喜马拉雅 :sojson
输出document.cookie :
"_xmLog=xm_k89tz29qbf5t1c; s&e=08d385dfcb42f51fe7925f5204784dab; x_xmly_traffic=utm_source%253A%2526utm_medium%253A%2526utm_campaign%253A%2526utm_content%253A%2526utm_term%253A%2526utm_from%253A; device_id=xm_1585292112057_k89tzq9lm0f086; Hm_lvt_4a7d8ec50cfd6af753c4f8aee3425070=1585292113; fds_otp=8918718095985756179; 1&remember_me=y; 1_l_flag=123287008&E8450A64372E407190DE02FEDCCE1F64NdV5C1E3CE720A51FF03265825EB00CE1357571F1C0FADE17E70067BB3DEFF54251_2020-03-2714:55:47; login_type=password_mobile; Hm_lpvt_4a7d8ec50cfd6af753c4f8aee3425070=1585293554; s&a=JS%0BTVV%1F%09%1D%0D[U%04VJ%09%1FPVU[%09NUJ_T[Z%07%1A%05VZCSBRWYKZC[UY"
访问https://mpay.ximalaya.com/mobile/track/pay/196672125?device=pc&isBackend=true&_=1585295258764 返回信息里有如下:
{"ret":0,"msg":"0","trackId":196672125,"uid":19634543,"albumId":25010802,"title":"《最佳女婿》片花+0001|目睹自己被火化是怎样的感受?","domain":"http://audiopay.cos.xmcdn.com","totalLength":6875946,"sampleDuration":0,"sampleLength":0,"isAuthorized":true,"apiVersion":"1.0.0","seed":5937,"fileId":"3*18*31*9*12*20*24*0*6*2*24*49*2*24*22*46*24*29*11*3*37*44*5*6*5*8*35*49*60*49*49*34*57*61*27*67*18*11*48*36*56*55*60*53*2*2*19*21*43*64*55*","buyKey":"617574686f72697a6564","duration":849,"ep":"20NvOoh6T39X3qwKO4cY5g5bVhg+hCXPSYRNfQ/hCiupy+yI1fmInupc0auL36VlDrMjgXMYe6Ni0uz+xg0Q2bYXMStU","highestQualityLevel":2,"downloadQualityLevel":1,"authorizedType":1}
这里面的 ep 和 fileId有用。
首先在下面的位置下断点,刷新网页时会有一个链接: //"https://mpay.ximalaya.com/mobile/track/pay/196672125?device=pc&isBackend=true&_=1585295258764" 看到此链接就会有加密:
'open',
originalOpen =>
function(this: SentryWrappedXMLHttpRequest, ...args: any[]): void {
const url = args[1]; //此处下断点,放行网页
this.__sentry_xhr__ = {
method: args[0],
url: args[1],
};
const client = getCurrentHub().getClient();
const dsn = client && client.getDsn();
if (dsn) {
const filterUrl = new API(dsn).getStoreEndpoint(); //此处下断点
// if Sentry key appears in URL, don't capture it as a request
// but rather as our own 'sentry' type breadcrumb
if (isString(url) && (filterUrl && url.includes(filterUrl))) {
this.__sentry_own_request__ = true;
}
}
==================================================================================
function H(t) {
var e = t.type
, n = t.url
, r = t.data
, o = t.contentType
, i = t.withCredentials
, a = void 0 !== i && i
, u = t.headers;
return new Promise((function(t, i) { //这里下断点,通过f11向下跟即可找到下面位置
var s, l = new XMLHttpRequest;
if (a && (l.withCredentials = !0),
"GET" === e.toUpperCase() && r)
for (var c in r)
r.hasOwnProperty(c) && (n = B(n, c, r[c]));
for (var f in l.open(e, n, !0),
"POST" === e.toUpperCase() && (s = r,
"[object Object]" === Object.prototype.toString.call(s)) && (o && "application/x-www-form-urlencoded" !== o ? (l.setRequestHeader("Content-Type", "application/json"),
r = JSON.stringify(r)) : (l.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"),
r = function t(e) {
var n, r, o, i, a, u, s = "";
==================================================================================通过f11向下跟即可找到下面位置
var o = t.seed
, i = t.fileId
, a = t.ep
, u = t.duration
, s = t.domain
, l = t.apiVersion
, c = function(t, e) {
var n = new gt(t).cg_fun(e); //跟进去则是 cg_fun: function(t) { ....} 这里主要处理
return "/" === n[0] ? n : "/".concat(n) //返回的是此类型 /group2/M07/67/98/wKgLfl0lvH6x66NzAGjrKnJUaxs775.m4a
}(o, i)
, f = Et(a); //这里解密 ep 后组包即可 "{"sign":"4609eb1a23460149cb211da15de61e0b","buy_key":"617574686f72697a6564","token":"9928","timestamp":"1585295559"}"
f.duration = u;
var p = function(t) {
var e = t;
return "http://audi
else {
var o = t.seed
, i = t.fileId
, a = t.ep
, u = t.duration
, s = t.domain
, l = t.apiVersion
, c = function(t, e) {
var n = new gt(t).cg_fun(e);
return "/" === n[0] ? n : "/".concat(n)
}(o, i)
, f = Et(a);
f.duration = u;
var p = function(t) {
var e = t;
return "http://audiopay.cos.xmcdn.com" === t ? e = t.replace("http:", "https:") : (t.indexOf("audio.pay.xmcdn.com") > -1 && (e = "https://vod.xmcdn.com"),
e)
}(s)
, h = "".concat(p, "/download/").concat(l).concat(c)
, d = "".concat(h, "?").concat(e.stringfy(f)); // 这里直接就是返回的下载地址
n(d)
========================================================
下面是协议头上的sign加密位置:
喜马拉雅sign协议头加密:sojson
可以搜索var t = "https://www.ximalaya.com/revision/time"; 定位,在下面
value: function() {
var t, e, n = "";
return n = f() ? Date[s("0x2c")]() : window[s("0x34")] || 0,
t = n,
e = Date[s("0x2c")](),
"{himalaya-"[s("0x2d")](t, "}(")[s("0x2d")](p(100), ")")[s("0x2d")](t, "(")[s("0x2d")](p(100), ")")[s("0x2d")](e).replace(/{([\w-]+)}/, (function(t, e) {
return c(e)
}
))
}