捷风app提供了很多企业动态,包括招标,投标,采购和公共资源交易在内的各种数据。
本文案例是对捷风资讯app的接口分析和参数sign的分析。
案例环境:捷风资讯(安卓1.0.5)、charles、
搜索列表接口分析
POST-URL:https://jiefengnews.com/api/ds/v2/search
FormData:
{
"db_id":[1],
"filter_conditions":{
"keyword":[[{"key":"bid_company.stock_company.name","value":"宝信软件"}]],
"time":[
{"key":"publish_time",
"value":{"gte":"2017-01-01 00:00:00","lte":"2021-12-24 12:34:20"}}
]
},
"search_word":"宝信软件",
"size":10,
"judge_result":1,
"time_field":"publish_time",
"cursor_field":"cursor",
"export_fields":[
"search_db","title",
"bid_company.stock_company.stock_code",
"bid_company.stock_company.concept_text",
"bid_company.stock_company.name",
"publish_time","bid_money",
"bid_company.stock_company.order_percent",
"bid_company.name"
]
}模拟请求
【温馨提示:此处隐藏内容需要付费订阅后才能查看!】
详情页接口分析
继续抓包分析
详情页接口:https://jiefengnews.com/api/ds/v2/data/detail
Formdata:
{
"id": "11b4e6578de7cd07c4fafb9cab872789",
"sign": "ldDPLpqqOM5Q3nsxFOfK7IjKjC4DLJuFW_2NYUxCC-v2KGoqMhXeh1cQx9KhUOy-",
"db_id": 1,
"export_fields": ["title", "publish_time", "project_province", "bid_company.name", "owner.name", "bid_money", "agency.name", "raw_html", "bid_company.stock_company.name", "bid_company.stock_company.stock_code", "bid_company.stock_company.full_name", "bid_company.stock_company.order_percent", "search_db"]
}
Formdata中有一个sign参数,
【温馨提示:此处隐藏内容需要付费订阅后才能查看!】
源码分析
但是出于礼貌,还是要分析下源码中的sign,看看是怎么写的。
查壳,没壳。
放入Jadx中反编译。
静态分析了半天,未找到符合的sign代码。
所以判断该sign为定值。
请求示例
【温馨提示:此处隐藏内容需要付费订阅后才能查看!】