加密入口
直接搜sign
解密入口
方法一:XHR断点,往上跟栈
方法二:hook
javascript
(function () {
var _parse = JSON.parse;
JSON.parse = function (str) {
console.log("Hook JSON.parse ------> ", str);
debugger;
return _parse(str);
}
})();代码
python
import time
import uuid
import hashlib
import requests
import json
import base64
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
def md5_encrypt(text):
m = hashlib.md5()
m.update(text.encode('utf-8'))
return m.hexdigest()
def rsa_encrypt(text):
# 1. 拼接标准 PEM 公钥格式(必须加头尾,否则无法解析)
public_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvxXa98E1uWXnBzXkS2yHUfnBM6n3PCwLdfIox03T91joBvjtoDqiQ5x3tTOfpHs3LtiqMMEafls6b0YWtgB1dse1W5m+FpeusVkCOkQxB4SZDH6tuerIknnmB/Hsq5wgEkIvO5Pff9biig6AyoAkdWpSek/1/B7zYIepYY0lxKQIDAQAB"
pub_key = f"-----BEGIN PUBLIC KEY-----\n{public_key}\n-----END PUBLIC KEY-----"
rsa_key = RSA.importKey(pub_key)
cipher = PKCS1_v1_5.new(rsa_key)
encrypted_bytes = cipher.encrypt(text.encode('utf-8'))
encrypted_base64 = base64.b64encode(encrypted_bytes).decode('utf-8')
return encrypted_base64
def aes_decrypt(encrypted_text):
"""
使用 AES/CBC/Pkcs7 模式解密数据。
"""
# 1. 直接定义字符串格式的 Key 和 IV
key_str = 'C8EB5514AF5ADDB94B2207B08C66601C'
iv_str = '55DD79C6F04E1A67'
# 2. 将字符串转换为字节 (UTF-8 编码)
key = key_str.encode('utf-8')
iv = iv_str.encode('utf-8')
# 3. 将 Base64 编码的密文解码为原始字节
encrypted_bytes = base64.b64decode(encrypted_text)
# 4. 创建 AES 解密器
cipher = AES.new(key, AES.MODE_CBC, iv)
# 5. 执行解密
decrypted_padded = cipher.decrypt(encrypted_bytes)
# 6. 去除填充并解码为字符串
decrypted = unpad(decrypted_padded, AES.block_size)
return decrypted.decode('utf-8')
# 机构活动
def signup():
data = {
"limit": "1500",
"page": "1"
}
data = json.dumps(data, separators=(',', ':'))
requestId = str(uuid.uuid4()).replace('-', '')
timestamp = str(int(time.time() * 1000))
sign = md5_encrypt(data + requestId + str(timestamp))
print(sign)
headers = {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
'Origin': 'https://www.birdreport.cn',
'Pragma': 'no-cache',
'Referer': 'https://www.birdreport.cn/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0',
'requestId': requestId,
'sec-ch-ua': '"Microsoft Edge";v="147", "Not.A/Brand";v="8", "Chromium";v="147"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sign': sign,
'timestamp': timestamp,
}
data = rsa_encrypt(data)
print(data)
response = requests.post('https://api.birdreport.cn/front/unit/signup', headers=headers, data=data)
print(response)
json_data = response.json()
if json_data['code'] == 0:
encrypted_str = json_data['data']
result = aes_decrypt(encrypted_str)
print("解密结果:", result)
# 观鸟节
def activity():
data = {
"limit": "10",
"page": "1"
}
data = json.dumps(data, separators=(',', ':'))
requestId = str(uuid.uuid4()).replace('-', '')
timestamp = str(int(time.time() * 1000))
sign = md5_encrypt(data + requestId + str(timestamp))
print(sign)
headers = {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
'Origin': 'https://www.birdreport.cn',
'Pragma': 'no-cache',
'Referer': 'https://www.birdreport.cn/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0',
'requestId': requestId,
'sec-ch-ua': '"Microsoft Edge";v="147", "Not.A/Brand";v="8", "Chromium";v="147"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sign': sign,
'timestamp': timestamp,
}
data = rsa_encrypt(data)
print(data)
response = requests.post('https://api.birdreport.cn/front/official/activity', headers=headers, data=data)
print(response)
print(response.text)
json_data = response.json()
if json_data['code'] == 0:
encrypted_str = json_data['data']
result = aes_decrypt(encrypted_str)
print("解密结果:", result)
if __name__ == '__main__':
signup()
activity()