聲明
本文章中所有內容僅供學習交流使用，不用于其他任何目的，抓包內容、敏感網址、數據接口等均已做脫敏處理，嚴禁用于商業用途和非法用途，否則由此產生的一切后果均與作者無關！
逆向分析

美團網頁、小程序、app全是指紋檢測。app的只會補老版本的，新版本一直初始化失敗4096。直接放棄先了補補基礎。小程序和app都差不多都是云函數都需要hook。我這個是"a6":"w1.3開頭的。w1.2之后在分析。

cp = execjs.compile(open('phf.js', 'r', encoding='utf-8').read())
result = cp.call('getMtgsig',data,openId,page)
mtgsig = result['header']['mtgsig']
print(mtgsig)
headers = {"Accept": "*/*","Accept-Language": "zh-CN,zh;q=0.9","Connection": "keep-alive","Content-Type": "application/x-www-form-urlencoded","Referer": "","Sec-Fetch-Dest": "empty","Sec-Fetch-Mode": "cors","Sec-Fetch-Site": "cross-site","User-Agent": "","X-Requested-With": "XMLHttpRequest","content-personalized-switch": "0","csecuserid": "","swimlane;": "","wm-user-id-deregistration": "-1","wm-uuid-deregistration": "-1","x-env": "online","xweb_xhr": "1"
}
url = "v1/search/detail"
params = {"ui": "","region_id": "",
}
data = {"loc_addr_name": "","page_size": "20","page_num": "0","keyword": "餃子","rc_app": "4","rc_platform": "13","optimusCode": "20","riskLevel": "71","partner": "4","waimai_sign": "/"
}
response = requests.post(url, headers=headers, params=params, data=data)print(response.text)
print(response)

結果

挺多坑的，我就不細說了。

總結

??1.出于安全考慮,本章未提供完整流程,調試環節省略較多,只提供大致思路,具體細節要你自己還原,相信你也能調試出來。