12306购票抓包分析以及任务分解
学习目标:
- 了解 12306抓包过程
1.1 抓包分析
使用谷歌浏览器或fiddler等抓包工具完成登陆以及购票操作,进行抓包,根据
具有业务作用或被set-cookie确定以下内容:
- url
- query
- method
- data
- Referer
- response.text / response.json()
1.1.1 https://www.12306.cn/index/
作用:获取cookies
- GET
1.1.2 https://kyfw.12306.cn/otn/login/conf
作用:获取cookies
- POST
- data 无
- Referer
https://kyfw.12306.cn/otn/resources/login.html
1.1.3 https://kyfw.12306.cn/otn/index12306/getLoginBanner
作用:获取cookies
GET
Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":...
1.1.4 https://kyfw.12306.cn/passport/web/auth/uamtk-static
作用:获取cookies,检查用户是否登录
POST
-
data
{'appid': 'otn'} Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{"result_message":"用户未登录","result_code":1}
1.1.5 https://kyfw.12306.cn/passport/web/create-qr64
作用:获取cookies,获取登录二维码
POST
-
data
{'appid': 'otn'} Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{"result_message":"生成二维码成功","result_code":"0","image":"iVBO...","uuid":"..."}- uuid
1.1.6 https://kyfw.12306.cn/passport/web/checkqr
作用:获取cookies,查询二维码状态
POST
-
data
{'appid': 'otn', 'uuid': uuid} Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{"result_message":"二维码状态查询成功","result_code":"0"}
1.1.7 https://kyfw.12306.cn/passport/captcha/captcha-image64?login_site=E&module=login&rand=sjrand&_={}
作用:获取验证码图片
GET
-
query
-
str(time.time() * 1000)[:-5]13位时间戳
-
Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{"result_message":"生成验证码成功","result_code":"0","image":"/9j..."}- image:base64 图片编码
1.1.8 https://kyfw.12306.cn/passport/captcha/captcha-check?answer={}&rand=sjrand&login_site=E&_={}
作用:验证图片验证码
GET
-
query
- answer 图片验证码坐标
-
str(time.time() * 1000)[:-5]13位时间戳
Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{'result_message': '验证码校验成功', 'result_code': '4'}
1.1.9 https://kyfw.12306.cn/passport/web/login
作用:登录
POST
-
data
{'username': username, 'password': password, 'appid': 'otn', 'answer': answer} # 图片验证码坐标 1.8小结 Referer
https://kyfw.12306.cn/otn/resources/login.html-
response.json()
{"result_message":"登录成功","result_code":0,"uamtk":"mZflRtMjLW9f7tIDMvjiZR0qp5uuO3zJQBHeCHvMrxssd1210"}
1.1.10 https://kyfw.12306.cn/otn/login/userLogin
作用:302跳转
- GET
- Referer
https://kyfw.12306.cn/otn/resources/login.html
1.1.11 https://kyfw.12306.cn/otn/passport?redirect=/otn/login/userLogin
作用:进入登陆页,获取cookie或行为验证
- GET
- Referer
https://kyfw.12306.cn/otn/resources/login.html
1.1.12 https://kyfw.12306.cn/passport/web/auth/uamtk
作用:获取newapptk
POST
-
data
{'appid': 'otn'} Referer
https://kyfw.12306.cn/otn/passport?redirect=/otn/login/userLogin-
response.json()
{'result_message': '验证通过', 'result_code': 0, 'apptk': None, 'newapptk': '9pHw2HZlkEEoUm_Nc4DJxl1QUk6NdAZqz4DXs3B2mHAga1210'}- newapptk
1.1.13 https://kyfw.12306.cn/otn/uamauthclient
作用:登录后验证
POST
-
data
{'tk': newapptk} Referer
https://kyfw.12306.cn/otn/passport?redirect=/otn/login/userLogin-
response.json()
{'apptk': '9pHw2HZlkEEoUm_Nc4DJxl1QUk6NdAZqz4DXs3B2mHAga1210', 'result_code': 0, 'result_message': '验证通过', 'username': '赵艳秋'}
1.1.14 https://kyfw.12306.cn/otn/resources/js/framework/station_name.js?station_version=1.9076
作用:解析获取车站/城市信息字典
- GET
- query
- station_version=1.9076 # 随着国家的发展,新增车站/城市,会新增版本号
