解密payload

62145eb0 · wang · 85de9332 · 62145eb0 · 62145eb0 · 62145eb0
Commit 62145eb0 authored Nov 01, 2023 by wang
8 changed files
--- a/captcha.py
+++ b/captcha.py
@@ -309,7 +309,7 @@ class PxBypass():
    def __gen_pc(self, data_str, param):
        # self.log.info(f'genpc {data_str} {param}')
        # ctx = execjs.compile(jsCode)
-        return ctxPC.call('genPc', param, data_str)
+        return ctxPC.call('genPc', data_str, param)

    def __token(self):


--- a/index.html
+++ b/index.html
@@ -9,19 +9,19 @@
 </head>
 <body>
    <script>
-        window._pxVid = 'dd9f9ada-7879-11ee-91c7-8768a7117ce0';
-        window._pxUuid = 'deeb1bb0-7879-11ee-b544-b545eb1c6a33';
+        window._pxVid = '5011fee7-7888-11ee-b636-e59bb8b52b89';
+        window._pxUuid = 'b8a39670-7866-11ee-9655-63a4f05cd5d1';
        window._pxAppId = 'PXVb73hTEg';
        window._pxHostUrl = 'https://collector-PXVb73hTEg.perimeterx.net';
        window._pxCustomLogo = '';
        window._pxJsClientSrc = '//client.perimeterx.net/PXVb73hTEg/main.min.js';
        window._pxFirstPartyEnabled = 'false';
        var script = document.createElement('script');
-        script.src = '//captcha.perimeterx.net/PXVb73hTEg/captcha.js?a=&u=deeb1bb0-7879-11ee-b544-b545eb1c6a33&v=dd9f9ada-7879-11ee-91c7-8768a7117ce0&m=0';
+        script.src = '//captcha.perimeterx.net/PXVb73hTEg/captcha.js?a=c&u=b8a39670-7866-11ee-9655-63a4f05cd5d1&v=5011fee7-7888-11ee-b636-e59bb8b52b89&m=0';
        document.head.appendChild(script);
        script.onerror = function () {
            script = document.createElement('script');
-            script.src = 'https://captcha.px-cloud.net/PXVb73hTEg/captcha.js?a=&u=deeb1bb0-7879-11ee-b544-b545eb1c6a33&v=dd9f9ada-7879-11ee-91c7-8768a7117ce0&m=0';
+            script.src = 'https://captcha.px-cloud.net/PXVb73hTEg/captcha.js?a=c&u=b8a39670-7866-11ee-9655-63a4f05cd5d1&v=5011fee7-7888-11ee-b636-e59bb8b52b89&m=0';
            script.onerror = window._pxDisplayErrorMessage;
            document.head.appendChild(script);
        };

--- a/js/encodepayload.js
+++ b/js/encodepayload.js
--- a/main.py
+++ b/main.py
@@ -36,17 +36,17 @@ class PxBypass():
    # PX11701 111o1o
    str1: str = ''

-    session = tls_client.Session(client_identifier='chrome_112', random_tls_extension_order=True)
+    session = tls_client.Session(client_identifier='chrome_117', random_tls_extension_order=False)
    # session = requests.Session()
    session.proxies = {
        'http': 'http://127.0.0.1:7890',
        'https': 'http://127.0.0.1:7890',
    }

-    # session.proxies = {
-    #     'http': "http://unfflcc:76cc14-47b8dd-1f8ace-827836-0c740e@usa.rotating.proxyrack.net:11125",
-    #     'https': "http://unfflcc:76cc14-47b8dd-1f8ace-827836-0c740e@usa.rotating.proxyrack.net:11125",
-    # }
+    session.proxies = {
+        'http': "http://unfflcc:76cc14-47b8dd-1f8ace-827836-0c740e@usa.rotating.proxyrack.net:9000",
+        'https': "http://unfflcc:76cc14-47b8dd-1f8ace-827836-0c740e@usa.rotating.proxyrack.net:9000",
+    }
    tag = "v8.7.2"
    ft = "317"
    def __init__(self, target_url):
@@ -63,18 +63,18 @@ class PxBypass():
        self.seq = 0
        self.rsc = 1
        self._step_1()
-        time.sleep(2)
+        # time.sleep(5)
        self.inc()
        self.seq += 1
        # self._step_11()
        # self.inc()
        self._step_2(True)
-        time.sleep(2)
+        # time.sleep(5)
        self._step_2(False)
-        time.sleep(2)
+        # time.sleep(5)
        self.inc()
        self._step_3()
-        time.sleep(2)
+        # time.sleep(5)

