#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ DuoPlus 注册页面网络请求检查器 用于分析和记录注册过程中的所有网络请求 """ import requests import json from colorama import init, Fore, Style import time # 初始化 colorama init(autoreset=True) class NetworkInspector: """网络请求检查器""" def __init__(self): self.session = requests.Session() self.base_url = "https://my.duoplus.cn" self.api_url = "https://api.duoplus.cn" def inspect_registration_apis(self): """检查注册相关的 API 端点""" print(f"{Fore.CYAN}{'='*60}") print(f"{Fore.CYAN}DuoPlus 注册 API 端点检查") print(f"{Fore.CYAN}{'='*60}\n") # 1. 检查腾讯验证码配置 API self._check_captcha_config() # 2. 检查注册页面 self._check_signup_page() # 3. 尝试获取其他可能的 API 端点 self._check_common_apis() def _check_captcha_config(self): """检查验证码配置 API""" print(f"{Fore.YELLOW}[1] 检查验证码配置 API...") url = f"{self.api_url}/common/tencentConfig" headers = { 'pragma': 'no-cache', 'cache-control': 'no-cache', 'sec-ch-ua-platform': '"Windows"', 'authorization': '', 'lang': 'zh-CN', 'sec-ch-ua': '"Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"', 'sec-ch-ua-mobile': '?0', 'content-type': 'application/json', 'duoplus-fp': 'e8014cf598dd4c021f2d08abef905801', 'origin': 'https://my.duoplus.cn', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', 'referer': 'https://my.duoplus.cn/', 'accept-language': 'zh-CN,zh;q=0.9,en;q=0.8', 'priority': 'u=1, i', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36' } try: response = self.session.get(url, headers=headers) print(f"{Fore.GREEN}URL: {url}") print(f"{Fore.GREEN}Status: {response.status_code}") if response.status_code == 200: data = response.json() print(f"{Fore.GREEN}Response: {json.dumps(data, indent=2, ensure_ascii=False)}") if data.get('code') == 200: captcha_app_id = data['data']['captcha_app_id'] print(f"{Fore.CYAN}✓ Captcha App ID: {captcha_app_id}") else: print(f"{Fore.RED}Failed: HTTP {response.status_code}") except Exception as e: print(f"{Fore.RED}Error: {str(e)}") print() def _check_signup_page(self): """检查注册页面""" print(f"{Fore.YELLOW}[2] 检查注册页面...") url = f"{self.base_url}/sign-up" try: response = self.session.get(url) print(f"{Fore.GREEN}URL: {url}") print(f"{Fore.GREEN}Status: {response.status_code}") # 获取 cookies cookies = self.session.cookies.get_dict() if cookies: print(f"{Fore.GREEN}Cookies received:") for key, value in cookies.items(): print(f" - {key}: {value[:20]}..." if len(value) > 20 else f" - {key}: {value}") except Exception as e: print(f"{Fore.RED}Error: {str(e)}") print() def _check_common_apis(self): """检查常见的 API 端点""" print(f"{Fore.YELLOW}[3] 检查可能的 API 端点...") # 常见的注册相关 API 端点 possible_endpoints = [ f"{self.api_url}/auth/register", f"{self.api_url}/auth/send-code", f"{self.api_url}/auth/verify-code", f"{self.api_url}/user/register", f"{self.api_url}/account/register", f"{self.api_url}/v1/auth/register", f"{self.api_url}/api/auth/register", ] headers = { 'origin': 'https://my.duoplus.cn', 'referer': 'https://my.duoplus.cn/', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36' } for endpoint in possible_endpoints: try: # 使用 OPTIONS 请求检查端点是否存在 response = self.session.options(endpoint, headers=headers, timeout=3) if response.status_code in [200, 204, 405]: # 405 表示方法不允许但端点存在 print(f"{Fore.GREEN}✓ Found: {endpoint} (Status: {response.status_code})") # 检查允许的方法 allow_header = response.headers.get('Allow', '') if allow_header: print(f" Allowed methods: {allow_header}") # 检查 CORS 头 cors_headers = { 'Access-Control-Allow-Origin': response.headers.get('Access-Control-Allow-Origin'), 'Access-Control-Allow-Methods': response.headers.get('Access-Control-Allow-Methods'), 'Access-Control-Allow-Headers': response.headers.get('Access-Control-Allow-Headers') } cors_info = [f"{k}: {v}" for k, v in cors_headers.items() if v] if cors_info: print(f" CORS: {', '.join(cors_info)}") else: print(f"{Fore.YELLOW}? Unknown: {endpoint} (Status: {response.status_code})") except requests.exceptions.Timeout: print(f"{Fore.RED}✗ Timeout: {endpoint}") except requests.exceptions.ConnectionError: print(f"{Fore.RED}✗ Connection Error: {endpoint}") except Exception as e: print(f"{Fore.RED}✗ Error: {endpoint} - {str(e)}") time.sleep(0.5) # 避免请求过快 print() def analyze_register_request(self): """分析注册请求的结构""" print(f"{Fore.CYAN}{'='*60}") print(f"{Fore.CYAN}预期的注册请求结构") print(f"{Fore.CYAN}{'='*60}\n") sample_request = { "email": "user@example.com", "password": "password123", "confirmPassword": "password123", "verificationCode": "123456", "inviteCode": "", "agreeToTerms": True, "ticket": "从腾讯验证码获取", "randstr": "从腾讯验证码获取" } print(f"{Fore.YELLOW}预期的注册请求体结构:") print(json.dumps(sample_request, indent=2, ensure_ascii=False)) print(f"\n{Fore.YELLOW}关键请求头:") key_headers = { "Content-Type": "application/json", "Origin": "https://my.duoplus.cn", "Referer": "https://my.duoplus.cn/sign-up", "duoplus-fp": "设备指纹(可能需要)", "Authorization": "Bearer token(如果需要)" } for header, value in key_headers.items(): print(f" {header}: {value}") def main(): """主函数""" inspector = NetworkInspector() print(f"{Fore.CYAN}开始检查 DuoPlus 注册相关 API...\n") # 检查 API 端点 inspector.inspect_registration_apis() # 显示预期的请求结构 inspector.analyze_register_request() print(f"{Fore.GREEN}\n检查完成!") print(f"{Fore.YELLOW}提示:使用浏览器开发者工具或代理工具(如 mitmproxy)可以获取更准确的请求信息。") if __name__ == "__main__": main()