request保持會話，尋找set-cookie來獲取資料

回憶不說話發表於2019-04-12

今天遇到了一個比較煩人的問題，爬取一個網站的時候，登陸返回的cookie和通過抓包獲取的資料的cookie不一樣，其中有個引數，找了半天，沒找到。

網址：https://i.keking.cn/user_index.html

登陸返回的cookie是這個樣子：

acw_tc=2f624a7115548746919093682e53ca410b002b05e6d61724dbcfaaa50d7b58; UM_distinctid=16a05ca88f1231-051276fcfa61fb-7a1437-100200-16a05ca88f214a; companyName=%E6%B7%B1%E5%9C%B3%E9%AA%90%E7%BF%94%E7%89%A9%E6%B5%81%E5%86%87%E9%99%90%E8%B4%A3%E4%BB%BB%E5%85%AC%E5%8F%B8; token=eyJlbmNyeXB0ZWREYXRhIjoiWHY2YU1JZjZPTEhqT3pOeFJmZzBERlNCbVVWUCtuUTFjc3BSd0E5bGtWNXUyWnhrV2ZJdFUzeGxZU3F2Y0Z1Z2NWR1BIQlNVVTY2WkRqc1lRUnhENUI1dnZDUUU0MmdQN1hjM2pwNUNXSk9rWTNQQ1JsTjRGclVqZ3g4K1VYTDN0MW13KzMwLzkySERkNFBqalVDc1lwejJpcGg4MlZHMElGcHQyM05OQ1JJPSIsIndyYXBwZWRLZXkiOiJtRTIvcTlRb2RmUUxNRi85UEFIc3NsNVJoNEJ3aE95Y3RXUkVhYVhTU3VldW1ZZTlWTk5TZk80cDBSS1FPLzNaQi9PbVBQRnNONHNGWFNlZms1SmFkMkxZSmkyNVphdWRXOWVJYlhyNElTbWdScWtDZVdDcHZmdzJiTzJCMHc3MldFZFk3TkF2YWFMOE0xOXJxTFI3VlRwVVpUVVVyc0FuR0JCam9ZZ3Y1Q0k9In0=;

