对全民K歌签到接口报文分析:修订间差异
(创建页面,内容为“=== 敏感变量 === {$variable1}->g_tk_openkey {$variable2}->openkey {$variable3}->uid {$variable4}->openid === Request URL === <nowiki>http://node.kg.qq.com/we…”) |
小无编辑摘要 |
||
第78行: | 第78行: | ||
[[分类:Other]] | [[分类:Other]] | ||
[[分类:Tcpdump]] |
2019年8月1日 (四) 01:27的最新版本
敏感变量
{$variable1}->g_tk_openkey
{$variable2}->openkey
{$variable3}->uid
{$variable4}->openid
Request URL
http://node.kg.qq.com/webapp/proxy?format=json&outCharset=utf-8&g_tk={$variable1}&g_tk_openkey={$variable1}
Request header
Cookie: openkey={$variable2}; uid={$variable3}; openid={$variable4}; extroInfo=1|0|2|0|0; opentype=1
referer: http://kg.qq.com/vMission/index.html?hippy=vMission
User-Agent: *****************************
Connection: keep-alive
No-Chunked: true
Content-Type: application/x-www-form-urlencoded
Content-Length: 1038
Host: node.kg.qq.com
Accept-Encoding: gzip
Post Data (URL encoded)
g_tk_openkey={$variable1}&t_vecReportItem:array=%7B%22mData%22%3A%7B%22uid%22%3A%22{$variable3}%22%2C%22openid%22%3A%22{$variable4}%22%2C%22opentype%22%3A%221%22%2C%22act_id%22%3A%22{$variable3}_1564587566429_83931731%22%2C%22opertime%22%3A%221564587566%22%2C%22platform%22%3A%2211%22%2C%22app_version%22%3A%225.2.7.278%22%2C%22key%22%3A%22assignment%23register_module%23register%23click%230%22%7D%7D&ns=app_dcreport&cmd=extra.data_report&ns_inbuf=&mapExt=JTdCJTIyZmlsZSUyMiUzQSUyMmFwcF9kY3JlcG9ydEpjZSUyMiUyQyUyMmNtZE5hbWUlMjIlM0ElMjJEYXRhUmVwb3J0JTIyJTJDJTIyZGNhcGklMjIlM0ElN0IlMjJpbnRlcmZhY2VJZCUyMiUzQTExMzkwMDA2MSU3RCUyQyUyMmlwJTIyJTNBJTIyMTAwLjk1LjEzOC4xOCUyMiUyQyUyMnBvcnQlMjIlM0ExMjQwNiUyQyUyMmw1YXBpX2V4cDElMjIlM0ElN0IlMjJtb2RpZCUyMiUzQTgyMDg2NSUyQyUyMmNtZCUyMiUzQTUyNDI4OCU3RCUyQyUyMmw1YXBpX3Rlc3QxJTIyJTNBJTdCJTIybW9kaWQlMjIlM0E4MjA4NjUlMkMlMjJjbWQlMjIlM0E1MjQyODglN0QlMkMlMjJvdXRwdXQlMjIlM0F0cnVlJTdE
g_tk_openkey={$variable1}&t_vecReportItem:array=%7B%22mData%22%3A%7B%22uid%22%3A%22{$variable3}%22%2C%22openid%22%3A%22{$variable4}%22%2C%22opentype%22%3A%221%22%2C%22act_id%22%3A%22{$variable3}_1564589297921_63176483%22%2C%22opertime%22%3A%221564589297%22%2C%22platform%22%3A%2211%22%2C%22app_version%22%3A%225.2.7.278%22%2C%22key%22%3A%22assignment%23register_module%23register%23click%230%22%7D%7D&ns=app_dcreport&cmd=extra.data_report&ns_inbuf=&mapExt=JTdCJTIyZmlsZSUyMiUzQSUyMmFwcF9kY3JlcG9ydEpjZSUyMiUyQyUyMmNtZE5hbWUlMjIlM0ElMjJEYXRhUmVwb3J0JTIyJTJDJTIyZGNhcGklMjIlM0ElN0IlMjJpbnRlcmZhY2VJZCUyMiUzQTExMzkwMDA2MSU3RCUyQyUyMmlwJTIyJTNBJTIyMTAwLjk1LjEzOC4xOCUyMiUyQyUyMnBvcnQlMjIlM0ExMjQwNiUyQyUyMmw1YXBpX2V4cDElMjIlM0ElN0IlMjJtb2RpZCUyMiUzQTgyMDg2NSUyQyUyMmNtZCUyMiUzQTUyNDI4OCU3RCUyQyUyMmw1YXBpX3Rlc3QxJTIyJTNBJTdCJTIybW9kaWQlMjIlM0E4MjA4NjUlMkMlMjJjbWQlMjIlM0E1MjQyODglN0QlMkMlMjJvdXRwdXQlMjIlM0F0cnVlJTdE
Post Data Variables
- g_tk_openkey
- t_vecReportItem:array
- ns [ 固定, app_dcreport]
- cmd [ 固定, extra.data_report]
- ns_inbuf [ 固定, 空 ]
- mapExt [ 固定 ]
POST DATA关键变量
t_vecReportItem:array
{"mData":{"uid":"{$variable3}","openid":"{$variable4}","opentype":"1","act_id":"{$variable3}_1564587566429_83931731","opertime":"1564587566","platform":"11","app_version":"5.2.7.278","key":"assignment#register_module#register#click#0"}}
{"mData":{"uid":"{$variable3}","openid":"{$variable4}","opentype":"1","act_id":"{$variable3}_1564589297921_63176483","opertime":"1564589297","platform":"11","app_version":"5.2.7.278","key":"assignment#register_module#register#click#0"}}
{"mData":{"uid":"{$variable3}","openid":"{$variable4}","opentype":"1","act_id":"{$variable3}_{时间戳}_{不知道什么鬼东西}","opertime":"{时间戳}","platform":"11","app_version":"5.2.7.278","key":"assignment#register_module#register#click#0"}}
response data [签到成不成功都这样]
HTTP/1.1 200 OK
Date: Wed, 31 Jul 2019 16:19:52 GMT
Content-Type: application/x-javascript
Content-Length: 88
Connection: keep-alive
X-Powered-By: TSW/Node.js
Server: TSW/1.2.4
Cache-Control: no-cache
Content-Security-Policy: script-src https://wesingapp.com http://wesingapp.com https://*.wesingapp.com http://*.wesingapp.com https://*.qq.com http://*.qq.com https://*.gtimg.cn http://*.gtimg.cn https://*.tenpay.com https://*.idqqimg.com http://*.idqqimg.com https://*.gtimg.com http://*.gtimg.com 'unsafe-inline' 'unsafe-eval'; report-uri https://stat.y.qq.com/monitor/report_csp
Cache-Offline: false
{"code":0,"subcode":0,"msg":"","data":{"extra.data_report":{"iCode":0,"strErrInfo":""}}}
未完待续