qidao123.com ToB IT社区-企服评测·应用市场»论坛 数据库 分布式数据库 python某音app商城商品详情(2024-11-06)

python某音app商城商品详情(2024-11-06)

[复制链接]
发表于 2025-12-30 05:43:58 | 显示全部楼层 |阅读模式
一、抓包


1、环境搭建


某音app版本31.7.0
已安装Magisk+lsposed的手机(一样寻常是小米手机)
Charles抓包工具(v4.6.5)
Postem(手机端转发端口)
Magisk+lsposed(root环境)
2、抓包原理


charles+Magisk+lsposed+Postem

3、hook源码
  2. package utils;
  4. import android.app.AndroidAppHelper;
  5. import android.content.Context;
  6. import android.content.Intent;
  7. import android.net.Uri;
  8. import android.util.Log;
  10. import android.os.Bundle;
  11. import android.util.Base64;
  12. import android.util.Log;
  13. import android.widget.Toast;
  15. import org.json.JSONObject;
  17. import java.io.InputStream;
  18. import java.lang.reflect.Field;
  19. import java.net.HttpURLConnection;
  20. import java.net.URL;
  21. import java.nio.charset.StandardCharsets;
  23. import de.robv.android.xposed.IXposedHookLoadPackage;
  24. import de.robv.android.xposed.XC_MethodHook;
  25. import de.robv.android.xposed.XC_MethodReplacement;
  26. import de.robv.android.xposed.XposedBridge;
  27. import de.robv.android.xposed.XposedHelpers;
  28. import de.robv.android.xposed.callbacks.XC_LoadPackage;
  31. import java.io.UnsupportedEncodingException;
  32. import java.net.URLDecoder;
  33. import java.net.URLEncoder;
  34. public class MainHook implements IXposedHookLoadPackage {
  36.     @Override
  37.     public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
  38.         Log.i("byc","===================dy-start1=========================");
  39.         //XposedBridge.log("===================dy-start1==========================");
  40.         // 判断当前启动的目标程序是否是要hook的应用程序
  41.         // 通杀dy|dy极速版|短视频等  author by byc6352 or metabycf
  42.         if (loadPackageParam.packageName.contains("com.ss.android.ugc.aweme")) {
  43.             XposedBridge.log("=======dyCapture=====================");
  44.             Class CronetClient = XposedHelpers.findClass("org.chromium.CronetClient", loadPackageParam.classLoader);
  45.             XposedBridge.hookAllMethods(CronetClient, "tryCreateCronetEngine",
  46.                     new XC_MethodReplacement() {
  47.                         @Override
  48.                         protected Object replaceHookedMethod(XC_MethodHook.MethodHookParam methodHookParam) throws Throwable {
  49.                             return null;
  50.                         }
  51.                     });
  52.         }
  54.     }
  57. }
复制代码
4、抓包示例(乐成抓到数据):


图1(Charles抓包商品详情)

二、Scheme跳转链接


1、商品详情的跳转链接是:
  2. snssdk1128://goods/seeding/?promotion_id=3712628099427467440
复制代码
可以从安卓app或欣赏器通过scheme跳转直接打开指定的商品详情页

2、网页跳转商品页源码
  1. <!DOCTYPE html><html><head><meta charset="utf-8"><title>应用内跳转</title><link rel="stylesheet" href="static/css/css.min.css"><script src="static/js/jquery.js"></script><meta http-equiv="x-dns-prefetch-control" content="on"><meta name="viewport" content="width=device-width,initial-scale=1"><style>body{max-width:900px;margin:0 auto}.weixin-tip {display: none; position: fixed; left:0; top:0; bottom:0; background: rgba(0,0,0,0.8); filter:alpha(opacity=80);  height: 100%; width: 100%; z-index: 100;}.weixin-tip p{text-align: center; margin-top: 20%; padding:0 5%;}.weixin-tip img{width:100%;}</style></head><body><div class="h5ui-msg h5ui-msg_error">    <div class="h5ui-msg_content">                <div class="tubiao"><img src="app.png" /></div>                                <h1 style="color:red;">应用内跳转</h1>                <div class="tab-content">                        <p>更新于:2024-11-05 12:00:00(author by byc6352 or metabycf)</p>                </div>                <div class="erweima">                <a href="
  2. snssdk1128://goods/seeding/?promotion_id=3712628099427467440" class="h5ui-btn h5ui-btn_primary">抖音跳转</a>                    </div></div>        <div class="weixin-tip">                <p>                        <img src="static/picture/weixin.png" alt="微信打开">                </p>        </div>        <script type="text/javascript">        $(window).on("load",function(){                var winHeight = $(window).height();                        function is_weixin() {                            var ua = navigator.userAgent.toLowerCase();                            if (ua.match(/MicroMessenger/i) == "micromessenger") {                                return true;                                } else if (ua.match(/QQ/i) == "qq") {                                                return true;                            } else {                                return false;                            }                        }                        var isWeixin = is_weixin();                        if(isWeixin){                                $(".weixin-tip").css("height",winHeight);                    $(".weixin-tip").show();                        }        })        </script></body></html>
复制代码
三、python 哀求商品接口源码
  2. # -*- coding: utf-8 -*-
  3. """
  4. -------------------------------------------------
  5.     Author: byc6352
  6.     File:product.py
  7.     Time: 2024/11/06 08:03
  8.     Technical Support:byc6352 or metabycf or 39848872 or t:byc01 or potato:metabyc
  9. -------------------------------------------------
  10.     Change : 2024/11/06 08:03
  11. -------------------------------------------------
  12.     Desc:
  13. """
  14. import json
  15. import requests
  16. import function
  18. def xg_sign(req_url, req_headers):
  19.     api = "http://xxxx.com:10001/api/dy/encrypt"
  20.     ##生成抖音六神参数 contact :byc6352 or metabycf
