某医保服务平台逆向参数(未完待续)

滲透逆向 · 4 天前 · 9 人浏览

网址:aHR0cHM6Ly9mdXd1Lm5oc2EuZ292LmNuLw==
/(ㄒoㄒ)/~~哎呀这个老烦人了,我明明参数都解决了,就是不给通过,我寻思着算法应该没问题啊。等大佬来解惑。
可以看到需要分析 x-tif-signature、signData、encData

2025-06-03T11:04:14.png
2025-06-03T11:05:11.png


1.x-tif-signature的话直接就能搞定了。测试过了是原生的sha256.
2025-06-03T11:07:50.png
2025-06-03T11:14:07.png
2025-06-03T11:14:56.png
2.signData也在这个f函数内部被赋值,往下断点。
这是未进入 t.data.signData 函数内部的t值

{
    "transformRequest": {},
    "transformResponse": {},
    "timeout": 30000,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "headers": {
        "common": {
            "Accept": "application/json, text/plain, */*"
        },
        "delete": {},
        "get": {},
        "head": {},
        "post": {
            "Content-Type": "application/x-www-form-urlencoded"
        },
        "put": {
            "Content-Type": "application/x-www-form-urlencoded"
        },
        "patch": {
            "Content-Type": "application/x-www-form-urlencoded"
        },
        "Accept": "application/json",
        "Content-Type": "application/json",
        "channel": "web",
        "x-tif-signature": "7bc75626f25f9868c581267811f04303a4c9738c929896fb8bbd8cc61f6851cb",
        "x-tif-timestamp": 1748948762,
        "x-tif-nonce": "L8cUGQAf",
        "contentType": "application/x-www-form-urlencoded"
    },
    "withCredentials": false,
    "baseURL": "/ebus/fuwu/api",
    "method": "post",
    "url": "/nthl/api/CommQuery/queryFixedHospital",
    "data": {
        "data": {
            "addr": "",
            "regnCode": "110000",
            "medinsName": "",
            "medinsLvCode": "",
            "medinsTypeCode": "",
            "outMedOpenFlag": "",
            "pageNum": 1,
            "pageSize": 10,
            "queryDataSource": "es"
        },
        "appCode": "T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ",
        "version": "1.0.0",
        "encType": "SM4",
        "signType": "SM2",
        "timestamp": 1748948762
    }
}

然后进入后发现return返回的就是signData值,这一段扣完,o是sm2加密,在上面有赋值,复制到本地后我们使用标准库来加密(这里可能有被魔改,我没试过,但是有概率),然后下面的e.from改成Buffer.from就可以了。
2025-06-03T11:19:38.png
2025-06-03T11:23:45.png
3.最后一个就是encData,断点后发现里面是个自执行函数,默认传递的是"SM4"。复制到本地然后就是补代码啊。
2025-06-03T11:28:53.png
2025-06-03T11:31:31.png
当补到b的时候然后跟进去,我决定定义一个webpack形式来导出。写一个自执行函数然后把加载器抠出来再模块导入这个,一直补。
2025-06-03T11:34:01.png
2025-06-03T11:35:27.png
2025-06-03T11:45:33.png
2025-06-03T12:44:23.png
外部再定义一个变量接收,然后直接替换那个s,就没问题了。可惜结果是这个算法是抠出来了结果也是对的就是请求发送后拒绝服务,这个反爬手段到底是什么呢?摸不着头脑。下面给出我的代码示例。

const CryptoJs = require("crypto-js");
const sm = require("sm-crypto");
var uu;