        self.inc()
        self.__token()
@@ -107,7 +107,9 @@ class PxBypass():
            f.write(res.text)

    def __uuid(self):
-        return ctxStep2.call('genUuid')
+        return "b8a39670-7866-11ee-9655-63a4f05cd5d1"
+        # return ctxStep2.call('genUuid')
+
        # r = ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", "10", "11",
        #      "12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", "20", "21", "22", "23",
        #      "24", "25", "26", "27", "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", "30", "31", "32", "33", "34", "35",
@@ -291,7 +293,7 @@ class PxBypass():
    def __gen_pc(self, data_str, param):
        # self.log.info(f'genpc {data_str} {param}')
        # ctx = execjs.compile(jsCode)
-        return ctxPC.call('genPc', param, data_str)
+        return ctxPC.call('genPc', data_str, param)

    def __token(self):

@@ -324,7 +326,7 @@ class PxBypass():
        data_str = ctxStep2.call('genPayload2', self.sid, self.vid, self.ts, self.num1, self.num2, self.str1, self.uuid, nn)
        self.log.info(f'data_str2 {data_str}')

-        payload = ctx.call('encodePayload', data_str, self.uuid, '')
+        payload = ctx.call('encodePayload', data_str, self.uuid, self.ts)
        self.log.info(f'payload {payload}')

        pc = self.__gen_pc(data_str, f'{self.uuid}:{self.tag}:{self.ft}')
@@ -409,7 +411,7 @@ class PxBypass():
        data = [{"t":"PX12167","d":{"PX11648":True,"PX11379":False,"PX11645":"https://www.flyfrontier.com/"}}]
        data_str = json.dumps(data, separators=(',', ':'))
        self.log.info(f'data_str {data_str}')
-        payload = ctx.call('encodePayload', data_str, self.uuid, '')
+        payload = ctx.call('encodePayload', data_str, self.uuid, self.ts)
        self.log.info(f'payload {payload}')
        pc = self.__gen_pc(data_str, f'{self.uuid}:{self.tag}:{self.ft}')
        print(pc)
@@ -535,7 +537,7 @@ class PxBypass():
        data_str = ctxStep2.call('genPayload3', self.sid, self.vid, self.ts, self.num1, self.num2, self.str1, self.uuid)
        self.log.info(f'data_str3 {data_str}')

-        payload = ctx.call('encodePayload', data_str, self.uuid, '')
+        payload = ctx.call('encodePayload', data_str, self.uuid, self.ts)
        self.log.info(f'payload3 {payload}')

        pc = self.__gen_pc(data_str, f'{self.uuid}:{self.tag}:{self.ft}')

--- a/pc.js
+++ b/pc.js
@@ -111,17 +111,16 @@ function genPc(t, e, n) {
 }

 let t = '[{"t":"PX12095","d":{"PX11645":"https://www.flyfrontier.com/","PX12207":0,"PX12458":"MacIntel","PX11902":0,"PX11560":2415,"PX12248":3600,"PX11385":1693058324224,"PX12280":1693058324227,"PX11496":"ab7f61e0-4418-11ee-87a1-e51213af1917","PX12564":null,"PX12565":-1,"PX11379":false}}]'
-t = '[{"t":"PX12095","d":{"PX11645":"https://www.flyfrontier.com/","PX12207":0,"PX12458":"MacIntel","PX11902":0,"PX11560":3408,"PX12248":3600,"PX11385":1698224059765,"PX12280":1698224059783,"PX11496":"15d14340-7314-11ee-976b-3781c82989e7","PX12564":null,"PX12565":-1,"PX11379":false}}]'
-
-let e = '15d14340-7314-11ee-976b-3781c82989e7:v8.6.6:316'
-// console.log(genPc(t, e))
-
-function pe(t, e) {
-            for (var n = "", r = 0; r < t.length; r++) {
-                console.log(e, t.charCodeAt(r),e ^ t.charCodeAt(r))
-                n += String.fromCharCode(e ^ t.charCodeAt(r));
-            }
-            return n;
-        }
-
-console.log(pe('>9>?', 10))
\ No newline at end of file
+t = '[{"t":"PX12095","d":{"PX11645":"https://www.flyfrontier.com/","PX12207":0,"PX12458":"MacIntel","PX11902":0,"PX11560":31629,"PX12248":3600,"PX11385":1698822700332,"PX12280":1698822700336,"PX11496":"b8a39670-7866-11ee-9655-63a4f05cd5d1","PX12564":null,"PX12565":-1,"PX11379":false}}]'
+let e = 'b8a39670-7866-11ee-9655-63a4f05cd5d1:v8.7.2:317'
+console.log(genPc(t, e))
+
+// function pe(t, e) {
+//             for (var n = "", r = 0; r < t.length; r++) {
+//                 console.log(e, t.charCodeAt(r),e ^ t.charCodeAt(r))
+//                 n += String.fromCharCode(e ^ t.charCodeAt(r));
+//             }
+//             return n;
+//         }
+//
+// console.log(pe('>9>?', 10))
\ No newline at end of file
--- a/step2.js
+++ b/step2.js
@@ -569,8 +569,9 @@ let m = {


 console.log(genPayload3(
-    "7bc87a14-7879-11ee-be5e-b1efc531e836", "7bc86d29-7879-11ee-be5e-9a37947885cd", "1698817365836", 4661, "14971649095301537426", "cl0ualbs8hoeem5qt8cg", "b8a39670-7866-11ee-9655-63a4f05cd5d1"
-))
+"d22eed40-7881-11ee-9e90-1311179c46ec", "d22ee1f3-7881-11ee-9e90-76657b00b658", "1698820946763", 1822, "39492785339377928623", "cl0v6kibqtgeem2gca3g", "b8a39670-7866-11ee-9655-63a4f05cd5d1" , true)
+
+)


 // console.log(JSON.stringify(data))

--- a/test.py
+++ b/test.py
@@ -57,7 +57,9 @@ a2 ="WVkHBwdZFDcYEFoUW1tYFA0RIlkhAgcBMiw5XCUvPVglEikcJhILHyYBWBAlPz4EJDwPEjI8MRw
 # a2 = "WVkHBwdZFDcYEFoUW1tYFA0RIlkhAgcBMT89EiUFIRExEikcJhIyBSYrWBAlPz4EJDwAAiUsLRwmPyIBJT8xHyUsLVgxAgwDIQEfAQwBIV4hBS4EMQI5XSYsDxIkPAtaMgI5HCU8LgQyO1hcMTwiBSQ8PVwxAg8SMgU6AyY8DxIyKyEbIQY5AScCMRElLCESJRIPXCUsKR8mER8BCSshXiECMVomPzIAJgI5ESUvOgIlWjFbMT8lWCU/JRInPyERJz8lECU8MgUxEiYAJzwpETE8IV0nPCkfJgI9Eic8KREmPzIFJS8mAyY8BAMmAioEJiw5XTI/LQEOOVVVFBwaHQ0UW1hYFhYWFgdZB1lZWRQLHQ=="


-a2 = "B1lZWQcHBwcUXF5eWRYWFhZZBwcHB1kUCwRYHQkEChtQAAcNDQVdGRxQCw8WFhYWWVlZBwdZFBoOFF5YFFkWFhYWWVkHWVlZFF4MDQsLXFhcXQtRUAkMWlBbCQlfDFxbWwsLUVpbCQ0ODFxRXlAJXVhcC1kLX19dUF1QUFsNWFxYXFBYDV0JDQoWFhYWB1kHB1kHFF8KC1BeDFpRRV9QX1FFWVkNDUUKDV0NRVEJW19RXF9QUF0LDBRbWV1bXlhYWBQcGh0NFhYWFllZWQcHWRQLCxReWBQ9Wi4cMj4mGAwvPVE8Ly5cJx9VVRYWFhYHWVkHWVkUXwoLUF8JWVxFX1BfUUVZWQ0NRQoNXQ1FClkNDgtdW1kNUFteFhYWFgdZWVkHBwdZFFleUVBQWV9bXl1QW14WFhYWWVlZB1kHFFlcUV9ZXlxRWFFdW1hZXVtfXFpeFhYWFgdZWQdZWQcHFF8KC1BfDQ5bRV9QX1FFWVkNDUUKDV0NRQpZDQ4LXVtZDVBbXhQcGh0NFhYWFgdZB1lZWRQLHQ=="
+a2 = "B1lZWQcHBwcUWVBaWhYWFhZZWVkHB1kUCwsUXlgUPVouHDI+JhgMLz1RPC8uXCcfVVUWFhYWWVlZB1kHFFtRXFFaX1BdW1tRW19fUVpQXlpbFhYWFllZB1lZWRReDA0LC1xYXF0LUVAJDFpQWwkJXwxcW1sLC1FaWwkNDgxcUV5QCV1YXAtZC19fXVBdUFBbDVhcWFxQWA1dCQ0KFhYWFgdZB1lZWRQLHRYWFhZZBwcHB1kUCwRYHl4DAQoZHA8NDQVaDwsJWw8WFhYWB1lZB1lZFAxaWg0NDFxYRV9QUFlFWVkNDUVRDVFYRVlbWVlZX1ELXF4NCxYWFhYHWVkHWVkHBxQMWloNDlhRC0VfUFBZRVlZDQ1FUQ1RWEVZW1lZWV9RC1xeDQsUHBodDRYWFhYHWVlZBwcHWRRZXlFQUFpYUVxeX15bFhYWFgdZBwdZBxQMWloNDVkOW0VfUFBZRVlZDQ1FUQ1RWEVfXl5dXwpYWApeXVAUW1ldW15YWFgUHBodDQ=="
+
+

 # 0III0I00 判断是否通过


--- a/test_url.py
+++ b/test_url.py
@@ -23,33 +23,17 @@ headers = {
    "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36"
 }

-headers['cookie'] =  '_gcl_au=1.1.722464866.1698810357; _ga_XXXX=GS1.1.1698810356.1.0.1698810356.0.0.0; _pxvid=2a55550f-7869-11ee-acf5-c9203fdba316; pxcts=2a55663a-7869-11ee-acf5-f6b8cb093cb9; _ga=GA1.2.1295470390.1698810357; _gid=GA1.2.1707451477.1698810360; _gat_UA-2678252-1=1; _uetsid=2c02f3e0786911ee83f54b37555df671; _uetvid=2c032890786911eeb98ad1d36ffcc3dc; wisepops=%7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A84%2C%22cid%22%3A%2278471%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D; wisepops_visits=%5B%222023-11-01T03%3A45%3A56.718Z%22%5D; wisepops_session=%7B%22arrivalOnSite%22%3A%222023-11-01T03%3A45%3A56.718Z%22%2C%22mtime%22%3A1698810360043%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22sticky%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D; _fbp=fb.1.1698810360050.1803367428; _px2=eyJ1IjoiYjhhMzk2NzAtNzg2Ni0xMWVlLTk2NTUtNjNhNGYwNWNkNWQxIiwidiI6IjJhNTU1NTBmLTc4NjktMTFlZS1hY2Y1LWM5MjAzZmRiYTMxNiIsInQiOjYyMDIzMzg4MDAwNywiaCI6ImM3ODFmMTVhMmVlZmUxYWMzZTBhNmQwYmQ4YzVhODA2NTFhNDhjOThmZTVmMmQ2MTIyMDc4YzUwYjYxYmU1YjIifQ==; _up=1.2.1818147287.1698810361; _tt_enable_cookie=1; _ttp=D3xep_DTwKRrOnkK63RwbIGqBC0; _ga_P2WLKWBNNW=GS1.1.1698810356.1.0.1698810363.53.0.0'
+# headers['cookie'] =  '_gcl_au=1.1.722464866.1698810357; _ga_XXXX=GS1.1.1698810356.1.0.1698810356.0.0.0; _pxvid=2a55550f-7869-11ee-acf5-c9203fdba316; pxcts=2a55663a-7869-11ee-acf5-f6b8cb093cb9; _ga=GA1.2.1295470390.1698810357; _gid=GA1.2.1707451477.1698810360; _gat_UA-2678252-1=1; _uetsid=2c02f3e0786911ee83f54b37555df671; _uetvid=2c032890786911eeb98ad1d36ffcc3dc; wisepops=%7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A84%2C%22cid%22%3A%2278471%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D; wisepops_visits=%5B%222023-11-01T03%3A45%3A56.718Z%22%5D; wisepops_session=%7B%22arrivalOnSite%22%3A%222023-11-01T03%3A45%3A56.718Z%22%2C%22mtime%22%3A1698810360043%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22sticky%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D; _fbp=fb.1.1698810360050.1803367428; _px2=eyJ1IjoiYjhhMzk2NzAtNzg2Ni0xMWVlLTk2NTUtNjNhNGYwNWNkNWQxIiwidiI6IjJhNTU1NTBmLTc4NjktMTFlZS1hY2Y1LWM5MjAzZmRiYTMxNiIsInQiOjYyMDIzMzg4MDAwNywiaCI6ImM3ODFmMTVhMmVlZmUxYWMzZTBhNmQwYmQ4YzVhODA2NTFhNDhjOThmZTVmMmQ2MTIyMDc4YzUwYjYxYmU1YjIifQ==; _up=1.2.1818147287.1698810361; _tt_enable_cookie=1; _ttp=D3xep_DTwKRrOnkK63RwbIGqBC0; _ga_P2WLKWBNNW=GS1.1.1698810356.1.0.1698810363.53.0.0'


