解密payload

712ab127 · wangmingming · 4fe47702 · 712ab127 · 712ab127 · 712ab127
Commit 712ab127 authored Nov 19, 2023 by wangmingming
Show whitespace changes
Inline Side-by-side

Showing with 48 additions and 81 deletions

main.py main.py +19 -63

step2.js step2.js +26 -17

test_url.py test_url.py +3 -1

No files found.
--- a/main.py
+++ b/main.py
@@ -33,6 +33,7 @@ def unsinged_right_shift(x, y):
 class PxBypass():
    # PX11431 o111ooo1
    ts: str = ''
+    cs: str = ''
    # PX15454 o111oooo
    num1: int = ''
    # PX11701 111o1o
@@ -111,7 +112,6 @@ class PxBypass():
        self.log.info(f'payload {payload}')
        pc = self._gen_pc(data_str, f'{self.uuid}:{self.tag}:{self.ft}')
        body = {
-            "payload": payload,
            "appId": self.appId,
            "tag": self.tag,
            "uuid": self.uuid,
@@ -119,14 +119,19 @@ class PxBypass():
            "seq": self.seq,
            "en": "NTA",
            "pc": pc,
-            "rsc": self.rsc
+            "rsc": self.rsc,
+            "payload": payload,
        }
        body = self.update_sid_vid(body)
+        self.log.info(f'postBody {json.dumps(body)}')
        response = self.session.post(self.pxUrl, headers=self.pxHeaders, data=body)
        self.log.info(f'collector1 {response.text}')
        resp = response.json()
        self.parse_resp(resp)
-
+        cks = []
+        for k, v in self.session.cookies.get_dict().items():
+            cks.append(f'{k}={quote(v)}')
+        self.log.info('; '.join(cks))
        self.inc()


@@ -148,7 +153,7 @@ class PxBypass():
        time.sleep(2)

        # time.sleep(2)
-        self.__token()
+        self._token()

    def _init(self):

@@ -181,59 +186,6 @@ class PxBypass():
    def __uuid(self):
        return str(uuid.uuid4())
        return "b8a39670-7866-11ee-9655-63a4f05cd5d1"
-        # return ctxStep2.call('genUuid')
-
-        # r = ["00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "0a", "0b", "0c", "0d", "0e", "0f", "10", "11",
-        #      "12", "13", "14", "15", "16", "17", "18", "19", "1a", "1b", "1c", "1d", "1e", "1f", "20", "21", "22", "23",
-        #      "24", "25", "26", "27", "28", "29", "2a", "2b", "2c", "2d", "2e", "2f", "30", "31", "32", "33", "34", "35",
-        #      "36", "37", "38", "39", "3a", "3b", "3c", "3d", "3e", "3f", "40", "41", "42", "43", "44", "45", "46", "47",
-        #      "48", "49", "4a", "4b", "4c", "4d", "4e", "4f", "50", "51", "52", "53", "54", "55", "56", "57", "58", "59",
-        #      "5a", "5b", "5c", "5d", "5e", "5f", "60", "61", "62", "63", "64", "65", "66", "67", "68", "69", "6a", "6b",
-        #      "6c", "6d", "6e", "6f", "70", "71", "72", "73", "74", "75", "76", "77", "78", "79", "7a", "7b", "7c", "7d",
-        #      "7e", "7f", "80", "81", "82", "83", "84", "85", "86", "87", "88", "89", "8a", "8b", "8c", "8d", "8e", "8f",
-        #      "90", "91", "92", "93", "94", "95", "96", "97", "98", "99", "9a", "9b", "9c", "9d", "9e", "9f", "a0", "a1",
-        #      "a2", "a3", "a4", "a5", "a6", "a7", "a8", "a9", "aa", "ab", "ac", "ad", "ae", "af", "b0", "b1", "b2", "b3",
-        #      "b4", "b5", "b6", "b7", "b8", "b9", "ba", "bb", "bc", "bd", "be", "bf", "c0", "c1", "c2", "c3", "c4", "c5",
-        #      "c6", "c7", "c8", "c9", "ca", "cb", "cc", "cd", "ce", "cf", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7",
-        #      "d8", "d9", "da", "db", "dc", "dd", "de", "df", "e0", "e1", "e2", "e3", "e4", "e5", "e6", "e7", "e8", "e9",
-        #      "ea", "eb", "ec", "ed", "ee", "ef", "f0", "f1", "f2", "f3", "f4", "f5", "f6", "f7", "f8", "f9", "fa", "fb",
-        #      "fc", "fd", "fe", "ff"]
-        # bs = 0
-        # ys = [random.randint(10, 255) for _ in range(6)]
-        # # random.shuffle(ys)
-        # Gs = random.randint(1100, 9999)
-        # Ws = 0
-        # s = Gs
-        # h = get_timestamp()
-        # d = bs + 1
-        # m = int(h - Ws + (d - bs) / 1e4)
-        #
-        # Ws = h
-        # bs = d
-        # Gs = s
-        # h += 122192928e5
-        # h = int(h)
-        # f = []
-        # u = 0
-        # p = (1000 * (268435455 & h) + d) % 4294967296
-        # # p = 4180087664
-        # f[:3] = int(p).to_bytes(4, byteorder='big')
-        # Q = int(h / 4294967296) * 1000 & 268435455
-        # # Q = 32386116
-        # f.append(unsinged_right_shift(Q, 8) & 255)
-        # f.append(255 & Q)
-        # f.append(unsinged_right_shift(Q, 24) & 15 | 16)
-        # f.append(unsinged_right_shift(Q, 16) & 255)
-        # # s = 6488
-        # f.append(unsinged_right_shift(s, 8) | 128)
-        # f.append(255 & s)
-        # for i in ys:
-        #     f.append(i)
-        # print(f)
-        # res = [r[f[0]], r[f[1]], r[f[2]], r[f[3]], '-', r[f[4]], r[f[5]], '-', r[f[6]], r[f[7]], '-', r[f[8]], r[f[9]],
-        #        '-',
-        #        r[f[10]], r[f[11]], r[f[12]], r[f[13]], r[f[14]], r[f[15]]]
-        # return ''.join(res)

