淘寶x-sign算法解密分析
我在上一篇博客中給大家介紹了淘寶接口如何抓取,今天我來給大家介紹一下淘寶中校驗參數x-sign的生成了,現在大家都知道只要有了x-sign基本上所有事情都可以幹,包括但不僅限於商品信息,商品評價,秒殺活動等等
本文將演示如何獲取淘寶商品評價信息,以iphone11爲例 https://detail.tmall.com/item.htm?id=602659642364
抓包分析
通過charles手機抓包分析得出評價獲取參數爲如下幾個:
url:http://guide-acs.m.taobao.com/gw/mtop.taobao.rate.detaillist.get/4.0
參數:data={“rateType”:"",“hasPic”:“1”,“foldFlag”:“0”,“pageNo”:“1”,“pageSize”:“10”,“auctionNumId”:“602659642364”}
頭信息:有好多頭信息,最重要的x-sign
簽名接口調用
先放一個postman的圖片 [外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]
![[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]](https://github.com/Colinlyj210/x-sign/blob/master/w2.png?raw=true){kind=link}
使用說明:
- 圖片中的請求地址並不是真實的請求地址,需要聯繫qq獲取
- 發請求的時候必須是post json格式,可能需要協議頭Content-Type:application/json
- token是接口校驗參數,需要聯繫qq獲取
- 獲取簽名的時候參數值都不需要轉義,發請求抓數據的時候可能需要轉義
- 所有參數必須使用
""包起來,必須是字符串
參數說明
- data:就是參數data,爲了避免出現編碼問題,使用base64編碼再傳給我。編碼前的data不要使用 urlencode.
- appKey:默認
"21646297",淘寶的appKey這個值是固定,如果是淘寶系其他app,這個值不一樣 - pv:默認
"6.3",可選"6.2"或者"6.3" - useMiniWua:默認
"0"需要x-mini-wua的時候,設置爲"1",當pv="6.3"的時候,都是帶x-mini-wua返回值的 - useWua:默認
"0"需要wua的時候,設置爲"1" - `如有其他疑問,或者需要幫助的請聯繫qq: 946420414
返回值說明
返回值有x-sign,x-mini-wua,wua等 需要自己發請求測試,此處不再說明
python 版本demo
運行條件: python3 + requests 庫
#!/usr/bin/env python
# coding:utf8
import os
import json
import requests
from urllib.parse import quote
from urllib.parse import quote_plus
from pprint import pprint
import base64
import time
def gwMtopApi(api, v, data, uid="0", sid="0", method='GET'):
utdid = "XLWkskakX5EDAEAuXveJ2YJy"
appKey = "21646297"
timestamp = time.time()
t = int(timestamp)
lat = "31.23238"
lng = "121.477733"
ttid = '701186@taobao_android_9.1.0'
deviceId = "Akuvfv2rDaTsFg2EJoAi5vGWE8wGLLTOVgrx3XMZ2a_M"
features = "27"
pageId = "https://market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem?wh_ttid=native"
pageName = "market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem"
# 數據使用base64做下編碼
b64Data = base64.b64encode(data.encode("utf-8"))
pprint(b64Data)
postData = {
"utdid": utdid,
"uid": uid,
# 設備id
"deviceId": deviceId,
"appKey": appKey,
"x-features": features,
"ttid": ttid,
"location": lng + ',' + lat,
"v": v,
"sid": sid,
# 時間戳 10位數
"t": t,
"api": api,
"useWua": "1",
"data": b64Data,
"pageId": pageId,
"pageName": pageName
}
pprint(postData)
result = getTaobaoSigns(postData)
jobj = json.loads(result)
dataJobj = jobj["data"]
pprint(dataJobj['x-mini-wua'])
body = "data=" + quote_plus(data)
requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/".format(api, v)
proxies = None
headers = {
"x-appkey": appKey,
"x-devid": deviceId,
"x-ttid": quote_plus(ttid),
"x-sign": quote_plus(dataJobj['x-sign']),
"x-umt": quote_plus(dataJobj['x-umt']),
"x-mini-wua": quote_plus(dataJobj['x-mini-wua']),
"x-sgext": dataJobj['x-sgext'],
"x-t": str(t),
"x-location": quote_plus("{0},{1}".format(lng, lat)),
"x-app-ver": "9.1.0",
"f-refer": "mtop",
"x-nq": "WIFI",
"x-nettype": "WIFI",
"x-region-channel": "CN",
"f-refer": "mtop",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"A-SLIDER-Q": "appKey%3D21646297%26ver%3D0",
"x-bx-version": "6.4.11",
"x-page-url": quote_plus(pageId),
"a-orange-q": "appKey=21646297&appVersion=9.1.0&clientAppIndexVersion=1120191120160145573&clientVersionIndexVersion=0",
"x-page-name": pageName,
"x-pv": "6.3",
"x-c-traceid": "XLWkskakX5EDAEAuXveJ2YJy1574237572826005219386",
"x-features": features,
"x-app-conf-v": str(19),
"x-utdid": utdid,
"c-lauch-info": "0,0,1574237572825,1574233432783,3",
"User-Agent": "MTOPSDK%2F3.1.1.7+%28Android%3B8.1.0%3BHuawei%3BNexus+6P%29",
"Connection": "Keep-Alive",
"Accept-Encoding": "gzip",
"x-bx-version": "6.4.11"