!(function (e) {
  var n = {},
    i = {
      app: 0,
    },
    r = {
      app: 0,
    };
  function o(t) {
    if (n[t]) return n[t].exports;
    var i = (n[t] = {
      i: t,
      l: !1,
      exports: {},
    });
    console.log("Loading module: " + t);
    return e[t].call(i.exports, i, i.exports, o), (i.l = !0), i.exports;
  }
  (o.e = function (e) {
    var t = [];
    i[e]
      ? t.push(i[e])
      : 0 !== i[e] &&
        {
          DetailModule: 1,
          ServiceCatalog: 1,
          ServiceSearchModule: 1,
          "announcement-list": 1,
          "download-page": 1,
          home: 1,
          personLogin: 1,
          search: 1,
        }[e] &&
        t.push(
          (i[e] = new Promise(function (t, n) {
            for (
              var r =
                  "static/css/" +
                  ({
                    DetailModule: "DetailModule",
                    ServiceCatalog: "ServiceCatalog",
                    ServiceSearchModule: "ServiceSearchModule",
                    "announcement-list": "announcement-list",
                    "download-page": "download-page",
                    home: "home",
                    personLogin: "personLogin",
                    redirect: "redirect",
                    search: "search",
                    pdfjsWorker: "pdfjsWorker",
                  }[e] || e) +
                  "." +
                  {
                    DetailModule: "5e631d12",
                    ServiceCatalog: "8bad003f",
                    ServiceSearchModule: "580d15e2",
                    "announcement-list": "ee54d713",
                    "download-page": "a9c8d3ee",
                    home: "0dc1a1a8",
                    personLogin: "acd0e1ca",
                    redirect: "31d6cfe0",
                    search: "3013d579",
                    pdfjsWorker: "31d6cfe0",
                  }[e] +
                  ".css",
                a = o.p + r,
                s = document.getElementsByTagName("link"),
                l = 0;
              l < s.length;
              l++
            ) {
              var u =
                (h = s[l]).getAttribute("data-href") || h.getAttribute("href");
              if ("stylesheet" === h.rel && (u === r || u === a)) return t();
            }
            var c = document.getElementsByTagName("style");
            for (l = 0; l < c.length; l++) {
              var h;
              if ((u = (h = c[l]).getAttribute("data-href")) === r || u === a)
                return t();
            }
            var d = document.createElement("link");
            (d.rel = "stylesheet"),
              (d.type = "text/css"),
              (d.onload = t),
              (d.onerror = function (t) {
                var r = (t && t.target && t.target.src) || a,
                  o = new Error(
                    "Loading CSS chunk " + e + " failed.\n(" + r + ")"
                  );
                (o.code = "CSS_CHUNK_LOAD_FAILED"),
                  (o.request = r),
                  delete i[e],
                  d.parentNode.removeChild(d),
                  n(o);
              }),
              (d.href = a),
              document.getElementsByTagName("head")[0].appendChild(d);
          }).then(function () {
            i[e] = 0;
          }))
        );
    var n = r[e];
    if (0 !== n)
      if (n) t.push(n[2]);
      else {
        var a = new Promise(function (t, i) {
          n = r[e] = [t, i];
        });
        t.push((n[2] = a));
        var s,
          l = document.createElement("script");
        (l.charset = "utf-8"),
          (l.timeout = 120),
          o.nc && l.setAttribute("nonce", o.nc),
          (l.src = (function (e) {
            return (
              o.p +
              "" +
              ({
                DetailModule: "DetailModule",
                ServiceCatalog: "ServiceCatalog",
                ServiceSearchModule: "ServiceSearchModule",
                "announcement-list": "announcement-list",
                "download-page": "download-page",
                home: "home",
                personLogin: "personLogin",
                redirect: "redirect",
                search: "search",
                pdfjsWorker: "pdfjsWorker",
              }[e] || e) +
              ".1742369784023.js"
            );
          })(e));
        var u = new Error();
        s = function (t) {
          (l.onerror = l.onload = null), clearTimeout(c);
          var n = r[e];
          if (0 !== n) {
            if (n) {
              var i = t && ("load" === t.type ? "missing" : t.type),
                o = t && t.target && t.target.src;
              (u.message =
                "Loading chunk " + e + " failed.\n(" + i + ": " + o + ")"),
                (u.name = "ChunkLoadError"),
                (u.type = i),
                (u.request = o),
                n[1](u);
            }
            r[e] = void 0;
          }
        };
        var c = setTimeout(function () {
          s({
            type: "timeout",
            target: l,
          });
        }, 12e4);
        (l.onerror = l.onload = s), document.head.appendChild(l);
      }
    return Promise.all(t);
  }),
    (o.m = e),
    (o.c = n),
    (o.d = function (e, t, n) {
      o.o(e, t) ||
        Object.defineProperty(e, t, {
          enumerable: !0,
          get: n,
        });
    }),
    (o.r = function (e) {
      "undefined" != typeof Symbol &&
        Symbol.toStringTag &&
        Object.defineProperty(e, Symbol.toStringTag, {
          value: "Module",
        }),
        Object.defineProperty(e, "__esModule", {
          value: !0,
        });
    }),
    (o.t = function (e, t) {
      if ((1 & t && (e = o(e)), 8 & t)) return e;
      if (4 & t && "object" == typeof e && e && e.__esModule) return e;
      var n = Object.create(null);
      if (
        (o.r(n),
        Object.defineProperty(n, "default", {
          enumerable: !0,
          value: e,
        }),
        2 & t && "string" != typeof e)
      )
        for (var i in e)
          o.d(
            n,
            i,
            function (t) {
              return e[t];
            }.bind(null, i)
          );
      return n;
    }),
    (o.n = function (e) {
      var t =
        e && e.__esModule
          ? function () {
              return e.default;
            }
          : function () {
              return e;
            };
      return o.d(t, "a", t), t;
    }),
    (o.o = function (e, t) {
      return Object.prototype.hasOwnProperty.call(e, t);
    }),
    (o.p = ""),
    (o.oe = function (e) {
      throw e;
    });

  uu = o;
})({
  e04e: function (e, t, n) {
    "use strict";
    n.r(t),
      n.d(t, "encrypt", function () {
        return p;
      }),
      n.d(t, "decrypt", function () {
        return m;
      });
    var i = 0,
      r = 32,
      o = 16,
      a = [
        214, 144, 233, 254, 204, 225, 61, 183, 22, 182, 20, 194, 40, 251, 44, 5,
        43, 103, 154, 118, 42, 190, 4, 195, 170, 68, 19, 38, 73, 134, 6, 153,
        156, 66, 80, 244, 145, 239, 152, 122, 51, 84, 11, 67, 237, 207, 172, 98,
        228, 179, 28, 169, 201, 8, 232, 149, 128, 223, 148, 250, 117, 143, 63,
        166, 71, 7, 167, 252, 243, 115, 23, 186, 131, 89, 60, 25, 230, 133, 79,
        168, 104, 107, 129, 178, 113, 100, 218, 139, 248, 235, 15, 75, 112, 86,
        157, 53, 30, 36, 14, 94, 99, 88, 209, 162, 37, 34, 124, 59, 1, 33, 120,
        135, 212, 0, 70, 87, 159, 211, 39, 82, 76, 54, 2, 231, 160, 196, 200,
        158, 234, 191, 138, 210, 64, 199, 56, 181, 163, 247, 242, 206, 249, 97,
        21, 161, 224, 174, 93, 164, 155, 52, 26, 85, 173, 147, 50, 48, 245, 140,
        177, 227, 29, 246, 226, 46, 130, 102, 202, 96, 192, 41, 35, 171, 13, 83,
        78, 111, 213, 219, 55, 69, 222, 253, 142, 47, 3, 255, 106, 114, 109,
        108, 91, 81, 141, 27, 175, 146, 187, 221, 188, 127, 17, 217, 92, 65, 31,
        16, 90, 216, 10, 193, 49, 136, 165, 205, 123, 189, 45, 116, 208, 18,
        184, 229, 180, 176, 137, 105, 151, 74, 12, 150, 119, 126, 101, 185, 241,
        9, 197, 110, 198, 132, 24, 240, 125, 236, 58, 220, 77, 32, 121, 238, 95,
        62, 215, 203, 57, 72,
      ],
      s = [
        462357, 472066609, 943670861, 1415275113, 1886879365, 2358483617,
        2830087869, 3301692121, 3773296373, 4228057617, 404694573, 876298825,
        1347903077, 1819507329, 2291111581, 2762715833, 3234320085, 3705924337,
        4177462797, 337322537, 808926789, 1280531041, 1752135293, 2223739545,
        2695343797, 3166948049, 3638552301, 4110090761, 269950501, 741554753,
        1213159005, 1684763257,
      ];
    function l(e, t) {
      return (e << t) | (e >>> (32 - t));
    }
    function u(e) {
      return (
        ((255 & a[(e >>> 24) & 255]) << 24) |
        ((255 & a[(e >>> 16) & 255]) << 16) |
        ((255 & a[(e >>> 8) & 255]) << 8) |
        (255 & a[255 & e])
      );
    }
    function c(e) {
      return e ^ l(e, 2) ^ l(e, 10) ^ l(e, 18) ^ l(e, 24);
    }
    function h(e) {
      return e ^ l(e, 13) ^ l(e, 23);
    }
    function d(e, t, n) {
      for (var i, r, o = new Array(4), a = new Array(4), s = 0; s < 4; s++)
        (a[0] = 255 & e[0 + 4 * s]),
          (a[1] = 255 & e[1 + 4 * s]),
          (a[2] = 255 & e[2 + 4 * s]),
          (a[3] = 255 & e[3 + 4 * s]),
