狄怀英262 2025-10-10 12:15 采纳率: 0%
浏览 12

关于#js逆向#的问题,请各位专家解答!

参数全对,为啥请求不到接口,请帮忙解答;

img

img

img

#  data 的生成问题 做一个请求 拿数据
import time
import execjs
import requests
from loguru import logger
import datetime


class Spider(object):
    def __init__(self):
        self.headers = {
            'sec-ch-ua-platform': '"Windows"',
            'am-sign-version': 'v1',
            'authorization': 'hmac username="track.aftership.com", algorithm="hmac-sha256", headers="digest", signature="0Hsjn1Oo6NwWJC0NvyLgRyuikjbBbliFsnwfuEDY0PI="',
            'Referer': 'https://www.aftership.com/',
            'sec-ch-ua': '"Google Chrome";v="141", "Not?A_Brand";v="8", "Chromium";v="141"',
            'visitor-id': '944239580564666',
            'sec-ch-ua-mobile': '?0',
            'aftership-signature': '3cf7c9beb240c55811338d9192b852d568cc90d530424cd036119c25c4f43560',
            'digest': 'YTsJQ4p1pZqOGub/kL787A==',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36',
            'Accept': 'application/json, text/plain, */*',
            'Content-Type': 'application/json',
            'am-sign-time': '1759975779',
        }
        self.key = "AqVH1xxEbLMPWELJiKmxGcfAiRsPgG95"
        self.key2 = "8eMrcmkiElSWiwCSrQrSSfAlG11rLHz1"

    def make_data(self, pack_info):
        today = datetime.date.today()
        format_day = today.strftime("%Y-%m-%d")
        ip = "205.198.88.113"
        logger.info(pack_info + '-' + ip + '-' + format_day + "-" + self.key)
        return pack_info + '-' + ip + '-' + format_day + "-" + self.key

    #
    # def test(self):
    #     make_data = self.make_data('78541210788654')
    #     logger.info(make_data)

    def get_headers(self, data, json_data):
        with open("加密函数.js", "r", encoding="utf-8") as f:
            js_code = f.read()
            ctx = execjs.compile(js_code)
        res = ctx.call("get_headers", data, json_data, self.key, self.key2)
        return res

    def final(self, pack_info):
        make_data = self.make_data(pack_info)
        json_data = {
            'direct_trackings': [
                {
                    'tracking_number': pack_info,
                    'additional_fields': {},
                    'slug': 'zto-domestic',
                },
            ],
            'translate_to': 'en',
        }
        params = self.get_headers(make_data, json_data)
        logger.info(params)
        self.headers["digest"] = params["digest"]
        self.headers["aftership-signature"] = params["signature"]
        self.headers["authorization"] = params["authorization"]
        self.headers["am-sign-time"] = str(params["time"])

        response = requests.post('https://track.aftership.com/api/v2/direct-trackings/batch', headers=self.headers,
                                 json=json_data)
        logger.info(response.json())


if __name__ == '__main__':
    spider = Spider()
    spider.final("78541210788654")



const CryptoJS = require('crypto-js');


function get_headers(data, load, key,key2) {
    // key = "AqVH1xxEbLMPWELJiKmxGcfAiRsPgG95"
    const SECRET_KEY = key;

// 你要加密的消息
    const MESSAGE = data;

    function generateHmacSha256WithCryptoJS(data, key) {
        const hmac = CryptoJS.HmacSHA256(data, key);
        return hmac.toString(CryptoJS.enc.Hex);
    }

    const hmacResult = generateHmacSha256WithCryptoJS(MESSAGE, SECRET_KEY);




    var w = "track.aftership.com"

    const md5HashWordArray = CryptoJS.MD5(JSON.stringify(load));
    const base64EncodedString = md5HashWordArray.toString(CryptoJS.enc.Base64);
    var i = base64EncodedString

    function getHmacSha256WordArray(message, secretKey) {

        const hmacWordArray = CryptoJS.HmacSHA256(message, secretKey);
        return hmacWordArray;
    }

    let time_stamp = Math.floor(Date.now() / 1e3)
    let s = [
        "POST /api/v2/direct-trackings/batch track.aftership.com",
        `am-sign-time: ${time_stamp}`,
        "am-sign-version: v1",
        `digest: ${i}`,
    ].join("\n")
    let res = getHmacSha256WordArray(s, key2)

    const f = res.toString(CryptoJS.enc.Base64);
    authorization = 'hmac username="'.concat(w, '", algorithm="hmac-sha256", headers="').concat("digest", '", signature="').concat(f, '"')


    return {
        "time": time_stamp,
        "digest": base64EncodedString,
        "signature": hmacResult,
        "authorization": authorization,
    }
}

// 测试用例
// data = "78541210788654-222.190.136.107-2025-10-09-AqVH1xxEbLMPWELJiKmxGcfAiRsPgG95"
// load = {
//     "direct_trackings": [
//         {
//             "tracking_number": "78541210788654",
//             "additional_fields": {},
//             "slug": "zto-domestic"
//         }
//     ],
//     "translate_to": "en"
// }
// console.log(get_headers(data, load))

最后的 显示
{'data': {}, 'meta': {'code': 40105, 'errors': [], 'type': 'Unauthorized', 'module': 'hmac-auth', 'message': 'HMAC signature does not match', 'source': 'gateway'}}

  • 写回答

5条回答 默认 最新

  • 阿里嘎多学长 2025-10-10 12:15
    关注

    阿里嘎多学长整理AIGC生成,因移动端显示问题导致当前答案未能完全显示,请使用PC端查看更加详细的解答过程

    问题分析

    根据你的问题描述,似乎是关于 JavaScript 反向工程和爬虫的问题。具体来说,你遇到了以下两个问题:

    1. 尽管参数都正确,但仍然无法请求到接口。
    2. 在生成数据时,做一个请求拿数据的过程中遇到了问题。

    解决方案

    1. 请求接口问题

    可能的原因包括:

    • 接口地址或参数错误
    • 接口被限制或屏蔽
    • 请求头或 cookie 不正确

    建议:

    • 检查接口地址和参数是否正确
    • 尝试使用代理或 VPN 来绕过限制
    • 检查请求头和 cookie 是否正确

    2. 生成数据问题

    可能的原因包括:

    • 请求接口失败
    • 数据解析错误
    • JavaScript 反向工程错误

    建议:

    • 检查请求接口是否成功
    • 检查数据解析是否正确
    • 检查 JavaScript 反向工程是否正确

    核心代码

    // 请求接口
const url = 'https://example.com/api/data';
const params = {
  // 参数
};
const headers = {
  // 请求头
};
const response = await fetch(url, {
  method: 'GET',
  headers,
  params,
});

// 数据解析
const data = await response.json();
console.log(data);

    # 请求接口
import requests

url = 'https://example.com/api/data'
params = {
  # 参数
}
headers = {
  # 请求头
}
response = requests.get(url, params=params, headers=headers)

# 数据解析
data = response.json()
print(data)

    请根据你的具体情况调整代码。

    评论

报告相同问题?

问题事件

  • 创建了问题 10月10日