i川信接口分析

i川信接口分析

环境:

抓包软件和环境的配置这里就不再赘述,下面直接进入主题。

登录接口

1
POST http://app.scitc.com.cn/combfream/rest/user/login
1
2
3
4
5
6
7
Host: app.scitc.com.cn
Content-Type: application/json
Connection: keep-alive
Accept: */*
User-Agent: shiku_im/1.0.0 (iPhone; iOS 12.4; Scale/2.00)
Accept-Language: zh-Hans-CN;q=1
Content-Length: 116

请求信息

1
2
3
4
5
6
7
8
{
"username" : "i川信账号",
"password" : "密码",
"version_name" : "1.0.0",
"type" : "1",
"version_code" : 1,
"client_type" : 1
}

利用在线POST工具,添加相应参数发送请求。我们可以拿到以下的信息:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{
"result": {
"XH": "",
"BJMC": "",
"KSH": "XXXX",
"YQH": "",
"XBM": "1",
"XM": "XX",
"SFZJH": "XX",
"XB": "X",
"NJH": "XX",
"BJDM": "",
"KEY_ID": "",
"XQM": "",
"XQMC": "",
"SYD": "",
"IDENTITY": XX,
"IDENTITY_NAME": "X",
"SESSION_TOKEN": "XX",
"USER_ID": "XX",
"ICON": "XX.png",
"IM_ACCOUNT": "XX",
"TEL": "",
"status": 0
},
"msg": "登录成功",
"status": 0
}

敏感信息已经做了相应处理

可以看到,服务器为我们返回了一个SESSION_TOKEN 标识用户的登录状态,类似于浏览器的Cookie。我们接下来的操作都是需要这个token的。以及USER_ID 用户账号的唯一标识。

在拿到SESSION_TOKEN和USER_ID后我们就可以进行一些操作了。

比如

高德经纬度定位

1
POST http://app.scitc.com.cn/combfream/rest/service/getGeohashList
1
2
3
4
5
6
7
8
9
Host: app.scitc.com.cn
Content-Type: application/json
Accept: */*
Connection: keep-alive
Cookie: session="XXX"
User-Agent: shiku_im/1.0.0 (iPhone; iOS 12.4; Scale/2.00)
Accept-Language: zh-Hans-CN;q=1
Content-Length: 139
Accept-Encoding: gzip, deflate

请求信息(包含参数,lang、lat自己的经纬度、userid用户唯一标识)

1
2
3
4
5
6
7
8
{
"lng" : xxx,
"lat" : xx,
"hashLength" : 4,
"userId" : "xxx",
"pageNumber" : 1,
"pageSize" : 30
}

服务器返回信息,敏感信息已做处理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
"result": [{
"ICON": "XX.png",
"DISTANCE": 5181.0,
"NAME": "xx",
"IM_ACCOUNT": "XX",
"USER_ID": "XX",
"XBM": 1,
"LONGITUDE": 104.053922,
"GEO_CODE": "wm3zpz1g",
"LATITUDE": 30.800827
}],
"status": "0",
"msg": "获取周围的人成功"
}

衍生出来的软件

待更新…..

评论

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×