Simply put, the signature verification on the pc side is hidden in js? With token+data+t+appkey? Do md5? You can get it. What is the main point of this article? On the app side, I won't elaborate here.
With the x-sign on the app side, basically all the data can be crawled. The reverse xsign algorithm can also be found in many posts on the Internet. If you are interested in learning, you can find reverse materials to learn.
Below is a picture of the finished product. The method is to fix the xsign algorithm and process it into the fields needed by the interface to return the signature.
{
wua:" fkr 2 _ dmxgvslizkzhfkjbuimwtaurxh 4 jvyywm 1 sgfcfgd 4t 28 ikohl 830 o 7 xtyxx 1 833 x+gwb P8 g 5 uwnxy 8 cotrhg 9 NX 5 uwafok 8 wyhm 1 ftrxgrr 7 z 4 fswjwsaynun+5 mjwc dup v3 eitunl+u 18 ypohg 5 eu/Q3 jej+ifcuof B2 qjs
x-mini-wua:" HHnB _ 6 gmttoeuwdkcmkyhcgl 8 cdkahxeqtqnxrcssvjj 7 yx 77 w 9 HVS wa 46 10 tcku+/qzcs 70 pr 6 pl S3 aw nqfyvrfdrbh+/7W/NZ 7j 2 p 4 fitfgrab 0 lzqzqa 7 dvhbdxa 75 x8q ",
x-sgext:" jag 7 PXI 5 ds 78 b 0 ce 23fm 7 q = = ",
x-sign:" azybcm 002 xaalfducwyfs/3t+5v yaodd/vwoaaddohstgipqd 2 le+dfwxaqi 0739 GH+dwvwniuauvznrp 2 szgivqjs 33 bfdd 9233 xf ",
x-t:“ 160208 19 10”,
x-UMT:" ph 1 lf 4 nlokji 0 zv 1 wosqb 1 qnscotb+He "
}
Then grab the page, look at the request parameters, submit the request parameters to the completed xsign interface, and return the signature. Then request Taobao data interface? Get data.