![实战 | 羊了个羊(小程序抓包工具推荐)]( "实战 | 羊了个羊(小程序抓包工具推荐)")
点击蓝字 关注我们
![实战 | 羊了个羊(小程序抓包工具推荐)]( "实战 | 羊了个羊(小程序抓包工具推荐)")
点击蓝字 关注我们
声明
本文作者:CKCsec安全团队
本文字数:2294
阅读时长:7分钟
项目/链接:文末获取
本文属于【CKCsec安全研究院】原创文章,未经许可禁止转载
声明
本文作者:CKCsec安全团队
本文字数:2294
阅读时长:7分钟
项目/链接:文末获取
本文属于【CKCsec安全研究院】原创文章,未经许可禁止转载
遵纪守法
任何个人和组织使用网络应当遵守宪法法律,遵守公共秩序,尊重社会公德,不得危害网络安全,不得利用网络从事危害国家安全、荣誉和利益
-
目标:羊了个羊小程序 -
使用工具:HTTP Debugger Pro 9.11(公众号回复0916获取) -
环境:微信任意版本
思路
点击开始游戏后用HTTP Debugger Pro 9.11抓取数据包,发现特别的两个请求文件分析了一下这是请求关卡数据,得到关卡id分别为80001和90016,分析了一下确定90016是第二关也就是难度比较高的关卡
数据包抓取,这里使用HTTP Debugger Pro 9.11可轻松抓取
获取token
第一关数据包
GET /sheep/v1/game/map_info?map_id=80001 HTTP/2
Host: cat-match.easygame2021.com
Xweb_xhr: 1
T: TOKEN
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/81.0.4044.138 Safari/537.36 MicroMessenger/7.0.4.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF
Content-Type: application/json
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://servicewechat.com/wx141bfb9b73c970a9/15/index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en
返回数据包
HTTP/2 200 OK
Date: Fri, 16 Sep 2022 00:20:54 GMT
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: GET, POST
{"err_code":0,"err_msg":"","data":{"id":"62ccde7d3dd1931da84a84e2","created_at":"2022-07-12T02:37:49.515Z","updated_at":"2022-09-
14T15:53:23.508Z","map_option":2,"map_id":80001,"map_data":"{"widthNum":8,"heightNum":10,"levelKey":80001,"blockTypeData":{"1":2,"4":1,"13":2},"levelData":{"1":[{"id":"1-16-16","type":0,"rolNum":16,"rowNum":16,"layerNum":1,"moldType":1,"blockNode":null},{"id":"1-28-16","type":0,"rolNum":28,"rowNum":16,"layerNum":1,"moldType":1,"blockNode":null},{"id":"1-40-16","type":0,"rolNum":40,"rowNum":16,"layerNum":1,"moldType":1,"blockNode":null},{"id":"1-16-32","type":0,"rolNum":16,"rowNum":32,"layerNum":1,"moldType":1,"blockNode":null},{"id":"1-28-32","type":0,"rolNum":28,"rowNum":32,"layerNum":1,"moldType":1,"blockNode":null},{"id":"1-40-32","type":0,"rolNum":40,"rowNum":32,"layerNum":1,"moldType":1,"blockNode":null},{"id":"1-16-48","type":0,"rolNum":16,"rowNum":48,"layerNum":1,"moldType":2,"blockNode":null},{"id":"1-28-48","type":0,"rolNum":28,"rowNum":48,"layerNum":1,"moldType":2,"blockNode":null},{"id":"1-40-48","type":0,"rolNum":40,"rowNum":48,"layerNum":1,"moldType":2,"blockNode":null}],"2":[{"id":"2-16-49","type":0,"rolNum":16,"rowNum":49,"layerNum":2,"moldType":2,"blockNode":null},{"id":"2-28-49","type":0,"rolNum":28,"rowNum":49,"layerNum":2,"moldType":2,"blockNode":null},{"id":"2-40-49","type":0,"rolNum":40,"rowNum":49,"layerNum":2,"moldType":2,"blockNode":null},{"id":"2-16-20","type":1,"rolNum":16,"rowNum":20,"layerNum":2,"moldType":1,"blockNode":null},{"id":"2-28-20","type":1,"rolNum":28,"rowNum":20,"layerNum":2,"moldType":1,"blockNode":null},{"id":"2-40-20","type":1,"rolNum":40,"rowNum":20,"layerNum":2,"moldType":1,"blockNode":null},{"id":"2-16-36","type":0,"rolNum":16,"rowNum":36,"layerNum":2,"moldType":1,"blockNode":null},{"id":"2-28-36","type":0,"rolNum":28,"rowNum":36,"layerNum":2,"moldType":1,"blockNode":null},{"id":"2-40-36","type":0,"rolNum":40,"rowNum":36,"layerNum":2,"moldType":1,"blockNode":null}]}}"}}
第二关请求包
GET /sheep/v1/game/game_over?rank_score=1&rank_state=1&rank_time=24&rank_role=1&skin=1 HTTP/2
Host: cat-match.easygame2021.com
Xweb_xhr: 1
T: token
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 MicroMessenger/7.0.4.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF
Content-Type: application/json
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://servicewechat.com/wx141bfb9b73c970a9/15/index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en
POC&EXP
「python」
import requests
headers = {
"Accept-Encoding": "gzip,compress,br,deflate",
"Accept": "*/*",
"Connection": "keep-alive",
"t": "你的token",
'User-Agent': "Mozilla/5.0 (iPhone; CPU iPhone OS 15_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.26(0x18001a34) NetType/WIFI Language/zh_CN"
}
cookies = {}
def testRequest():
url = 'https://cat-match.easygame2021.com/sheep/v1/game/game_over?rank_score=1&rank_state=1&rank_time=0&rank_role=1&skin=1'
wb_data = requests.get(url, headers=headers)
print("code:", wb_data.status_code)
if __name__ == '__main__':
for lp in range(520):
testRequest()「易语言」
来自神奇的论坛
https://wwi.lanzoup.com/b00q4pgif 密码:5ajq
想刷多少次就多次
原文始发于微信公众号(CKCsec安全研究院):实战 | 羊了个羊(小程序抓包工具推荐)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论