逆向--sign参数---解决令牌错误【除cookie过期与231滑块封控】
收藏
评论
收藏逆向--sign参数---解决令牌错误【除cookie过期与231滑块封控】
出
2025-11-05 19:01·浏览量:788
出
出道即颠峰
影刀高级开发者import hashlib
import re
import time
import requests
from typing import Dict
HEADERS: Dict[str, str] = {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9",
"referer": "https://s.taobao.com/search?boxFilterList=&commend=all&ie=utf8&initiative_id=tbindexz_20170306&page=1&preLoadOrigin=https%3A%2F%2Fwww.taobao.com&q=%E5%B0%8F%E7%B1%B3%E5%87%80%E6%B0%B4%E5%99%A8s1%201200g&search_type=item&sourceId=tb.index&spm=a21bo.jianhua%2Fa.search_hover.0&ssid=s5-e&tab=all",
"sec-ch-ua": '"Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"',
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": '"Windows"',
"sec-fetch-dest": "script",
"sec-fetch-mode": "no-cors",
"sec-fetch-site": "same-site",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36"
}
class TaobaoAPIClient:
def __init__(self, cookies: dict, app_key: str = "12574478"):
self.cookies = cookies.copy()
self.headers = HEADERS.copy()
self.app_key = app_key
self._m_h5_tk = None
self._m_h5_tk_enc = None
#sign参数拼接加密
def get_sign(self, token: str, t: str, data: str) -> str:
string = f"{token}&{t}&{self.app_key}&{data}"
return hashlib.md5(string.encode("utf-8")).hexdigest()
def update_token_by_check_collect(self, auction_num_id: str, callback: str = "mtopjsonp54") -> None:
url = "https://h5api.m.taobao.com/h5/mtop.taobao.mercury.checkcollect/1.0/"
t = str(int(time.time() * 1000))
sign = self.get_sign("undefined", t, "{}")
params = {
"jsv": "2.7.4",
"appKey": self.app_key,
"t": t,
"sign": sign,
"api": "mtop.taobao.mercury.checkCollect",
"v": "1.0",
"needEcodeSign": "true",
"bizName": "msoa.taobao.check.collect.h5",
"sceneName": "main_check_collect_h5",
"timeout": "10000",
"type": "jsonp",
"dataType": "jsonp",
"callback": callback,
"data": f'{{"ids":"[\\"{auction_num_id}\\"]","type":"1"}}'
}
response = requests.get(url, headers=self.headers, cookies=self.cookies, params=params)
cookie_text = response.headers.get("Set-Cookie", "")
m_h5_tk_list = re.findall(r'_m_h5_tk=(.*?);', cookie_text)
m_h5_tk_enc_list = re.findall(r'_m_h5_tk_enc=(.*?);', cookie_text)
if m_h5_tk_list and m_h5_tk_enc_list:
self._m_h5_tk = m_h5_tk_list[0]
self._m_h5_tk_enc = m_h5_tk_enc_list[0]
self.cookies['_m_h5_tk'] = self._m_h5_tk
self.cookies['_m_h5_tk_enc'] = self._m_h5_tk_enc
print(f"[Info] _m_h5_tk 返回 _m_h5_tk_enc: {self._m_h5_tk}, {self._m_h5_tk_enc}")
return response or None
def get_rate_detail_list(self, auction_num_id: str, page_no: int = 1, page_size: int = 20, callback: str = "mtopjsonp12"):
url = "https://h5api.m.tmall.com/h5/mtop.taobao.rate.detaillist.get/6.0/"
t = str(int(time.time() * 1000))
order_data = (f'{{"showTrueCount":false,"auctionNumId":"{auction_num_id}","pageNo":{page_no},'
f'"pageSize":{page_size},"orderType":"","searchImpr":"-8","expression":"",'
'"skuVids":"","rateSrc":"pc_rate_list","rateType":""}}')
token = self.cookies.get('_m_h5_tk', 'undefined').split('_')[0]
sign = self.get_sign(token, t, order_data)
params = {
"jsv": "2.7.5",
"appKey": self.app_key,
"t": t,
"sign": sign,
"_bx-login": "new",
"api": "mtop.taobao.rate.detaillist.get",
"v": "6.0",
"isSec": "0",
"ecode": "1",
"timeout": "20000",
"dataType": "jsonp",
"valueType": "string",
"type": "jsonp",
"callback": callback,
"data": order_data
}
response = requests.get(url, headers=self.headers, cookies=self.cookies, params=params)
print("[Info] rate_detail 接口返回:")
print(response.text)
return response
raw_cookie = (
"粘贴你浏览器里面的cookie【字符串格式的即可】")
cookies = {kv.split('=', 1)[0].strip(): kv.split('=', 1)[1] for kv in raw_cookie.split('; ') if '=' in kv}
if __name__ == "__main__":
auction_num_id = "963351204670" # 商品ID
client = TaobaoAPIClient(cookies)
print("=== Step 1, check_collect 换 mt5token和 _m_h5_tk_enc===")
client.update_token_by_check_collect(auction_num_id)
print("=== Step 2, 拉取 rate detail 列表 ===")
client.get_rate_detail_list(auction_num_id)
其实核心逻辑在于update_token_by_check_collect函数换取cookie里面的两个参数_m_h5_tk和_m_h5_tk_enc~~~
因为这两个参数时效性较短~~不更新就会报错令牌错误导致获取不到数据
raw_cookie ====复制这里面的值进去即可,也可以用影刀内置获取cookie或drissionpage或playwright或selenium或逆向登录也可以
动手能力强的也可以逆向231代码补环境然后找轨迹可以实现全自动~~解决了封控之后就可以赚钱了
此处省略***字,小伙伴们自行扩展延伸哦~~~
收藏6全部评论(1)
最新
发布评论
评论