+cks = {
+    '__RequestVerificationToken': 'j3WpZa7RlBsKDs3kKEgWFhfDmSkPkaokzJ5yxP13MNUvhle8BOTN8ji5RETaxo4LahI_jgC7vZ-Xdgoa7KImVYqDNT8gC84jBhb_kbUeSWUkMzMfI_o-qfWpGw4HZjPUlODy2Q2',
+    '_pxhd': 'b8a3a3ff11f44a33d27da9a47776dc6a640555ac9008d75c1dbc2c9fd9d5ea02:5011fee7-7888-11ee-b636-e59bb8b52b89',
+    '_pxvid': '5011fee7-7888-11ee-b636-e59bb8b52b89', 'pxcts': '5a301337-7888-11ee-aea0-b84aa8afb930',
+    '_px2': 'eyJ1IjoiYjhhMzk2NzAtNzg2Ni0xMWVlLTk2NTUtNjNhNGYwNWNkNWQxIiwidiI6IjUwMTFmZWU3LTc4ODgtMTFlZS1iNjM2LWU1OWJiOGI1MmI4OSIsInQiOjYyMDIzMzg4MDAwNCwiaCI6IjEzYmQ2OWYzMzkzMjgxNzZjZTU2OWU2NWIzZDhjYjg0NTllMzRjMzU5YzIzZjE2NTFhMWZiZWZmODcxMjU4ZGMifQ=='
+}
+

-# cookies = {
-#     "_gcl_au": "1.1.1938228348.1698808359",
-#     "_ga_XXXX": "GS1.1.1698808358.1.0.1698808358.0.0.0",
-#     "_ga": "GA1.2.710562005.1698808359",
-#     "_gid": "GA1.2.1404246996.1698808359",
-#     "_gat_UA-2678252-1": "1",
-#     "wisepops": "%7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A66%2C%22cid%22%3A%2278471%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D",
-#     "wisepops_visits": "%5B%222023-11-01T03%3A12%3A38.539Z%22%5D",
-#     "wisepops_session": "%7B%22arrivalOnSite%22%3A%222023-11-01T03%3A12%3A38.539Z%22%2C%22mtime%22%3A1698808359003%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22sticky%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D",
-#     "_uetsid": "835aeac0786411eeba1bbf0eac362321",
-#     "_uetvid": "835b16f0786411eea91589125ff51ffb",
-#     "_pxvid": "835d9018-7864-11ee-8a4c-b7359a3f130c",
-#     "pxcts": "835d9c74-7864-11ee-8a4c-0a056b567f7d",
-#     "_fbp": "fb.1.1698808397941.389590519",
-#     "_tt_enable_cookie": "1",
-#     "_ttp": "LkMVd7UMPqKBQTla-e3Ax5ijAm6",
-#     "_up": "1.2.1531375415.1698808398",
-#     "_pin_unauth": "dWlkPVpEUm1NekV3Wm1FdFpHVm1NUzAwTVRRd0xUbGlOamd0WVdObFpqYzRZekJpWW1FeQ",
-#     "ORA_FPC": "id=4986ac22-8ff9-4d19-ad31-66dd8163958e",
-#     "WTPERSIST": "",
-#     "_ga_P2WLKWBNNW": "GS1.1.1698808358.1.0.1698808402.16.0.0",
-#     "_px2": "eyJ1IjoiNjE3MmIwODEtNzA0MC0xMDMxLTljYTgtNDRlNjE5NGFkMDlhIiwidiI6IjgzNWQ5MDE4LTc4NjQtMTFlZS04YTRjLWI3MzU5YTNmMTMwYyIs"
-# }

 # cookies.update(
 # # {'_pxhd': '728b2d129b5a075513034298f8e2d4ce004425c1f307bd2baa8e9525fa6bb510:4290832e-77db-11ee-bdfb-76e73743688f', '_pxvid': '4290832e-77db-11ee-bdfb-76e73743688f', '_px2': 'eyJ1IjoiYjllMjlkNjEtNzA0MC0xMDMxLTk3ZjUtMjVlOTU0YzUxNGU5IiwidiI6IjQyOTA4MzJlLTc3ZGItMTFlZS1iZGZiLTc2ZTczNzQzNjg4ZiIsInQiOjE2OTg3NDk3MTE3OTksImgiOiIwZmZiOTUwNjRhODJiNzg4Yjg5YzQ1NDMzZThhMWQ5ZjQwNTY3NzcxNjU5MGY5Mjc0ZGNmYWIxY2MwN2RhMzZhIn0=', 'pxcts': '43453788-77db-11ee-a37b-78e6fe245189'}
@@ -66,7 +50,7 @@ params = {
    "mon": "true",
    "adt": "1"
 }
-response = session.get(url, headers=headers, params=params)
+response = session.get(url, headers=headers, cookies=cks, params=params)

 print(response.text)
 print(response)