    def _step_1(self):
        t1 = int(time.time() * 1000)
@@ -241,15 +193,14 @@ class PxBypass():
        t2 = t1 + random.randint(3, 12)
        self.startTs = t1
        self.startTs2 = t2
-        _uuid = self.__uuid()
-        self.uuid = _uuid
+        self.uuid = self.__uuid()
        # "[{"t":"PX12095","d":{"PX11645":self.target_url,"PX12207":0,"PX12458":"MacIntel","PX11902":0,"PX11560":3781,"PX12248":3600,
        # "PX11385":1698649702900,"PX12280":1698649702913,"PX11496":"1ce53d20-76f3-11ee-8971-a3e00c89b2ff","PX12564":null,"PX12565":-1,"PX11379":false}}]"
        data = [{"t": "PX12095",
                 "d": {"PX11645": self.target_url, "PX12207": 0, "PX12458": "MacIntel", "PX11902": 0,
                       "PX11560": random.randint(24846, 24846 * 2), "PX12248": 3600, "PX11385": t1, "PX12280": t2,
-                       "PX11496": _uuid, "PX12564": None, "PX12565": -1,
-                       "PX11379": True
+                       "PX11496": self.uuid, "PX12564": None, "PX12565": -1,
+                       # "PX11379": True
                       }}]
        self.do_collector(data)

@@ -284,7 +235,7 @@ class PxBypass():
            a2 += r[i]
        return a2

-    def __token(self):
+    def _token(self):
        # cks = []
        # for k, v in self.session.cookies.get_dict().items():
        #     cks.append(f'{k}={v}')
@@ -337,7 +288,8 @@ class PxBypass():
        return a % 128

    def _step_11(self):
-        data = [{"t": "PX12167", "d": {"PX11648": True, "PX11379": True, "PX11645": self.target_url}}]
+        data =[{"t":"PX12167","d":{"PX11648":True}}]
+
        self.do_collector(data)

    def update_sid_vid(self, data: dict):
@@ -349,6 +301,10 @@ class PxBypass():
            data.update({
                'vid': self.vid
            })
+        if self.cs != "":
+            data.update({
+                'cs': self.cs
+            })
        if self.cts != "":
            data.update({
                'cts': self.cts

