小红书x-s和web_session

开工发现小红书web更新了，目前笔记信息接口： /api/sns/web/v1/feed

请求时headers中需要x-s、x-t，cookie中需要有web_session。

web_session

web_session和当前环境绑定，重新注册后浏览器中的ID也会更新。

其主要依赖的参数是webId，类似于设备指纹。根据测试得出，webId只需要随机生成32位字符即可。

然后通过webId去注册web_session。（目前需要aid、gid、gid—sign，可以随机生成）

或者大家自己复制一个替换吧。

参考代码如下：

import requests
import execjs
import random

def register_Id(c=32):
    s = "abcdef0123456789"
    webId = ''
    for i in range(c):
        webId += random.choice(s)
    return webId

def register_session():
    url = 'https://edith.xiaohongshu.com/api/sns/web/v1/login/activate'
    headers = {
        "accept": "application/json, text/plain, */*",
        "accept-encoding": "gzip, deflate, br",
        "accept-language": "zh-CN,zh;q=0.9,en;q=0.8,en-US;q=0.7",
        "cache-control": "no-cache",
        "content-type": "application/json;charset=UTF-8",
        "cookie": f"a1=1879883dcb2xqzqkj7hhp1wtwys56f4jl7omndiyd50000102326; webId={register_Id()}; gid=yYWjYYqdyd1jyYWjYYqfSWf3DJCAuATVWxxUlvfyE9EvM6282Ki4VI888y8JqJK84SqKdfJq; gid.sign=IaDqCp2Q97+mPBsh9MZLtE69xs4=",
        "origin": "https://www.xiaohongshu.com",
        "pragma": "no-cache",
        "referer": "https://www.xiaohongshu.com/",
        "sec-ch-ua": "\"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"",
        "sec-ch-ua-mobile": "?0",
        "sec-ch-ua-platform": "\"Windows\"",
        "sec-fetch-dest": "empty",
        "sec-fetch-mode": "cors",
        "sec-fetch-site": "same-site",
        "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36",
        "x-b3-traceid":"453f324415a7086f",
        "x-s-common": "2UQAPsHC+aIjqArjwjHjNsQhPsHCH0rjNsQhPaHCH0P1PjhIHjIj2eHjwjQgynEDJ74AHjIj2ePjwjQhyoPTqBPT49pjHjIj2ecjwjHUN0Z1+UHVHdWMH0ijP/W7w/WhP9z0G0Qhqgkly9i7yBYIPg4F47SA+/8f+BkV+9RTJfzk2ncMPeZIPerIP0PU+jHVHdW9H0il+0WlweDlPerEPerUNsQh+UHCHDRd4A8A8AzpP/Q7c0mdzfSA8MzgqMSl40bd/FQOcd4sq9lOp/mxqF4A8FGAHjIj2eWjwjQQPAYUaBzdq9k6qB4Q4fpA8b878FSet9RQzLlTcSiM8/+n4MYP8F8LagY/P9Ql4FpUzfpS2BcI8nT1GFbC/L88JdbFyrSiafp/JDMra7pFLDDAa7+8J7QgabmFz7Qjp0mcwp4fanD68p40+fp8qgzELLbILrDA+9p3JpHlLLI3+LSk+d+DJfRAyfRL+gSl4bYlqg48qDQlJFShtUTozBD6qM8FyFShPo+h4g4U+obFyLS3qd4QyaRAy9+0PFSe/B8QPFRSPopFJeHIzbkA/epSzb+t8nkn4AmQynpS2b87/sTc4BRUqgziLrSN8gY8wBRQcMHlaLpUL94n4FQoqgzaagYbGnpr8Bpn4g4xaLPIqAbl4BEQy7mNanYgnfpSP7+88Fq9GMLMqMSl4okYzBzS8dklPgkDN9pgpF8wagWM8n8M4sRQzLES8SmFcgQCqfYOJM8oag8d8nSl4oL6nn4S2BklJLS3/o4QyLzcz9bTyDS9yBF3a/WhanSC4LQn49lQ4D4B+Bp98Lz/+9Ll4gzeaLP7qFz0O/FjNsQhwaHCP/L9Per9+/cANsQhP/Zjw0rIKc==",
        "x-s": "Ogw6sg4U12wB0gFisgTWsYqv1gOBOBwBslOU0jsGsgF3",
        "x-t": "1681891019012"
    }
    session = requests.post(url,data='{}',headers=headers).json()['data']['session']
    return session

def feed(source_note_id):
    headers = {
        "accept":"application/json, text/plain, */*",
        "accept-encoding":"gzip, deflate, br",
        "accept-language":"zh-CN,zh;q=0.9,en;q=0.8,en-US;q=0.7",
        "cache-control":"no-cache",
        "content-type":"application/json;charset=UTF-8",
        "cookie":f"web_session={register_session()}",  # web_session和当前IP或者环境绑定，重新注册后浏览器中的ID也会更新
        "origin":"https://www.xiaohongshu.com",
        "pragma":"no-cache",
        "referer":"https://www.xiaohongshu.com/",
        "sec-ch-ua":"\"Not_A Brand\";v=\"99\", \"Google Chrome\";v=\"109\", \"Chromium\";v=\"109\"",
        "sec-ch-ua-mobile":"?0",
        "sec-ch-ua-platform":"\"Windows\"",
        "sec-fetch-dest":"empty",
        "sec-fetch-mode":"cors",
        "sec-fetch-site":"same-site",
        "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36",
        "x-s":"1lqJsBVUOjsiO6dk1BspOg9G16O6sgAWslOJ1gkvOgF3",
        "x-t":"1675387207946"
    }
    with open('x_sx_t.js', 'r', encoding='utf-8') as f:
        js = f.read()
    crt = execjs.compile(js)
    data = '{"source_note_id":"%s"}'%source_note_id
    xs_xt = crt.call('sign','/api/sns/web/v1/feed',{"source_note_id":"%s"%source_note_id})
    xs_xt['X-t'] = str(xs_xt['X-t'])

    headers.update(xs_xt)
    feed = 'https://edith.xiaohongshu.com/api/sns/web/v1/feed'
    print(requests.post(url=feed, data=data, headers=headers).text)

if __name__ == '__main__':
    #print(register_session())
    feed("63cf8afe000000001f023d49")

X-S

定位方法很多，可以全局搜 "X-s" 。

![file](http://www.lxs

pider.com/wp-content/uploads/2023/03/641b1de7daa79.png)往上找可以发现该段为 sign 方法，function sign(e, t) {}

全部复制到本地，然后根据报错把缺的方法和环境补一下，比如a0_0x4dee00、a0_0x5c27、a0_0x543e等方法，

然后把常用的navigator、location、document、window加上就好了。

该过程中根据具体错误再调试分析， 比如sign方法的 case "6"，修改为var vr = window 、在case "7"中可以手动修改为 dr = ur['sNYMU']

整体的代码我贴上来，大家自己看吧。

云盘的python代码没更新，复制上面的就行。

【温馨提示：此处隐藏内容需要付费订阅后才能查看！】