https://match.yuanrenxue.cn/match/17
抓包分析
居然对Fiddler有检测,不允许使用
那就使用浏览器抓包,好像没发现什么加密参数,然后重放也可以成功,时间长了也无需刷新页面,尝试Python复现。
Python复现
import requests
headers = {
"authority": "match.yuanrenxue.cn",
"accept": "application/json, text/javascript, */*; q=0.01",
"accept-language": "zh-CN,zh;q=0.9",
"referer": "https://match.yuanrenxue.cn/match/17",
"sec-ch-ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36",
"x-requested-with": "XMLHttpRequest"
}
cookies = {
"sessionid": "zwy0uz1vd0ge1e42310i34b37584m1lj",
"m": "fb000f94e1ee96b8ffb346da6bc5e2bb|1717678387000",
"Hm_lvt_c99546cf032aaa5a679230de9a95c7db": "1717646819,1717658072,1717660207,1717678388",
"qpfccr": "true",
"no-alert3": "true",
"Hm_lvt_9bcbda9cbf86757998a2339a0437208e": "1717639423,1717658081,1717660212,1717678393",
"Hm_lpvt_9bcbda9cbf86757998a2339a0437208e": "1717678529",
"Hm_lpvt_c99546cf032aaa5a679230de9a95c7db": "1717678589"
}
url = "https://match.yuanrenxue.cn/api/match/17"
params = {
"page": "5"
}
response = requests.get(url, headers=headers, cookies=cookies, params=params)
print(response.text)
print(response)
Python复现失败,此时浏览器还是可以重放,说明参数没过期,而是被检测了。
{"status": "0", "error": "page no found"}
<Response [200]>
根据题目名字以及发包的协议类型,发现使用的是https2.0的协议
而requests模块不支持,这就需要使用httpx模块来发送请求,下面构建Python代码
import httpx
# 创建一个HTTP/2.0客户端
client = httpx.Client(http2=True)
# 自定义请求头
headers = {
"Accept": "application/json, text/javascript, */*; q=0.01",
"Accept-Encoding": "gzip, deflate, br",
"Accept-Language": "zh-CN,zh;q=0.9",
"Referer": "https://match.yuanrenxue.cn/match/17",
"Sec-Ch-Ua": "\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\"",
"Sec-Ch-Ua-Mobile": "?0",
"Sec-Ch-Ua-Platform": "\"Windows\"",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-origin",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36",
"X-Requested-With": "XMLHttpRequest"
}
# 自定义cookies
cookies = {
"sessionid": "zwy0uz1vd0ge1e42310i34b37584m1lj",
}
# 请求URL
url = "https://match.yuanrenxue.cn/api/match/17"
ret = 0
# 遍历 page 参数从 1 到 5
for page in range(1, 6):
# 请求参数
params = {
"page": str(page)
}
# 发送GET请求
response = client.get(url, headers=headers, cookies=cookies, params=params)
for item in response.json()["data"]:
ret += item["value"]
# 关闭客户端
client.close()
print(ret)
本题的恶心点主要就是在2.0协议了,所以以后发送请求的时候一定要打开协议显示。
![[element-ui]el-form自定义校验-图片上传验证(手动触发部分验证方法)](https://img-blog.csdnimg.cn/direct/162ee48f82c44739b109681abd813edd.png)
![[数据集][目标检测]焊接处缺陷检测数据集VOC+YOLO格式3400张8类别](https://img-blog.csdnimg.cn/direct/981fed37f1424cb49bd073230ff2d4d4.png)
