某头条逆向【a_bogus参数】

张

张建站

2026/6/15 6:46:51

10分钟阅读

前言本文目标接口api/pc/list/feed此接口只校验了a_bogus一个时效性参数hook关键参数a_bogus向上翻阅堆栈分析何处是核心加密位置。打上日志断点观察a_bogus如何被生成的可以看见此处的apply在很多地方都有被调用所以接下来我们下条件断点条件是由我们观察来的a_bogus参数的长度是168位。再次刷新页面后成功断到a_bogus生成位置我们点击步入后在return出断点观察发现return处就是生成a_bogus参数的核心位置。a_bogus的生成逻辑就是向 e._u函数中传入五个参数r和e函数都是又e得来的然后把e函数赋值给了u所以我们只需要将bdms.js文件全部拿下来然后在关键位置将u赋值给全局即可。使用自吐环境代理开始补全环境代理很简单需要可以私信我。环境代码如下windowglobal window.topwindow.selfwindow.parentwindowdeleteglobal window.devicePixelRatio1window.location{href:about:blank,protocol:http:,host:,hostname:,port:,pathname:/,search:,hash:}window.requestAnimationFramefunction(tag_name){console.log(requestAnimationFrame:::,tag_name)}functionEventSource(url){this.readyState0this.CONNECTING0this.OPEN1this.CLOSED2}EventSource.prototype.addEventListenerfunction(type,listener){}EventSource.prototype.removeEventListenerfunction(type,listener){}EventSource.prototype.closefunction(){}window.EventSourceEventSource window._sdkGlueVersionMap{sdkGlueVersion:1.0.0.55,bdmsVersion:1.0.1.7,captchaVersion:4.0.2}window.onwheelx{_Ax:0X21}window.innerWidth1707window.innerHeight179window.outerWidth1707window.outerHeight1019window.screenX0window.screenY0window.pageYOffset200window.XMLHttpRequestfunctionXMLHttpRequest(){}XMLHttpRequest.prototype.openfunction(){}XMLHttpRequest.prototype.sendfunction(){}XMLHttpRequest.prototype.setRequestHeaderfunction(){}XMLHttpRequest.prototype.getAllResponseHeadersfunction(){}span{classList:{add:function(){},remove:function(){},contains:function(){returnfalse}},style:{},innerHTML:,parentNode:null,getAttribute:function(name){returnnull},setAttribute:function(name,value){}}functionDocument(){}Document.prototype.cookieDocument.prototype.referrerDocument.prototype.all{length:0,item:function(){returnnull}}Document.prototype.body{tagName:BODY,appendChild:function(node){returnnode},removeChild:function(node){returnnode},style:{},offsetHeight:800,offsetWidth:1707,clientHeight:779,clientWidth:1707}Document.prototype.createElementfunction(tag_name){console.log(createElement:::,tag_name)if(tag_namespan){returnspan}}Document.prototype.documentElement{}Document.prototype.createEventfunction(tag_name){console.log(createEvent:::,tag_name)}documentnewDocument()functionNavigator(){}Navigator.prototype.userAgentMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36Navigator.prototype.platformWin32Navigator.prototype.webdriverfalseNavigator.prototype.languages[zh-CN,zh]Navigator.prototype.plugins{length:0}Navigator.prototype.mimeTypes{length:0}Navigator.prototype.vendorSubs{ink:1781240349654}navigatornewNavigator()functionStorage(){this.xmstxXYeU5qviNSFDHJlZZ0C1mPWSrep7qeJ8UGH6eEe8UXzY9jne9T_3pdqaHX5gRDzTC9wPiTtp49rU9ACz8aM_Rg8afmk2ya2QHJf2-bno3oMB9_qBEbM9KCN8u-hvG32}Storage.prototype.getItemfunction(a){console.log(sessionStorage getItem:::,arguments)returnainthis?this[a]:null}Storage.prototype.removeItemfunction(a){console.log(sessionStorage removeItem:::,arguments)deletethis[a]}Storage.prototype.setItemfunction(a,b){console.log(sessionStorage setItem:::,arguments)returnthis[a]b}sessionStoragenewStorage()window.sessionStoragesessionStorage localStoragenewStorage()window.localStoragelocalStoragefunctionScreen(){}Screen.prototype.availWidth1707Screen.prototype.availHeight1019Screen.prototype.width1707Screen.prototype.height1067Screen.prototype.colorDepth32Screen.prototype.pixelDepth32screennewScreen()py代码如下importrequestsimportexecjsfromurllib.parseimporturlencode headers{accept:application/json, text/plain, */*,accept-language:zh-CN,zh;q0.9,cache-control:no-cache,pragma:no-cache,priority:u1, i,referer:https://www.toutiao.com/,sec-ch-ua:\Chromium\;v\148\, \Google Chrome\;v\148\, \Not/A)Brand\;v\99\,sec-ch-ua-mobile:?0,sec-ch-ua-platform:\Windows\,sec-fetch-dest:empty,sec-fetch-mode:cors,sec-fetch-site:same-origin,user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/148.0.0.0 Safari/537.36}cookies{ttcid:af5b3b1648c84c7391a36100fe90a4fd97,_ga:GA1.1.476297729.1769422665,csrftoken:fdd499064e837df03671803402c28f48,gfkadpd:24,6457,local_city_cache:%E5%AE%9C%E5%AE%BE,_ga_QEHZPBE5HH:GS2.1.s1781161730$o3$g0$t1781161730$j60$l0$h0,tt_scid:p3iMkJt4STrUfibsf7H2kdo6gPbdqYzPKu4CcCk.D8FeGhWKOf-8DM7475.eOLQv963a,s_v_web_id:verify_mq95pgf2_2yp68J9v_uf6R_48n6_8FN1_sgic6IKuBWlC,ttwid:1%7CnX3WQ0jRn2nFx5Jv3aanvKwmVPT1oImP487VlFenCUg%7C1781161741%7Cf369a97a000e641173c5a84e0fdf3c8fd75dd96b675799b872941fd4df0f4d3c,tt_webid:7650031394076788270,__druidClientInfo:JTdCJTIyY2xpZW50V2lkdGglMjIlM0ExNjkyJTJDJTIyY2xpZW50SGVpZ2h0JTIyJTNBOTMyJTJDJTIyd2lkdGglMjIlM0ExNjkyJTJDJTIyaGVpZ2h0JTIyJTNBOTMyJTJDJTIyZGV2aWNlUGl4ZWxSYXRpbyUyMiUzQTEuNSUyQyUyMnVzZXJBZ2VudCUyMiUzQSUyMk1vemlsbGElMkY1LjAlMjAoV2luZG93cyUyME5UJTIwMTAuMCUzQiUyMFdpbjY0JTNCJTIweDY0KSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwKEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvKSUyMENocm9tZSUyRjE0OC4wLjAuMCUyMFNhZmFyaSUyRjUzNy4zNiUyMiU3RA}urlhttps://www.toutiao.com/api/pc/list/feedparams{channel_id:3189398996,min_behot_time:0,offset:0,refresh_count:1,category:pc_profile_channel,client_extra_params:{\short_video_item\:\filter\},aid:24,app_name:toutiao_web,msToken:8t_QpJRRFqYcOGrcnH9SSZmYb8g9eAj66WvkKiE1qDKY60gTOmYLzBQl-48rPMNfp4H0McdNDAMQ0PzAuJoaM3UsiB0ECMudfrDTejsX7DJvWU02R8ONFt6bQaY2FcSU,# a_bogus: mjmhBmugDkgBhV6d532LfY3qV1B3YDZj0t9bMDhq1xf8BL39HMT19exEmzivGzRjET//IeSjy4hbTrOgrQ/n81wf9Skw/2CZm6T0t-P2so0j53inCgWME0hN-vW3SFqQ-wNAEOsQy75tzbi0AIQn4kIAPyZea1gOEisnOtg}withopen(./a_bogus.js,r,encodingutf-8)asf:ctxexecjs.compile(f.read())a_bogusctx.call(get_a_bogus,urlencode(params))params[a_bogus]a_bogus responserequests.get(url,headersheaders,paramsparams)print(response.text)print(response)结果展示结语文章内容仅供学习参考如有侵权立即删除。

