淘寶x-sign算法解密分析

我在上一篇博客中給大家介紹了淘寶接口如何抓取，今天我來給大家介紹一下淘寶中校驗參數x-sign的生成了，現在大家都知道只要有了x-sign基本上所有事情都可以干，包括但不僅限于商品信息，商品評價，秒殺活動等等
本文將演示如何獲取淘寶商品評價信息，以iphone11為例 https://detail.tmall.com/item.htm?id=602659642364

抓包分析

通過charles手機抓包分析得出評價獲取參數為如下幾個：
url：http://guide-acs.m.taobao.com/gw/mtop.taobao.rate.detaillist.get/4.0
參數：data={“rateType”:"",“hasPic”:“1”,“foldFlag”:“0”,“pageNo”:“1”,“pageSize”:“10”,“auctionNumId”:“602659642364”}
頭信息：有好多頭信息，最重要的x-sign

簽名接口調用

先放一個postman的圖片 [外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]

使用說明：

圖片中的請求地址并不是真實的請求地址，需要聯系qq獲取

發請求的時候必須是post json格式，可能需要協議頭Content-Type:application/json

token是接口校驗參數，需要聯系qq獲取

獲取簽名的時候參數值都不需要轉義，發請求抓數據的時候可能需要轉義

所有參數必須使用""包起來，必須是字符串

參數說明

data：就是參數data，為了避免出現編碼問題，使用base64編碼再傳給我。編碼前的data不要使用 urlencode.

appKey：默認"21646297"，淘寶的appKey這個值是固定，如果是淘寶系其他app，這個值不一樣

pv：默認"6.3"，可選"6.2"或者"6.3"

useMiniWua：默認"0" 需要x-mini-wua的時候，設置為"1"，當pv="6.3"的時候，都是帶x-mini-wua返回值的

useWua：默認"0" 需要wua的時候，設置為"1"

