淘宝x-sign算法解密分析

我在上一篇博客中给大家介绍了淘宝接口如何抓取，今天我来给大家介绍一下淘宝中校验参数x-sign的生成了，现在大家都知道只要有了x-sign基本上所有事情都可以干，包括但不仅限于商品信息，商品评价，秒杀活动等等
本文将演示如何获取淘宝商品评价信息，以iphone11为例 https://detail.tmall.com/item.htm?id=602659642364

抓包分析

通过charles手机抓包分析得出评价获取参数为如下几个：
url：http://guide-acs.m.taobao.com/gw/mtop.taobao.rate.detaillist.get/4.0
参数：data={“rateType”:"",“hasPic”:“1”,“foldFlag”:“0”,“pageNo”:“1”,“pageSize”:“10”,“auctionNumId”:“602659642364”}
头信息：有好多头信息，最重要的x-sign

签名接口调用

先放一个postman的图片 [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-pUVSS7Nl-1588948458935)(https://github.com/Colinlyj210/x-sign/raw/master/w2.png?raw=true)]

使用说明：

图片中的请求地址并不是真实的请求地址，需要联系qq获取
发请求的时候必须是post json格式，可能需要协议头Content-Type:application/json
token是接口校验参数，需要联系qq获取
获取签名的时候参数值都不需要转义，发请求抓数据的时候可能需要转义
所有参数必须使用""包起来，必须是字符串

参数说明

data：就是参数data，为了避免出现编码问题，使用base64编码再传给我。编码前的data不要使用 urlencode.
appKey：默认"21646297"，淘宝的appKey这个值是固定，如果是淘宝系其他app，这个值不一样
pv：默认"6.3"，可选"6.2"或者"6.3"
useMiniWua：默认"0" 需要x-mini-wua的时候，设置为"1"，当pv="6.3"的时候，都是带x-mini-wua返回值的
useWua：默认"0" 需要wua的时候，设置为"1"
`如有其他疑问，或者需要帮助的请联系qq: 946420414

