Walmark Px3 cookie 无感生成方式

image-20250107160137225

逻辑在 init.js 中,直接搜索 appID,往下面搜索有以上代码,下面是 t 里的值。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[
{
"t": "PX12095",
"d": {
"PX11645": "https://www.walmart.com/ip/seort/5176689360",
"PX12207": 0,
"PX12458": "Win32",
"PX11902": 0,
"PX11560": 48241,
"PX12248": 3600,
"PX11385": 1736236704893,
"PX12280": 1736236758016,
"PX11496": "2bea6bc0-cccd-11ef-ae81-fbced367ec06",
"PX12564": null,
"PX12565": 0,
"PX11379": true
}
}
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
参数说明:
payload:核心数据,已加密
appId: 网站唯一标识
tag: 版本号
uuid:客户端生成uuid
ft:版本相关固定值
seq: 请求序号,从0开始
en:固定值无效
pc:payload原文校验参数
pxhd:无效参数,可以忽略
rsc:请求序号,从1开始

PX11645:当前网站地址
PX12207:0 或者 1 0 表示没被iframe内嵌
PX12458:平台 。如: Win32 | HP-UX |Linux i686 | Linux armv7l |Mac68K MacPPC | |MacIntel |SunOS| Win16|Win32|WinCE|iPhone|iPod|iPad|Android|BlackBerry|Opera
PX11902:当前请求次数。从0开始
PX11560:页面加载时间。Math["round"](window["performance"]["now"]()) 当前页面
PX12248:目前看到都是3600。没有值的时候都是这个
PX11385:第一次载入时间
PX12280:请求时间 比PX11385 大30-60毫秒
PX11496:uuid
PX12565:初始值-1,后面可能会重置到0 获取其他值
PX11379:是否未引入px的js,一般是false,,注意如果个性化的也为true

这里是上面截图中的关键代码。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
var P = Yf(),
y = ge(it(t), function (t, e) {
return [df, t, e][Os({
a: 360
}.a)](":");
}(Vl[Sn], Vl[En])),
V = {
vid: Vt(),
tag: Vl[Sn],
appID: Vl[Nn],
cu: df,
cs: P,
pc: y
},
I = ps(t, V),
Q = ["payload=" + I, "appId=" + Vl[Nn], "tag=" + Vl[Sn], "uuid=" + df, "ft=" + Vl[En], "seq=" + il++, "en=" + "NTA"],
A = cs();
A && Q["push"]("xuuid=" + A), P && Q["push"]("cs=" + P), y && Q["push"]("pc=" + y);
var T = Vl[On](),
w = Ps(ls());
(T || w) && Q["push"]("sid=" + (T || $f()) + w);
var N = Vl[Mn]();
Vt() && Q["push"]("vid=" + Vt()), gf && Q["push"]("jsc=" + gf);
var S = pc;
S && Q["push"]("ci=" + S);
var E = (Sf || (Sf = Bu("_pxhd")), Sf);
return E && Q["push"]("pxhd=" + E), Fu && Q["push"]("cts=" + Fu), N["length"] >= 0 && Q["push"]["apply"](Q, N), Q;

