CQX4jhlKm7a4TzCkPF1vVKXEL66UDSrjRVvFN+gvSRpSiMQACXmQOaLjAMUkjjwL8jfck3ce/u7xqLX7Edib6P9wNpY9UYiYOee/YCel6txobviQuL2sLtWUaKfG/U1WfKcd+sLgg061aitdnrYhVe3fJbIq/vovTiEPqaGokkI9iPFmtnQJ7OsNY32FpUGmb4IzRf97sag38bTa7eWrOa2j+q6mdJGc1/0q2jGFf8q+q1lfkW4vuFoABeFk53R1oElccevowZkgnKZYAkxw6jxWm/D5U/5SY6kiqSL2SVDrGVXEC8c7myK6uW4bLY6CZ0e2XO0wd670qwbOIt1XSfcMdLCjzSYV31YIF8gWMKch9NNXGfP7vcfb9gE3g6lubE9VMi8PcGKkgM7qMKbPyDxrH7Ki7XrOhRs58PNzgjkHyoOY+iZi7ZDt8Q+npR4RqsDEEb0T+Ms+u80HjdcdN9KA647RozqgKQ+Gl/q4m3/9Kr8KTnhQfgQ=="
tk:"8016Kzycp+GQ3kI/uAoVvVOz/kiwN3UrRnrmtz/22RuUQ58="
发出这个get请求需要携带的参数如下:
ak:1e3f2dd1c81f2075171a547893391274
as:6e8eb328
fs:fpypRBX8u9Np5BnKjpqxf8CDddYtri+t5vKBcCCtAuzEnvE+/o7x5ophYGMSNDLgsErrSHaRFaok3Ye4AhC8h9dvmgTCFfk2WulgJZopGLPPFpPUh6HJs4YOMVnVXhjjbhh2KC+0VWSkp/PEDmao8HlDc41hB5JSxjDwNkeaKXaOajhrBtlqMJ57Ytl4uQQhA1RezD68R1adokZdMtbcsSIG7LjgzmIHiZeQo6sALoXGLi19qvfqzc6SgDR7Rm28232iKBdva523ot7jcfVZjn4yzqrZvnvr+qexQ9JDKFdh1dkQHz4PsJim27H5xju88ErsfCU73u6Tg2M5E3hPHglsMju53egtzTH1n4oJj7i5Um5S1qbQfrpC9cHpIuCppbj6/bH3i70yiENWjEfMMRhIS74RnGRJFnXyITcErq43gT4yWh0NpOu5bhbxDDzQoAG7iYGa6qOW6f0imjz/3g3vN1n31cc6ETXBwP2X5FdHC7kvDomFDBEgLfeM+7Ie43Pcn9u/embMXhSmB8sjmMrcqhKUn/vSZf4l27Y3QwQCaYt3DwKJCz+H1O3yA+Jzheb1lkGjtXU/T2NyTb+uARntkCxe/FUI3/RDe5PocbWYKKO9MCdTGjyRpUA/BiRuwfDA7dt4LoY0Zf4c3MbMkZh0OEKuMYza7Ul9qKwIjoQLmKRByFHuoco0EUlzT1pJNtTofZ+oW18ZgZw9hrH36lmTsjJ0ZZ+l++XWcKgWKrVLt8l8H96w/hB1HiFzPpngL2TR00W6somXXtOrFJy99m3JOS78yDnNhyOKlXwwwSHeTm2fwGRx2nzurUUaZV18ecXVzvtJTkzmHoMLyUUtJvxEcAfKJiQxkkhs0XjvIRPjLj3ze/tXDCyeuWbm1Tfx7Wbjovp0NvZ+SiZ+ys8GhnvxYnB18JeTh4QCporODhXTLlXQxElQVRvZSaVcryoYnRXuMoqMKKaWo7R6fS2Elv+4M6BuFz7CPj6ENxTWl9C9N4y9+pbHOCIWepy5n2SQSieEzhLdCfzC0IUY6YHmwuEi48HI50RjQNsJcPtaDXlOURR7z5ybEPphYiKCTlPi53bCupmfx+XZXHu/JdEpQqtomznwo857DYjorpkL5wKNuw9GBzOCqUUe2cvmDKhdplav//YBZCtWkH2v/AIAVzrqzLH8RGFIB2Wie7xj9bN+HfIASPfwrH+I/nxih9xMFd340Q7z/WwUDBkUDvhOFSaJm6Bv8scS2Y1hNPJEv1tJ0FIEZS75J0fS9AF7fx/sKEv+e/itlfDuHfXNxYmMbcHziPOR90fo1S6spyXuqGsi0QkVnUSc5tKLaCxWYTGJDiJBk10UIhdgtjxOC7RhRebFiTsiAESL7f8to2zy42oEga5dJBbAVFLNUSKK+uMfM9Wu4DD+JJXHcY+86l03+w==
callback:jsonpCallbackb770
v:6633
也就是说我们需要分析出ak、as、fs、v、callback这几个字段的来源
2.返回key、pubkey
key:"oqeFiMtTJkyE7rhXq04bEE0xjX3sR09A"
msg:""
pubkey:"-----BEGIN PUBLIC KEY-----↵MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNnGNrfFkygOeBatSz8A2bDyIG↵i0DonH36pzjQF10gnI/1flW+Q521/Y+KRUeNZhSS66sscyQkIFwcAgo0dWADX4oS↵B3EfP+l6xoOyu6Xvfq3S7c5xq75Y9g4sDXBDm55We30ca7hHRXvKaZKU9smj/RSd↵BR7UIfFoBFYnIRCEvQIDAQAB↵-----END PUBLIC KEY-----↵"
traceid:""
要得到这两个参数看请求携带了什么东西
token:cfde53efbe26bdef8ad3b2147eb10417
tpl:mn
apiver:v3
tt:1546826783617
gid:EE2ED1E-E4A5-4ABC-9E13-9972E89AE472
loginversion:v4
traceid:
callback:bd__cbs__8sabl9
需要的字段还挺多看样子有点棘手.