抓包資料所在的cookie是這個樣子：

Cookie: acw_tc=2f624a7115548746919093682e53ca410b002b05e6d61724dbcfaaa50d7b58; UM_distinctid=16a05ca88f1231-051276fcfa61fb-7a1437-100200-16a05ca88f214a; companyName=%E6%B7%B1%E5%9C%B3%E9%AA%90%E7%BF%94%E7%89%A9%E6%B5%81%E5%86%87%E9%99%90%E8%B4%A3%E4%BB%BB%E5%85%AC%E5%8F%B8; token=eyJlbmNyeXB0ZWREYXRhIjoiWHY2YU1JZjZPTEhqT3pOeFJmZzBERlNCbVVWUCtuUTFjc3BSd0E5bGtWNXUyWnhrV2ZJdFUzeGxZU3F2Y0Z1Z2NWR1BIQlNVVTY2WkRqc1lRUnhENUI1dnZDUUU0MmdQN1hjM2pwNUNXSk9rWTNQQ1JsTjRGclVqZ3g4K1VYTDN0MW13KzMwLzkySERkNFBqalVDc1lwejJpcGg4MlZHMElGcHQyM05OQ1JJPSIsIndyYXBwZWRLZXkiOiJtRTIvcTlRb2RmUUxNRi85UEFIc3NsNVJoNEJ3aE95Y3RXUkVhYVhTU3VldW1ZZTlWTk5TZk80cDBSS1FPLzNaQi9PbVBQRnNONHNGWFNlZms1SmFkMkxZSmkyNVphdWRXOWVJYlhyNElTbWdScWtDZVdDcHZmdzJiTzJCMHc3MldFZFk3TkF2YWFMOE0xOXJxTFI3VlRwVVpUVVVyc0FuR0JCam9ZZ3Y1Q0k9In0=; tmsToken="eyJlbmNyeXB0ZWREYXRhIjoid3lYNWRhc0dEeGMxTEpYdEFRMlNWYlAxVFVFNldySlI2L1pLdkJ5Zjc4Yms3RCs2cEMyWTF3UHdqK1E1L2YrMXpyVDQxdGRNbXBVU0R3dmR5TjV1VkZzaXRXbkhkM0hERVhBT1RFa3BIaU1QOW16bDRJeGIwUk94N1h2WnB6WDZJMDFHTDhUN0IwbFNHNU9lM2h4YVNxaUd1UVlxZjVySEI1Z3p4RTBQOHVpcGZidk1uMzJYY0E5dUsxenZwdHUvRFhNeSsrWlcvMU5ZUEtxblJwRHpmc251TkNmK0pCVzVwdlppd1FRVGdBL3hnY1dJei9GUkNJUVZuL0R5bCtZSE5zTlpBb2VuVzhFZjBMVVhYODBnUzdTWWRRU3FIN2xubjBDR2I4dlJ2YVRTdElyNGsvajVRaGpPR2dLSVlqVGdkNWU3bnNyYms3S3dINmlJdVN6UnlKZ3YxV3Bqemp6bzJTVXV3S3NVaUhVM0l5M3BHU0FoS0g0VWk5eWJoTk1XaVlqWUJqRWxadmJCYkJxM0IwQ3hGTzUwNCtxRjFOTjNSWFdMUUk4Ni9NVmt3c1UrcnpJQlI0ZFFwZ1BxZXNkMG5mRmpFamFDekxJSk9reU5YZEZBaC91aS9tYXRFUk50NFFGQnQzNnNmTTlSSjFFeE1nSXdia3V4dUNvdngrMnNRd21KbW9LM0F2RE41bHA3a0FraGZSVGg0bnNSMklBMmR6TzU1T0JTbHM3T2k3c01ZRit5SS9aMXBCVTg0bm1LT21oL083U0tBc1RJSUVVSDlieHN2R296Q0xHaEJsUjlWcWRzUHJLQ2JsUkRmK2ViS0xzV3NwTVlON3hyOFlhWVVCWmtiSUlpaFM5aEpYYTh3cHJwVWxFUWpHQXlKWndCUTZ0bTFwNGI5d1plVkxrYitGUzlPVVhXUjA0emVYb0k0OXNxU1oxWVE1L0NVditYU00wV3VCZHlzTHBqV09IazhrekRYd05ac2pTZEk3OUNsaHZFNUpJTDh5WkhTMEtOdnEyWUI2T3BvQkFHbENiQ3JJandIeUpJdHhFWXdLV1Z3MzNPUTkyMGY3TUU3Z3JEdWsxeTBKZHkrTk5FWG1PcFZyUTRQbnVaZ1BUd3IxRVVNWmZiYWtGSnNnais4c1E1R0NpSTRabHNtbDE0MVBPcTl1cmJCWG9RNlVLaFJXenZUZ3dnR2VZQk1NZGNpcXU4UFlFNTRDVGlDUzlONlRpZEwwcmJkRzFXdUIwWUFPZzIwc0E3TzRqeWVtMmFkUkN2dUx4M0tUVzFVRWdZOTFYNWZMTyt6UWxEdFRUZmc0Ri81YlNVRzNIWXRZanhkNTM5Vk9jZTBIalZROWRxQjR5d1dUeWVRTFB5NWdMcUZ5RnF3aWg1VW5QU1JHQWorSEgwaHlDeHFUQW5SN20rRnhRYkI1dHNIZDRoSzJvZDZxVXZLeE5LVmdJNS9HV3E2NGZpSFkya0w4VXY5TE5Yd1p2bS9VZmdQaVJhUU9qV3VEZUdxdm81WEFPV1l6NHZtQ25GeWpaQWd2VFJHYnF2bWlhZ2F5bGVodGF5SURIazQ5SWpSWmphL2ViUExqc2lwTHpGR0lmR2E3NTAwYWhsdlN0MGlyV1UvcnBTOUsydzlTR1M1RkdCd2V3S25mdTM4THBoSGY3bGpmcU5ZUVVvUVdvdzk5b1NzdVdjcWt5NkNjTG5TcXFoTTRMSnJlNDJGV0NDeUV4MDNSd2JHUUVKSCt4ZENqZlc0WHpHUlByVlRuWWkyenNDUmpKYVlGRk92T0R3Nm1naWpoQktUYUNoTUxSME9EV1NNU2d5NFlTd3NCY3o1dDRjS1ljWXE4RCs3dGIyOUVSZW1GRzhvbVF2M285TEFqRjMvbEw3ZHlPeVdlOFQ0RGg2WUFTZWxsTUtyNE1GUmYzYmR6N0Jicm0vSm5WS1ZYcFVGaG5FTlpkUXN3ZFFVZ0xwUm50LzFEaVV3ZWxDWVhMRFNNQWR1cUZkaWdzUFRuNkM1Zy9CWUlBZStMVjgxT05BYUE2SjlVZTVLSTBqdVVydXVYajVqRXBFQlhzNERpN1E5QT09Iiwid3JhcHBlZEtleSI6ImNYcTB5STZkaU1pUWQrL1NJdUxSNXVucUFRT0tLUTJBTVR1QThDaGRaYTV2NjRjWXVJbkZPUGVnZ29OMHgzZ3I0bysyV0RKR2YrY1VIYmlMN0xORDFnPT0ifQ=="
多出了一個tmstoken的引數，這個引數哪來的？

尋找set-cookie的介面，我們來看看這個set-cookie是怎麼產生的。剛開始以為js加密的，搞了半天沒找到任何有關的跡象。

然後又回到抓包，繼續分析請求。開心的是，在抓包中，居然找到了，相同的cookie：

這個請求的url如下：

/app/approval/verifyOpenState?ignoreLoadingBar=true&userCenterToken=eyJlbmNyeXB0ZWREYXRhIjoiamJXZ0hPZUkrYWtCNW9QWEpCTHpOOHVtZW1oakhKVnRKM09aMjhEQllySlA3RW93OGJuaUtGNloyMnVialBhVE5iV2RsRSthMEx4MytSbDFsWHA1MUUyMDl2dXIwend5RVZFMVdtUEFmYnBQSjU4blFvVGd4VVoyM1hjY0xINXdYb0wyelp3Y3NEblhyRVZDUHV0YlgzUHdqZ2NXT0FoaFlCM3lESnU4eXRJd3JtVnVtaHhtcFZ6M2p4UUVHbVJjUnJ3TDBMaWdKQjA4MG95TE5rYkplNDBOR1dRVlZHS1UvYnpoT3liRlNyV0xTWk9McjlHcUh1c2lscFFCb2YzN3VDbEd2azJUdFAzd0RWZWF1KzQyb1RWdCtYOFlDTk4xMXVEOHZnZm5EVzZiYjkvR0xHTlJEL05NUThKSXlUUXJLVks5STRuenlMV2dBeVd2Q1JGUnFkdWkwMXdPeHd3MjVGMlJJdU5aMkZHQXIyYitXZjVyODZvTEFBQ01jenE1NkhzaWJ2elZ3Z3lrbjk5dEV1SzVkZ09YaWo1bXRkOGhFZ0kwdjE3T0toc295MVJ1dXh2SHVFai9KRlVDZUZqNit3Sk40Q2JZMlhNQzgxclYyMHhMWllPRDZEQ1hnSGh6Zityei9hcHRCYWM9Iiwid3JhcHBlZEtleSI6IlhpcEUrQlhKbGJOdldtRGZDVkRRVEhUTjFBUVMxMHMzT2c0RjlXM05sUEQ3UTh2SXBhRVVkUk1WQ3hqZ1hsWlR5L1RMeUJldUdaL01aSE5YYnlxR1pkUEhFS2RqcENGNE94MW1SNFJQWENlMmFQN3VRT2ppbUFmSE9HaHVPcHF5d2F6UFF1L0N5TWJyL09TcHgyL3JxUGZteUFFeHJlQjJndDBXVEMxbnBMUT0ifQ

其中又又一個userCenterToken引數。我們只要拿到這個url然後用sessiong保持回話，不就可以了？

接下來的目標就是找這個userCenterToken的引數。

繼續逆向分析，又看到了這個：

通過對比，發現這個appToken和userCenterToken的值是一樣的，開發人員為了迷惑我們，特意將引數名給換掉了。

https://customer.api.keking.cn/product/getProductOpened/

我們只要訪問這個介面不就可以找到userCenterToken，但是在這個請求頭中，我們無奈的發現，還有一個token的引數。怎麼辦？

繼續想辦法。通過往上繼續分析，發現這個token和我們剛才登陸後返回的cookie是一致的。

那麼不是大功告成了。

整個流程就是這樣。

程式碼如下：

import re
import requests
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.common.by import By
import time
import json
import traceback


class KaiJing():

    def __init__(self,username,password):
        self.username = username
        self.password = password
        self.s = requests.Session()

    def get_product(self):
        headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36',
            'Referer': 'https://i.keking.cn/user_index.html',
            "token": self.token
        }
        url = 'https://customer.api.keking.cn/product/getProductOpened'
        r = self.s.get(url, headers=headers)
        print(r.text)
        self.productId = re.findall('"productId":"(.*?)"', r.text)[1]
        self.corpId = re.findall('"corpId":"(.*?)"', r.text)[1]
        # print(self.productId)
        # print(self.corpId)
        self.userCenterToken = re.findall('"productAccessUrl":"http://cloud.keking.cn/#/transfer\?appToken=(.*?)"', r.text)[0]