          (o[s] = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]);
      for (i = 0; i < 32; i += 4)
        (r = u((r = o[1] ^ o[2] ^ o[3] ^ n[i + 0]))),
          (o[0] ^= c(r)),
          (r = u((r = o[2] ^ o[3] ^ o[0] ^ n[i + 1]))),
          (o[1] ^= c(r)),
          (r = u((r = o[3] ^ o[0] ^ o[1] ^ n[i + 2]))),
          (o[2] ^= c(r)),
          (r = u((r = o[0] ^ o[1] ^ o[2] ^ n[i + 3]))),
          (o[3] ^= c(r));
      for (var l = 0; l < 16; l += 4)
        (t[l] = (o[3 - l / 4] >>> 24) & 255),
          (t[l + 1] = (o[3 - l / 4] >>> 16) & 255),
          (t[l + 2] = (o[3 - l / 4] >>> 8) & 255),
          (t[l + 3] = 255 & o[3 - l / 4]);
    }
    function f(e, t, n) {
      var a = [],
        l = 0,
        c = new Array(r);
      !(function (e, t, n) {
        for (var r, o, a = new Array(4), l = new Array(4), c = 0; c < 4; c++)
          (l[0] = 255 & e[0 + 4 * c]),
            (l[1] = 255 & e[1 + 4 * c]),
            (l[2] = 255 & e[2 + 4 * c]),
            (l[3] = 255 & e[3 + 4 * c]),
            (a[c] = (l[0] << 24) | (l[1] << 16) | (l[2] << 8) | l[3]);
        for (
          a[0] ^= 2746333894,
            a[1] ^= 1453994832,
            a[2] ^= 1736282519,
            a[3] ^= 2993693404,
            r = 0;
          r < 32;
          r += 4
        )
          (o = u((o = a[1] ^ a[2] ^ a[3] ^ s[r + 0]))),
            (t[r + 0] = a[0] ^= h(o)),
            (o = u((o = a[2] ^ a[3] ^ a[0] ^ s[r + 1]))),
            (t[r + 1] = a[1] ^= h(o)),
            (o = u((o = a[3] ^ a[0] ^ a[1] ^ s[r + 2]))),
            (t[r + 2] = a[2] ^= h(o)),
            (o = u((o = a[0] ^ a[1] ^ a[2] ^ s[r + 3]))),
            (t[r + 3] = a[3] ^= h(o));
        if (n === i)
          for (r = 0; r < 16; r++)
            (o = t[r]), (t[r] = t[31 - r]), (t[31 - r] = o);
      })(t, c, n),
        new Array(16);
      for (var f = new Array(16), p = e.length; p >= o; ) {
        d(e.slice(l, l + 16), f, c);
        for (var m = 0; m < o; m++) a[l + m] = f[m];
        (p -= o), (l += o);
      }
      return a;
    }
    function p(e, t) {
      return f(e, t, 1);
    }
    function m(e, t) {
      return f(e, t, 0);
    }
    t.default = {
      encrypt: p,
      decrypt: m,
    };
  },
});
l = {
  appCode: "T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ",
  version: "1.0.0",
  appSecret: "NMVFVILMKT13GEMD3BKPKCTBOQBPZR2P",
  publicKey:
    "BEKaw3Qtc31LG/hTPHFPlriKuAn/nzTWl8LiRxLw4iQiSUIyuglptFxNkdCiNXcXvkqTH79Rh/A2sEFU6hjeK3k=",
  privateKey: "AJxKNdmspMaPGj+onJNoQ0cgWk2E3CYFWKBJhpcJrAtC",
  publicKeyType: "base64",
  privateKeyType: "base64",
};
u = l.appCode;
c = l.appSecret;
h = l.publicKey;
d = l.privateKey;

