最新某宝x-sign参数生成原理
淘宝x-sign算法解密分析
我在上一篇博客中给大家介绍了淘宝接口如何抓取,今天我来给大家介绍一下淘宝中校验参数x-sign的生成了,现在大家都知道只要有了x-sign基本上所有事情都可以干,包括但不仅限于商品信息,商品评价,秒杀活动等等
本文将演示如何获取淘宝商品评价信息,以iphone11为例 https://detail.tmall.com/item.htm?id=602659642364
抓包分析
通过charles手机抓包分析得出评价获取参数为如下几个:
url:http://guide-acs.m.taobao.com/gw/mtop.taobao.rate.detaillist.get/4.0
参数:data={“rateType”:"",“hasPic”:“1”,“foldFlag”:“0”,“pageNo”:“1”,“pageSize”:“10”,“auctionNumId”:“602659642364”}
头信息:有好多头信息,最重要的x-sign
签名接口调用
先放一个postman的图片 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]
使用说明:
- 图片中的请求地址并不是真实的请求地址,需要联系qq获取
- 发请求的时候必须是post json格式,可能需要协议头Content-Type:application/json
- token是接口校验参数,需要联系qq获取
- 获取签名的时候参数值都不需要转义,发请求抓数据的时候可能需要转义
- 所有参数必须使用
""包起来,必须是字符串
参数说明
- data:就是参数data,为了避免出现编码问题,使用base64编码再传给我。编码前的data不要使用 urlencode.
- appKey:默认
"21646297",淘宝的appKey这个值是固定,如果是淘宝系其他app,这个值不一样 - pv:默认
"6.3",可选"6.2"或者"6.3" - useMiniWua:默认
"0"需要x-mini-wua的时候,设置为"1",当pv="6.3"的时候,都是带x-mini-wua返回值的 - useWua:默认
"0"需要wua的时候,设置为"1" - `如有其他疑问,或者需要帮助的请联系qq: 946420414
返回值说明
返回值有x-sign,x-mini-wua,wua等 需要自己发请求测试,此处不再说明
python 版本demo
运行条件: python3 + requests 库
#!/usr/bin/env python
# coding:utf8
import os
import json
import requests
from urllib.parse import quote
from urllib.parse import quote_plus
from pprint import pprint
import base64
import time
def gwMtopApi(api, v, data, uid="0", sid="0", method='GET'):
utdid = "XLWkskakX5EDAEAuXveJ2YJy"
appKey = "21646297"
timestamp = time.time()
t = int(timestamp)
lat = "31.23238"
lng = "121.477733"
ttid = '701186@taobao_android_9.1.0'
deviceId = "Akuvfv2rDaTsFg2EJoAi5vGWE8wGLLTOVgrx3XMZ2a_M"
features = "27"
pageId = "https://market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem?wh_ttid=native"
pageName = "market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem"
# 数据使用base64做下编码
b64Data = base64.b64encode(data.encode("utf-8"))
pprint(b64Data)
postData = {
"utdid": utdid,
"uid": uid,
# 设备id
"deviceId": deviceId,
"appKey": appKey,
"x-features": features,
"ttid": ttid,
"location": lng + ',' + lat,
"v": v,
"sid": sid,
# 时间戳 10位数
"t": t,
"api": api,
"useWua": "1",
"data": b64Data,
"pageId": pageId,
"pageName": pageName
}
pprint(postData)
result = getTaobaoSigns(postData)
jobj = json.loads(result)
dataJobj = jobj["data"]
pprint(dataJobj['x-mini-wua'])
body = "data=" + quote_plus(data)
requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/".format(api, v)
proxies = None
headers = {
"x-appkey": appKey,
"x-devid": deviceId,
"x-ttid": quote_plus(ttid),
"x-sign": quote_plus(dataJobj['x-sign']),
"x-umt": quote_plus(dataJobj['x-umt']),
"x-mini-wua": quote_plus(dataJobj['x-mini-wua']),
"x-sgext": dataJobj['x-sgext'],
"x-t": str(t),
"x-location": quote_plus("{0},{1}".format(lng, lat)),
"x-app-ver": "9.1.0",
"f-refer": "mtop",
"x-nq": "WIFI",
"x-nettype": "WIFI",
"x-region-channel": "CN",
"f-refer": "mtop",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"A-SLIDER-Q": "appKey%3D21646297%26ver%3D0",
"x-bx-version": "6.4.11",
"x-page-url": quote_plus(pageId),
"a-orange-q": "appKey=21646297&appVersion=9.1.0&clientAppIndexVersion=1120191120160145573&clientVersionIndexVersion=0",
"x-page-name": pageName,
"x-pv": "6.3",
"x-c-traceid": "XLWkskakX5EDAEAuXveJ2YJy1574237572826005219386",
"x-features": features,
"x-app-conf-v": str(19),
"x-utdid": utdid,
"c-lauch-info": "0,0,1574237572825,1574233432783,3",
"User-Agent": "MTOPSDK%2F3.1.1.7+%28Android%3B8.1.0%3BHuawei%3BNexus+6P%29",
"Connection": "Keep-Alive",
"Accept-Encoding": "gzip",
"x-bx-version": "6.4.11"
}
if uid != "":
headers["x-uid"] = uid
headers["x-sid"] = sid