  21.     ##X-Ladon,X-Khronos,X-Argus,X-Gorgon,X-Helios,X-Medusa
  22.     header_list = []
  23.     for k, v in req_headers.items():
  24.         header_list.append(k)
  25.         header_list.append(v)
  26.     data = {
  27.         "url": req_url,
  28.         "headerList": json.dumps(header_list)
  29.     }
  30.     # print(data)
  31.     res = requests.post(api, data=data)
  32.     result = res.json()
  33.     return result
  36. def get_product(product_id):
  37.     try:
  38.         headers = {
  39.             "method": "POST",
  40.             "path": "/ecom/product/detail/stream/?klink_egdi=AAIeERE3u6AxDOC7htGjlnWKCKIlejk7oZso1wd8qpFlYv3urbLupx-M&iid=3710169740217968&device_id=3261614919800426&ac=wifi&channel=xiaomi_1128_64&aid=1128&app_name=aweme&version_code=310700&version_name=31.7.0&device_platform=android&os=android&ssmix=a&device_type=MI+8+Lite&device_brand=Xiaomi&language=zh&os_api=29&os_version=10&manifest_version_code=310701&resolution=1080*2068&dpi=440&update_version_code=31709900&_rticket=1730812802487&first_launch_timestamp=1729320560&last_deeplink_update_version_code=31709900&cpu_support64=true&host_abi=arm64-v8a&is_guest_mode=0&app_type=normal&minor_status=0&appTheme=light&is_preinstall=0&need_personal_recommend=1&is_android_pad=0&is_android_fold=0&ts=1730812804&cdid=415d513f-f91d-4a6a-ae09-5d8a1b9760ed",
  41.             "authority": "ecom5-normal-lq.ecombdapi.com",
  42.             "scheme": "https",
  43.             "x-ss-stub": "EBA4291BD798853C56757E24E51A45E1",
  44.             "accept-encoding": "gzip",
  45.             "x-tt-dt": "AAA35EUO536D47D44CV3PCY7HG6A37XC3Q2Z2NTL6MQNO5WOOMHSKP5UQAS2IRUW52R5VQG3CNQULNIITVCUH6OR4FSOJSU3TK72MKMMR7TH63IKNJMGUQLBNYGF77OARDFPPPDFMLP6WU7GCJHNDNI",
  46.             "activity_now_client": "1730812804586",
  47.             "x-bd-client-key": "bd25b9d98c687cfd61b80668bc71972f5b437e89b6c69db9496166a8463014b084609486196db2930052c33d23c14e2f7ff21463cb983c77898fe100b34a3cd8",
  48.             "x-bd-kmsv": "1",
  49.             "sdk-version": "2",
  50.             "x-tt-passport-mfa-token": "CjZ+xGx9aFWdpxzuRWBIgyeiietrATgxNAMQWumtEtX6pRo1S9Tyz5reTkUsKIFlu0YrGHkulpUaSgo8widUXGmoflSx9/vl0z61chwLMkPD6HS/9ASMKCHWJDCs76hdzVCVy16OTr0jexLXZipL6n8qDTdDExfxEPvH4A0Y9rHRbCACIgEDoorqYw==",
  51.             "x-tt-token": "0073e3916318365a9cc074e262217c9b8f027c4fd96156aa8334164b00b9f02f1a8159288668894e13f2012f9cf6a8862b64da1f03085b650084da3a4252f9a423597ef52b63d573119e4eb9aa0c53f2a4fb3f9c5acf4d784730a34cce89bb02dd319-1.0.1",
  52.             "x-tt-token-supplement": "03bebfbef711cb858ecf76506954cd128bb1dcf9ae2509899f37682c4c066729833fdb9836af09394c98a422b7761571d88fa2f767dc3c68cae4c23165897bcd8b9",
  53.             "passport-sdk-version": "203266",
  54.             "x-vc-bdturing-sdk-version": "3.7.3.cn",
  55.             "user-agent": "com.ss.android.ugc.aweme/310701 (Linux; U; Android 10; zh_CN; MI 8 Lite; Build/QKQ1.190910.002;tt-ok/3.12.13.4-tiktok)",
  56.             "x-ladon": "ZyobgA==",
  57.             "x-khronos": "1730812800",
  58.             "x-argus": "gBsqZw==",
  59.             "x-gorgon": "8404408600011e58573699a1044a9f40e75e639ad18b11dafb91",
  60.             "x-helios": "42KyFfoiT2YA3qf69oWnSB1WHxKwKJt3biDt7WY4GBIr92PO",
  61.             "x-medusa": "hBsqZ5J0qhJmnphROPCuraLQaY/CdQAB3jdxlENBAeksGj1mTmq/1ynjlut0xVAFOFOF1g5PuT/H9fW9UkbaM6HjDwo2oYgQR+rrohqV5INK/VmQSKHrroZFZM+CQrPskb/JPeXzrkvjUYiiEnRCJiFjSVInGDPKN13qryrAaiT9iXW5AifaSRoSxvk5AFbq08S58U6BIXSzj0yDY+RQqWRlRMyca01itiqNlO7XQlYfc8dpoxrUZIns/RsBry78UUkmqov99qpu2vqF2HDaMQNSZtjb/IoCBKmjo0i/IxMjL26Zpzjn0NRgS0PjHkdKaBhPc08CO0+rIn4G/OONpmjZagXhcKAOuD6ZcKHCUCrFnoiJSoab9xoZOwp+69NQvBd7I5gKxm5cOpyn5YXAAOZ7jJBfXzZEKy8bcq0uD8tlehaD+9G4rJDrpdFo1FL+43yD/eJXsnSsguAoDYNXq9PTdBfc1y5vUfL3tQzZfJQ8/KSfKEm7eBuxP5gDe8EuRb0BYzDF14+IJD4NvC3FVHRRoToqQFUfP1ollCxDpROiWME06dkqzUVD3jefZkNgaCr0AqE0/aQHQSOih2EMkvXqAHfTrxkZNJoCBMMXemPa0JFkVJgSguPhEZ0YpDOK9YSbPY+gKEuX02umX7X7V7cC//i3Av746RM=",
  62.             "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
  63.             "content-length": "4588",
  64.             "cookie": "passport_csrf_token=239a8666cc640ebacd015fc77c58f4bc; passport_csrf_token_default=239a8666cc640ebacd015fc77c58f4bc; d_ticket=17923e6324133d68e54c2b76f5a6c56f6cbf1; passport_mfa_token=CjZ%2BxGx9aFWdpxzuRWBIgyeiietrATgxNAMQWumtEtX6pRo1S9Tyz5reTkUsKIFlu0YrGHkulpUaSgo8widUXGmoflSx9%2Fvl0z61chwLMkPD6HS%2F9ASMKCHWJDCs76hdzVCVy16OTr0jexLXZipL6n8qDTdDExfxEPvH4A0Y9rHRbCACIgEDoorqYw%3D%3D; multi_sids=1205541730521768%3A73e3916318365a9cc074e262217c9b8f; odin_tt=c8d058700a61cccc7339db9142afbf174c299a690a4bd44935ecdc1d763197612b70e2268c243a95f3bc5bec7bb254d22cebedc9a1141e6bc3a13f574d4f5e5f074007d7490664da0d51521023293464; passport_assist_user=CkF6XZdQFN8yaWk3OZmtgMmeWl725AfiLTuuHDqqSIUi5f3_PI483Lt0QoauL8loYyqnjwDBhSpbLoJpI8GSHJoAkBpKCjx3DfP8S1Bua9QnSbnwpnSzE1h_82IPk6wap_ob6ThdNQHIW2-CnYxVXkoIUcN80ZFnQZm2oC8Kx9Wekj0Q1MfgDRiJr9ZUIAEiAQN2Mh7a; n_mh=HljqylxpJTsSBfXF9ZwYpjNZ8KoP4zyz5DkqE7JYTlk; sid_guard=73e3916318365a9cc074e262217c9b8f%7C1730703817%7C5184000%7CFri%2C+03-Jan-2025+07%3A03%3A37+GMT; uid_tt=330159761faa41",
  65.         }
  67.         url = "https://ecom5-normal-lq.ecombdapi.com/ecom/product/detail/stream/?klink_egdi=AAIeERE3u6AxDOC7htGjlnWKCKIlejk7oZso1wd8qpFlYv3urbLupx-M&iid=3710169740217968&device_id=3261614919800426&ac=wifi&channel=xiaomi_1128_64&aid=1128&app_name=aweme&version_code=310700&version_name=31.7.0&device_platform=android&os=android&ssmix=a&device_type=MI+8+Lite&device_brand=Xiaomi&language=zh&os_api=29&os_version=10&manifest_version_code=310701&resolution=1080*2068&dpi=440&update_version_code=31709900&_rticket=1730812802487&first_launch_timestamp=1729320560&last_deeplink_update_version_code=31709900&cpu_support64=true&host_abi=arm64-v8a&is_guest_mode=0&app_type=normal&minor_status=0&appTheme=light&is_preinstall=0&need_personal_recommend=1&is_android_pad=0&is_android_fold=0&ts=1730812804&cdid=415d513f-f91d-4a6a-ae09-5d8a1b9760ed"
  68.         data = 'user_id=1205541730521768&sec_user_id=MS4wLjABAAAASaiAOg4W7W1Blc4IO-XO8wFezU6PySsaqO9Qq2nBJlYmLnlra-HRA0HUHPx5NAS4&author_id=&author_open_id=&sec_author_id=&promotion_ids=3712628099427467440&item_id=&enter_from=open_url&meta_param=%7B%22entrance_info%22%3A%22%7B%5C%22carrier_source%5C%22%3A%5C%22open_url%5C%22%2C%5C%22source_method%5C%22%3A%5C%22open_url%5C%22%2C%5C%22ecom_group_type%5C%22%3A%5C%22%5C%22%7D%22%2C%22market_address%22%3A%22%7B%5C%22address_detail%5C%22%3A%5C%22%7B%5C%5C%5C%22address_list%5C%5C%5C%22%3A%5B%5D%2C%5C%5C%5C%22error_code%5C%5C%5C%22%3A1%7D%5C%22%7D%22%7D&width=1080&height=1080&use_new_price=1&cps_track=&gps_on=1&product_id=&creative_id=&promotion_id=&bff_type=1&ui_params=%7B%22bff_snapshot_switch%22%3Afalse%2C%22bolt_param%22%3A%22%7B%7D%22%2C%22carrier_source%22%3A%22open_url%22%2C%22channel_id%22%3A%22%22%2C%22channel_type%22%3A0%2C%22client_abs%22%3A%22%7B%5C%22iesec_new_goods_detail_edition%5C%22%3A6%2C%5C%22iesec_detail_head_search_plan%5C%22%3A2%2C%5C%22iesec_goods_detail_image_tab_optimize%5C%22%3A0%2C%5C%22iesec_goods_detail_optimize%5C%22%3A7%2C%5C%22need_adapt_addr%5C%22%3A1%2C%5C%22iesec_saas_balance_exchange%5C%22%3A0%2C%5C%22iesec_header_style_ab%5C%22%3A1%2C%5C%22iesec_header_category_b%5C%22%3A%5C%22%7B%5C%5C%5C%22category%5C%5C%5C%22%3A%5B%5B%5D%2C%5B21028%2C21235%2C20152%2C21503%2C21509%2C21515%2C20853%2C20873%2C20867%2C20739%2C20716%2C20743%2C20741%5D%2C%5B26137%2C26175%2C26168%2C26135%2C26276%2C26954%2C26277%2C26806%2C24647%2C22268%2C21514%2C33283%2C25725%2C22507%2C22505%2C22502%2C22503%2C22497%2C20537%2C24572%2C25783%2C25779%2C25378%2C25382%5D%2C%5B31174%5D%5D%7D%5C%22%2C%5C%22iesec_header_category_scene%5C%22%3A%5C%22%7B%5C%5C%5C%22category%5C%5C%5C%22%3A%5B%5B20009%2C20005%2C20010%2C20006%5D%2C%5B%5D%2C%5B%5D%2C%5B%5D%5D%2C%5C%5C%5C%22scene%5C%5C%5C%22%3A%5B%5C%5C%5C%221031%5C%5C%5C%22%2C%5C%5C%5C%221004%5C%5C%5C%22%2C%5C%5C%5C%221003%5C%5C%5C%22%2C%5C%5C%5C%221094%5C%5C%5C%22%5D%7D%5C%22%2C%5C%22iesec_ad_brand_popup%5C%22%3A2%2C%5C%22iesec_pdp_replay_ui_opt%5C%22%3A0%2C%5C%22iesec_aweme_tab_mall%5C%22%3A1%2C%5C%22iesec_pdp_slice_gecko%5C%22%3A%5C%221%5C%22%2C%5C%22iesec_saas_live_replay%5C%22%3A0%2C%5C%22iesec_saas_shop_recommend%5C%22%3A0%2C%5C%22iesec_pdp_bff_optimize%5C%22%3A1%2C%5C%22iesec_kol_video_evaluation_detail%5C%22%3A1%2C%5C%22iesec_pdp_find_same_opt%5C%22%3A2%2C%5C%22iesec_ecom_pdp_video_opt%5C%22%3A1%2C%5C%22iesec_ecom_live_list_ab%5C%22%3A0%2C%5C%22iesec_auto_coupon_opt_ab%5C%22%3A1%2C%5C%22iesec_chunk_not_include_service_panel%5C%22%3Afalse%2C%5C%22detail_first_render_upload_opt%5C%22%3Afalse%2C%5C%22detail_first_render_download_opt%5C%22%3Afalse%2C%5C%22iesec_pdp_top_nav_slice%5C%22%3A1%2C%5C%22iesec_pdp_bottom_nav_slice%5C%22%3A0%2C%5C%22iesec_pdp_new_style_top%5C%22%3A1%2C%5C%22iesec_pdp_new_style_bottom%5C%22%3A1%2C%5C%22iesec_ecom_pdp_update_exp%5C%22%3A0%2C%5C%22iesec_slice_fit_width%5C%22%3A%5C%22true%5C%22%2C%5C%22iesec_pdp_gallery_buy%5C%22%3A0%2C%5C%22pdp_drill_client_exp%5C%22%3Afalse%2C%5C%22iesec_saas_shop_comment%5C%22%3A%5C%22%5C%22%2C%5C%22iesec_saas_pdp_search%5C%22%3A%5C%22%5C%22%2C%5C%22debug_flag%5C%22%3A%5C%22%5C%22%7D%22%2C%22ecom_entrance_form%22%3A%22open_url%22%2C%22enter_method%22%3A%22click_open_url%22%2C%22entrance_info%22%3A%22%7B%5C%22carrier_source%5C%22%3A%5C%22open_url%5C%22%2C%5C%22source_method%5C%22%3A%5C%22open_url%5C%22%2C%5C%22ecom_group_type%5C%22%3A%5C%22%5C%22%7D%22%2C%22font_scale%22%3A1.0%2C%22from_live%22%3Afalse%2C%22from_video%22%3Afalse%2C%22full_mode%22%3Atrue%2C%22iesec_new_goods_detail_edition%22%3A6%2C%22is_auth%22%3A%221%22%2C%22is_luban%22%3Afalse%2C%22is_recommend_enable%22%3Atrue%2C%22is_short_screen%22%3Atrue%2C%22window_reposition%22%3Afalse%2C%22large_font_scale%22%3Afalse%2C%22native_control_flags%22%3A%22%7B%5C%22share_control_times%5C%22%3A%5C%220%5C%22%7D%22%2C%22height_percent%22%3A0%2C%22pdp_session_id%22%3A%22055e3297-ac29-43a2-b16d-b7fcdb648209%22%2C%22product_pre_info%22%3A%22null%22%2C%22promotion_id%22%3A%223712628099427467440%22%2C%22request_additions%22%3A%22%7B%5C%22cps_track%5C%22%3A%5C%22%5C%22%7D%22%2C%22show_sku_panel%22%3A0%2C%22sku_switch%22%3A%220%22%2C%22source_method%22%3A%22open_url%22%2C%22source_page%22%3A%22open_url%22%2C%22useful_screen_width%22%3A392%7D&user_avatar_shrink=132_132&goods_header_shrink=1080_1080&goods_comment_shrink=464_464&shop_avatar_shrink=101_101&common_large_shrink=3240_3240&ecom_scene_id=&goods_content_shrink=1080_-1&cps_track=&same_product_scene=0&is_preload_req=false&slice_sdk_version=2.13&channel_id=&channel_type=0&full_resp=false'
  69.         data = data.replace('3712628099427467440', product_id)
  70.         res = xg_sign(url, headers)
  71.         headers.update(res)
  72.         print(res)
  73.         res = requests.post(url, headers=headers, data=data.encode())
  74.         print(res.status_code)
  75.         print(res.headers)
  76.         print(res.text)
  77.         function.savetofile('product_detail.txt', res.text)
  78.         return res.status_code,res.text
  79.     except Exception as e:
  80.         print('do_GET:error:', e)
  81.         print(e.__traceback__.tb_frame.f_globals["__file__"])  # 发生异常所在的文件
  82.         print(e.__traceback__.tb_lineno)  # 发生异常所在的行数
  83.         return 500,  '{"code":500,"msg":"系统错误"}'
  85. if __name__ == '__main__':
  86.     get_product('3712628099427467440')
复制代码
2、python哀求商品详情乐成:


图2(python哀求商品详情乐成)




免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!qidao123.com:ToB企服之家,中国第一个企服评测及软件市场,开放入驻,技术点评得现金

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有账号?立即注册

×
回复

使用道具 举报

返回列表

李优秀
+ 我要发帖

登录后关闭弹窗

登录参与点评抽奖  加入IT实名职场社区
去登录
快速回复 返回顶部 返回列表