function ioo() {
  var e,
    t,
    n,
    i = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ",
    r = "0123456789";
  return (
    (e = o(
      6,
      "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
    )),
    (t = o(1, i)),
    (n = o(1, r)),
    t + n + e
  );
  function o(e, t) {
    e = e || 32;
    for (var n = "", i = 0; i < e; i++)
      n += t.charAt(Math.ceil(1e3 * Math.random()) % t.length);
    return n;
  }
}
function v(e) {
  var t = [];
  for (var n in e)
    if (e.hasOwnProperty(n) && (e[n] || "".concat(e[n])))
      if ("data" === n) {
        var i = Object.assign({}, e[n]);
        for (var r in i) {
          if (
            (("number" != typeof i[r] && "boolean" != typeof i[r]) ||
              (i[r] = "" + i[r]),
            Array.isArray(i[r]) && !i[r].length && delete i[r],
            Array.isArray(i[r]) && i[r].length > 0)
          )
            for (var o = 0; o < i[r].length; o++) i[r][o] = p(i[r][o]);
          (null != i[r] && i[r]) || delete i[r];
        }
        var a = p(i);
        t.push("".concat(n, "=").concat(JSON.stringify(a)));
      } else t.push("".concat(n, "=").concat(e[n]));
  return t.push("key=".concat(c)), t.join("&");
}