if method == 'GET':
requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/?{2}".format(api, v, body)
pprint(requestUrl)
result = requests.get(requestUrl, timeout=20, headers=headers, proxies=proxies, verify=False)
else:
result = requests.post(requestUrl, data=body, headers=headers, timeout=20, proxies=proxies, verify=False)
pprint(result)
if result.status_code == requests.codes.ok:
pprint(result.text)
def getTaobaoSigns(arr):
pprint(arr)
requestURL = "http://127.0.0.1:8080/fakeTbParam"
headers = {
"allow_access": "true",
"Content-Type": "application/x-www-form-urlencoded"
}
result = requests.post(requestURL, data=arr, timeout=20, headers=headers)
pprint(result.text)
dataStr = ""
if result.status_code == requests.codes.ok:
dataStr = result.text
pprint(dataStr)
return dataStr
def getTaobaoDetail():
data = '''{"LBS":"{\\"SG_TMCS_1H_DS\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"SG_TMCS_FRESH_MARKET\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"TB\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"185784179\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"2\\\\\\",\\\\\\"type\\\\\\":\\\\\\"1\\\\\\"}]}\\",\\"TMALL_MARKET_B2C\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"105\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_CITY\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"},{\\\\\\"code\\\\\\":\\\\\\"107\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_REGION\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\",\\"TMALL_MARKET_O2O\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"233930143\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"DELIVERY_TIME_ONE_HOUR\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\"}","URL_REFERER_ORIGIN":"https://s.m.taobao.com/h5entry?utparam=%7B%22ranger_buckets_native%22%3A%22tsp2189_21618_normaluser01%22%7D&spm=a2141.1.searchbar.searchbox&scm=1007.home_topbar.searchbox.d&_navigation_params=%7B%22needdismiss%22%3A%220%22%2C%22animated%22%3A%220%22%2C%22needpoptoroot%22%3A%220%22%7D","_navigation_params":"{\\"needdismiss\\":\\"0\\",\\"animated\\":\\"0\\",\\"needpoptoroot\\":\\"0\\"}","ad_type":"1.0","apptimestamp":"1575125141","areaCode":"CN","brand":"google","canP4pVideoPlay":"true","countryNum":"156","device":"Nexus 6P","editionCode":"CN","filterEmpty":"true","filterUnused":"true","from":"suggest_all-query","homePageVersion":"v6","imei":"867686023424128","imsi":"09647Nexus617c3","info":"wifi","isBeta":"false","itemfields":"commentCount,newDsr","layeredSrp":"true","n":"10","needTabs":"true","network":"wifi","new_shopstar":"true","page":"2","pos":"0_0","q":"iphone11","rainbow":"14071,14070,12994,14154","referrer":"com.taobao.taobao","schemaType":"all","scm":"1007.home_topbar.searchbox.d","searchFramework":"true","search_action":"initiative","search_wap_mall":"false","setting_on":"imgBanners,userdoc,tbcode,pricerange,localshop,smartTips,firstCat,dropbox,realsale,insertTexts,tabs","showspu":"true","sort":"_sale","spm":"a2141.1.searchbar.searchbox","sputips":"on","style":"list","subtype":"text","sugg":"iphone11_0_0","suggest_rn":"bucketid_1-rn_9ce4a9df-e0c0-418d-80a2-df54040958ed","sversion":"8.3","taoxianda":"true","ttid":"701186@taobao_android_9.2.0","utd_id":"XLWkskakX5EDAEAuXveJ2YJy","utparam":"{\\"ranger_buckets_native\\":\\"tsp2189_21618_normaluser01\\"}","vm":"nw"}'''
api = "mtop.taobao.wsearch.appsearch"
v = "1.0"
gwMtopApi(api, v, data, uid="60348168", sid="96d58db05c3654c6015572075f9e41ea")
if __name__ == '__main__':
getTaobaoDetail()
技术支持
感谢大家在百忙中阅读我的博客。
如有技术问题请联系qq: 946420414