1、抓包工具抓取一个请求
POST /rest/n/feed/nearby?app=0&kpf=ANDROID_PHONE&ver=6.5&c=HUAWEI_KWAI&mod=HUAWEI%28HWI-AL00%29&appver=6.5.5.9591&ftt=&isp=CUCC&kpn=KUAISHOU&lon=102.698614&language=zh-cn&sys=ANDROID_9&max_memory=384&ud=0&country_code=cn&oc=HUAWEI_KWAI&hotfix_ver=&did_gt=1584622753889&iuid=&net=WIFI&did=ANDROID_9ba4839bf09a1834&lat=25.002707 HTTP/1.1
type=10&page=1&token=&count=20&id=9&refreshTimes=0&coldStart=false&source=1&browseType=1&seid=60ed7899-e25e-4b9b-b971-3f75b4df00fd&os=android&sig=75e33af6cb4a795c039e0f94a9bd27bf&client_key=3c2cd3f3
2、分析
可以看到请求的参数中,有一个字段叫sig,我们主要要做的工作就是通过参数计算出这个sig,通过逆向分析发现,这个sig计算方式为:
把url中的参数放入map1中;
把表单中的参数放入map2中;
把map1和map2中的元素以key=value的形式放入arraylist中
对arraylist进行排序;
把arraylist中的元素按顺序拼接成一个字符串str;
把str转成bytearray;
调用CPU.getClock(),传入str计算签名;
CPU.getClock()是一个native方法,在libcore.so中实现
3、放代码
from sig import signature
import requests
para = {
"app":"0",
"kpf":"ANDROID_PHONE",
"ver":"6.5",
"c":"HUAWEI_KWAI",
"mod":"HUAWEI(HWI-AL00)",
"appver":"6.5.5.9591",
# "ftt":"",
"isp":"CUCC",
"kpn":"KUAISHOU",
# "lon":"102.698614",
"language":"zh-cn",
"sys":"ANDROID_9",
"max_memory":"384",
"ud":"0",
"country_code":"cn",
"oc":"HUAWEI_KWAI",
# "hotfix_ver":"",
"did_gt":"1584622753889",
# "iuid":"",
"net":"WIFI",
"did":"ANDROID_9ba4839bf09a1834",
# "lat":"25.002707"
}
post = {
"type":"10",
"page":"1",
"token":"",
"count":"20",
"id":"9",
"refreshTimes":"0",
"coldStart":"false",
"source":"1",
"browseType":"1",
"seid":"60ed7899-e25e-4b9b-b971-3f75b4df00fd",
"os":"android",
"client_key":"3c2cd3f3"
}
j = signature.WeChat_YY_yhzf.sig_post("https://apissl.ksapisrv.com/rest/n/feed/nearby",para,post)
header = {"Content-Type":"application/x-www-form-urlencoded"}
resp = requests.post(j["para"], data=j["data"],headers=header)
print(resp.text)
请求结果如下:
搞定,完美。其他接口类似处理即可。
——————————————————————————————————————————
TiToData:专业的短视频、直播数据接口服务平台。
更多信息请联系: TiToData
覆盖主流平台:抖音,快手,小红书,TikTok,YouTube