oadmin/duoplus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
duoplus/network_inspector.py

216 lines
8.1 KiB
Python
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
DuoPlus 注册页面网络请求检查器
用于分析和记录注册过程中的所有网络请求
"""
import requests
import json
from colorama import init, Fore, Style
import time
# 初始化 colorama
init(autoreset=True)
class NetworkInspector:
"""网络请求检查器"""
def __init__(self):
self.session = requests.Session()
self.base_url = "https://my.duoplus.cn"
self.api_url = "https://api.duoplus.cn"
def inspect_registration_apis(self):
"""检查注册相关的 API 端点"""
print(f"{Fore.CYAN}{'='*60}")
print(f"{Fore.CYAN}DuoPlus 注册 API 端点检查")
print(f"{Fore.CYAN}{'='*60}\n")
# 1. 检查腾讯验证码配置 API
self._check_captcha_config()
# 2. 检查注册页面
self._check_signup_page()
# 3. 尝试获取其他可能的 API 端点
self._check_common_apis()
def _check_captcha_config(self):
"""检查验证码配置 API"""
print(f"{Fore.YELLOW}[1] 检查验证码配置 API...")
url = f"{self.api_url}/common/tencentConfig"
headers = {
'pragma': 'no-cache',
'cache-control': 'no-cache',
'sec-ch-ua-platform': '"Windows"',
'authorization': '',
'lang': 'zh-CN',
'sec-ch-ua': '"Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"',
'sec-ch-ua-mobile': '?0',
'content-type': 'application/json',
'duoplus-fp': 'e8014cf598dd4c021f2d08abef905801',
'origin': 'https://my.duoplus.cn',
'sec-fetch-site': 'same-site',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
'referer': 'https://my.duoplus.cn/',
'accept-language': 'zh-CN,zh;q=0.9,en;q=0.8',
'priority': 'u=1, i',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36'
}
try:
response = self.session.get(url, headers=headers)
print(f"{Fore.GREEN}URL: {url}")
print(f"{Fore.GREEN}Status: {response.status_code}")
if response.status_code == 200:
data = response.json()
print(f"{Fore.GREEN}Response: {json.dumps(data, indent=2, ensure_ascii=False)}")
if data.get('code') == 200:
captcha_app_id = data['data']['captcha_app_id']
print(f"{Fore.CYAN}✓ Captcha App ID: {captcha_app_id}")
else:
print(f"{Fore.RED}Failed: HTTP {response.status_code}")
except Exception as e:
print(f"{Fore.RED}Error: {str(e)}")
print()
def _check_signup_page(self):
"""检查注册页面"""
print(f"{Fore.YELLOW}[2] 检查注册页面...")
url = f"{self.base_url}/sign-up"
try:
response = self.session.get(url)
print(f"{Fore.GREEN}URL: {url}")
print(f"{Fore.GREEN}Status: {response.status_code}")
# 获取 cookies
cookies = self.session.cookies.get_dict()
if cookies:
print(f"{Fore.GREEN}Cookies received:")
for key, value in cookies.items():
print(f" - {key}: {value[:20]}..." if len(value) > 20 else f" - {key}: {value}")
except Exception as e:
print(f"{Fore.RED}Error: {str(e)}")
print()
def _check_common_apis(self):
"""检查常见的 API 端点"""
print(f"{Fore.YELLOW}[3] 检查可能的 API 端点...")
# 常见的注册相关 API 端点
possible_endpoints = [
f"{self.api_url}/auth/register",
f"{self.api_url}/auth/send-code",
f"{self.api_url}/auth/verify-code",
f"{self.api_url}/user/register",
f"{self.api_url}/account/register",
f"{self.api_url}/v1/auth/register",
f"{self.api_url}/api/auth/register",
]
headers = {
'origin': 'https://my.duoplus.cn',
'referer': 'https://my.duoplus.cn/',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36'
}
for endpoint in possible_endpoints:
try:
# 使用 OPTIONS 请求检查端点是否存在
response = self.session.options(endpoint, headers=headers, timeout=3)
if response.status_code in [200, 204, 405]: # 405 表示方法不允许但端点存在
print(f"{Fore.GREEN}✓ Found: {endpoint} (Status: {response.status_code})")
# 检查允许的方法
allow_header = response.headers.get('Allow', '')
if allow_header:
print(f" Allowed methods: {allow_header}")
# 检查 CORS 头
cors_headers = {
'Access-Control-Allow-Origin': response.headers.get('Access-Control-Allow-Origin'),
'Access-Control-Allow-Methods': response.headers.get('Access-Control-Allow-Methods'),
'Access-Control-Allow-Headers': response.headers.get('Access-Control-Allow-Headers')
}
cors_info = [f"{k}: {v}" for k, v in cors_headers.items() if v]
if cors_info:
print(f" CORS: {', '.join(cors_info)}")
else:
print(f"{Fore.YELLOW}? Unknown: {endpoint} (Status: {response.status_code})")
except requests.exceptions.Timeout:
print(f"{Fore.RED}✗ Timeout: {endpoint}")
except requests.exceptions.ConnectionError:
print(f"{Fore.RED}✗ Connection Error: {endpoint}")
except Exception as e:
print(f"{Fore.RED}✗ Error: {endpoint} - {str(e)}")
time.sleep(0.5) # 避免请求过快
print()
def analyze_register_request(self):
"""分析注册请求的结构"""
print(f"{Fore.CYAN}{'='*60}")
print(f"{Fore.CYAN}预期的注册请求结构")
print(f"{Fore.CYAN}{'='*60}\n")
sample_request = {
"email": "user@example.com",
"password": "password123",
"confirmPassword": "password123",
"verificationCode": "123456",
"inviteCode": "",
"agreeToTerms": True,
"ticket": "从腾讯验证码获取",
"randstr": "从腾讯验证码获取"
}
print(f"{Fore.YELLOW}预期的注册请求体结构:")
print(json.dumps(sample_request, indent=2, ensure_ascii=False))
print(f"\n{Fore.YELLOW}关键请求头:")
key_headers = {
"Content-Type": "application/json",
"Origin": "https://my.duoplus.cn",
"Referer": "https://my.duoplus.cn/sign-up",
"duoplus-fp": "设备指纹(可能需要)",
"Authorization": "Bearer token如果需要"
}
for header, value in key_headers.items():
print(f" {header}: {value}")
def main():
"""主函数"""
inspector = NetworkInspector()
print(f"{Fore.CYAN}开始检查 DuoPlus 注册相关 API...\n")
# 检查 API 端点
inspector.inspect_registration_apis()
# 显示预期的请求结构
inspector.analyze_register_request()
print(f"{Fore.GREEN}\n检查完成!")
print(f"{Fore.YELLOW}提示:使用浏览器开发者工具或代理工具(如 mitmproxy可以获取更准确的请求信息。")
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink