Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

闲鱼检测规则 #59

Open
yoshyv opened this issue Apr 21, 2024 · 3 comments
Open

闲鱼检测规则 #59

yoshyv opened this issue Apr 21, 2024 · 3 comments

Comments

@yoshyv
Copy link

yoshyv commented Apr 21, 2024

目前规则没有覆盖闲鱼

测试发现闲鱼除了用 goofish.com 外,还使用 AS37963,也就是阿里自己的ASN下面的 IP 检测归属地
请问是否有办法获取所有相关IP?直接把整个ASN都覆盖误伤太大。

@SunsetMkt
Copy link
Owner

SunsetMkt commented Apr 21, 2024

*.goofish.com*.taobao.com?没有特别好的方法,误伤也有点大。TODO

@yoshyv
Copy link
Author

yoshyv commented Apr 21, 2024

只加域名测试没用,而且有大量误伤。
阿里阴,也会使用纯IP访问检测。

@yoshyv
Copy link
Author

yoshyv commented Sep 21, 2024

刚才抓包发现阿里用 amdc.m.taobao.com POST请求发送设备的各种信息包括手机型号设备号,网络环境等信息。
返回内容base64解码后如下

{
    "code": 1000,
    "cv": 0,
    "dns":
    [
        {
            "host": "h-adashx.ut.taobao.com",
            "servers":
            [],
            "ttl": 300,
            "um": 3
        }
    ],
    "ip": "本地IP",
    "secData": "",
    "unit": "center"
}
{
  "code": 1000,
  "cv": 0,
  "dns": [
    {
      "host": "acs.m.goofish.com",
      "servers": [
        {
          "channels": [
            {
              "attributes": [
                {
                  "cto": 10000,
                  "heartbeat": 45000,
                  "port": 443,
                  "protocol": "http2",
                  "publickey": "acs",
                  "retry": 1,
                  "rto": 10000,
                  "rtt": "0rtt"
                }
              ],
              "ips": [
                "59.82.58.67",
                "203.119.146.16"
              ]
            }
          ]
        }
      ],
      "ttl": 300,
      "um": 1,
      "version": "7008"
    }
  ],
  "ip": "本地IP",
  "secData": "",
  "unit": "center"
}

屏蔽 amdc.m.taobao.com 并且分流 goofish.com 的话可行。但是不知道这个屏蔽有多少误伤,待验证。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants