教程.md

webweixin抓包教程

itchat基于webweixin提供的api
时间：2017.2.9

登录

API	获取 UUID
url	https://login.weixin.qq.com/jslogin
method	POST
data	URL Encode
params	appid: 应用ID fun: new 应用类型 lang: zh_CN 语言 _: 时间戳

注：这里的appid就是在微信开放平台注册的应用的AppID。网页版微信有两个AppID，早期的是wx782c26e4c19acffb，在微信客户端上显示为应用名称为Web微信；现在用的是wxeb7ec651dd0aefa9，显示名称为微信网页版。

API	生成二维码
url	https://login.weixin.qq.com/qrcode/`uuid`

API	二维码扫描登录
url	https://login.weixin.qq.com/cgi-bin/mmwebwx-bin/login
method	GET
params	tip: 1 未扫描 0 已扫描 uuid: xxx _: 时间戳 loginicon true(可选)

返回数据(String):

window.code=xxx;

xxx:
	408 登陆超时
	201 扫描成功
	200 确认登录

当带有loginicon时扫码就会返回头像

当返回200时，还会有
window.redirect_uri="https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxnewloginpage?ticket=xxx&uuid=xxx&lang=xxx&scan=xxx";

API	webwxnewloginpage
url	https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxnewloginpage
method	GET
params	ticket: xxx uuid: xxx lang: zh_CN 语言 scan: xxx fun: new

tips

注意这里的api地址和之后的api地址都需要动态获得不然会出现问题，根据前面的redirect_url的host决定如果前面的地址是wx2.qq.com这里的及后面的都要为wx2.qq.com

返回数据(XML):

<error>
	<ret>0</ret>
	<message>OK</message>
	<skey>xxx</skey>
	<wxsid>xxx</wxsid>
	<wxuin>xxx</wxuin>
	<pass_ticket>xxx</pass_ticket>
	<isgrayscale>1</isgrayscale>
</error>

这里获得了auth数据然后这里的res头里有set-cookie字段设置cookie即可

微信初始化

API	webwxinit
url	https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxinit?pass_ticket=xxx&skey=xxx&r=xxx
method	POST
data	JSON
header	ContentType: application/json; charset=UTF-8
params	{      BaseRequest: {          Uin: xxx,          Sid: xxx,          Skey: xxx,          DeviceID: xxx,      } }

返回数据(JSON):

{
	"BaseResponse": {
		"Ret": 0,
		"ErrMsg": ""
	},
	"Count": 11,
	"ContactList": [...],
	"SyncKey": {
		"Count": 4,
		"List": [
			{
				"Key": 1,
				"Val": 635705559
			},
			...
		]
	},
	"User": {
		"Uin": xxx,
		"UserName": xxx,
		"NickName": xxx,
		"HeadImgUrl": xxx,
		"RemarkName": "",
		"PYInitial": "",
		"PYQuanPin": "",
		"RemarkPYInitial": "",
		"RemarkPYQuanPin": "",
		"HideInputBarFlag": 0,
		"StarFriend": 0,
		"Sex": 1,
		"Signature": "Apt-get install B",
		"AppAccountFlag": 0,
		"VerifyFlag": 0,
		"ContactFlag": 0,
		"WebWxPluginSwitch": 0,
		"HeadImgFlag": 1,
		"SnsFlag": 17
	},
	"ChatSet": xxx,
	"SKey": xxx,
	"ClientVersion": 369297683,
	"SystemTime": 1453124908,
	"GrayScale": 1,
	"InviteStartCount": 40,
	"MPSubscribeMsgCount": 2,
	"MPSubscribeMsgList": [...],
	"ClickReportInterval": 600000
}

注意这里的SyncKey和UserName后文要用到

API	webwxstatusnotify
url	https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxstatusnotify?lang=zh_CN&pass_ticket=xxx
method	POST
data	JSON
header	ContentType: application/json; charset=UTF-8
params	{      BaseRequest: { Uin: xxx, Sid: xxx, Skey: xxx, DeviceID: xxx },      Code: 3,      FromUserName: 自己ID,      ToUserName: 自己ID,      ClientMsgId: 时间戳 }

返回数据(JSON):

{
	"BaseResponse": {
		"Ret": 0,
		"ErrMsg": ""
	},
	...
}

这里的notify不知道是不是必要步骤因为web weixin有这个步骤我也就没有深究

获取联系人信息

API	webwxgetcontact
url	https://wx.qq.com/cgi-bin/mmwebwx-bin//webwxgetcontact?pass_ticket=xxx&skey=xxx&r=xxx
method	POST
data	JSON
header	ContentType: application/json; charset=UTF-8

返回数据(JSON):