再看post请求所需的参数
staticpage:https://www.baidu.com/cache/user/html/v3Jump.html
charset:UTF-8
token:cfde53efbe26bdef8ad3b2147eb10417
tpl:mn
subpro:
apiver:v3
tt:1546826812217
codestring:
safeflg:0
u:https://www.baidu.com/s?ie=utf8&oe=utf8&wd=%E7%99%BE%E5%AE%B6%E5%8F%B7&tn=98012088_6_dg&ch=9
isPhone:false
detect:1
gid:EE2ED1E-E4A5-4ABC-9E13-9972E89AE472
quick_user:0
logintype:dialogLogin
logLoginType:pc_loginDialog
loginmerge:true
splogin:rate
username:18328496803
password:fQ99xuV0uzmnEciyYZYOUYHWIJhh6ttVYy3IkwWfhdgnCaQNCMUVgbr42SKSqOF7evv27tHdHK0SLHQfoodNDVg4g7skCR8qKMX1LYCwXcxxwhqwnabbxT5kie4T/uyygdF26qoizpNZKzTsFM3Uq3z2lsUlwp4vKvBOFoeK3tQ=
mem_pass:on
rsakey:oqeFiMtTJkyE7rhXq04bEE0xjX3sR09A
crypttype:12
ppui_logintime:40718
countrycode:
fp_uid:
fp_info:
loginversion:v4
ds:wfHjARADdpfQhbI+jByC0wNU1p6S2oHEJEmVtSteNLIkXjTbCf6QEAcrj/g+J5WBB1P9WF+yrXZ0BeNi95/F50mSj7s6GvbQd9FPVT10CpVr/aaDtTxJI6rKhv0FgeWIzvedO0D14y6g5mZROSJU8f1kDyQywaFzmbgQWq9KUMk4sumxxnjtx+qmYDsVfv4tmuwVkjWzp8nds1OYyAcnbZ8HIV2qqhqVGRsuTdLJIWMPAq2AwUQMfbhh+s4isjP1Itt/jtOr2HmHp5xA7j5U1pzehy/cUBsoHfNpPuNPVBhOaSnEKalOGUO4tsOF4SWW/u2Xxh3NhT4o8rB7N8Nwf0Fo/zw79e6fWdIQW6c6HQUA4jxHuNRq+xrfFfR+JriP+K2B0LzayO5Ejca/r5JELarFUoCFPv5N+rcdtoOsD3Vi8CmlHHaclQtldXIx/LirlDZ/0nbcYQjcSTE6J8xHPaEJCY9DvLoQymMkzY7S5nnogaiKz+y9CIKph8ux8JaZLoQrjEJ9sKCvZRwFdT3oh/nz6uoxSOl8C1cLnJa+cTTKCen6qicaBjXyajIues99nxZs1hDk2e3TbPrD/oZwlmTq7MA7ZLXVgU4xije9TsyZR6gDEp/lZXAP40gCE/eJUDZe8IcDFU9tSSV27k1PhGFtyfq6ckIezNA6xseQH4rboWX4r1w58HMvOSJDFkU22DIr1Q1CAQ791PyMgf8YnvELL4cMmw/AiVJgcMJtBmmevJTbjTjbsJJi6s1LPcQor01O8L9rs0Eb7pQ7s2PrI0LydgWGiCV21G5otjfjAm98SDEVmyHrFxTM7cy0nHSUw1jfYWlQaZvgjNF/3uxqDfxtNrt5as5raP6rqZ0kZzX/SraMYV/yr6rWV+Rbi+4WgAF4WTndHWgSVxx6+jBmSMue96V5BmUQQ7JISSrD1yjqSKpIvZJUOsZVcQLxzubIrq5bhstjoJnR7Zc7TB3rvSrBs4i3VdJ9wx0sKPNJhXfVggXyBYwpyH001cZ8/u9x9v2ATeDqW5sT1UyLw9wYqSAzuowps/IPGsfsqLtes6FGznw83OCOQfKg5j6JmLtkO3xD6elHhGqwMQRvRP4yz67zQeN1x030oDrjtGjOqApD4aX+ribf/0qvwpOeFB+B
tk:8016Kzycp+GQ3kI/uAoVvVOz/kiwN3UrRnrmtz/22RuUQ58=
dv:tk0.425039906558432931546826771927@eel0j-sAqy7kqZn0oD8UvhAnwJHo64Gb0lGUwlCG6bSzwyFmlXsbBys2lXskpZsmXH4Hc2HBo6GUw4HUhJsAhJG~hTt~6~O~vB7k0jsAHjJk0lsNll7o8hABS54HUJGUhAHodXsowJtrobt~SetY4ZsA4zsA8dsAqy7kqZn0oD8UvhAnwJHo64Gb0lGUwlCG6bSzwyFmlX6kBUs2lXskpZsmXH4Hc2HBo6GUw4HUhJsAhJG~hTt~6~O~vB7k0Us1QzJq__tl0lesAqbsmlb6AQZ6kpjDmXdDA4y7ksUD5lU6bQb72l~DkqZsA0U7k0lDkqz7o8hABS54HUJGUhAHodXsowJFYwyOGlx61HZsbql7kscskCc72l_-hhIyhBA4VsthBlIs5lXsmlXsq__ClvSrZl714y6AqbDABl61HUDk4bs1BbsAHj61Qy61t~sABy6l__ilEImXUOY83FY3RFE4_ul0eh61HZsABysmlXDAqb7k0xsbHZsABysmlXskQl7k0cs1qZsABysmlc6bt_
