Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

对全民K歌签到接口报文分析 #14

Open
san3Xian opened this issue Jul 31, 2019 · 1 comment
Open

对全民K歌签到接口报文分析 #14

san3Xian opened this issue Jul 31, 2019 · 1 comment
Labels
tcpdump todo

Comments

@san3Xian
Copy link
Owner

仿佛找遍了全网都没有全民K歌的签到脚本
只能自己抓包分析看看了

敏感变量

{$variable1}->g_tk_openkey
{$variable2}->openkey
{$variable3}->uid
{$variable4}->openid

Request URL

http://node.kg.qq.com/webapp/proxy?format=json&outCharset=utf-8&g_tk={$variable1}&g_tk_openkey={$variable1}

Request header

Cookie: openkey={$variable2}; uid={$variable3}; openid={$variable4}; extroInfo=1|0|2|0|0; opentype=1
referer: http://kg.qq.com/vMission/index.html?hippy=vMission
User-Agent: *****************************
Connection: keep-alive
No-Chunked: true
Content-Type: application/x-www-form-urlencoded
Content-Length: 1038
Host: node.kg.qq.com
Accept-Encoding: gzip

Post Data (URL encoded)

g_tk_openkey={$variable1}&t_vecReportItem:array=%7B%22mData%22%3A%7B%22uid%22%3A%22{$variable3}%22%2C%22openid%22%3A%22{$variable4}%22%2C%22opentype%22%3A%221%22%2C%22act_id%22%3A%22{$variable3}_1564587566429_83931731%22%2C%22opertime%22%3A%221564587566%22%2C%22platform%22%3A%2211%22%2C%22app_version%22%3A%225.2.7.278%22%2C%22key%22%3A%22assignment%23register_module%23register%23click%230%22%7D%7D&ns=app_dcreport&cmd=extra.data_report&ns_inbuf=&mapExt=JTdCJTIyZmlsZSUyMiUzQSUyMmFwcF9kY3JlcG9ydEpjZSUyMiUyQyUyMmNtZE5hbWUlMjIlM0ElMjJEYXRhUmVwb3J0JTIyJTJDJTIyZGNhcGklMjIlM0ElN0IlMjJpbnRlcmZhY2VJZCUyMiUzQTExMzkwMDA2MSU3RCUyQyUyMmlwJTIyJTNBJTIyMTAwLjk1LjEzOC4xOCUyMiUyQyUyMnBvcnQlMjIlM0ExMjQwNiUyQyUyMmw1YXBpX2V4cDElMjIlM0ElN0IlMjJtb2RpZCUyMiUzQTgyMDg2NSUyQyUyMmNtZCUyMiUzQTUyNDI4OCU3RCUyQyUyMmw1YXBpX3Rlc3QxJTIyJTNBJTdCJTIybW9kaWQlMjIlM0E4MjA4NjUlMkMlMjJjbWQlMjIlM0E1MjQyODglN0QlMkMlMjJvdXRwdXQlMjIlM0F0cnVlJTdE

g_tk_openkey={$variable1}&t_vecReportItem:array=%7B%22mData%22%3A%7B%22uid%22%3A%22{$variable3}%22%2C%22openid%22%3A%22{$variable4}%22%2C%22opentype%22%3A%221%22%2C%22act_id%22%3A%22{$variable3}_1564589297921_63176483%22%2C%22opertime%22%3A%221564589297%22%2C%22platform%22%3A%2211%22%2C%22app_version%22%3A%225.2.7.278%22%2C%22key%22%3A%22assignment%23register_module%23register%23click%230%22%7D%7D&ns=app_dcreport&cmd=extra.data_report&ns_inbuf=&mapExt=JTdCJTIyZmlsZSUyMiUzQSUyMmFwcF9kY3JlcG9ydEpjZSUyMiUyQyUyMmNtZE5hbWUlMjIlM0ElMjJEYXRhUmVwb3J0JTIyJTJDJTIyZGNhcGklMjIlM0ElN0IlMjJpbnRlcmZhY2VJZCUyMiUzQTExMzkwMDA2MSU3RCUyQyUyMmlwJTIyJTNBJTIyMTAwLjk1LjEzOC4xOCUyMiUyQyUyMnBvcnQlMjIlM0ExMjQwNiUyQyUyMmw1YXBpX2V4cDElMjIlM0ElN0IlMjJtb2RpZCUyMiUzQTgyMDg2NSUyQyUyMmNtZCUyMiUzQTUyNDI4OCU3RCUyQyUyMmw1YXBpX3Rlc3QxJTIyJTNBJTdCJTIybW9kaWQlMjIlM0E4MjA4NjUlMkMlMjJjbWQlMjIlM0E1MjQyODglN0QlMkMlMjJvdXRwdXQlMjIlM0F0cnVlJTdE

Post Data Variables

g_tk_openkey
t_vecReportItem:array
ns [ 固定, app_dcreport]
cmd [ 固定, extra.data_report]
ns_inbuf [ 固定, 空 ]
mapExt [ 固定 ]

POST DATA关键变量

t_vecReportItem:array

{"mData":{"uid":"{$variable3}","openid":"{$variable4}","opentype":"1","act_id":"{$variable3}_1564587566429_83931731","opertime":"1564587566","platform":"11","app_version":"5.2.7.278","key":"assignment#register_module#register#click#0"}}

{"mData":{"uid":"{$variable3}","openid":"{$variable4}","opentype":"1","act_id":"{$variable3}_1564589297921_63176483","opertime":"1564589297","platform":"11","app_version":"5.2.7.278","key":"assignment#register_module#register#click#0"}}

{"mData":{"uid":"{$variable3}","openid":"{$variable4}","opentype":"1","act_id":"{$variable3}{时间戳}{不知道什么鬼东西}","opertime":"{时间戳}","platform":"11","app_version":"5.2.7.278","key":"assignment#register_module#register#click#0"}}

response data [签到成不成功都这样]

HTTP/1.1 200 OK
Date: Wed, 31 Jul 2019 16:19:52 GMT
Content-Type: application/x-javascript
Content-Length: 88
Connection: keep-alive
X-Powered-By: TSW/Node.js
Server: TSW/1.2.4
Cache-Control: no-cache
Content-Security-Policy: script-src https://wesingapp.com http://wesingapp.com https://.wesingapp.com http://.wesingapp.com https://.qq.com http://.qq.com https://.gtimg.cn http://.gtimg.cn https://.tenpay.com https://.idqqimg.com http://.idqqimg.com https://.gtimg.com http://*.gtimg.com 'unsafe-inline' 'unsafe-eval'; report-uri https://stat.y.qq.com/monitor/report_csp
Cache-Offline: false
{"code":0,"subcode":0,"msg":"","data":{"extra.data_report":{"iCode":0,"strErrInfo":""}}}

未完待续
@hacken156026692
Copy link

签到成功了吗?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tcpdump todo
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@san3Xian @hacken156026692