function p(e) {
  var t = new Array(),
    n = 0;
  for (var i in e) (t[n] = i), n++;
  var r = [].concat(t).sort(),
    o = {};
  for (var a in r) o[r[a]] = e[r[a]];
  return o;
}

function m(e) {
  var t = {},
    n = ["signData", "encData", "extra"];
  for (var i in e)
    e.hasOwnProperty(i) && !n.includes(i) && null != e[i] && (t[i] = e[i]);
  return t;
}
function y(e, t) {
  return A(
    b(A(e.substr(0, 16)), A(t))
      .toUpperCase()
      .substr(0, 16)
  );
}
function b(t, n) {
  var i = 16 - parseInt(n.length % 16);
  n = n.concat(new Array(i).fill(i));
  var r = uu("e04e").encrypt(n, t);
  return Buffer.from(r).toString("hex");
}

function A(e) {
  var t,
    n,
    i = new Array();
  t = e.length;
  for (var r = 0; r < t; r++)
    (n = e.charCodeAt(r)) >= 65536 && n <= 1114111
      ? (i.push(((n >> 18) & 7) | 240),
        i.push(((n >> 12) & 63) | 128),
        i.push(((n >> 6) & 63) | 128),
        i.push((63 & n) | 128))
      : n >= 2048 && n <= 65535
      ? (i.push(((n >> 12) & 15) | 224),
        i.push(((n >> 6) & 63) | 128),
        i.push((63 & n) | 128))
      : n >= 128 && n <= 2047
      ? (i.push(((n >> 6) & 31) | 192), i.push((63 & n) | 128))
      : i.push(255 & n);
  return i;
}

function Params(pageNum) {
  t = {
    transformRequest: {},
    transformResponse: {},
    timeout: 30000,
    xsrfCookieName: "XSRF-TOKEN",
    xsrfHeaderName: "X-XSRF-TOKEN",
    maxContentLength: -1,
    headers: {
      common: {
        Accept: "application/json, text/plain, */*",
      },
      delete: {},
      get: {},
      head: {},
      post: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      put: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      patch: {
        "Content-Type": "application/x-www-form-urlencoded",
      },
      Accept: "application/json",
      "Content-Type": "application/json",
      channel: "web",
    },
    withCredentials: false,
    baseURL: "/ebus/fuwu/api",
    method: "post",
    url: "/nthl/api/CommQuery/queryFixedHospital",
    data: {
      addr: "",
      regnCode: "110000",
      medinsName: "",
      medinsLvCode: "",
      medinsTypeCode: "",
      outMedOpenFlag: "",
      pageNum: pageNum,
      pageSize: 10,
      queryDataSource: "es",
    },
  };

  var r = CryptoJs.SHA256;
  (s = Math.ceil(new Date().getTime() / 1e3)), (h = ioo()), (f = s + h + s);
  return (
    t.headers["x-tif-paasid"] = undefined,
    t.headers["x-tif-signature"] = r(f).toString(CryptoJs.enc.Hex),
    t.headers["x-tif-timestamp"] = s,
    t.headers["x-tif-nonce"] = h,
    t.headers.Accept = "application/json",
    t.headers.contentType = "application/x-www-form-urlencoded",
    t.data = {
      data: t.data || {},
    },
    t.data.appCode = l.appCode,
    t.data.version = l.version,
    t.data.encType = "SM4",
    t.data.signType = "SM2",
    t.data.timestamp = s,
    t.data.signData = (function (t) {
      try {
        var n = m(t.data),
          i = p(n);
        i.data = p(i.data);
        var r = v(i),
          a = sm.sm2.doSignature(r, d, {
            hash: !0,
          });
        return Buffer.from(a, "hex").toString("base64");
      } catch (e) {
        console.error(e);
      }
    })(t),
    (t.data.data = {
      encData: (function (e, t) {
        switch (e.toUpperCase()) {
          case "SM2":
            return (function (e) {
              try {
                var t = o.generateKeyPairHex(),
                  n = t.publicKey,
                  i = e;
                o.doEncrypt(i, n, 1);
              } catch (e) {}
            })(t);
          case "SM3":
            return (function (e) {
              try {
                var t = a(e);
                return t;
              } catch (e) {}
            })(t);
          case "SM4":
            return (function (e) {
              try {
                for (
                  var t = e.data.data && JSON.stringify(e.data.data),
                    n = "",
                    i = 0;
                  i < t.length;
                  i++
                ) {
                  var r = t.charAt(i),
                    o = t.charCodeAt(i);
                  n += o > 127 ? "\\u" + o.toString(16).padStart(4, "0") : r;
                }
                var a = A(n);
                e.data.appCode && e.data.appCode !== u && (u = e.data.appCode);
                var s = y(u, c),
                  l = b(s, a);
                return l.toUpperCase();
              } catch (e) {
                console.error(e);
              }
            })(t);
        }
      })("SM4", t),
    }),
    t
  );
}



