javascript - Please enlighten me: NetEase Mailbox Web side simulates login to read the encryption parameters _ntes_nnid, _ntes_nuid

Question

The simulated login and receiving emails of NetEase mailbox are very simple. Two parameters are required when reading emails: _ntes_nnid and _ntes_nuid

_ntes_nnid=21533f97b25070a31c249f59513ad20c,1492592485123
_ntes_nuid=21533f97b25070a31c249f59513ad20c

32-bit, looks like MD5 encryption. Please give me some advice from all the great masters!

---

The following is the code to read the email:

Get address: http://mail.163.com/js6/read/...
★ mid is the number given when receiving the letter

Request header information:

Host: mail.163.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://mail.163.com/js6/main.jsp?sid=JBotLILIiJUXeLousXIIzvphyyqrIzxb&df=email163
Connection: keep-alive
Upgrade-Insecure-Requests: 1

★ sid is given when logging in

Cookies:

mail_health_check_time=1492592481181
JSESSIONID=3974283F6837B413D68C3980400C0D87
SID=793490e4-a2cf-494c-afe6-0755b6b2bf2d
P_INFO=lst_d9c@163.com|1492592479|0|mail163|00&99|shd&1492585407&mail163#shd&370800#10#0#0|&0|mail163|lst_d9c@163.com
S_INFO=1492592479|0|2&70##|lst_d9c
NTES_SESS=R0AofYsxryOBQctfrmVvpre0BCTU413FzX9.ZwrFyShYAZ_WA7Kw6gNj9oCelkHrPVajggmcNeD4f0uTMaehyteJca0yQXHhlSHoVCBtHlwC4s63GNk31zaDmRzFjgVBRkqleTL3wF9thkMkq3f483J7WC8Cl9wKn
mail_upx=t11hz.mail.163.com|t12hz.mail.163.com|t13hz.mail.163.com|t1hz.mail.163.com|t2hz.mail.163.com|t4hz.mail.163.com|t5hz.mail.163.com|t6hz.mail.163.com|t7hz.mail.163.com|t8hz.mail.163.com|t10hz.mail.163.com|c7bj.mail.163.com|c1bj.mail.163.com|c2bj.mail.163.com|c3bj.mail.163.com|c4bj.mail.163.com|c5bj.mail.163.com|c6bj.mail.163.com
mail_upx_nf=
mail_idc=
Coremail=1492592479840%JBotLILIiJUXeLousXIIzvphyyqrIzxb%g7a58.mail.163.com
MAIL_MISC=lst_d9c
cm_last_info=dT1sc3RfZDljJTQwMTYzLmNvbSZkPWh0dHAlM0ElMkYlMkZtYWlsLjE2My5jb20lMkZqczYlMkZtYWluLmpzcCUzRnNpZCUzREpCb3RMSUxJaUpVWGVMb3VzWElJenZwaHl5cXJJenhiJnM9SkJvdExJTElpSlVYZUxvdXNYSUl6dnBoeXlxckl6eGImaD1odHRwJTNBJTJGJTJGbWFpbC4xNjMuY29tJTJGanM2JTJGbWFpbi5qc3AlM0ZzaWQlM0RKQm90TElMSWlKVVhlTG91c1hJSXp2cGh5eXFySXp4YiZ3PW1haWwuMTYzLmNvbSZsPS0xJnQ9LTEmbj1j
MAIL_SESS=R0AofYsxryOBQctfrmVvpre0BCTU413FzX9.ZwrFyShYAZ_WA7Kw6gNj9oCelkHrPVajggmcNeD4f0uTMaehyteJca0yQXHhlSHoVCBtHlwC4s63GNk31zaDmRzFjgVBRkqleTL3wF9thkMkq3f483J7WC8Cl9wKn
MAIL_SINFO=1492592479|0|2&70##|lst_d9c
MAIL_PINFO=lst_d9c@163.com|1492592479|0|mail163|00&99|shd&1492585407&mail163#shd&370800#10#0#0|&0|mail163|lst_d9c@163.com
secu_info=1
mail_entry_sess=7d3b347288dfc56a73f86b219b708ae5f9e8fc0a3ebabdab4b2bd8ae9fbbc022b67dc25b2e4cfa82fe21a9069a0b8260a5142bfc7a66a571d66e8ff93eb8d061f7eb08468dc9ed35013338fcffb0d0fe755f11b610b01a02fd50e721b7fee4d151502a0f2f13775d16bb84eb57203ce7108f2e7ba4c92bc5c5396501dc925d9117646a93c74cc141a0ef68c2ac79557ce9d953ba01892e6c0efa6fd9c1d6bca129b718743b592b696dc7fa070f29d0a187ead7ba3fe2d660765d1f0a6075490e
locale=
Coremail.sid=JBotLILIiJUXeLousXIIzvphyyqrIzxb
mail_style=js6
mail_uid=lst_d9c@163.com
mail_host=mail.163.com
_ntes_nnid=21533f97b25070a31c249f59514ad20c,1492592485123
_ntes_nuid=21533f97b25070a31c249f59514ad20c
MailMasterPopupTips=1492592485755

★ Among all Cookies, only _ntes_nnid and _ntes_nuid should be encrypted by JavaScript.

---

import re
import requests


# 登录
mail = requests.Session()
login_headers = {
    'Host': 'mail.163.com',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
    'Accept-Encoding': 'gzip, deflate, br',
    'Referer': 'http://email.163.com/',
    'Connection': 'keep-alive',
    'Upgrade-Insecure-Requests': '1'
}
login_payload = {
    'username': 'lst_d9c@163.com',
    'url2': 'http://email.163.com/errorpage/error163.htm',
    'savalogin': '0',
    'password': 'kuli401'
}
login_http = mail.post('https://mail.163.com/entry/cgi/ntesdoor?funcid=loginone&language=-1&passtype=1&iframe=1&product=mail163&from=web&df=email163&race=-2_39_-2_hz&module=&uid=lst_d9c@163.com&style=-1&net=c&skinid=null', headers=login_headers, data=login_payload)
sid = re.search(r'(?<=sid=).+(?=&df=email163)', login_http.text).group(0)

#收信
receiving_headers = {
    'Host': 'mail.163.com',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0',
    'Accept': 'text/javascript',
    'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
    'Accept-Encoding': 'gzip, deflate',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Referer': 'http://mail.163.com/js6/main.jsp?sid=' + sid + '&df=email163',
    'Content-Length': '539',
    'Connection': 'keep-alive'
}
receiving_payload = {
    'var': '<?xml version="1.0"?><object><int name="fid">1</int><string name="order">date</string><boolean name="desc">true</boolean><int name="limit">20</int><int name="start">0</int><boolean name="skipLockedFolders">false</boolean><string name="topFlag">top</string><boolean name="returnTag">true</boolean><boolean name="returnTotal">true</boolean></object>'
}
receiving_http = mail.post('http://mail.163.com/js6/s?sid=' + sid + '&func=mbox:listMessages&LeftNavfolder1Click=1&mbox_folder_enter=1', headers=receiving_headers, data=receiving_payload)
mid = re.search(r'(?<=\'id\':\')\S+(?=\',)', receiving_http.text).group(0)

#看信
read_headers = {
    'Host': 'mail.163.com',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'Accept-Language': 'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
    'Accept-Encoding': 'gzip, deflate',
    'Referer': 'http://mail.163.com/js6/main.jsp?sid=' + sid + '&df=email163',
    'Connection': 'keep-alive',
    'Upgrade-Insecure-Requests': '1'
}
read_http = mail.get('http://mail.163.com/js6/read/readhtml.jsp?mid=' + mid + '&font=15&color=064977', headers=read_headers)
print(sid)
print(mid)
print(read_http.text)

Answer 1

You have logged in successfully, just keep the session. Why do you need to control cookies? The parameters only need sid, and your sid can be obtained from cookies

# coding: utf-8
from __future__ import unicode_literals

import re
import requests


# 登录
session = requests.Session()
session.headers['User-Agent'] = 'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0'

data = {
    'username': 'lst_d9c@163.com',
    'password': 'kuli401',
    'funcid': 'loginone',
    'language': -1,
    'passtype': 1,
    'iframe': 1,
    'product': 'mail163',
    'from': 'web',
    'df': 'email163',
}

print('登录')
r = session.post('https://mail.163.com/entry/cgi/ntesdoor', data=data)
url = re.search('top.location.href = "(.+)"', r.text).group(1)

print('进入主页, url: {}'.format(url))
session.get(url)
sid = session.cookies.get('Coremail.sid')

print('收信, sid: {}'.format(sid))
params = {
    'sid': sid,
    'func': 'mbox:listMessages',
    'LeftNavfolder1Click': 1,
    'mbox_folder_enter': 1
}
payload = {
    'var': '<?xml version="1.0"?><object><int name="fid">1</int><string name="order">date</string><boolean name="desc">true</boolean><int name="limit">20</int><int name="start">0</int><boolean name="skipLockedFolders">false</boolean><string name="topFlag">top</string><boolean name="returnTag">true</boolean><boolean name="returnTotal">true</boolean></object>'
}
receive_url = 'http://mail.163.com/js6/s'
r = session.post(receive_url, params=params, data=payload)

mid = re.search('<string name="id">(.+)</string>', r.text).group(1)

print('读信, mid: {}'.format(mid))
r = session.get('http://mail.163.com/js6/read/readhtml.jsp?mid={}&font=15&color=064977'.format(mid))
print(r.text)