标签:origin rem fmm stat inf yii dex shm rc4
所需工具:
获取外卖历史订单地址为:
http://e.waimai.meituan.com/v2/order/history/r/query?getNewVo=1&wmOrderPayType=2&wmOrderStatus=-2&sortField=1&startDate=2017-05-30&endDate=2017-05-30&lastLabel=&nextLabel=&signToken=05StD%7BKnLehoTpdt%3BjdsaJIg3tMxPAH%5B%40Mn%40luuu4hmFQeD%60Hu7Ie%3Bnd%7BFWr%60pNUD2KnwqI7cUOGZlM%3BSEuvA%60FmNLtujpdz%60AX-a%3B4o-uk)MKl3%7B5dXjUENrzN4rf1XDumEGM%60Vzws0)cA0%3A3RVHe%3F%3F&_token=eJx90FtvolAQAOD%252FwqtEzo2byT6g1iqpFi9QpekDwikcrFAPqGCz%252F32PrJL1ZQnJfBmGmcn8SHwSST0IxKPLUlkIE1ODqgaRAaFIhf%252FmMMS6yG25N5R67xBqmqwh9HHNLETiHWKR0TXjQ74RCyIi3mvNRJRISVl%252B9xSFds8B2wesu6esPAZZN8z3ygkpOY8oVxJWlDmvJfm%252F5ZJoul9dm6qQyJBAUa9CLENstjJaaY2QEG4EhcBVwJAhUls1X8Ux7tKEms5AfRC4CzbTAHlQMxfgB%252Bmtml0AagUf9HcXcBMxzVZiP0gaaa1wK3CXobfC9391rZkhTra7nkzE4BbLWyxYnEk9idpVlILyFO%252BsjeV0XvrVxLGH1dDdTdhgOXATfTOwKRrxz8JbeGnu5HyQmfTlyyT7qRb5VvhEybGfsz23Gcs4K%252BfWBVmHPqDea7EgMdeSsJ4PYE3rEDg1mb88ueF5aKrBxh5bgZGMLkfDnZ7cYHYpHY5jpMxY5kdPkwkx5%252BNtZ%252BjlW4sV1heNYzNIYZYEq2f%252Fkzn87bVGGYSHMb5Uqun3s9oLy8ErDXS63L2BacFZAfR0Napm6y0dZdGUTDuH2Vt2TM2td1gbxtI1o5G3Pq3wNF7aQ38%252B9jvpeUNG1cLJlCrIPt15BVKkq9t17X5fknNleRf%252FGcI%252BsDfr8vxL%252Bv0HGsLkRQ%253D%253D
里面有一个signToken,我们该如何获取signToken的值呢?
用chrome访问http://e.waimai.meituan.com/v2/order/history 这个页面后,发现有一个
http://e.waimai.meituan.com/static/59229326/js/page/order/history.js 比较可疑,
于是拿出来分析,通过查询发现里面有signToken
经过分析,得到大概是下面这段js代码
define(‘module/ajax_util‘,["module/interface"],function(e){var r=jQuery.ajax,t=$(".J-csrf-token"),n=$(".J-sign-token"),a=t.val(),o=n.val(),d=[e.order.getNewOrderFromInterval,e.order.queryProcessedOrderList,e.order.queryHisOrderList];t.remove(),n.remove();var i=function(r){return r&&r.indexOf(e.order.queryHisOrderList)>-1?100007:r&&r.indexOf(e.order.recipientPhone)>-1?100008:r&&r.indexOf(e.order.getPrintOrderInfo)>-1?100009:null},u=location.origin,s=function(e){var r=[];for(var t in e)r.push(t+"="+e[t]);return r.join("&")},f=function(e,r){for(var t=0,n=e.length;n>t;t++)if(r&&-1!==r.indexOf(e[t]))return!0},c=function(e){ if(e){ for(var r="",t=0,n=e.length;n>t;t++) r+=String.fromCharCode(2^e.charCodeAt(t)); return r }return"" },l=c(o); $.ajax=function(e){e.type&&"post"===e.type.toLowerCase()&&(e.data&&"function"==typeof e.data.append?e.data.append("csrfToken",a):e.data=$.extend(e.data||{},{csrfToken:a})) ,f(d,e.url)&&(e.data&&"function"==typeof e.data.append?e.data.append("signToken",l):e.data=$.extend(e.data||{},{signToken:l})); var t=function(e,r,t){};e.success&&jQuery.isFunction(e.success)&&(t=e.success),e.success=function(e,r,n){4001===e.code?alert(e.msg):4002===e.code?top.location.reload():1017===e.code?alert(e.msg):t(e,r,n)};var n=function(e,r,t){};"function"==typeof e.error&&(n=e.error),e.error=function(r,t,a){n(r,t,a);({eventTime:Math.floor((new Date).getTime()/1e3),responseCode:r.status,url:e.url,param:e.data,msg:t})}; var o=i(e.url);if(o){Rohr_Opt.Flag=o;var c=s(e.data?e.data:{});Rohr_Opt.reload(u+e.url+(c?(e.url.indexOf("?")>-1?"&":"?")+c:"")),e.data?e.data._token=rohrdata:e.data={_token:rohrdata} }return r(e) } });
signToken的取值:
1.获取http://e.waimai.meituan.com/v2/order/history 页面隐藏表单域J-sign-token的值
<input type="hidden" class="J-sign-token" value="27QvFyIlNgjmVrfv9hfqcHKe1vOzRCJYBOlBnwww6joDSgFbJw5Kg9lfyDUpbrLWF0IlusK5aWMEXnO9QGwtCbDoLNvwhrfxbCZ/c96m/wi+OIn1y7fZhWGLpxL6pd3ZFwoGEObTxuq2+aC281PTJg=="/>
2.通过以下算法得到r的值,即为signToken
for(var r="",t=0,n=e.length;n>t;t++) r+=String.fromCharCode(2^e.charCodeAt(t));
标签:origin rem fmm stat inf yii dex shm rc4
原文地址:http://www.cnblogs.com/bqh10086/p/6922134.html