这里代码是整个请求中用到的所有数据

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import requests


headers = {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9,en;q=0.8",
"cache-control": "no-cache",
"content-type": "application/x-www-form-urlencoded",
"dnt": "1",
"origin": "https://www.walmart.com",
"pragma": "no-cache",
"priority": "u=1, i",
"referer": "https://www.walmart.com/",
"sec-ch-ua": "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Windows\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "cross-site",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
}
url = "https://collector-pxu6b0qd2s.px-cloud.net/assets/js/bundle"
data = {
"payload": "aUkQRhAIEFR3c3pzWFldcWZ/DxAeEFYQCEkQVEtWd2hmQn5mXlEPEAhpEBFBW1VcH1tcH0VbVlVXRhAeEBFBW1VcH1tcH0VbVlVXRgxzAxAeEHoDEB4QdntkAQx2e2QDEB4QEUJKH1FTQkZRWlMQHhAQbx4QekVWWXBkXkdTWHMPEAgAAAseEGRbB0Z...",
"appId": "PXu6b0qd2S",
"tag": "v8.6.6",
"uuid": "161720c5-6b66-11ef-b7d1-74872d7b1421",
"ft": "316",
"seq": "4",
"en": "NTA",
"cs": "7cca811af4b3676764815c192e2bc4fe7e2a0c7f63826186b064127baf5dc2cf",
"pc": "8782412517980908",
"sid": "18d031ae-cccd-11ef-b85b-221e697331f9",
"vid": "43540667-9ff4-11ef-b132-eee7eed4f007",
"ci": "18d46770-cccd-11ef-a516-9fec7d408969",
"pxhd": "b7c0dd0925af78702d3f190b8571993d81e814ea2311fd65ff33f4a377f29947:43540667-9ff4-11ef-b132-eee7eed4f007",
"cts": "d0ed4e21-c41b-11ef-b09c-ac906cf847cf",
"rsc": "4"
}
response = requests.post(url, headers=headers, data=data)

print(response.text)
print(response)

逆向 ps 函数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
var encodeAndBtoa = function (t) {
return function (t) {
return btoa(encodeURIComponent(t).replace(/%([0-9A-F]{2})/g, (t, e) => String.fromCharCode("0x" + e)))
}
}();

function xorToString(t, e) {
let n = "";
for (let r = 0; r < t.length; r++)
n += String.fromCharCode(e ^ t.charCodeAt(r));
return n;
}

var mapValue = function (t, e, n, r, a) {
return Math.floor((t - e) / (n - e) * (a - r) + r);
};


var ps = function (t, e) {
let o = function () {
let e = "1604064986000";
return xorToString(encodeAndBtoa(e), 10);
}(),
i = JSON.stringify(t);
let a = encodeAndBtoa(xorToString(i, 50));
let c = e.cu;
let u = function (t, e, n) {
let v = xorToString(encodeAndBtoa(n), 10);
let g = [];
let d = -1;
for (let b = 0; b < t.length; b++) {
let p = Math.floor(b / v.length + 1);
let m = b >= v.length ? b % v.length : b;
let C = v.charCodeAt(m) * v.charCodeAt(p);
if (C > d) d = C;
}
for (let P = 0; t.length > P; P++) {
let y = Math.floor(P / v.length) + 1;
let V = P % v.length;
let I = v.charCodeAt(V) * v.charCodeAt(y);
while (I >= e) {
I = mapValue(I, 0, d, 0, e - 1);
}
while (g.indexOf(I) !== -1) I += 1;
g.push(I);
}
let Q = g.sort((t, e) => t - e);
return Q;
}(o, a.length, c);

a = function (t, e, n) {
let o = "";
let i = 0;
let c = t.split("");
for (let u = 0; u < t.length; u++) o += e.substring(i, n[u] - u - 1) + c[u], i = n[u] - u - 1;
return o + e.substring(i);
}(o, a, u);
return a;
};



function get_ps(a, b) {
return ps(JSON.parse(a), JSON.parse(b));
};

let a = '[{"t":"PX12095","d":{"PX11645":"https://www.walmart.com/ip/seort/5176689360","PX12207":0,"PX12458":"Win32","PX11902":0,"PX11560":5994,"PX12248":3600,"PX11385":1736153246227,"PX12280":1736153273613,"PX11496":"daac9f20-cc0a-11ef-a832-7f4cb7d1d488","PX12564":null,"PX12565":0,"PX11379":true}}]';
let b = '{"vid":"43540667-9ff4-11ef-b132-eee7eed4f007","tag":"v8.6.6","appID":"PXu6b0qd2S","cu":"daac9f20-cc0a-11ef-a832-7f4cb7d1d488","pc":"8736988427297909"}';
console.log(get_ps(a, b));

