[js逆向学习] fastmoss电商网站——店铺排名

逆向目标

• 网站：https://www.fastmoss.com/shop-marketing/tiktok
• 接口：https://www.fastmoss.com/api/shop/shopList/
• 参数：fm-sign

逆向分析

我们今天要分析的是店铺排名，先分析网络请求，找到目标接口

按照上图操作Copy as cURL，将curl 转为 python request

直接分析测试 python 代码，加密点只能是 cookie 或 fm-sign参数，先来测试 cookie，代码里直接设置为 None 然后运行依然可以拿到请求结果，说明加密和 cookie 无关，那就只能是 fm-sign 参数了，如下

import requests


headers = {
   
   
    "fm-sign": "479f735a55570d174198e5c1ce93f515",
    "lang": "EN_US",
    "priority": "u=1, i",
    "referer": "https://www.fastmoss.com/shop-marketing/tiktok",
    "region": "US",
    "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
}
url = "https://www.fastmoss.com/api/shop/shopList/"
params = {
   
   
    "page": "1",
    "pagesize": "10",
    "order": "1,2",
    "region": "US",
    "_time": "1727184797",
    "cnonce": "57869802"
}
response = requests.get(url, headers=headers, cookies=None, params=params)

print(response.json())

逆向过程

搜索关键词 fm-sign