小红书x-s更新版20240808

新版xs的生成流程和之前一样。

x1 x2 x3 x4

file

拼接

file

转base64后加密生成payload

file

payload和其他几个拼接后再base64生成xs

file

要补的地方在代码中用 TODO 标注了,大家自行查看调试。

demo仅供参考,有些需要登录的接口,尽量把cookie都贴上。


Python调用demo

import requests
import execjs
import json

def homefeed(web_session,a1):
    headers = {
        "accept":"application/json, text/plain, */*",
        "cache-control":"no-cache",
        "content-type":"application/json;charset=UTF-8",
        "cookie":f"a1={a1}; webBuild=4.28.5; xsecappid=xhs-pc-web; web_session={web_session};",
        "origin":"https://www.xiaohongshu.com",
        "referer":"https://www.xiaohongshu.com/",
        "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36",
        "x-b3-traceid":"a31fffc0ee4f5d8f",
        "x-s-common":"",
    }
    data = {"cursor_score":"","num":31,"refresh_type":1,"note_index":32,"unread_begin_note_id":"","unread_end_note_id":"","unread_note_count":0,"category":"binggaokao_feed_recommend","search_key":"","need_num":6,"image_formats":["jpg","webp","avif"],"need_filter_image":False}
    exc = execjs.compile(open('xs20240808.js', 'r', encoding='utf-8').read())
    xs_xt = exc.call('get_xs','/api/sns/web/v1/homefeed',data,a1)
    xs_xt['X-t'] = str(xs_xt['X-t'])
    headers.update(xs_xt)
    feed = 'https://edith.xiaohongshu.com/api/sns/web/v1/homefeed'
    print(requests.post(url=feed, data=json.dumps(data, separators=(",", ":")), headers=headers).text)

def aweme_detail(a1,web_session):
    headers = {
        "accept":"application/json, text/plain, */*",
        "cache-control":"no-cache",
        "content-type":"application/json;charset=UTF-8",
        "cookie":f"a1={a1}; webBuild=4.28.5; xsecappid=xhs-pc-web; web_session={web_session};",
        "origin":"https://www.xiaohongshu.com",
        "referer":"https://www.xiaohongshu.com/",
        "user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0",
    }
    data = {"source_note_id":"66b303f4000000000503bcf6","image_formats":["jpg","webp","avif"],"extra":{"need_body_topic":"1"},
            "xsec_source":"pc_feed","xsec_token":"ABjDy1e-6o2dnHbDQpKmzm4Bg1fYZ70Q38GLdA9-n2UJw="}
    exc = execjs.compile(open('xs20240808.js', 'r', encoding='utf-8').read())
    xs_xt = exc.call('get_xs','/api/sns/web/v1/feed',data,a1)
    xs_xt['X-t'] = str(xs_xt['X-t'])
    headers.update(xs_xt)
    feed = 'https://edith.xiaohongshu.com/api/sns/web/v1/feed'
    print(requests.post(url=feed, data=json.dumps(data, separators=(",", ":")), headers=headers).text)

if __name__ == '__main__':
    # 需要登录的 cookie 尽量给全点
    a1 = "你的a1"
    web_session = "你的web_session"
    homefeed(web_session,a1)

JS代码

仅供参考。

【温馨提示:此处隐藏内容需要付费订阅后才能查看!】

点赞
  1. jjj说道:
    Google Chrome Windows 10
    作者接单嘛
  2. 佳仔说道:
    Google Chrome Windows 10
    0808是不是凉了,现在老返回{"code":-1,"success":false}
    1. Lx Lx说道:
      Google Chrome Windows 10
      哈哈 应该是下午更新了
    2. Lx Lx说道:
      Google Chrome Windows 10
      你看新发的
      1. 佳仔说道:
        Google Chrome Windows 10
        大佬牛逼
  3. cvcat说道:
    Google Chrome Windows 10
    又更新了,算法是AES,拿不到密钥哇
    1. Lx Lx说道:
      Google Chrome Windows 10
      这个0808的能跑,等凉了我再看下
      1. WPC668 WPC668说道:
        Google Chrome Mac OS X 10.15.7
        大佬 失效了 :a:
        1. Lx Lx说道:
          Google Chrome Windows 10
          新的发了
  4. supolu supolu说道:
    Google Chrome Windows 10
    大佬牛逼 这个版本的新注册的账号的a1和web_session填进去后,笔记详情的接口/api/sns/web/v1/feed 会返回461 {'code': 0, 'success': True, 'data': {}} 这种。账号也没封禁,难道是xhs根据账号做了限制吗
    1. Lx Lx说道:
      Google Chrome Windows 10
      应该是参数传的有问题,我加了个demo你看看。 xsec_token得跟访问的作品ID关联
      1. james说道:
        Google Chrome Windows 10
        xsec_token这个打破我不动脑子的想法
    2. King杨CN说道:
      Google Chrome Windows 10
      是出旋转验证码了
  5. martin说道:
    Google Chrome Windows 10
    小红薯的团队肯定天天被职场PUA :tushe: 李哥流弊 嘿嘿
    1. Lx Lx说道:
      Google Chrome Windows 10
      :zhenbang:

发表回复