1.1.15 https://kyfw.12306.cn/otn/leftTicket/log?leftTicketDTO.train_date=%s&leftTicketDTO.from_station=%s&leftTicketDTO.to_station=%s&purpose_codes=ADULT
作用:查询车量信息前置操作
GET
-
query
- train_data 出行时间 固定格式
2018-12-03 - from_station_code 出行车站/城市编码
- to_station_code 到达车站/城市编码
- train_data 出行时间 固定格式
Referer
https://kyfw.12306.cn/otn/leftTicket/init-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"messages":[],"validateMessages":{}}
1.1.16 https://kyfw.12306.cn/otn/leftTicket/query?leftTicketDTO.train_date=%s&leftTicketDTO.from_station=%s&leftTicketDTO.to_station=%s&purpose_codes=ADULT
作用:查询车量信息
GET
-
query
- train_data 出行时间 固定格式
2018-12-03 - from_station_code 出行车站/城市编码 from 车站/城市信息字典[from_station]
- to_station_code 到达车站/城市编码 from 车站/城市信息字典[to_station]
- train_data 出行时间 固定格式
Referer
https://kyfw.12306.cn/otn/leftTicket/init-
response.json()
- 此处需要解析车辆信息
- secretStr
- leftTicket
- train_location
1.1.17 https://kyfw.12306.cn/otn/login/checkUser
作用:检查用户是否保持登录状态
POST
-
data
{'_json_att': ''} Referer
https://kyfw.12306.cn/otn/leftTicket/init-
response.json()
{'validateMessagesShowId': '_validatorMessage', 'status': True, 'httpstatus': 200, 'data': {'flag': True}, 'messages': [], 'validateMessages': {}}
1.1.18 https://kyfw.12306.cn/otn/leftTicket/submitOrderRequest
作用:点击预定车票
POST
-
data
{ 'secretStr': secretStr, 'train_date': train_date, 'back_train_date': train_date, 'tour_flag': 'dc', # dc 单程 wf 往返 'purpose_codes': 'ADULT', # 成人 'query_from_station_name': from_station, # 车站/城市信息字典[from_station] 'query_to_station_name': to_station, # 车站/城市信息字典[to_station] 'undefined': '' } Referer
https://kyfw.12306.cn/otn/leftTicket/init-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":"N","messages":[],"validateMessages":{}}
1.1.19 https://kyfw.12306.cn/otn/confirmPassenger/initDc
作用:订单初始化 获取REPEAT_SUBMIT_TOKEN 和 key_check_isChange
POST
-
data
{'_json_att': ''} Referer
https://kyfw.12306.cn/otn/leftTicket/init-
response.text
- repeat_submit_token 正则获取
- key_check_isChange 正则获取
1.1.20 https://kyfw.12306.cn/otn/confirmPassenger/getPassengerDTOs
作用:获取用户信息
POST
-
data
{'_json_att': '', 'REPEAT_SUBMIT_TOKEN': repeat_submit_token} # 1.1.19获取 Referer
https://kyfw.12306.cn/otn/confirmPassenger/initDc-
response.json()
需要解析并构造乘客信息
需要解析坐席编码
seat_type-
passengerTicketStr
passengerTicketStr = '%s,0,1,%s,%s,%s,%s,N' % ( seat_type, passenger_info_dict['passenger_name'], passenger_info_dict['passenger_id_type_code'], passenger_info_dict['passenger_id_no'], passenger_info_dict['passenger_mobile_no']) -
oldPassengerStr
oldPassengerStr = '%s,%s,%s,1_' % ( passenger_info_dict['passenger_name'], passenger_info_dict['passenger_id_type_code'], passenger_info_dict['passenger_id_no'])
1.1.21 https://kyfw.12306.cn/otn/confirmPassenger/checkOrderInfo
作用:检查选票人信息
POST
-
data
{ 'cancel_flag': '2', # 未知 'bed_level_order_num': '000000000000000000000000000000', # 未知 'passengerTicketStr': passengerTicketStr.encode('utf-8'), # O,0,1,靳文强,1,142303199512240614,18335456020,N 'oldPassengerStr': oldPassengerStr.encode('utf-8'), # 靳文强,1,142303199512240614,1_ 'tour_flag': 'dc', # 单程 'randCode': '', 'whatsSelect': '1', '_json_att': '', 'REPEAT_SUBMIT_TOKEN': repeat_submit_token # 1.1.19获取 } Referer
