新版1004 phantom-token

請求頭中包含phantom-token

定位到 window.signature

熟悉的vmp 和xhs一樣

最新環境檢測點

最新檢測 canvas 下的 toDataURL方法較嚴

過程中 會用setAttribute給canvas 設置width height 從而使toDataURL返回不同的值

如果寫死toDataURL的·返回值 就會被檢測到

根據代碼運行過程 實現不同的返回值

最后再加上 toString保護

可以發現明文 由#拼接 前后并加上3個隨機字符

"\7Vd1f35a3b7cb51a5c525dae43ae89113f.iM#Q1P1746791297762`lQ#&GDhttps%3A%2F%2Fhk.trip.com%2Fhotels%2Fdetail%2F%3FcityId%3D36%26hotelId%3D68087435%26checkIn%3D2025-05-09%26checkOut%3D2025-05-10%26adult%3D2%26children%3D0%26subStamp%3D610%26crn%3D1%26travelpurpose%3D0%26curr%3DCNY%26link%3Dtitle%26hoteluniquekey%3DH4sIAAAAAAyQI#mh,1746757262522.4469wWoXds1f-rt#23|3939585e-5cc8-43af-b0c3-56074e83420cOf%#^B3692c3b2c2[k#jrS24?9C#:qtWin32po7#7|?-480n7?#Rf.zh-CN92#hZ<1920x10801LL#?mz1920x1032fO+#byW400(OY#H+*normalV4l#P5I;96#.X&?c3#odhY?`#Zp1C~t#z}Z150d.d#SE5Google Inc. (Intel)p€E#eEP10320668147Mo"

['1f35a3b7cb51a5c525dae43ae89113f', '1746791297762', '{location.href}', '1746757262522.4469wWoXds1f', '3939585e-5cc8-43af-b0c3-56074e83420c', '692c3b2c', '24', 'Win32', '-480', 'zh-CN', '1920x1080', '1920x1032', '400', 'normal', 'P5I;96', '.X&\x81c3', 'odhY?`', 'Zp1C~t', '150', 'Google Inc. (Intel)', '1032066814']

這里可以發現一些瀏覽器環境指紋
時間戳 location.href crypto.randomUUID
692c3b2c 是canvas的指紋
Screen.colorDepth
navigator.platform
availwidth
availHeight
等等
可以去對比和自己環境的不同