声明:
本文章中所有内容仅供学习交流使用,不用于其他任何目的,抓包内容、敏感网址、数据接口等均已做脱敏处理,严禁用于商业用途和非法用途,否则由此产生的一切后果均与作者无关!
有相关问题请第一时间头像私信联系我删除博客!
前言
__zp_stoken__ 风控有点恶心搞了很久才百分百成功了剩下解决验证码即可。
逆向分析
主要监测点就是要处理要window.top和window的关系。
{
"ancestorOrigins": {
},
"href": "about:blank",
"origin": "null",
"protocol": "about:",
"host": "",
"hostname": "",
"port": "",
"pathname": "blank",
"search": "",
"hash": ""
}
location里面什么都没有,值在window.top.location里面。
然后就是把node的一些监测点建议全部清除。可以参考boda、零点、挽风开源里面怎么去除监测点的,全部清除。
最后python代码
#
import timeimport requests
seed = ""
ts = ""
session = requests.session()
headers = {"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0","x-requested-with": "XMLHttpRequest"
}
cookies = {}
url = "/zpgeek/search/joblist.json"
params = {"scene": "1","query": "fff","city": "101280100","experience": "","payType": "","partTime": "","degree": "","industry": "","scale": "","stage": "","position": "","jobType": "","salary": "","multiBusinessDistrict": "","multiSubway": "","page": "1","pageSize": "30"
}
response = session.get(url, headers=headers, cookies=cookies, params=params)
data = response.json()['zpData']seed = data['seed']
ts = data['ts']
print(seed, ts)
for i in range(1,10):result = requests.get("http://127.0.0.1:3000/", json=dict(session.cookies),params={'url': "", 'seed': seed, 'ts': ts}).json()token = result['_abck']print(token)session.cookies.set('__zp_stoken__', token)response = session.get(url, headers=headers, params=params)print(response.json())params['page'] = itime.sleep(1)
结果
 ❀ 01. 在macOS下刷新FortiAnalyzer固件 ❀ FortiAnalyzer 日志分析)
)
