京东小程序分析记录
分析目标:“京东物流”
分析接口:查快递
首先抓包看下请求,没有证书校验,直接可以看到请求参数和返回。
:method: POST
:path: /search/getECLPOptimizationWaybillOrdersByKeyWord
:authority: lop-proxy.jd.com
:scheme: https
jexpress-trace-id: gpw6ddavgm42vyed
referer: https://service.vapp.jd.com/ao0f5c7f4df74ea1b6/1/page-frame.html
access: WX-XCX
cookie: pt_key=AAJf4GXNADDMHCbtaO0bDiPfemCoVBtrQ2mUx3sbgEZo2wNBlQGpyrINb5zJMP16Djl4luv05n4; pin=204457913-139479;
clientinfo: {"appName":"c2c","client":"m"}
jexpress-report-time: 1608542143704
app-key: jexpress
source-client: 1
version: 1607586045000
accept: application/json, text/plain, */*
appparams: {"appid":158,"ticket_type":"m"}
lop-dn: logistics-mrd.jd.com
biz-type: service-monitor
x-requested-with: XMLHttpRequest
event-id: jokoxxdezxmgmk9p
charset: utf-8
user-agent: Mozilla/5.0 (Linux; Android 8.1.0; Nexus 6P Build/OPM7.181205.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.101 Mobile Safari/537.36
content-type: application/json
content-length: 184
accept-encoding: gzip
[{"entrance":"WX-XCX","client":"1","apiVersion":"1.0.0","source":4,"productType":"7","keyWord":"1356","userPin":"$cooMrdGatewayUid$","cePageUtil":{"curPage":1,"pageSize":10},"type":0}]
{
"code": 1,
"message": "调用成功",
"resultCode": 1
}
接下来就得看看请求中的参数是怎么生成的,那么就得找到小程序的代码。 继续抓包分析,找到拉取小程序包的请求
:method: GET
:path: https://api.m.jd.com/client.action?functionId=jdaInfos&body=%7B%22app_id%22%3A%22ao0f5c7f4df74ea1b6%22%2C%22host_id%22%3A%22jd00e7c795ae0f4648%22%2C%22type%22%3A%221%22%7D&clientVersion=9.3.2&build=86083&client=android&d_brand=Huawei&d_model=Nexus6P&osVersion=8.1.0&screen=2392*1440&partner=jlhdqj07&aid=38f24112fc4556ef&oaid=&eid=eidAbb5241210bl5440c29f72cab10921423cb54c66a48a44e0c6e4chAyMDwJ4BRe9jA5FkhfCNdFi6HTqfHaqRhKDciy5GgIyjOv9uKFw6RQ5FBa4&sdkVersion=27&lang=zh_CN&uuid=38f24112fc4556ef&area=1_2800_0_0&networkType=wifi&wifiBssid=unknown&uts=0f31TVRjBSufcOdW01OUSJV1fBBD6myjpQL%2BgPAzs%2BmQs7oEZxwemitdpxNxNQRWGI1eEcixuoFMa6FJIXciQg0kdhAFZ3V3zz19BuJP8uqDz7QTHieHPukV9FpDndSQr5otDHd%2BnpuiO1X%2F4M8%2FidRvm%2Bc7lHkhlUAA%2FfCVTn15ChYSm50%2Fl8VVUrPlui%2FZJjXY7otMjGcE2RNJP8si7A%3D%3D&st=1608541634456&sign=591ec2e054e1da92d01d3f318ba04c5f&sv=101
:authority: api.m.jd.com
:scheme: https