请求的返回响应为,其中 ob 对应的值为加密的字符串。

1
2
3
4
{
"do": null,
"ob": "UlIrUitSHgEXHBwcHCtSUisrKx5bU1tRVVJQWlFRVFpRUVpVWlFbWx5TVVtRUlRaUFtTUlpTVVdSVFFTVxwcHBxSKysrUisrKx5TVVFUUFFVU1BUUlNUHBwcHCsrKytSUh4BFhcHUgpbAQ4GFA4GVAYRCQkGUhwcHBxSKysrUisrUh5RWlZWHBwcHFJSKysrUh5bUAdaUldVUFYHBFcBWlFQVwMDU1JVBFcDVgZXAQFaB1ABBFoGBFZUUQNUB1pQAFtWA1dQUAZTBAEGAFNQVFAGHBwcHCsrKysrKx4BAR5UUh43UCQWODQsEgYlN1s2JSRWLRVfXxwcHBwrKysrKyseAQQSHlRSHlMcHBwcUisrKytSUlIePRIaBgceUVFSHgMGAVBaW1VXUlABAFRRUQYAUgNVBAEAA1tbAVNWUlBUVVABV1dXAFNRV1JXWlRbWwBbBgMDWltRB1EDUlJRAQRYBxsoUgM1Uw4BUTAKADojCy0IJ1EvGDsbLxgBGi8IOxUvNjhbHhYQFwceUVJS"
}

base64 解码后再 ^ (版本号 % 128)
当前版本号是 v8.6.6 就是 (866 % 128)

1
2
3
4
5
6
7
8
9
10
def me(t, e):
n = ''
for char in t:
n += chr(e ^ ord(char))
return n

def _dencrypt_payload(data: str):
decoded_string = base64.b64decode(data).decode('utf-8')
result = me(decoded_string, 866 % 128)
return result

解密后的字符串

1
IIIII0|_px3|330|b39c4f85f3b7ef32786b530e36f1ecf5d8d133255ef9a941706c0cda2ee2b3c7:bOMXQHw1sxy+VDNVm8xGmALkFY/EkOWSfOdm+wpq03wMTwqun9tbmJ+j4wYCU13DMERjU29UEdW1gb2AxGbR8Q==:1000:fd5VRZkSm8dIcXav+fGP9LcgtXWI5js2cRtLIVSpPT0etTjgu0Od5sVDe0FIx6Q33VwgKYlelY0PMmkCcxuWxcmcOalJYhbVKOIb6RI/Cex2+XHFfdJVbuAssAaf4dD2eiPYwqGYHoKJ95wxKlSmw+KfWj+7mM0ZRCPVQOF/Gq00FNWFMvJxPKvoHxaDTI/NsBEnuHj7muKKJq4gg0e7w80377q8VWhCjpUYJMSJ8y4=|true|300~~~~I0I0II|41c39690-ccd2-11ef-bb5f-2539b1567d82~~~~00I0I0|cu~~~~I00III|66721580434794701066|92459771505184326539~~~~0III0III|1736238889060~~~~IIII00|ctueea9cldvld6e31j6g~~~~0III0II0|7542~~~~0III00I0|41c399e1-ccd2-11ef-bb5f-2539b1567d82|true~~~~00III0|a9503cfe37d0752a5b6ea5b9329080625bbe9d30ca4f4fc7fc3eceec800eb521~~~~I000I0|41c382dc-ccd2-11ef-bb5f-a87dd06d0df6|31536000|true~~~~IIIIII|cc|60|U2FtZVNpdGU9TGF4Ow==~~~~IIIIII|cfp|60|1~~~~0IIII000|_pxde|330|0b94868f0eb7b7129cf16e96c3de42733784aa1156711aa0c1761c10c0bccf5a:eyJ0aW1lc3RhbXAiOjE3MzYyMzg4ODkwNjB9|true|300

解密后的字符串按照 ~~~~ 分割之后取 IIIII0 然后 _px3 对应的值为 b39..

拿着这个 cookie 去请求网页,如果不行尝试换以下代理 IP 和 UA

参考文章


Walmark Px3 cookie 无感生成方式
https://kingjem.github.io/2025/01/07/walmark-px3-cookie无感生成方式/
作者
Ruhai
发布于
2025年1月7日
许可协议