{
	"BaseResponse": {
		"Ret": 0,
		"ErrMsg": ""
	},
	"MemberCount": 334,
	"MemberList": [
		{
			"Uin": 0,
			"UserName": xxx,
			"NickName": "Urinx",
			"HeadImgUrl": xxx,
			"ContactFlag": 3,
			"MemberCount": 0,
			"MemberList": [],
			"RemarkName": "",
			"HideInputBarFlag": 0,
			"Sex": 0,
			"Signature": "你好，我们是地球三体组织。在这里，你将感受到不一样的思维模式，以及颠覆常规的世界观。而我们的目标，就是以三体人的智慧，引领人类未来科学技术500年。",
			"VerifyFlag": 8,
			"OwnerUin": 0,
			"PYInitial": "URINX",
			"PYQuanPin": "Urinx",
			"RemarkPYInitial": "",
			"RemarkPYQuanPin": "",
			"StarFriend": 0,
			"AppAccountFlag": 0,
			"Statues": 0,
			"AttrStatus": 0,
			"Province": "",
			"City": "",
			"Alias": "Urinxs",
			"SnsFlag": 0,
			"UniFriend": 0,
			"DisplayName": "",
			"ChatRoomId": 0,
			"KeyWord": "gh_",
			"EncryChatRoomId": ""
		},
		...
	],
	"Seq": 0
}

> 注意这里的host一定要向我之前说的那样不然会出错还有最好每次请求把cookie带着

同步刷新

API	synccheck
protocol	https
host	webpush.host.qq.com
path	/cgi-bin/mmwebwx-bin/synccheck
method	GET
data	URL Encode
params	r: 时间戳 sid: xxx uin: xxx skey: xxx deviceid: xxx synckey: xxx _: 时间戳

返回数据(String):

window.synccheck={retcode:"xxx",selector:"xxx"}

retcode:
	0 正常
	1100 失败/登出微信
selector:
	0 正常
	2 新的消息
	7 进入/离开聊天界面

API	webwxsync
url	https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxsync?sid=xxx&skey=xxx&pass_ticket=xxx
method	POST
data	JSON
header	ContentType: application/json; charset=UTF-8
params	{      BaseRequest: { Uin: xxx, Sid: xxx, Skey: xxx, DeviceID: xxx },      SyncKey: xxx,      rr: 时间戳取反 }

返回数据(JSON):

{
	'BaseResponse': {'ErrMsg': '', 'Ret': 0},
	'SyncKey': {
		'Count': 7,
		'List': [
			{'Val': 636214192, 'Key': 1},
			...
		]
	},
	'ContinueFlag': 0,
	'AddMsgCount': 1,
	'AddMsgList': [
		{
			'FromUserName': '',
			'PlayLength': 0,
			'RecommendInfo': {...},
			'Content': "", 
			'StatusNotifyUserName': '',
			'StatusNotifyCode': 5,
			'Status': 3,
			'VoiceLength': 0,
			'ToUserName': '',
			'ForwardFlag': 0,
			'AppMsgType': 0,
			'AppInfo': {'Type': 0, 'AppID': ''},
			'Url': '',
			'ImgStatus': 1,
			'MsgType': 51,
			'ImgHeight': 0,
			'MediaId': '', 
			'FileName': '',
			'FileSize': '',
			...
		},
		...
	],
	'ModChatRoomMemberCount': 0,
	'ModContactList': [],
	'DelContactList': [],
	'ModChatRoomMemberList': [],
	'DelContactCount': 0,
	...
}

这里deviceid是e后面跟随机数什么好像都行，然后这里说一下这个check，第一次请求没有问题的情况下一定返回window.synccheck={retcode:"0",selector:"2"}然后这里要随机跟一个webwxsync请求，然后第一次的synccheck请求synckey是init获得的，后面的synckey是动态的。然后每次synccheck有消息来了，后面都要跟webwxsync请求然后里面含消息信息。

发送信息

目前只写了发送文本信息的api

API	webwxsendmsg
url	https://wx.qq.com/cgi-bin/mmwebwx-bin/webwxsendmsg?pass_ticket=xxx
method	POST
data	JSON
header	ContentType: application/json; charset=UTF-8
params	{      BaseRequest: { Uin: xxx, Sid: xxx, Skey: xxx, DeviceID: xxx },      Msg: {          Type: 1 文字消息,          Content: 要发送的消息,          FromUserName: 自己ID,          ToUserName: 好友ID,          LocalID: 与clientMsgId相同,          ClientMsgId: 时间戳左移4位随后补上4位随机数      } }

返回数据(JSON):

{
	"BaseResponse": {
		"Ret": 0,
		"ErrMsg": ""
	},
	...
}

(未完待续)

参考

如果你还想看别的api请看我的参考：

• WeixinBot
• Itcaht(python)