GG = function() {
        function t(t) {
            return t < 0 ? NaN : t <= 30 ? 0 | Math.random() * (1 << t) : t <= 53 ? (0 | Math.random() * (1 << 30)) + (0 | Math.random() * (1 << t - 30)) * (1 << 30) : NaN
        }
        function e(t, e) {
            for (var n = t.toString(16), r = e - n.length, i = "0"; r > 0; r >>>= 1,
            i += i)
                1 & r && (n = i + n);
            return n
        }
        return function(n) {
            var r = "-";
            return n && (r = ""),
            e(t(32), 8) + r + e(t(16), 4) + r + e(16384 | t(12), 4) + r + e(32768 | t(14), 4) + r + e(t(48), 12)
        }
    }()

function getx(){
  n = GG(!0).substring(0, 16)
  return n
}

我的python代码:

import re
import Tools
import requests
session = requests.session()

headers = {
    'Accept': '*/*',
    'Accept-Language': 'zh-TW,zh;q=0.9',
    'Cache-Control': 'no-cache',
    'Connection': 'keep-alive',
    'Pragma': 'no-cache',
    'Referer': 'https://fuwu.nhsa.gov.cn/nationalHallSt/',
    'Sec-Fetch-Dest': 'script',
    'Sec-Fetch-Mode': 'no-cors',
    'Sec-Fetch-Site': 'same-origin',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36',
    'sec-ch-ua': '"Chromium";v="136", "Google Chrome";v="136", "Not.A/Brand";v="99"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
}

response = session.get('https://fuwu.nhsa.gov.cn/tinyun/tinyun-agent.js', headers=headers).text
key = re.findall('"key":"(.*?)",', response)[0]


JS_Data = Tools.runJS('国家医保服务平台.js', 'Params', 1)
x = Tools.runJS('国家医保服务平台.js', 'getx')
x_tif_sign = JS_Data['headers']["x-tif-signature"]
encData = JS_Data['data']['data']['encData']
timestamp = JS_Data['data']['timestamp']
signData = JS_Data['data']['signData']
nonce = JS_Data['headers']['x-tif-nonce']

headers = {
    'Accept': 'application/json',
    'Accept-Language': 'zh-TW,zh;q=0.9',
    'Cache-Control': 'no-cache',
    'Connection': 'keep-alive',
    'Content-Type': 'application/json',
    'Origin': 'https://fuwu.nhsa.gov.cn',
    'Pragma': 'no-cache',
    'Referer': 'https://fuwu.nhsa.gov.cn/nationalHallSt/',
    'Sec-Fetch-Dest': 'empty',
    'Sec-Fetch-Mode': 'cors',
    'Sec-Fetch-Site': 'same-origin',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36',
    'X-Tingyun': f'c=B|{key};x={x}',
    'channel': 'web',
    'contentType': 'application/x-www-form-urlencoded',
    'sec-ch-ua': '"Chromium";v="136", "Google Chrome";v="136", "Not.A/Brand";v="99"',
    'sec-ch-ua-mobile': '?0',
    'sec-ch-ua-platform': '"Windows"',
    'x-tif-nonce': nonce,
    'x-tif-paasid': 'undefined',
    'x-tif-signature': x_tif_sign,
    'x-tif-timestamp': str(timestamp),
}

json_data = {
    'data': {
        'data': {
            'encData': encData,
        },
        'appCode': 'T98HPCGN5ZVVQBS8LZQNOAEXVI9GYHKQ',
        'version': '1.0.0',
        'encType': 'SM4',
        'signType': 'SM2',
        'timestamp': int(timestamp),
        'signData': signData,
    },
}
# data = json.dumps(json_data, separators=(',', ':'))
response = session.post(
    'https://fuwu.nhsa.gov.cn/ebus/fuwu/api/nthl/api/CommQuery/queryFixedHospital',
    headers=headers,
    json=json_data,
).text
print(response)
本站立足于美利堅合衆國,請讀者自覺遵守當地法律!如有違規,本站不承擔任何法律責任! This site is based in the United States of America, readers are requested to abide by local laws! If there are any violations, this site does not bear any legal responsibility! Theme Jasmine by Kent Liao