记一次对云之家简单的抓包体验,有点乱明天整理,今天大概分析下:
上面是模拟打卡的,今天还没弄明白为啥时间永远打在23:30,替换了参数clockTime也不行
登录分析 接口:www.yunzhijia.com/openaccess/user/login
POST
json参数: {“eid”:“20842594”,“userName”:“15368666279”,“password”:“3wfJXMQrf6QgHXkxyKL8ug==”,“appClientId”:“10201”,“deviceId”:“OAIDf1710a18c5b331b6e7c73d9bc243c841”,“deviceType”:“V1814T”,“ua”:“10201/10.5.3;Android 9;vivo;V1814T;102;1080*2267;deviceId:OAIDf1710a18c5b331b6e7c73d9bc243c841;deviceName:vivo V1814T;clientId:10201;os:Android 9;brand:vivo;model:V1814T;bno:10.5.3;lang:zh-CN;”}
header:Host: www.yunzhijia.com user-agent: 10201/10.5.3;Android 9;vivo;V1814T;102;1080*2267;deviceId:OAIDf1710a18c5b331b6e7c73d9bc243c841;deviceName:vivo V1814T;clientId:10201;os:Android 9;brand:vivo;model:V1814T;bno:10.5.3;lang:zh-CN;accept-language: zh-CNx-request-id: 9918a758-ecf7-45b0-8991-976e03d2bc1ex-yzj-payload: e:20842594;u:6030effae4b04c19f8c73450authorization: OAuth oauth_consumer_key=“lRudaAEghEJGEHkw”, oauth_nonce="-1048486391356024293", oauth_signature=“IcEOdS%2BytQEN2SK6QWW%2Bs8WiXG8%3D”, oauth_signature_method=“HMAC-SHA1”, oauth_timestamp=“1613832179”, oauth_version="1.0"content-type: application/json; charset=utf-8content-length: 376accept-encoding: gzip
其实头部信息可以省略,参数可以只用 “userName”=>“账号”, “password”=>“密码”, “appClientId”=>“10201”, “deviceId”=>“OAIDf1710a18c5b331b6e7c73d9bc243c841”, “deviceType”=>“V1814T”, “ua”=>“10201/10.5.3;Android 9;vivo;V1814T;102;1080*2267;deviceId:OAIDf1710a18c5b331b6e7c73d9bc243c841;deviceName:vivo V1814T;clientId:10201;os:Android 9;brand:vivo;model:V1814T;bno:10.5.3;lang:zh-CN;” 注意:密码在抓包的时候已经被加密,抓到的是加密的,只能填写加密的密码
中间签到数据明天分析
直接跳过到 拍照签到页面 API: www.yunzhijia.com/attendance-signapi/signservice/sign/signPhoto
参数feature=地点备注也就是描述&configId=6030f059e4b0a573846c9190_0&networkId=6030f036e4b073af2b8f1b3c&type=2&userId=6030effae4b04c19f8c73450&photoIds=60312b09e602080001567380%2C&clockTime=1613835016437 头部携带以下即可
数据发送后返回
有点仓促明天修改