一、获取接口信息
输入账号密码,用测试账号验证,返回【用户不存在】。获取到接口信息
二、提取Curl(Bash)并PY调试
curl 'https://live-backstage.tiktok.com/passport/web/email/login/?aid=6849&account_sdk ******' \
-H 'origin: https://live-backstage.tiktok.com' \
-H 'priority: u=1, i' \
-H 'referer: https://live-backstage.tiktok.com/login/' \
-H 'sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "Windows"' \
-H 'sec-fetch-dest: empty' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: same-origin' \
-H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36' \
-H 'x-tt-passport-csrf-token: a906a34a2173cd10c6545263c1e59f9a' \
--data-raw 'mix_mode=1&email=716076714574742b666a68&password=343736313033&fixed_mix_mode=1'
三、动态参数分析
https://live-backstage.tiktok.com/passport/web/email/login/?
aid=6849
&account_sdk_source=web
&sdk_version=2.1.1tiktok
- &language=zh
- &verifyFp=verify_mf2ei3yj_rW0kxKk1_FyCq_49si_By4P_ETLDQH53cH8W
- &msToken=JanwbbLdWRl7MwB7MlM2QnQyJ5XBYko1AYhqkzvcjbM7-42WPGE84UPKdI2JN5Nblg_TEZWYP1-bBY9dsR-EvzKTXGj-IBrI1O-8VPC8N-7cySYx2hhOkq2O9-NUoOmNklbY7Hs=
- &X-Bogus=DFSzswVLX2U-N8XFCjKW5tkX95u6
- &X-Gnarly=MHhiz/15I-q/eyG1qJM0CsKVedPhe41lkx5xyU/L6uEpQIYercbqpwcJM5Yp78PlaXPeu8L5FFM6EAVnBNIn51IYnmZrheJY0RTTTwE6iqfDTYbnXLk/avp9k1sfqtl57xaUvvgXfE8Ic7491kvPTkHp82E06f6KAHLW5bm72/qUqvJ8mdjaxuBV3nj1FJUbahRZcw2q0Q/bgCbiCpYEVmNOb/SvP/RyS/HJbH10JNpfByJjQ0vNYdtLUhqdShztSINAw14zAZWS
- cookie: xxx
系统输入输出,只对 Payload FormData 中 【email、password】加密
四、加密算法定位
检索关键词
主要位置Debug断点
再次点击登录进入接口Axios 请求。并获取堆栈信息。获取关键参数及代码
从而获取关键代码位置: cb(x,y) a5()
a5 可以看出来是对象的函数 Object.assign(target, ...sources) 执行的是浅拷贝
四、扣取代码
扣取代码获得和上面加密信息一致。
成功验证接口
``
评论一下?