https://kyfw.12306.cn/otn/confirmPassenger/initDc-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":{"ifShowPassCode":"N","canChooseBeds":"N","canChooseSeats":"N","choose_Seats":"MOP9","isCanChooseMid":"N","ifShowPassCodeTime":"1","submitStatus":true,"smokeStr":""},"messages":[],"validateMessages":{}}
1.1.22 https://kyfw.12306.cn/otn/confirmPassenger/getQueueCount
作用:提交订单,并获取持票未付款的人数,和车票的真实余数
POST
-
data
{ 'train_date': parseDate(train_date), # Fri Nov 24 2017 00:00:00 GMT+0800 (中国标准时间) 'train_no': train_info_dict['train_no'], # 6c0000G31205 'stationTrainCode': train_info_dict['stationTrainCode'], # G312 'seatType': seat_type, # 席别 'fromStationTelecode': train_info_dict['from_station'], # one_train[6] 'toStationTelecode': train_info_dict['to_station'], # ? one_train[7] 'leftTicket': train_info_dict['leftTicket'], # one_train[12] 'purpose_codes': '00', 'train_location': train_info_dict['train_location'], # one_train[15] '_json_att': '', 'REPEAT_SUBMIT_TOKEN': repeat_submit_token # 1.1.19获取 } Referer
https://kyfw.12306.cn/otn/confirmPassenger/initDc-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":{"count":"0","ticket":"20,100","op_2":"false","countT":"0","op_1":"false"},"messages":[],"validateMessages":{}}- count 持票未付款的人数
- ticket 车票的真实余数
1.1.23 https://kyfw.12306.cn/otn/confirmPassenger/confirmSingleForQueue
作用:确认订单,进行扣票
POST
-
data
{ 'passengerTicketStr': passengerTicketStr.encode('utf-8'), 'oldPassengerStr': oldPassengerStr.encode('utf-8'), 'randCode': '', 'purpose_codes': '00', 'key_check_isChange': key_check_isChange, 'leftTicketStr': leftTicket, 'train_location': train_location, # one_train[15] 'choose_seats': '', # 选择坐席 ABCDEF 上中下铺 默认为空不选 'seatDetailType': '000', 'whatsSelect': '1', 'roomType': '00', 'dwAll': 'N', # ? '_json_att': '', 'REPEAT_SUBMIT_TOKEN': repeat_submit_token # 1.1.19获取 } Referer
https://kyfw.12306.cn/otn/confirmPassenger/initDc-
response.json()
{'validateMessagesShowId': '_validatorMessage', 'status': True, 'httpstatus': 200, 'data': {'submitStatus': True}, 'messages': [], 'validateMessages': {}}
1.1.24 https://kyfw.12306.cn/otn/confirmPassenger/queryOrderWaitTime?random=%s&tourFlag=dc&_json_att=&REPEAT_SUBMIT_TOKEN=%s
作用:排队等待 返回waittime(下次发送重复请求所需要的等待时间) 重复发送请求直到获取 requestID 和 orderID
GET
-
query
- str(int(time.time() * 1000))
- repeat_submit_token # 1.1.19获取
Referer
https://kyfw.12306.cn/otn/confirmPassenger/initDc-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":{"queryOrderWaitTimeStatus":true,"count":0,"waitTime":4,"requestId":6478994818521140385,"waitCount":1,"tourFlag":"dc","orderId":null},"messages":[],"validateMessages":{}}
1.1.25 https://kyfw.12306.cn/otn/confirmPassenger/resultOrderForDcQueue
作用:获取订单结果,如果提示“网络传输过程中数据丢失,请查看未完成订单,继续支付!”则购票成功!
POST
-
data
{ 'orderSequence_no': orderID, # 1.1.24获取 '_json_att': '', 'REPEAT_SUBMIT_TOKEN': repeat_submit_token # 1.1.24获取 } Referer
https://kyfw.12306.cn/otn/confirmPassenger/initDc-
response.json()
{"validateMessagesShowId":"_validatorMessage","status":true,"httpstatus":200,"data":{"errMsg":"网络传输过程中数据丢失,请查看未完成订单,继续支付!","submitStatus":false},"messages":[],"validateMessages":{}}
1.2 项目任务分解
小结
- 了解 12306登陆购票抓包过程
