携程机票 token 分析

声明
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由

此产生的一切后果均与作者无关！
逆向分析

sign=cp2.call('getSign',.........)
token = cp.call('getToken', ..................)
print(token)
print(sign)
cp3 = execjs.compile(open('w-payload-source.js','r',encoding='utf-8').read())
result = cp3.call('getWPayloadSource',..............)
w_payload_source = result['w_payload_source']
data = result['data']
headers = {
'sessionid': '1',
'sign': sign,
'token': token,
'transactionid': transactionID,
'w-payload-source': w_payload_source,
}
response = requests.post(
'search/api/search/batchSearch',
params=params,
cookies=cookies,
headers=headers,
json=data,
)

print(response.text[0:1000])

sign=cp2.call('getSign',.........) token = cp.call('getToken', ..................) print(token) print(sign) cp3 = execjs.compile(open('w-payload-source.js','r',encoding='utf-8').read()) result = cp3.call('getWPayloadSource',..............) w_payload_source = result['w_payload_source'] data = result['data'] headers = { 'sessionid': '1', 'sign': sign, 'token': token, 'transactionid': transactionID, 'w-payload-source': w_payload_source, } response = requests.post( 'search/api/search/batchSearch', params=params, cookies=cookies, headers=headers, json=data, ) print(response.text[0:1000])

结果

总结

1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。