实战 | 羊了个羊(小程序抓包工具推荐)
遵纪守法
任何个人和组织使用网络应当遵守宪法法律,遵守公共秩序,尊重社会公德,不得危害网络安全,不得利用网络从事危害国家安全、荣誉和利益。
目标:羊了个羊小程序
使用工具:HTTP Debugger Pro 9.11(公众号回复0916获取)
环境:微信任意版本
思路
点击开始游戏后用HTTP Debugger Pro 9.11抓取数据包,发现特别的两个请求文件分析了一下这是请求关卡数据,得到关卡id分别为80001和90016,分析了一下确定90016是第二关也就是难度比较高的关卡
数据包抓取,这里使用HTTP Debugger Pro 9.11可轻松抓取
获取token
第一关数据包
GET /sheep/v1/game/map_info?map_id=80001 HTTP/2
Host: cat-match.easygame2021.com
Xweb_xhr: 1
T: TOKEN
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/81.0.4044.138 Safari/537.36 MicroMessenger/7.0.4.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF
Content-Type: application/json
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://servicewechat.com/wx141bfb9b73c970a9/15/index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en
返回数据包
HTTP/2 200 OK
Date: Fri, 16 Sep 2022 00:20:54 GMT
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: GET, POST
{"err_code":0,"err_msg":"","data":{"id":"62ccde7d3dd1931da84a84e2","created_at":"2022-07-12T02:37:49.515Z","updated_at":"2022-09-
14T15:53:23.508Z","map_option":2,"map_id":80001,"map_data":"{\"widthNum\":8,\"heightNum\":10,\"levelKey\":80001,\"blockTypeData\":{\"1\":2,\"4\":1,\"13\":2},\"levelData\":{\"1\":[{\"id\":\"1-16-16\",\"type\":0,\"rolNum\":16,\"rowNum\":16,\"layerNum\":1,\"moldType\":1,\"blockNode\":null},{\"id\":\"1-28-16\",\"type\":0,\"rolNum\":28,\"rowNum\":16,\"layerNum\":1,\"moldType\":1,\"blockNode\":null},{\"id\":\"1-40-16\",\"type\":0,\"rolNum\":40,\"rowNum\":16,\"layerNum\":1,\"moldType\":1,\"blockNode\":null},{\"id\":\"1-16-32\",\"type\":0,\"rolNum\":16,\"rowNum\":32,\"layerNum\":1,\"moldType\":1,\"blockNode\":null},{\"id\":\"1-28-32\",\"type\":0,\"rolNum\":28,\"rowNum\":32,\"layerNum\":1,\"moldType\":1,\"blockNode\":null},{\"id\":\"1-40-32\",\"type\":0,\"rolNum\":40,\"rowNum\":32,\"layerNum\":1,\"moldType\":1,\"blockNode\":null},{\"id\":\"1-16-48\",\"type\":0,\"rolNum\":16,\"rowNum\":48,\"layerNum\":1,\"moldType\":2,\"blockNode\":null},{\"id\":\"1-28-48\",\"type\":0,\"rolNum\":28,\"rowNum\":48,\"layerNum\":1,\"moldType\":2,\"blockNode\":null},{\"id\":\"1-40-48\",\"type\":0,\"rolNum\":40,\"rowNum\":48,\"layerNum\":1,\"moldType\":2,\"blockNode\":null}],\"2\":[{\"id\":\"2-16-49\",\"type\":0,\"rolNum\":16,\"rowNum\":49,\"layerNum\":2,\"moldType\":2,\"blockNode\":null},{\"id\":\"2-28-49\",\"type\":0,\"rolNum\":28,\"rowNum\":49,\"layerNum\":2,\"moldType\":2,\"blockNode\":null},{\"id\":\"2-40-49\",\"type\":0,\"rolNum\":40,\"rowNum\":49,\"layerNum\":2,\"moldType\":2,\"blockNode\":null},{\"id\":\"2-16-20\",\"type\":1,\"rolNum\":16,\"rowNum\":20,\"layerNum\":2,\"moldType\":1,\"blockNode\":null},{\"id\":\"2-28-20\",\"type\":1,\"rolNum\":28,\"rowNum\":20,\"layerNum\":2,\"moldType\":1,\"blockNode\":null},{\"id\":\"2-40-20\",\"type\":1,\"rolNum\":40,\"rowNum\":20,\"layerNum\":2,\"moldType\":1,\"blockNode\":null},{\"id\":\"2-16-36\",\"type\":0,\"rolNum\":16,\"rowNum\":36,\"layerNum\":2,\"moldType\":1,\"blockNode\":null},{\"id\":\"2-28-36\",\"type\":0,\"rolNum\":28,\"rowNum\":36,\"layerNum\":2,\"moldType\":1,\"blockNode\":null},{\"id\":\"2-40-36\",\"type\":0,\"rolNum\":40,\"rowNum\":36,\"layerNum\":2,\"moldType\":1,\"blockNode\":null}]}}"}}
第二关请求包
GET /sheep/v1/game/game_over?rank_score=1&rank_state=1&rank_time=24&rank_role=1&skin=1 HTTP/2
Host: cat-match.easygame2021.com
Xweb_xhr: 1
T: token
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 MicroMessenger/7.0.4.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat/WMPF
Content-Type: application/json
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://servicewechat.com/wx141bfb9b73c970a9/15/index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en
POC&EXP
「python」
import requests
headers = {
"Accept-Encoding": "gzip,compress,br,deflate",
"Accept": "*/*",
"Connection": "keep-alive",
"t": "你的token",
'User-Agent': "Mozilla/5.0 (iPhone; CPU iPhone OS 15_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.26(0x18001a34) NetType/WIFI Language/zh_CN"
}
cookies = {}
def testRequest():
url = 'https://cat-match.easygame2021.com/sheep/v1/game/game_over?rank_score=1&rank_state=1&rank_time=0&rank_role=1&skin=1'
wb_data = requests.get(url, headers=headers)
print("code:", wb_data.status_code)
if __name__ == '__main__':
for lp in range(520):
testRequest()
「易语言」
来自神奇的论坛
https://wwi.lanzoup.com/b00q4pgif 密码:5ajq
想刷多少次就多次
- 关键词标签:
- AC米兰中文官方网站 小程序抓包工具 网络安全
