https://www.youzy.cn/tzy/search/colleges/collegeList
获取目标网址等信息
打开开发人员工具(F12),拿到调用接口的地址,以及接口请求参数等信息,如下
curl 'https://uwf7de983aad7a717eb.youzy.cn/youzy.dms.basiclib.api.college.query' \
-H 'Accept: */*' \
-H 'Accept-Language: zh-CN,zh;q=0.9' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'Origin: https://pv4y-pc.youzy.cn' \
-H 'Referer: https://pv4y-pc.youzy.cn/' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: same-site' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.63' \
-H 'sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Microsoft Edge";v="110"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'u-sign: e79c2c67e9060725be683594244ec10f' \
-H 'u-token;' \
--data-raw '{"keyword":"","provinceNames":[],"natureTypes":[],"eduLevel":"","categories":[],"features":[],"pageIndex":4,"pageSize":20,"sort":11}' \
--compressed
接口调用
第一次调用,按最简单的方案来进行:直接使用curl中的请求头以及参数,不做任何改动
该方法的好处是先将接口调通,不掺和其他外部因素
来,直接上代码
import requests
url = 'https://uwf7de983aad7a717eb.youzy.cn/youzy.dms.basiclib.api.college.query'
data = '{"keyword":"","provinceNames":[],"natureTypes":[],"eduLevel":"","categories":[],"features":[],"pageIndex":4,"pageSize":20,"sort":11}'
headers = {
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/json',
'Origin': 'https://pv4y-pc.youzy.cn',
'Referer': 'https://pv4y-pc.youzy.cn/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.63',
'sec-ch-ua': '"Chromium";v="110", "Not A(Brand";v="24", "Microsoft Edge";v="110"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': 'macOS',
'Accept-Encoding': 'gzip, deflate, br',
'Host': 'uwf7de983aad7a717eb.youzy.cn',
'u-sign': 'e79c2c67e9060725be683594244ec10f'
}
response = requests.post(url, headers=headers, data=data)
print('response-->', response.text)
代码执行结果如下
进阶调用
通过从curl中获取相关参数,成功的进行了接口调用
此时,我们修改一下分页参数,来获取第2页的数据,提示身份鉴权失败
response--> {"code":"401","message":"身份授权失败","fullMessage":"","timestamp":"2023-03-06T16:10:56.1799746+08:00","isSuccess":false}通过实验发现,修改任意参数,都会提示鉴权失败
所有证据都证明着这里有猫腻
观察请求体,参数都挺正常,除了u-sign
寻找u-sign
使用开发人员工具里的搜索功能,来看下u-sign是在哪里赋值
找到文件之后,继续在文件内搜索u-sign
可能会找到多个符合项,这时可以通过数据翻页debug的方式,来确定具体哪一项符合我们的预期
分析u-sign生成代码
return e.headers = {
"Content-Type": "application/json",
"u-sign": o(e.url, e.data), // 生成u-sign
"u-token": p.getOrLoadUToken()
}继续debug,找到方法o的代码
"339a": function(e, t, r) {
r("ac1f"),
r("1276"),
r("159b"),
r("99af"),
r("1e25"),
r("b64b");
var n = r("6821");
e.exports = function(e, t) {
var r, i = "9SASji5OWnG41iRKiSvTJHlXHmRySRp1", o = "", a = t || {}, s = (e = e || "").split("?");
if (s.length > 0 && (r = s[1]),
r) {
var u = r.split("&")
, c = "";
u.forEach((function(e) {
var t = e.split("=");
c += "".concat(t[0], "=").concat(encodeURI(t[1]), "&")
}
)),
o = "".concat(_.trimEnd(c, "&"), "&").concat(i)
} else
// 走的这里!!
o = Object.keys(a).length > 0 ? "".concat(JSON.stringify(a), "&").concat(i) : "&".concat(i);
return o = o.toLowerCase(),
n(o) // 做了一次加密操作
}
},方法o中做了一个字符串拼接,并执行了方法n(加密操作),代码如下
e.exports = function(e, r) {
if (null == e)
throw new Error("Illegal argument " + e);
var n = t.wordsToBytes(a(e, r));
return r && r.asBytes ? n : r && r.asString ? o.bytesToString(n) : t.bytesToHex(n)
}加密代码没有完全看明白
通过网上的案例+使用加密工具,强行试出来是加密方式是md5
在线加密工具: 在线加密解密 - chahuo.com
最后附上完整代码
from hashlib import md5
import requests
url = 'https://uwf7de983aad7a717eb.youzy.cn/youzy.dms.basiclib.api.college.query'
data = '{"keyword":"","provinceNames":[],"natureTypes":[],"eduLevel":"","categories":[],"features":[],"pageIndex":2,"pageSize":20,"sort":11}'
def u(tt):
en_key = '9SASji5OWnG41iRKiSvTJHlXHmRySRp1'
result = tt.lower() + '&' + en_key.lower()
print('result', result)
return result
def get_u_sign(data):
sign_data = u(data)
return md5(sign_data.encode()).hexdigest()
headers = {
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/json',
'Origin': 'https://pv4y-pc.youzy.cn',
'Referer': 'https://pv4y-pc.youzy.cn/',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-site',
'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.63',
'sec-ch-ua': '"Chromium";v="110", "Not A(Brand";v="24", "Microsoft Edge";v="110"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': 'macOS',
'Accept-Encoding': 'gzip, deflate, br',
'Host': 'uwf7de983aad7a717eb.youzy.cn',
'u-sign': get_u_sign(data)
}
response = requests.post(url, headers=headers, data=data)
print('response-->', response.text)
