首页 > 代码库 > 12306登陆接口更改后的随机参数的获取
12306登陆接口更改后的随机参数的获取
登录时截获发送的数据包如图:
上图画红圈的就是12036系统生成的随机参数,每次登陆参数名称不一样,值也不一样,如果登陆没有这个参数的话,那肯定是不能成功的。那如何获取到这个随机参数呢?
用抓包工具抓某一刷票软件的登陆的http请求,结果发现它访问了一个js,js地址为:https://kyfw.12306.cn/otn/dynamicJs/ljrkadr,于是找到了js代码,格式化了下如下:
var submitForm; (function($) {
var jq = $.ajax;
function fw(kw) {
var hasKey = false;
var values = kw['values'];
var html = $(kw['key']).html();
if (html) {
for (var i = 0; i < values.length; i++) {
if (html.indexOf(values[i]) > -1) {
hasKey = true;
break;
}
}
}
return hasKey;
}
function bin216(s) {
var i, l, o = "",
n;
s += "";
b = "";
for (i = 0, l = s.length; i < l; i++) {
b = s.charCodeAt(i);
n = b.toString(16);
o += n.length < 2 ? "0" + n: n;
}
return o;
};
var Base32 = new
function() {
var delta = 0x9E3779B8;
function longArrayToString(data, includeLength) {
var length = data.length;
var n = (length - 1) << 2;
if (includeLength) {
var m = data[length - 1];
if ((m < n - 3) || (m > n)) return null;
n = m;
}
for (var i = 0; i < length; i++) {
data[i] = String.fromCharCode(data[i] & 0xff, data[i] >>> 8 & 0xff, data[i] >>> 16 & 0xff, data[i] >>> 24 & 0xff);
}
if (includeLength) {
return data.join('').substring(0, n);
} else {
return data.join('');
}
};
function stringToLongArray(string, includeLength) {
var length = string.length;
var result = [];
for (var i = 0; i < length; i += 4) {
result[i >> 2] = string.charCodeAt(i) | string.charCodeAt(i + 1) << 8 | string.charCodeAt(i + 2) << 16 | string.charCodeAt(i + 3) << 24;
}
if (includeLength) {
result[result.length] = length;
}
return result;
};
this.encrypt = function(string, key) {
if (string == "") {
return "";
}
var v = stringToLongArray(string, true);
var k = stringToLongArray(key, false);
if (k.length < 4) {
k.length = 4;
}
var n = v.length - 1;
var z = v[n],
y = v[0];
var mx, e, p, q = Math.floor(6 + 52 / (n + 1)),
sum = 0;
while (0 < q--) {
sum = sum + delta & 0xffffffff;
e = sum >>> 2 & 3;
for (p = 0; p < n; p++) {
y = v[p + 1];
mx = (z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z);
z = v[p] = v[p] + mx & 0xffffffff;
}
y = v[0];
mx = (z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z);
z = v[n] = v[n] + mx & 0xffffffff;
}
return longArrayToString(v, false);
};
};
var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
function encode32(input) {
input = escape(input);
var output = "";
var chr1, chr2, chr3 = "";
var enc1, enc2, enc3, enc4 = "";
var i = 0;
do {
chr1 = input.charCodeAt(i++);
chr2 = input.charCodeAt(i++);
chr3 = input.charCodeAt(i++);
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2) + keyStr.charAt(enc3) + keyStr.charAt(enc4);
chr1 = chr2 = chr3 = "";
enc1 = enc2 = enc3 = enc4 = "";
} while ( i < input . length );
return output;
};
function aj() {
var dobj = new Object();
dobj['jsv'] = window.helperVersion;
jq({
url: 'https://kyfw.12306.cn/otn/dynamicJs/suczpkp',
data: dobj,
type: 'POST',
success: function(data, textStatus) {
if (timmer) clearInterval(timmer);
},
error: function(XMLHttpRequest, textStatus, errorThrown) {}
});
}
var timmer = null; (function check(src) {
checkSelf();
function checkSelf() {
var formArr = $('form');
if (formArr.length > 1) {}
}
timmer = setInterval(gc, 2000);
})('1_111');
//入口
$(document).ready(function() { (function() {
var dobj = new Object();
dobj['jsv'] = window.helperVersion;
jq({
url: 'https://kyfw.12306.cn/otn/dynamicJs/suczpkp',
data: dobj,
type: 'POST',
success: function(data, textStatus) {},
error: function(XMLHttpRequest, textStatus, errorThrown) {}
});
var form = document.forms[0];
var oldSubmit;
if (null != form && form != 'undefined' && form.id == 'loginForm') {
form.oldSubmit = form.submit;
submitForm = function() {
var keyVlues = gc().split(':');
var inputObj = $('<input type="hidden" name="' + keyVlues[0] + '" value=http://www.mamicode.com/"' + encode32(bin216(Base32.encrypt(keyVlues[1], keyVlues[0]))) + '" />');>
其中的 var aa=submitForm();
alert(aa);
这两句是我加的,用来测试随机参数,你可以新建一个网页,首先拖入jquery类库,然后再引用这段js,就可以看到效果了。
此文章只用于学习交流,请无用于非法用途!
12306登陆接口更改后的随机参数的获取
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。