2022年12月

<?php
    //post请求
    function posturl($url,$data,$token){
        // $data  = json_encode($data);    
        $headerArray =array("Content-Type: application/x-www-form-urlencoded","Accept: application/json, text/plain, */*","User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0","Referer: https://baijiahao.baidu.com/builder/rc/fans?app_id=修改","Cookie: BDUSS=修改; bjhStoken=修改","Token: $token");
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,FALSE);
        curl_setopt($curl, CURLOPT_POST, 1);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
        curl_setopt($curl,CURLOPT_HTTPHEADER,$headerArray);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        
        curl_setopt($curl, CURLOPT_HEADER, TRUE);
        curl_setopt($curl, CURLOPT_NOBODY, FALSE);
        
        $output = curl_exec($curl);//curl
        
        //响应头内容返回
        if (curl_getinfo($curl, CURLINFO_HTTP_CODE) == '200') {
            $headerSize = curl_getinfo($curl, CURLINFO_HEADER_SIZE);
            $header = substr($output, 0, $headerSize);
            // $body = substr($output, $headerSize);
            return $header;
            }
        curl_close($curl);
        }

    //get请求
    function geturl($url) {
        $curl = curl_init();
        $header = array();
        array_push($header, 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0');
        array_push($header, 'Referer: https://baijiahao.baidu.com/builder/rc/fans?app_id=修改');
        array_push($header, 'Accept:  text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8');
        array_push($header, 'Upgrade-insecure-requests:1');
        array_push($header, 'Cookie: 修改; bjhStoken=修改;');
        array_push($header, 'Token: 修改');
        curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
        curl_setopt($curl, CURLOPT_URL, $url);
        curl_setopt($curl, CURLOPT_HEADER, TRUE);
        curl_setopt($curl, CURLOPT_NOBODY, FALSE);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        $output = curl_exec($curl);
        curl_close($curl);
        $output = mb_convert_encoding($output, "utf-8", "gbk");
        return $output;
        }

    // 提取未读私信条数
    $im_api = geturl('https://baijiahao.baidu.com/pcui/message/getUnreadNum');
    $pattern = '/"im":(\d),/is';
    preg_match($pattern, $im_api, $match);
    $im = $match[1];
    echo "您有 $im 条未读私信!";
    
    // 私信
    if ($im > 0)
        {
            $ms_api = geturl('https://baijiahao.baidu.com/pcui/im/getRecentMsgList');
            $pattern = '/"unread_num":"[1-9]\d?".*?"uk":"(.*?)"/is';
            preg_match_all($pattern, $ms_api, $matchs);
            $user = $matchs[1];
            $msg = ("当前医生不在线,请留下您的联系方式!医生微信:18819937086");
            $token = "修改";
            // print_r ($user);
            
                
                foreach ($user as $key => $value)
                    {
                        $data = "send_type=2&content_type=0&content=$msg&uk=$value&user_type=3&article_type=&is_black=0";
                        //POST发送私信
                        $send_api = posturl('https://baijiahao.baidu.com/pcui/im/sendMessage',$data,$token);
                            $pattern = '/Token:(.*?)\s+Tracecode:/is';
                            preg_match($pattern, $send_api, $match);
                            $token = $match[1];
                        //消息标记为已读
                        $read_ms = geturl("https://baijiahao.baidu.com/pcui/im/fansDetail?uk=$value&attr=1&start_time=");
                            

                    }
            
        }
        else
        {
            echo "等待15秒后继续检测私信情况。";
        }
    
 
?>
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
step=15
for (( i = 0; i < 60; i=(i+step) )); do
curl -sS --connect-timeout 10 -m 60 'http://修改/bjh/get.php'
echo "-------------------监控成功----------------------"
endDate=`date +"%Y-%m-%d %H:%M:%S"`
echo "★[$endDate] Successful"
echo "-------------------监控成功----------------------"
sleep $step
done
exit 0

代码中修改部分都是需要自行准备的参数,登陆后抓包就可以获取,token需要发送消息才能抓到初始参数。

网页捕获_15-12-2022_14615_101.42.159.117.jpeg

脚本后续还会继续完善。。。

https://baijiahao.baidu.com/pcui/im/sendMessage

接口相关介绍:
请求方式:post
cookie:BDUSS+bjhStoken
请求头带:Token

Token使用jwt sh256方式验证,网上查了密钥破解没什么可能性,所以直接抓包搞一个,每次发送消息后响应头提取Token参数值做下一次消息发送使用。

目前测试Token一周内仍然有效,打算用这个接口写个自动回复机器人。