mtgsig

声明
本文章中所有内容仅供学习交流使用，不用于其他任何目的，抓包内容、敏感网址、数据接口等均已做脱敏处理，严禁用于商业用途和非法用途，否则由此产生的一切后果均与作者无关！
wx a15018601872 q 2766958292
逆向分析
部分python代码
cp = execjs.compile(open('mtgsig.js', 'r', encoding='utf-8').read())
result = cp.call('getMtgsig', data1)
mtgsig = result['headers']['mtgsig']
print(mtgsig)
headers = {
"Accept": "application/json, text/plain, /",
"Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8",
"Connection": "keep-alive",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-site",
"User-Agent": "Mozilla/5.0 (Linux; Android 10; MI 8 Build/QKQ1.190828.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome",
"mtgsig": mtgsig,
"sec-ch-ua": ""Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": ""Windows""
}
response = requests.get(url, headers=headers, params=params)

print(response.text)
print(response)
cp = execjs.compile(open('mtgsig.js', 'r', encoding='utf-8').read())
result = cp.call('getMtgsig', data1)
mtgsig = result['headers']['mtgsig']
print(mtgsig)
headers = {
"Accept": "application/json, text/plain, /",
"Accept-Language": "zh-CN,zh;q=0.9,en;q=0.8",
"Connection": "keep-alive",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-site",
"User-Agent": "Mozilla/5.0 (Linux; Android 10; MI 8 Build/QKQ1.190828.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome",
"mtgsig": mtgsig,
"sec-ch-ua": ""Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": ""Windows""
}
response = requests.get(url, headers=headers, params=params)

print(response.text)
print(response)

结果

总结
1.出于安全考虑,本章未提供完整流程,调试环节省略较多,只提供大致思路,具体细节要你自己还原,相信你也能调试出来。