    def get_tms_token(self):

        headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36',
            'Referer': 'http://cloud.keking.cn/',
            # 'Cookie': 'token={0}'.format(self.token)
        }
        url1 = 'https://tms.api.keking.cn/app/approval/verifyOpenState?ignoreLoadingBar=true&userCenterToken={0}'.format(self.userCenterToken.replace('=', ''))
        url2 = 'https://tms.api.keking.cn/app/approval/tokenLogin?ignoreLoadingBar=true&userCenterToken={0}'.format(self.userCenterToken.replace('=', ''))
        r = self.s.get(url1, headers=headers)
        print(r.text)
        print(r.headers)
        r = self.s.get(url2, headers=headers)
        print(r.text)
        print(r.headers)

    def start_to_pay(self):
        url = 'https://tms.api.keking.cn/api/tms/pay/listDeparturePay?actualPayee=&applyDateFirst=2019-04-01&applyDateLast=2019-04-30&arriveCity=&arriveDistrict=&arriveProvince=&carNo=&carType=&currentPage=1&driverName=&globalCondition=&isCanLoan=&projects=&receiver=&rows=10&searchCondition=&searchContent=&searchMode=global&sendCity=&sendDistrict=&sendProvince=&supplierName='

        headers = {
            'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36',
            'Referer': 'http://cloud.keking.cn/?v={0}'.format(time.time()*1000),
        }
        res = self.s.get(url, headers=headers)
        print(res.text)


if __name__ == '__main__':
    kj = KaiJing('******','*****')
    kj.login()
    kj.get_product()
    # kj.get_tms_token()
    # kj.start_to_pay()

java學習路程(javaEE)之獲取表單資料、獲取引數、request域、會話技術(Cookie)
2018-10-10
Java會話Cookie
request 獲取不到 Cookie
2019-07-15
Cookie
Jmeter系列（31）- 獲取並使用 JDBC Request 返回的資料
2020-06-24
JMeterJDBC
Spring多資料來源獲取
2019-04-03
Spring
securecrt保持會話不會斷掉
2018-11-30
Securecrt會話
Laravel request 獲取路由引數
2019-08-28
Laravel路由
Python如何獲取request response body
2024-11-16
Python
Spring MVC 獲取三個域(request請求域，session 會話域，application 應用域)物件的方式
2024-06-30
SpringMVCSession會話APP物件
LVS高階應用-會話保持
2018-09-11
會話
Laravel 中 $request 獲取請求資訊用法總結
2020-07-02
Laravel
基於token的會話保持機制
2020-08-12
會話
python request 獲取cookies value值的方法
2018-05-25
PythonCookie
springcloud fegin獲取request header解決方案
2018-04-17
SpringGCCloudHeader
Java Web後臺從request裡面獲取的資料是亂碼問題
2018-09-17
JavaWeb
如何教會小白使用API介面獲取商品資料
2023-09-26
API
如何利用電商API介面來獲取商品資料
2023-05-17
API
jsonp跨域獲取資料實現百度搜尋
2018-06-24
JSON跨域
Django透過request獲取客戶端IP
2024-11-09
Django客戶端
laravel symfony request獲取真實ip的坑
2021-09-23
Laravel
如何尋找優質的資料標註公司？
2023-02-06
Python獲取jsonp資料
2023-05-09
PythonJSON
1.獲取資料
2024-04-01
獲取Wireshark資料流
2024-03-20
Modbus ASCII 獲取資料
2024-08-27
ASCII
OpenAI尋求合作伙伴以獲取公共網路之外的資料
2023-11-13
OpenAI
為什麼要透過API介面來獲取資料
2023-05-05
API
datatables 獲取 pageLength 和 pageStart，重新獲取table資料
2018-08-02
java web 通過request獲取客戶端IP
2020-09-29
JavaWeb客戶端
php獲取1688阿里巴巴關鍵字搜尋新品資料API介面
2023-05-09
PHP阿里API
如何教會小白使用淘寶API介面獲取商品資料
2023-12-08
API
獲取天氣介面資料
2018-11-05
Mysql批量大資料獲取
2019-03-07
MySql大資料
【譯】React如何獲取資料
2019-03-04
React
datatables使用ajax獲取資料
2024-10-11
如何獲取想要的資料？
2024-06-21
jqGrid獲取json資料方法
2021-09-09
JSON
從session中獲取資料
2020-12-12
Session
尋找真凶
2020-12-23