东方航空 m端 wasm req res分析

声明

本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!

部分Python代码

复制代码
headers = {
    "Accept": "application/json, text/plain, */*",
    "Accept-Language": "zh-CN,zh;q=0.9",
    "Cache-Control": "no-cache",
    "Connection": "keep-alive",
    "Content-Type": "application/json",
    "M-CEAIR-ENCRYPTED": "true",
    "Sec-Fetch-Dest": "empty",
    "Sec-Fetch-Mode": "cors",
    "Sec-Fetch-Site": "same-origin",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0",
    "X-CEAIR-OS": "M",
    "ceair-token;": "",
    "sec-ch-ua": "\"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Microsoft Edge\";v=\"138\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\"",
}
cookies = {
}
url = "sale/shoppingv2"
cp =  execjs.compile(open('run.js','r',encoding='utf-8').read())
data = cp.call('req')
print(data)
data = json.dumps(data, separators=(',', ':'))
response = requests.post(url, headers=headers, cookies=cookies, data=data)

res = response.json()['res']
data = cp.call('decrypt',res)
print(data)
复制代码
headers = {
    "Accept": "application/json, text/plain, */*",
    "Accept-Language": "zh-CN,zh;q=0.9",
    "Cache-Control": "no-cache",
    "Connection": "keep-alive",
    "Content-Type": "application/json",
    "M-CEAIR-ENCRYPTED": "true",
    "Sec-Fetch-Dest": "empty",
    "Sec-Fetch-Mode": "cors",
    "Sec-Fetch-Site": "same-origin",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0",
    "X-CEAIR-OS": "M",
    "ceair-token;": "",
    "sec-ch-ua": "\"Not)A;Brand\";v=\"8\", \"Chromium\";v=\"138\", \"Microsoft Edge\";v=\"138\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"Windows\"",
}
cookies = {
}
url = "sale/shoppingv2"
cp =  execjs.compile(open('run.js','r',encoding='utf-8').read())
data = cp.call('req')
print(data)
data = json.dumps(data, separators=(',', ':'))
response = requests.post(url, headers=headers, cookies=cookies, data=data)

res = response.json()['res']
data = cp.call('decrypt',res)
print(data)

结果

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。

相关推荐
jarreyer2 小时前
python离线包安装方法总结
开发语言·python
Code_Geo2 小时前
agent设计模式:第三章节—并行化
java·设计模式·agent·并行化
Javatutouhouduan2 小时前
2025Java高质量面试真题汇总!
java·高并发·java面试·java面试题·后端开发·java架构师·java八股文
码银2 小时前
【python】基于 生活方式与健康数据预测数据集(Lifestyle and Health Risk Prediction)的可视化练习,附数据集源文件。
开发语言·python·生活
维诺菌3 小时前
k8s java应用pod内存占用过高问题排查
java·jvm·云原生·容器·性能优化·kubernetes
5pace3 小时前
【JavaWeb|第二篇】SpringBoot篇
java·spring boot·后端
oak隔壁找我3 小时前
Spring AOP源码深度解析
java·后端
oak隔壁找我3 小时前
MyBatis Plus 源码深度解析
java·后端
oak隔壁找我3 小时前
Druid 数据库连接池源码详细解析
java·数据库·后端