`如有其他疑問，或者需要幫助的請聯系qq: 946420414

返回值說明

返回值有x-sign，x-mini-wua，wua等 需要自己發請求測試，此處不再說明

python 版本demo

運行條件: python3 + requests 庫

#!/usr/bin/env python # coding:utf8import os import json import requests from urllib.parse import quote from urllib.parse import quote_plus from pprint import pprint import base64 import timedef gwMtopApi(api, v, data, uid="0", sid="0", method='GET'):utdid = "XLWkskakX5EDAEAuXveJ2YJy"appKey = "21646297"timestamp = time.time()t = int(timestamp)lat = "31.23238"lng = "121.477733"ttid = '701186@taobao_android_9.1.0'deviceId = "Akuvfv2rDaTsFg2EJoAi5vGWE8wGLLTOVgrx3XMZ2a_M"features = "27"pageId = "https://market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem?wh_ttid=native"pageName = "market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem"# 數據使用base64做下編碼b64Data = base64.b64encode(data.encode("utf-8"))pprint(b64Data)postData = {"utdid": utdid,"uid": uid,# 設備id"deviceId": deviceId,"appKey": appKey,"x-features": features,"ttid": ttid,"location": lng + ',' + lat,"v": v,"sid": sid,# 時間戳 10位數"t": t,"api": api,"useWua": "1","data": b64Data,"pageId": pageId,"pageName": pageName}pprint(postData)result = getTaobaoSigns(postData)jobj = json.loads(result)dataJobj = jobj["data"]pprint(dataJobj['x-mini-wua'])body = "data=" + quote_plus(data)requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/".format(api, v)proxies = Noneheaders = {"x-appkey": appKey,"x-devid": deviceId,"x-ttid": quote_plus(ttid),"x-sign": quote_plus(dataJobj['x-sign']),"x-umt": quote_plus(dataJobj['x-umt']),"x-mini-wua": quote_plus(dataJobj['x-mini-wua']),"x-sgext": dataJobj['x-sgext'],"x-t": str(t),"x-location": quote_plus("{0},{1}".format(lng, lat)),"x-app-ver": "9.1.0","f-refer": "mtop","x-nq": "WIFI","x-nettype": "WIFI","x-region-channel": "CN","f-refer": "mtop","content-type": "application/x-www-form-urlencoded;charset=UTF-8","A-SLIDER-Q": "appKey%3D21646297%26ver%3D0","x-bx-version": "6.4.11","x-page-url": quote_plus(pageId),"a-orange-q": "appKey=21646297&appVersion=9.1.0&clientAppIndexVersion=1120191120160145573&clientVersionIndexVersion=0","x-page-name": pageName,"x-pv": "6.3","x-c-traceid": "XLWkskakX5EDAEAuXveJ2YJy1574237572826005219386","x-features": features,"x-app-conf-v": str(19),"x-utdid": utdid,"c-lauch-info": "0,0,1574237572825,1574233432783,3","User-Agent": "MTOPSDK%2F3.1.1.7+%28Android%3B8.1.0%3BHuawei%3BNexus+6P%29","Connection": "Keep-Alive","Accept-Encoding": "gzip","x-bx-version": "6.4.11"}if uid != "":headers["x-uid"] = uidheaders["x-sid"] = sidif method == 'GET':requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/?{2}".format(api, v, body)pprint(requestUrl)result = requests.get(requestUrl, timeout=20, headers=headers, proxies=proxies, verify=False)else:result = requests.post(requestUrl, data=body, headers=headers, timeout=20, proxies=proxies, verify=False)pprint(result)if result.status_code == requests.codes.ok:pprint(result.text)def getTaobaoSigns(arr):pprint(arr)requestURL = "http://127.0.0.1:8080/fakeTbParam"headers = {"allow_access": "true","Content-Type": "application/x-www-form-urlencoded"}result = requests.post(requestURL, data=arr, timeout=20, headers=headers)pprint(result.text)dataStr = ""if result.status_code == requests.codes.ok:dataStr = result.textpprint(dataStr)return dataStrdef getTaobaoDetail():data = '''{"LBS":"{\\"SG_TMCS_1H_DS\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"SG_TMCS_FRESH_MARKET\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"TB\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"185784179\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"2\\\\\\",\\\\\\"type\\\\\\":\\\\\\"1\\\\\\"}]}\\",\\"TMALL_MARKET_B2C\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"105\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_CITY\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"},{\\\\\\"code\\\\\\":\\\\\\"107\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_REGION\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\",\\"TMALL_MARKET_O2O\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"233930143\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"DELIVERY_TIME_ONE_HOUR\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\"}","URL_REFERER_ORIGIN":"https://s.m.taobao.com/h5entry?utparam=%7B%22ranger_buckets_native%22%3A%22tsp2189_21618_normaluser01%22%7D&spm=a2141.1.searchbar.searchbox&scm=1007.home_topbar.searchbox.d&_navigation_params=%7B%22needdismiss%22%3A%220%22%2C%22animated%22%3A%220%22%2C%22needpoptoroot%22%3A%220%22%7D","_navigation_params":"{\\"needdismiss\\":\\"0\\",\\"animated\\":\\"0\\",\\"needpoptoroot\\":\\"0\\"}","ad_type":"1.0","apptimestamp":"1575125141","areaCode":"CN","brand":"google","canP4pVideoPlay":"true","countryNum":"156","device":"Nexus 6P","editionCode":"CN","filterEmpty":"true","filterUnused":"true","from":"suggest_all-query","homePageVersion":"v6","imei":"867686023424128","imsi":"09647Nexus617c3","info":"wifi","isBeta":"false","itemfields":"commentCount,newDsr","layeredSrp":"true","n":"10","needTabs":"true","network":"wifi","new_shopstar":"true","page":"2","pos":"0_0","q":"iphone11","rainbow":"14071,14070,12994,14154","referrer":"com.taobao.taobao","schemaType":"all","scm":"1007.home_topbar.searchbox.d","searchFramework":"true","search_action":"initiative","search_wap_mall":"false","setting_on":"imgBanners,userdoc,tbcode,pricerange,localshop,smartTips,firstCat,dropbox,realsale,insertTexts,tabs","showspu":"true","sort":"_sale","spm":"a2141.1.searchbar.searchbox","sputips":"on","style":"list","subtype":"text","sugg":"iphone11_0_0","suggest_rn":"bucketid_1-rn_9ce4a9df-e0c0-418d-80a2-df54040958ed","sversion":"8.3","taoxianda":"true","ttid":"701186@taobao_android_9.2.0","utd_id":"XLWkskakX5EDAEAuXveJ2YJy","utparam":"{\\"ranger_buckets_native\\":\\"tsp2189_21618_normaluser01\\"}","vm":"nw"}'''api = "mtop.taobao.wsearch.appsearch"v = "1.0"gwMtopApi(api, v, data, uid="60348168", sid="96d58db05c3654c6015572075f9e41ea")if __name__ == '__main__':getTaobaoDetail()

技術支持

感謝大家在百忙中閱讀我的博客。

總結

以上是生活随笔為你收集整理的最新某宝x-sign参数生成原理的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。