返回值说明

返回值有x-sign，x-mini-wua，wua等需要自己发请求测试，此处不再说明

python 版本demo

运行条件: python3 + requests 库

#!/usr/bin/env python
# coding:utf8import os
import json
import requests
from urllib.parse import quote
from urllib.parse import quote_plus
from pprint import pprint
import base64
import timedef gwMtopApi(api, v, data, uid="0", sid="0", method='GET'):utdid = "XLWkskakX5EDAEAuXveJ2YJy"appKey = "21646297"timestamp = time.time()t = int(timestamp)lat = "31.23238"lng = "121.477733"ttid = '701186@taobao_android_9.1.0'deviceId = "Akuvfv2rDaTsFg2EJoAi5vGWE8wGLLTOVgrx3XMZ2a_M"features = "27"pageId = "https://market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem?wh_ttid=native"pageName = "market.m.taobao.com/app/tmall-wireless/group-card-618/pages/cc-shareItem"# 数据使用base64做下编码b64Data = base64.b64encode(data.encode("utf-8"))pprint(b64Data)postData = {"utdid": utdid,"uid": uid,# 设备id"deviceId": deviceId,"appKey": appKey,"x-features": features,"ttid": ttid,"location": lng + ',' + lat,"v": v,"sid": sid,# 时间戳 10位数"t": t,"api": api,"useWua": "1","data": b64Data,"pageId": pageId,"pageName": pageName}pprint(postData)result = getTaobaoSigns(postData)jobj = json.loads(result)dataJobj = jobj["data"]pprint(dataJobj['x-mini-wua'])body = "data=" + quote_plus(data)requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/".format(api, v)proxies = Noneheaders = {"x-appkey": appKey,"x-devid": deviceId,"x-ttid": quote_plus(ttid),"x-sign": quote_plus(dataJobj['x-sign']),"x-umt": quote_plus(dataJobj['x-umt']),"x-mini-wua": quote_plus(dataJobj['x-mini-wua']),"x-sgext": dataJobj['x-sgext'],"x-t": str(t),"x-location": quote_plus("{0},{1}".format(lng, lat)),"x-app-ver": "9.1.0","f-refer": "mtop","x-nq": "WIFI","x-nettype": "WIFI","x-region-channel": "CN","f-refer": "mtop","content-type": "application/x-www-form-urlencoded;charset=UTF-8","A-SLIDER-Q": "appKey%3D21646297%26ver%3D0","x-bx-version": "6.4.11","x-page-url": quote_plus(pageId),"a-orange-q": "appKey=21646297&appVersion=9.1.0&clientAppIndexVersion=1120191120160145573&clientVersionIndexVersion=0","x-page-name": pageName,"x-pv": "6.3","x-c-traceid": "XLWkskakX5EDAEAuXveJ2YJy1574237572826005219386","x-features": features,"x-app-conf-v": str(19),"x-utdid": utdid,"c-lauch-info": "0,0,1574237572825,1574233432783,3","User-Agent": "MTOPSDK%2F3.1.1.7+%28Android%3B8.1.0%3BHuawei%3BNexus+6P%29","Connection": "Keep-Alive","Accept-Encoding": "gzip","x-bx-version": "6.4.11"}if uid != "":headers["x-uid"] = uidheaders["x-sid"] = sidif method == 'GET':requestUrl = "https://guide-acs.m.taobao.com/gw/{0}/{1}/?{2}".format(api, v, body)pprint(requestUrl)result = requests.get(requestUrl, timeout=20, headers=headers, proxies=proxies, verify=False)else:result = requests.post(requestUrl, data=body, headers=headers, timeout=20, proxies=proxies, verify=False)pprint(result)if result.status_code == requests.codes.ok:pprint(result.text)def getTaobaoSigns(arr):pprint(arr)requestURL = "http://127.0.0.1:8080/fakeTbParam"headers = {"allow_access": "true","Content-Type": "application/x-www-form-urlencoded"}result = requests.post(requestURL, data=arr, timeout=20, headers=headers)pprint(result.text)dataStr = ""if result.status_code == requests.codes.ok:dataStr = result.textpprint(dataStr)return dataStrdef getTaobaoDetail():data = '''{"LBS":"{\\"SG_TMCS_1H_DS\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"SG_TMCS_FRESH_MARKET\\":\\"{\\\\\\"stores\\\\\\":[]}\\",\\"TB\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"185784179\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"2\\\\\\",\\\\\\"type\\\\\\":\\\\\\"1\\\\\\"}]}\\",\\"TMALL_MARKET_B2C\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"105\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_CITY\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"},{\\\\\\"code\\\\\\":\\\\\\"107\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"REGION_TYPE_REGION\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\",\\"TMALL_MARKET_O2O\\":\\"{\\\\\\"stores\\\\\\":[{\\\\\\"code\\\\\\":\\\\\\"233930143\\\\\\",\\\\\\"bizType\\\\\\":\\\\\\"DELIVERY_TIME_ONE_HOUR\\\\\\",\\\\\\"addrId\\\\\\":\\\\\\"8813741971\\\\\\",\\\\\\"type\\\\\\":\\\\\\"CHOOSE_ADDR\\\\\\"}]}\\"}","URL_REFERER_ORIGIN":"https://s.m.taobao.com/h5entry?utparam=%7B%22ranger_buckets_native%22%3A%22tsp2189_21618_normaluser01%22%7D&spm=a2141.1.searchbar.searchbox&scm=1007.home_topbar.searchbox.d&_navigation_params=%7B%22needdismiss%22%3A%220%22%2C%22animated%22%3A%220%22%2C%22needpoptoroot%22%3A%220%22%7D","_navigation_params":"{\\"needdismiss\\":\\"0\\",\\"animated\\":\\"0\\",\\"needpoptoroot\\":\\"0\\"}","ad_type":"1.0","apptimestamp":"1575125141","areaCode":"CN","brand":"google","canP4pVideoPlay":"true","countryNum":"156","device":"Nexus 6P","editionCode":"CN","filterEmpty":"true","filterUnused":"true","from":"suggest_all-query","homePageVersion":"v6","imei":"867686023424128","imsi":"09647Nexus617c3","info":"wifi","isBeta":"false","itemfields":"commentCount,newDsr","layeredSrp":"true","n":"10","needTabs":"true","network":"wifi","new_shopstar":"true","page":"2","pos":"0_0","q":"iphone11","rainbow":"14071,14070,12994,14154","referrer":"com.taobao.taobao","schemaType":"all","scm":"1007.home_topbar.searchbox.d","searchFramework":"true","search_action":"initiative","search_wap_mall":"false","setting_on":"imgBanners,userdoc,tbcode,pricerange,localshop,smartTips,firstCat,dropbox,realsale,insertTexts,tabs","showspu":"true","sort":"_sale","spm":"a2141.1.searchbar.searchbox","sputips":"on","style":"list","subtype":"text","sugg":"iphone11_0_0","suggest_rn":"bucketid_1-rn_9ce4a9df-e0c0-418d-80a2-df54040958ed","sversion":"8.3","taoxianda":"true","ttid":"701186@taobao_android_9.2.0","utd_id":"XLWkskakX5EDAEAuXveJ2YJy","utparam":"{\\"ranger_buckets_native\\":\\"tsp2189_21618_normaluser01\\"}","vm":"nw"}'''api = "mtop.taobao.wsearch.appsearch"v = "1.0"gwMtopApi(api, v, data, uid="60348168", sid="96d58db05c3654c6015572075f9e41ea")if __name__ == '__main__':getTaobaoDetail()

技术支持

感谢大家在百忙中阅读我的博客。

最新某宝x-sign参数生成原理