麒麟V10 SP1 + Qt + Qpid Proton 连接 Apache Artemis 实战指南

麒麟V10 SP1 + Qt + Qpid Proton 连接 Apache Artemis 实战指南一、背景在企业级消息中间件场景中，Apache Artemis 作为高性能、多协议的 ActiveMQ 替代品，广泛用于生产环境。然而，在国产操作系统麒麟 V10 SP1 上，使用 Qt 框架通过 AMQP 1.0 协议连接 Artemis 却有不少…...

2026/6/15 6:38:51 阅读更多 →

智能语音SoC设计避坑指南：基于芯原DSP核的低功耗与MFCC硬件加速实战解析

智能语音SoC设计避坑指南：基于芯原DSP核的低功耗与MFCC硬件加速实战解析在智能语音交互设备爆发的时代，如何设计一款兼具低功耗与高性能的语音SoC芯片，成为工程师们面临的核心挑战。本文将从一个资深工程师的视角，分享基于芯原ZSP…...

2026/6/15 6:37:57 阅读更多 →

构建模型健康守门人：实时ML监控与漂移检测实战

1. 项目概述：这不是一次“部署上线”，而是一场从实验室到产线的系统性迁移“From Notebook to Production: Running ML in the Real World (Part 4)”——这个标题里藏着一个被无数数据科学家反复咀嚼、又悄悄回避的真相：Jupyter Notebook 从…...

2026/6/15 6:37:55 阅读更多 →

SketchUp STL插件：打破数字设计与物理制造的壁垒

SketchUp STL插件：打破数字设计与物理制造的壁垒【免费下载链接】sketchup-stl A SketchUp Ruby Extension that adds STL (STereoLithography) file format import and export. 项目地址: https://gitcode.com/gh_mirrors/sk/sketchup-stl 你是否曾在Sketc…...

2026/6/15 6:07:42 阅读更多 →

初中生闭环能力的庖丁解牛

它的本质是：**对于初中生而言，闭环能力不是“完美主义”，而是 “作业-订正-掌握”的最小可行性循环 (MVP Loop of Homework-Correction-Mastery)。核心矛盾：初中阶段学科数量激增（从3门到7-8门）&#xff0…...

2026/6/15 2:33:18 阅读更多 →

FunClip革命：当大语言模型遇见视频剪辑，传统工作流如何被彻底颠覆

FunClip革命：当大语言模型遇见视频剪辑，传统工作流如何被彻底颠覆【免费下载链接】FunClip Open-source, accurate and easy-to-use video speech recognition & clipping tool. LLM-based AI clipping integrated. 项目地址: https://gitcode.co…...

2026/6/15 6:07:42 阅读更多 →

解锁Nintendo Switch终极潜力：3种大气层Atmosphere稳定版部署方案深度解析

解锁Nintendo Switch终极潜力：3种大气层Atmosphere稳定版部署方案深度解析【免费下载链接】Atmosphere-stable 大气层整合包系统稳定版项目地址: https://gitcode.com/gh_mirrors/at/Atmosphere-stable 大气层Atmosphere稳定版作为当前最成熟、最安全的Nin…...

2026/6/15 6:07:37 阅读更多 →