Go 语言写的爬虫如何模拟登录 T-Mobile 官网？求帮忙分析一下 T-Mobile 登录逻辑

3 years ago

source link: https://www.v2ex.com/t/790230
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

V2EX › Go

Go 语言写的爬虫如何模拟登录 T-Mobile 官网？求帮忙分析一下 T-Mobile 登录逻辑

theklf4 · 1 天前 · 1427 次点击

account.t-mobile.com/signin/v2/第一次用 Go 写爬虫，需要爬一些 T-Mobile 登录后可见的数据，但 T-Mobile 登录逻辑我好像看不懂，登录前请求头里的 Authorization 是从哪里获取的，这个密码又是怎么加密的呢？折腾了两天怎么模拟登录都是 500 错误，它们 cookies 的有效期又只有 15 分钟。用 Selenium 的话太慢了，除了 Selenium 外还有什么好办法么？

12 条回复 • 2021-07-19 21:49:06 +08:00

wangbenjun5 1 天前

爬虫写的好，牢饭吃得饱

learningman 1 天前 1

"登录前请求头里的 Authorization 是从哪里获取的"XMLHttpRequest 或者 fetch 的参数，js 生成的但是我觉得你这个都搞不懂，多半也就不用指望能自己破解了。。。

vone 1 天前

JWT 做的登录认证，其实就是 Base64URL 编码。
我从 account.t-mobile.com/signin/v2/的请求（未登录）中随便拿了一个请求的 authorization：
Bearer eyJraWQiOiI0NDY3MzUxNy04MTc4LTJjYTMtOWU3MC1mZTZiYjg4YjU2OTIiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJTSURXZWIiLCJydCI6IntcInNlZ21lbnRhdGlvbklkXCI6XCJUSVRBTlwifSIsImRlYWxlckNvZGUiOiIiLCJpc3MiOiJodHRwczpcL1wvYXBpLnQtbW9iaWxlLmNvbVwvb2F1dGgyXC92NiIsIm1hc3RlckRlYWxlckNvZGUiOiIiLCJhdXRoVGltZSI6IjE2MjY2NjAyMDcwMTgiLCJzdG9yZUlkIjoiIiwidXNuIjoiOTFhZGJlZDEtYWRiYy1jYTdlLTkzZjQtMmQzMmZjMmIxM2VhIiwiYXVkIjoiU0lEV2ViIiwic2VuZGVySWQiOiIiLCJuYmYiOjE2MjY2NjAyMDcsInNjb3BlIjoiIiwiY25mIjoiLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS1NSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJhVENxSU55c2tldmRCMmlcL1wvV2ttSWhQTHNJcFRvdFN6Z2FJRm94ZFdocGFQQ0NnSkNcL1hsTk9tT0lPQU5ubVZxalpMY3pjSU8xOHlFM3N4UHBXWktOdEgyY0grS1FtaFgrV05NeVNTMWhlem81WWpRcnJka1JhK1hXeFN1ZXl2WXZmNlBTRmtUXC9sZlpESlhUY1hET3g4WlYrMWF0QVp6U1JFbTFVbGpCRVZuODg0T2tUUDh6SENlRFJ3UXFpQ09ZWnZFdkxoTnBRdXk5K0hmMG9Zc0FQcVNTTGdHdmtuXC9RYjVMMytocmlzOWxSQTh1SXlIU0Uxc2F0WU1FcjFWbUUyWExyMkpOOTVaalc2eU50Q0lVSE1aN2MxUHF6emwrcUMzbGVrbHpXRWh5WjBhbWc4SkE2VTlRZEhtdm5La1RWaVZkNlphYWgwOHJKM3VLTkw3Z2xRSURBUUFCLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tIiwiYXBwbGljYXRpb25JZCI6IiIsImV4cCI6MTYyNjY2MzgwNywiaWF0IjoxNjI2NjYwMjA3LCJjaGFubmVsSWQiOiIiLCJqdGkiOiI4MzlmOWIyYy1lYzRhLWJkODctODU1Mi1lNjk1NDhiYTBlNTkifQ.VL3ycdnrwGyNdN_p201muTg7SUBVNUs6xZdR3B7oEAjask-pWtA2h_9M91I_u1hHkHRoriV1wd1UUPTdJ7DGcWGQtJ2dhb3s_IwpJu_ppY8nnEHhAz8O7fhGOeBpXxlI_W6FEulCznh-c5El3DcHBDccIYiU2xgPcGBQDOv7zU5e3YslOvOFCzLLLgNnRSQDRirf_nKZPOdn79TtL5OzgPiY85OP5YJcJYqAD2QUtOekML59s8Y--wbrTQudS_9uqMOSDFttaF6FzH8hOw0q7-rq-MlrumIQQgPAQxHHFdjy6o3fpo6lDKLSyGYhI90G_Zi4JyeFwpx0p4OHTuG7DQ

JWT 有三段信息（ Header.Payload.Signature ），用符号 “.”分割，分别用 Base64URL 解码。

Header：
{"kid":"44673517-8178-2ca3-9e70-fe6bb88b5692","typ":"JWT","alg":"RS256"}
Payload：
{"sub":"SIDWeb","rt":"{\"segmentationId\":\"TITAN\"}","dealerCode":"","iss":"https:\/\/api.t-mobile.com\/oauth2\/v6","masterDealerCode":"","authTime":"1626660207018","storeId":"","usn":"91adbed1-adbc-ca7e-93f4-2d32fc2b13ea","aud":"SIDWeb","senderId":"","nbf":1626660207,"scope":"","cnf":"-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraTCqINyskevdB2i\/\/WkmIhPLsIpTotSzgaIFoxdWhpaPCCgJC\/XlNOmOIOANnmVqjZLczcIO18yE3sxPpWZKNtH2cH+KQmhX+WNMySS1hezo5YjQrrdkRa+XWxSueyvYvf6PSFkT\/lfZDJXTcXDOx8ZV+1atAZzSREm1UljBEVn884OkTP8zHCeDRwQqiCOYZvEvLhNpQuy9+Hf0oYsAPqSSLgGvkn\/Qb5L3+hris9lRA8uIyHSE1satYMEr1VmE2XLr2JN95ZjW6yNtCIUHMZ7c1Pqzzl+qC3leklzWEhyZ0amg8JA6U9QdHmvnKkTViVd6Zaah08rJ3uKNL7glQIDAQAB-----END PUBLIC KEY-----","applicationId":"","exp":1626663807,"iat":1626660207,"channelId":"","jti":"839f9b2c-ec4a-bd87-8552-e69548ba0e59"}

Signature：乱码

解码地址：
https://base64.guru/standards/base64url/decode

Recommend