traceid:44622A01
callback:parent.bd__pcbs__jf1wx1
上面标红的就是我们要重点关照的字段
然后搜索token的值,发现在一个js文件里面,然后提取js文件url出来分析
多次测试结果情况就是这个get请求返回的结果之和gid相关,其他参数都可以使用固定值,即使不懈怠tt、callback参数也能返回正常的token并且,不懈怠callback参数请求返回的是标准json格式。
看一下git生成
搜索一下gid=的生成找到下面一段代码
o.on("hide", function() {
var o = document.location.protocol.toLowerCase()
, e = n.guideRandom ? n.guideRandom : "";
if ("http:" == o)
var t = "http://nsclick.baidu.com/v.gif?pid=111&url=&logintype=hide&merge=1&gid=" + e + "&tpl=" + i.apiOpt.tpl + "&tt=" + (new Date).getTime();
else if ("https:" == o)
var t = "https://passport.baidu.com/img/v.gif?pid=111&url=&logintype=hide&merge=1&gid=" + e + "&tpl=" + i.apiOpt.tpl + "&tt=" + (new Date).getTime();
gid = e= n.guideRandom ? n.guideRandom : "",顺藤摸瓜找到生成gid的js
this.guideRandom = function() {
return "xxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function(e) {
var t = 16 * Math.random() | 0
, n = "x" === e ? t : 3 & t | 8;
return n.toString(16)
}).toUpperCase()
}(),那就应该是这样的了
callback
这个参数和返回来的相应文件开头相同,猜想应该是可以自定义的,可以用固定值,不过还是看看他的来源;多请求几次发现固定部分是parent.bd__pcbs__,然后全局搜索相关找到两条js
var l = r.timeOut || 0
, d = !1
, u = c.getUniqueId("bd__pcbs__");
e.getUniqueId = function(e) {
return e + Math.floor(2147483648 * Math.random()).toString(36)
可见核心代码:e + Math.floor(2147483648 * Math.random()).toString(36)
重点的加密字段,查找对应来源js代码如下
o.password = baidu.url.escapeSymbol(e.RSA.encrypt(a)
很明显是RSA 加密,pubkey是在发送post请求之前的一个get请求而来,进一步简化这个get请求,只需要携带gid、token就可以返回pubkey
https://passport.baidu.com/v2/getpublickey?token=cfde53efbe26bdef8ad3b2147eb10417&gid=EE2ED1E-E4A5-4ABC-9E13-9972E89AE472
文章开头的一个get请求返回的数据
一长串字符看样子有点难度,尚不知道这个参数的作用,那么有三种解决方案,复制一个固定值、留空白值、破解生成函数,不到最后是不愿意去找js的。下面看看这个参数生成的js出处
var a = document.getElementById("dv_Input")
, c = {
gid: n.guideRandom || "",
username: n._SBCtoDBC(i.value),
countrycode: s,
bdstoken: n.bdPsWtoken,
tpl: n.config.product ? n.config.product : "",
vcodestr: n.getElement("smsHiddenFields_smsVcodestr").value,
vcodesign: n.getElement("smsHiddenFields_smsVcodesign").value,
verifycode: n._SBCtoDBC(n.getElement("confirmVerifyCode").value),
flag_code: n.config.voice_sms_flag,
dv: a ? a.value : window.LG_DV_ARG && window.LG_DV_ARG.dvjsInput || ""
dv: a ? a.value : window.LG_DV_ARG && window.LG_DV_ARG.dvjsInput || ""
调试时在打开页面的同时就生成了这个值,那么可以考虑是一个固定值或者使用固定值,还不确定需要在看看js
function d(e) {
M && (x = e.token + "@" + S(e, e.token),
(1 & F.SendMethod) > 0 && c(x))
function c(n) {
var r = t.getElementById("dv_Input");
r && (r.value = n),
e.LG_DV_ARG.dvjsInput = n
在c函数上面找到d函数,看样子应该八九不离十了,在调试一下看什么情况,继续查找S函数
function S(e, t) {
var r = new n(t)
, o = {
flashInfo: 0,
mouseDown: 1,
keyDown: 2,
mouseMove: 3,
version: 4,
loadTime: 5,
browserInfo: 6,
token: 7,
location: 8,
screenInfo: 9
, a = [r.iary([2])];
for (var i in e) {
var d = e[i];
if (void 0 !== d && void 0 !== o[i]) {
var c;
"number" == typeof d ? (c = d >= 0 ? 1 : 2,
d = r.int(d)) : "boolean" == typeof d ? (c = 3,
d = r.int(d ? 1 : 0)) : "object" == typeof d && d instanceof Array ? (c = 4,
d = r.bary(d)) : (c = 0,
d = r.str(d + "")),
d && a.push(r.iary([o[i], c, d.length]) + d)
return a.join("")
未完待续······
------------------------------
ID:Python之战
|作|者|公(zhong)号:python之战
专注Python,专注于网络爬虫、RPA的学习-践行-总结
喜欢研究和分享技术瓶颈,欢迎关注
独学而无友,则孤陋而寡闻!
---------------------------
http.createServer(function(req, res){
res.writeHead(200, {'Content-Type': 'text/plain; cha...
1、原生node中怎么获取get/post请求参数
1.1 处理get请求参数,使用node自带的核心模块----url模块
url.parse();方法将一个完整的URL地址,分为很多部分,常用的有:host、port、pathname、path、query。
第一个参数是地址,
第二个参数默认是false,设置为ture后,将字符串格式转换为对象格式。字符串(“a=1&b=2”)转换为了对象格式({a: 1,b: 2})。
var url = require("url");
//req.url=
表单提交过来的数据有两种方法,一种是GET方式提交,这种提交方法会把表单需要传输的数据写在url上,一起带过去,另一种是POST方式提交,POST方式提交会把表单数据携带在request请求正文中传递过去。
针对这两种不同的提交方法,node里也有两种不同的处理方法。先看看如果用GET方式提交,我们该怎么去处理
获取GET方式提交的数据
index.html
<!DOCTYPE html>
<meta ch
SpringMVC请求参数获取时,有这六种方式值得学习~1、直接把表单的参数写在Controller相应的方法的形参中,适用于get方式提交,不适用于post方式提交。 /** * 1.直接把表单的参数写在Controller相应的方法的形参中 * @param username * @param password * @return */ @RequestMapping("/addUser1")...
1、Angular的ajax功能
AngularJs的ajax的post请求参数就是提交的json字符串。如:
var data = {'name':'jack'};
$http.post(url,data).success(function(rsp){
函数原型:$.post(url, params, callback) url是提交的地址,eg: "sample.ashx"params是参数,eg: { name:"xxx" , id:"001" }callback是回调函数,eg: function(msg){ alert(msg); }注意1:在sample.ashx那段,使用context.Request["id"]和c
学习js的过程中,很多同学困扰找不到练习作业做,这里分享一下js阶段的练习作业。总共分为六课,每一课都有6个以上作业练习,难度也在渐进的加深。功能:在输入框中输入参数,点击传参弹出参数 函数接收参数并弹出 .wrap{ width: 500px; margin: 0 auto; } inpu...