--- a/step2.js
+++ b/step2.js
@@ -4787,6 +4787,9 @@ function genUuid(t, e, n, r) {
 function randomInt(a, b) {
    return Math.floor(((b - a) * Math.random()) + a)
 }
+function randomFloat(a, b) {
+    return ((b - a) * Math.random()) + a
+}


 function R(t, e, n, r, o, i, l) {
@@ -4911,19 +4914,25 @@ function createPX12508() {
 function genPayload2(url, sid, vid, ts, num1, num2, str1, uuid, startTs, startTs2, n) {
    // let vid = m['I000I0']
    // let sid = m['I0I0II']
-    startTs2 += randomInt(21000, 26000)
+    startTs2 += randomInt(11000, 16000)
    console.log(vid, sid)
+    let totalJSHeapSize = randomInt(35903195, 39903195)
+    let memory = {
+        totalJSHeapSize: totalJSHeapSize,
+        usedJSHeapSize: Math.round(randomFloat(0.65,0.9) * totalJSHeapSize),
+        jsHeapSizeLimit: 4294705152
+    }
    let data = {
        // "PX11431": 1692944411084,  // 0III0III
-        "PX11431": ts,  //
+        "PX11431": parseInt(ts),  //
        // "75602>44073>?2261175": "46531=77340=<1152246",
        "PX12454": num1, // 0III0II0
        "PX11701": num2,  // I00III
-        // "PX11529": parseInt(Math.random() * 46033724 + 46033724),// usedJSHeapSize
-        "PX11529": 74208842,// usedJSHeapSize
-        "PX11555": 4294705152,// jsHeapSizeLimit
-        // "PX11833": parseInt(Math.random() * 60757720 + 60757720),// totalJSHeapSize
-        "PX11833": 80878510,// totalJSHeapSize
+        "PX11529": memory.usedJSHeapSize,// usedJSHeapSize
+        // "PX11529": 74208842,// usedJSHeapSize
+        "PX11555": memory.jsHeapSizeLimit,// jsHeapSizeLimit
+        "PX11833": memory.totalJSHeapSize,// totalJSHeapSize
+        // "PX11833": 80878510,// totalJSHeapSize
        // "PX11840": "Fri Aug 25 2023 14:20:11 GMT+0800 (中国标准时间)",
        "PX11840": new Date() + '',
        // "PX12573": "e29b74b1", // parseInt(0III0III/10)
@@ -4946,7 +4955,7 @@ function genPayload2(url, sid, vid, ts, num1, num2, str1, uuid, startTs, startTs


        "PX12330": "109|66|66|70|80", // ["webstore", 'runtime', 'app', "csi", "loadTimes"];构造函数 长度
-        "PX11705": 571, //fetch+''
+        "PX11705": [571, 1182][randomInt(0,1)], //fetch+''
        "PX11938": true,  //caches
        "PX11602": true, //caches
        "PX12021": "false", // webdriver
@@ -5158,12 +5167,12 @@ function genPayload2(url, sid, vid, ts, num1, num2, str1, uuid, startTs, startTs
        "PX12520": true,
        "PX12524": "4YC14YCd4YCd4YCV4YCe4YCX4YGS5J256aus7r266YaI5oCR7r27", // Pu = speechSynthesis.getVoices()  is(Pu[161].voiceURI)
        "PX12527": "3207084bd110f1ac964863e23aa78e04",  // '1970/1/1'
-        // "PX11663":"9f762773",
-        // "PX12347":"dae10548",
-        // "PX12389":"",
-        // "PX11883":"a3d12c4",
-        // "PX11959":"82002457",
-        // "PX12483":"a3d12c4",
+            "PX11663":"9f762773",
+            "PX12347":"dae10548",
+            "PX12389":"",
+            "PX11883":"a3d12c4",
+            "PX11959":"82002457",
+            "PX12483":"a3d12c4",
        "PX12260": navigator.useragent,
        "PX12249": false,
        "PX11897": "90e65465", // 固定
@@ -5362,8 +5371,8 @@ function genPayload3(url, sid, vid, ts, num1, num2, str1, uuid) {
    let data = [{
        "t": "PX12123",
        "d": {
-            "PX12108": 501,
-            "PX12414": 26,
+            "PX12108": randomInt(401, 601),
+            "PX12414": randomInt(15, 61),
      "PX11984":"TypeError: Cannot read properties of null (reading '0')\n    at he (https://client.px-cloud.net/PXVb73hTEg/main.min.js:1136:13)\n    at Zo (https://client.px-cloud.net/PXVb73hTEg/main.min.js:3320:22)\n    at Eo (https://client.px-cloud.net/PXVb73hTEg/main.min.js:2892:23)\n    at https://client.px-cloud.net/PXVb73hTEg/main.min.js:2889:15\n    at nrWrapper (https://www.flyfrontier.com/:13:30218)",
            "PX12303": "mouseover",
            "PX11699": 58848,
@@ -5479,7 +5488,7 @@ console.log(res)