}
if uid != "":
headers["x-uid"] = uid
headers["x-sid"] = sid
if method == 'GET':
requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/?{2}".format(api, v, body)
pprint(requestUrl)
result = requests.get(requestUrl, timeout=20, headers=headers, proxies=proxies, verify=False)
else:
result = requests.post(requestUrl, data=body, headers=headers, timeout=20, proxies=proxies, verify=False)
pprint(result)
if result.status_code == requests.codes.ok:
pprint(result.text)
def getTaobaoSigns(arr):
pprint(arr)
requestURL = "http://127.0.0.1:8080/fakeTbParam"
headers = {
"allow_access": "true",
"Content-Type": "application/x-www-form-urlencoded"
}
result = requests.post(requestURL, data=arr, timeout=20, headers=headers)
pprint(result.text)
dataStr = ""
if result.status_code == requests.codes.ok:
dataStr = result.text
pprint(dataStr)
return dataStr
def getTaobaoDetail():
data = '''{"LBS":"{\\"SG_TMCS_1H_DS\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"SG_TMCS_FRESH_MARKET\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"TB\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"185784179\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"2\\\\\\",\\\\\\"type\\\\\\":\\\\\\"1\\\\\\"}]}\\",\\"TMALL_MARKET_B2C\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"105\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_CITY\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"},{\\\\\\"code\\\\\\":\\\\\\"107\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_REGION\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\",\\"TMALL_MARKET_O2O\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"233930143\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"DELIVERY_TIME_ONE_HOUR\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\"}","URL_REFERER_ORIGIN":"https://s.m.taobao.com/h5entry?utparam=%7B%22ranger_buckets_native%22%3A%22tsp2189_21618_normaluser01%22%7D&spm=a2141.1.searchbar.searchbox&scm=1007.home_topbar.searchbox.d&_navigation_params=%7B%22needdismiss%22%3A%220%22%2C%22animated%22%3A%220%22%2C%22needpoptoroot%22%3A%220%22%7D","_navigation_params":"{\\"needdismiss\\":\\"0\\",\\"animated\\":\\"0\\",\\"needpoptoroot\\":\\"0\\"}","ad_type":"1.0","apptimestamp":"1575125141","areaCode":"CN","brand":"google","canP4pVideoPlay":"true","countryNum":"156","device":"Nexus 6P","editionCode":"CN","filterEmpty":"true","filterUnused":"true","from":"suggest_all-query","homePageVersion":"v6","imei":"867686023424128","imsi":"09647Nexus617c3","info":"wifi","isBeta":"false","itemfields":"commentCount,newDsr","layeredSrp":"true","n":"10","needTabs":"true","network":"wifi","new_shopstar":"true","page":"2","pos":"0_0","q":"iphone11","rainbow":"14071,14070,12994,14154","referrer":"com.taobao.taobao","schemaType":"all","scm":"1007.home_topbar.searchbox.d","searchFramework":"true","search_action":"initiative","search_wap_mall":"false","setting_on":"imgBanners,userdoc,tbcode,pricerange,localshop,smartTips,firstCat,dropbox,realsale,insertTexts,tabs","showspu":"true","sort":"_sale","spm":"a2141.1.searchbar.searchbox","sputips":"on","style":"list","subtype":"text","sugg":"iphone11_0_0","suggest_rn":"bucketid_1-rn_9ce4a9df-e0c0-418d-80a2-df54040958ed","sversion":"8.3","taoxianda":"true","ttid":"701186@taobao_android_9.2.0","utd_id":"XLWkskakX5EDAEAuXveJ2YJy","utparam":"{\\"ranger_buckets_native\\":\\"tsp2189_21618_normaluser01\\"}","vm":"nw"}'''
api = "mtop.taobao.wsearch.appsearch"
v = "1.0"
gwMtopApi(api, v, data, uid="60348168", sid="96d58db05c3654c6015572075f9e41ea")
if __name__ == '__main__':
getTaobaoDetail()
技術支持
感謝大家在百忙中閱讀我的博客。
如有技術問題請聯繫qq: 946420414