js代码
try {
$.http.jsonp('http://cgi.vip.qq.com/querygrow/get?r=' + Math.random() + '&g_tk=' + tkTools.getCSRFToken() + '&callback=window.getQueryQrow2');
} catch (e) {}
'&g_tk=' + tkTools.getCSRFToken()
超找getCSRFToken()方法:
getCSRFToken: function(param) {
var CSRF_TOKEN_KEY = 'tencentQQVIP123443safde&!%^%1282';
var CSRF_TOKEN_SALT = 5381;
param = param || {};
var salt = param.salt || CSRF_TOKEN_SALT;
var md5key = param.md5key || CSRF_TOKEN_KEY;
var skey = param.skey || $.cookie.get('private_skey') || $.cookie.get('skey') || '';
var hash = [],
ASCIICode;
hash.push((salt << 5));
for (var i = 0, len = skey.length; i < len; ++i) {
ASCIICode = skey.charAt(i).charCodeAt(0);
hash.push((salt << 5) + ASCIICode);
salt = ASCIICode;
}
return tkTools.getMD5(hash.join('') + md5key);
}
Go实现:
func getACSRFToken(skey string) string{
var CSRF_TOKEN_KEY = "tencentQQVIP123443safde&!%^%1282"
var CSRF_TOKEN_SALT = 5381;
var salt = CSRF_TOKEN_SALT;
var md5key = CSRF_TOKEN_KEY;
fmt.Println("skey =",skey)
strBit := []byte(skey)
var hash []string
fmt.Println("strBit=", strBit)
hash = append(hash, strconv.Itoa((salt << 5)))
for _, v := range strBit {
fmt.Println(strconv.Itoa((salt << 5) + int(v)))
hash = append(hash, strconv.Itoa((salt << 5) + int(v)))
salt = int(v)
}
hash = append(hash, md5key)
str := strings.Join(hash, "")
md5Ctx := md5.New()
md5Ctx.Write([]byte(str))
cipherStr := md5Ctx.Sum(nil)
fmt.Print(cipherStr)
fmt.Print("\n")
return hex.EncodeToString(cipherStr)
}
传入的是cookie中的skey值
参考:
http://blog.csdn.net/gsls200808/article/details/48209917
http://blog.csdn.net/yunyu5120/article/details/37892711