 // startTs  PX11385
 // startTs2 PX11280
-console.log(genPayload2('https://www.flyfrontier.com/',
+console.log(genPayload3('https://www.flyfrontier.com/',
        sid, vid, ts, num1, num2, str1, uuid

        , 1700203779263, 1700203786744

--- a/test_url.py
+++ b/test_url.py
@@ -6,7 +6,9 @@ session = tls_client.Session(client_identifier='chrome_112')


 prox = f'http://unfflcc:76cc14-47b8dd-1f8ace-827836-0c740e@usa.rotating.proxyrack.net:{random.randint(10000, 13500)}'
-cks = '_gcl_au=1.1.1251135220.1700320405; _gid=GA1.2.2042528071.1700320405; _fbp=fb.1.1700320407060.548909310; _tt_enable_cookie=1; _ttp=AvoJoW18xGo_yWwWbT0o6ygK2wl; pxcts=07daf97a-8625-11ee-a321-a9fe8b8e7157; _pxvid=07dae870-8625-11ee-a321-be24495c1670; _up=1.2.2012479227.1700320410; _pin_unauth=dWlkPU5qWmlNMlEwT0RVdE5qQmlNQzAwT0RNMkxUZzVOMkV0TTJNeFlqWTVZemxsTVRSag; _gat_UA-2678252-1=1; _ga_P2WLKWBNNW=GS1.1.1700320404.1.1.1700320511.60.0.0; _ga=GA1.1.1166546209.1700320405; wisepops_visits=%5B%222023-11-18T15%3A15%3A02.606Z%22%5D; _uetsid=44980cb0862511eeb3c26f174accc4ff; _uetvid=449822b0862511ee89171d5330bbfbd9; wisepops=%7B%22csd%22%3A1%2C%22popups%22%3A%7B%22429858%22%3A%7B%22dc%22%3A1%2C%22d%22%3A1700320523563%7D%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A8%2C%22cid%22%3A%2278471%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D; wisepops_session=%7B%22arrivalOnSite%22%3A%222023-11-18T15%3A15%3A02.606Z%22%2C%22mtime%22%3A1700320523564%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%22429858%22%3A0%7D%2C%22bars%22%3A%7B%7D%2C%22sticky%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D; _px2=eyJ1IjoiM2YyMzY0MjAtODYyNS0xMWVlLWE1NDQtY2QzMjdkZGQ5NzNlIiwidiI6IjA3ZGFlODcwLTg2MjUtMTFlZS1hMzIxLWJlMjQ0OTVjMTY3MCIsInQiOjYyMDIzMzg4MDAwNywiaCI6ImQ5YTIyMGYwMWM2YWNkOTIyZDBiYWYxNjFiZGExZTA4NjNlNzgzODY0MjY4ZjgxOTA1NTc4YTI0NGVjZThlMmEifQ=='
+cks = '_px2=eyJ1IjoiY2YzMTI4YzUtYzA1MC00NDYwLWFiMDYtZDBmMzhiNmI4NjVlIiwidiI6IjE1NmU5N2QzLTg2YjMtMTFlZS1iYTQ0LTU0YzE3MzNjNTU5MyIsInQiOjYyMDIzMzg4MDAwNywiaCI6IjUzYjVlZDY3MjE1OWIzZmNiYjM0ODc2NzI5MmMyNzY4MzEzOThiMjE0ZTY2ZDFhOWE2N2VlMjg5Nzc5MTk3ZjMifQ%3D%3D; _pxvid=156e97d3-86b3-11ee-ba44-54c1733c5593; pxcts=156ea2a5-86b3-11ee-ba44-e9736246cc4c'
+
+


 url = 'https://booking.flyfrontier.com/Flight/InternalSelect?o1=DEN&d1=LAS&dd1=2023-11-30&ADT=1&umnr=false&mon=true'