cookie: pin=204457913-139479;wskey=AAJf4GWiAECdYRySB0fGUDDjC9X_8uRb7V1gLc4M2w7CMLuzUVzP149Mj9dkQcqfjs5_zbjczIDMEfbt6UEIJaPn7uQA9qE2;whwswswws=g6FFf+eoo9CPn9cP3lzKHL9IOizFbFoUG/iW1w4HCZ2yS+0kAXZS+yVXbtdt3wVOC;unionwsws={"devicefinger":"eidA24da812326segWMbzFqdTZu5htwI9SVztIFjHULfKMs\/KlnjlWHnDBV06jDHU+k8U29n5qTQUUtowW8qyMo\/fWWkKJWgYcViRxg2u4Sl1sBVGatQ","jmafinger":"g6FFf+eoo9CPn9cP3lzKHL9IOizFbFoUG\/iW1w4HCZ2yS+0kAXZS+yVXbtdt3wVOC"};
charset: UTF-8
accept-encoding: br,gzip,deflate
jdc-backup: pin=204457913-139479;wskey=AAJf4GWiAECdYRySB0fGUDDjC9X_8uRb7V1gLc4M2w7CMLuzUVzP149Mj9dkQcqfjs5_zbjczIDMEfbt6UEIJaPn7uQA9qE2;whwswswws=g6FFf+eoo9CPn9cP3lzKHL9IOizFbFoUG/iW1w4HCZ2yS+0kAXZS+yVXbtdt3wVOC;unionwsws={"devicefinger":"eidA24da812326segWMbzFqdTZu5htwI9SVztIFjHULfKMs\/KlnjlWHnDBV06jDHU+k8U29n5qTQUUtowW8qyMo\/fWWkKJWgYcViRxg2u4Sl1sBVGatQ","jmafinger":"g6FFf+eoo9CPn9cP3lzKHL9IOizFbFoUG\/iW1w4HCZ2yS+0kAXZS+yVXbtdt3wVOC"};
cache-control: no-cache
user-agent: okhttp/3.12.1
{
"code": "0",
"error": null,
"result": null,
"data": {
"configJson": "{\"sameTask\":\"0\",\"shareUrl\":\"https://mini-app-static.jd.com/apps/mpshare/index.html\"}",
"app_permission": {
"native_permission": "0"
},
"vendor": {
"vendorName": "京东物流"
},
"version": {
"version_name": "1.3.2",
"package_url": "http://storage.360buyimg.com/jda-test/jdd6bab64657b13e86/7799/1608029629.jdapkg?Expires=1608546634&AccessKey=WVQDkmK3HMQRhHZg&Signature=bBqdJDe7oy%2Fv6K4oTXOGVcPs0mk%3D",
"build": "82",
"type": "1",
"zip_url": ""
},
"info": {
"service_phone": "950616",
"owner_name": "京东物流",
"name": "京东快递",
"description": "为客户提供时效快、信息准、质量稳、服务好的快递收派服务",
"logo": "https://img10.360buyimg.com/jdminiapp/jfs/t1/128438/5/10044/7146/5f3b3393Ed81256b5/f164e59d84ba8e8e.png",
"hostId": "jd00e7c795ae0f4648",
"app_id": "ao0f5c7f4df74ea1b6",
"is_collection": "0",
"service_email": "",
"channel_key": null,
"chartered_url": "https://mp-static.jd.com/businessLicense.html?appId=ao0f5c7f4df74ea1b6"
},
"setting": {
"domain": {
"network": []
},
"category": "京东物流"
}
}
}
从返回可以看出,京东提供了两种小程序的包,zip格式和package格式,但没有提供zip包的下载路径。
小程序包的下载链接是 http://storage.360buyimg.com/jda-test/jdd6bab64657b13e86/7799/1608029629.jdapkg?Expires=1608546634&AccessKey=WVQDkmK3HMQRhHZg&Signature=bBqdJDe7oy%2Fv6K4oTXOGVcPs0mk%3D
下载下来之后查看文件格式,不是常用的zip、tar等格式,猜测可能是自定义的格式。
➜ Downloads file 1608029629.jdapkg
1608029629.jdapkg: data
搜索关键字 “manto” ,查看代码逻辑,初步定位到这个 “com.jingdong.manto.pkg.a.a” 类。
对解析代码还原之后,可以看到对应的html和js文件。
代码地址: https://github.com/FishMan132/ParseJdapkg
公众号: