点击好评
https://www.dianping.com/ajax/json/shopDynamic/allReview
分析参数_token
直接搜_token
共17个,优先看和请求相关的
给第一个_token打上断点,然后切换评论,就直接断住了
n = h(i, e.sendData)
_token: n
现在给它打上断点,然后刷新页面
现在进去看看h方法
h方法里面最核心的就是i.reload(s)
i.reload(s)里面最核心的就是iP.sign = iJ(jx);
明文字符串先是变为Uint8Array
然后再变为base64格式字符串
iD方法里面也确实是对Uint8Array进行一些运算
现在把Uint8Array数组转为base64
function Uint8ArrayToBase64(uint8Array) {
return Buffer.from(uint8Array).toString('base64');
}
var jc = [120, 156, 83, 74, 206, 44, 169, 244, 76, 177, 53, 81, 203, 47, 74, 73, 45, 178, 77, 206, 207, 205, 205, 207, 83, 43, 206, 200, 47, 0, 138, 122, 24, 122, 153, 101, 101, 152, 71, 5, 122, 133, 4, 37, 22, 186, 122, 130, 197, 67, 42, 11, 82, 109, 13, 13, 212, 138, 75, 115, 115, 19, 139, 42, 253, 18, 115, 83, 109, 75, 243, 82, 82, 211, 50, 243, 82, 83, 148, 0, 136, 73, 28, 175]
console.log(Uint8ArrayToBase64(new Uint8Array(jc)));
结果完全没有问题
现在返回过去
字符串
‘cityId=4&order=common&shopId=H1J6jh7ZQJTRaqEI&shopType=10&summaryName=undefined’
先是经过cD.deflate方法转Uint8Array再是转base64
然后得到结果
‘eJxTSs4sqfRMsTVRyy9KSS2yTc7Pzc3PUyvOyC8AinoYepllZZhHBXqFBCUWunqCxUMqC1JtDQ3UiktzcxOLKv0Sc1NtS/NSUtMy81JTlACISRyv’
cD.deflate方法内部就是压缩字符串得到uint8Array
const zlib = require('zlib');
function compressString(str) {
var compressed = zlib.deflateSync(str);
return Array.from(compressed); // 输出压缩后的数组形式
}
function Uint8ArrayToBase64(uint8Array) {
return Buffer.from(uint8Array).toString('base64');
}
var jd = 'cityId=4&order=common&shopId=H1J6jh7ZQJTRaqEI&shopType=10&summaryName=undefined'
arr = compressString(JSON.stringify(jd));
res = Uint8ArrayToBase64(new Uint8Array(arr));
// 得到结果 "eJxTSs4sqfRMsTVRyy9KSS2yTc7Pzc3PUyvOyC8AinoYepllZZhHBXqFBCUWunqCxUMqC1JtDQ3UiktzcxOLKv0Sc1NtS/NSUtMy81JTlACISRyv"
console.log(res);