menu

附二抢号记录

搭建抓包环境

Charles 配置抓取 https 的环境,在 SSL Proxying 添加域名 e5.witontek.com。 Proxifier 新增一个规则让域名 e5.witontek.com 走 charles 的 socks5 代理 127.0.0.1:8889

获取 token

用 mac 版微信,打开附二公众号。自动登录上后,可在 charles 中查找请求 https://e5.witontek.com/ehospital5/auth/token?v=3452684640344830&connect_redirect=1 的 response 中找到 token

{
	"responseCode": "success",
	"responseMessage": "操作成功",
	"responseData": {
		"accessToken": "",
		"token": "c717fa357ee747d484c740c02d75c308",
		"uid": "9468213365827710040",
		"logon_name": "ocQovxCteptupoWOF1SEOvheydNY",
		"hospital_id": "stdxyxydefsyyadmin",
		"tokenCreateTime": "1592841170885",
		"session_key": "",
		"logon_type": "wechat",
		"p_hospital_id": "",
		"nickname": "",
		"headimgurl": "",
		"sub_openid": "",
		"channel_user_id": "",
		"user_id": "",
		"app_id": ""
	},
	"responseToken": ""
}

另外还找到个页面,能随时获取 token,无须微信绑定: https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/front.html?hospital_id=stdxyxydefsyyadmin&action=#/login 还泄漏了一套医院配置:https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/assets/data/hospital.json

API

完成预约流程需要用到的 api

1.获取科室列表

curl -H 'Host: e5.witontek.com' -H 'Content-Type: application/json' -H 'Origin: https://e5.witontek.com' -H 'Accept: application/json, text/plain, */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat' -H 'Referer: https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/front.html?interfaceType=wechat&hospital_id=stdxyxydefsyyadmin&action=common-index&openid=ocQovxB5hRbnB7ptj88yYGhlu_Hw&code=8373c4f4ac874e8a8fb0d6bf1d6b0b66&r=0.30143476' -H 'Accept-Language: zh-cn' --data-binary '{"requestData":{"hospital_id":"stdxyxydefsyyadmin","feature_flag":"0"},"pageSize":"0","pageNumber":"0","requestToken":"975759fe639d43c28e348124342402d3"}' --compressed 'https://e5.witontek.com/ehospital5/department/qryAllDepartment?v=8580447393876771&connect_redirect=1'

2.获取科室排班信息

curl -H 'Host: e5.witontek.com' -H 'Content-Type: application/json' -H 'Origin: https://e5.witontek.com' -H 'Accept: application/json, text/plain, */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat' -H 'Referer: https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/front.html?interfaceType=wechat&hospital_id=stdxyxydefsyyadmin&action=common-index&openid=ocQovxB5hRbnB7ptj88yYGhlu_Hw&code=8373c4f4ac874e8a8fb0d6bf1d6b0b66&r=0.30143476' -H 'Accept-Language: zh-cn' --data-binary '{"requestData":{"department_id":"c717fa357ee747d484c740c02d75c308","hospital_id":"stdxyxydefsyyadmin","start":"2020-06-23","end":"2020-07-01","subType":"3"},"pageSize":"0","pageNumber":"0","requestToken":"c717fa357ee747d484c740c02d75c308"}' --compressed 'https://e5.witontek.com/ehospital5/schedule/qryByClinicDate?v=106551095548933&connect_redirect=1'

3.获取医生某天排班

curl -H 'Host: e5.witontek.com' -H 'Content-Type: application/json' -H 'Origin: https://e5.witontek.com' -H 'Accept: application/json, text/plain, */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat' -H 'Referer: https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/front.html?interfaceType=wechat&hospital_id=stdxyxydefsyyadmin&action=common-index&openid=ocQovxB5hRbnB7ptj88yYGhlu_Hw&code=8373c4f4ac874e8a8fb0d6bf1d6b0b66&r=0.30143476' -H 'Accept-Language: zh-cn' --data-binary '{"requestData":{"type":"3","hospital_id":"stdxyxydefsyyadmin","clinic_date":"2020-06-30","department_id":"c717fa357ee747d484c740c02d75c308","doctor_id":"1024","department_code":"301060"},"pageSize":"0","pageNumber":"0","requestToken":"c717fa357ee747d484c740c02d75c308"}' --compressed 'https://e5.witontek.com/ehospital5/schedule/qrySchedule?v=1197365689385545&connect_redirect=1'

4.获取当前账号绑定就诊人列表

curl -H 'Host: e5.witontek.com' -H 'Content-Type: application/json' -H 'Origin: https://e5.witontek.com' -H 'Accept: application/json, text/plain, */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat' -H 'Referer: https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/front.html?interfaceType=wechat&hospital_id=stdxyxydefsyyadmin&action=common-index&openid=ocQovxB5hRbnB7ptj88yYGhlu_Hw&code=8373c4f4ac874e8a8fb0d6bf1d6b0b66&r=0.30143476' -H 'Accept-Language: zh-cn' --data-binary '{"requestData":{"hospital_id":"stdxyxydefsyyadmin"},"pageSize":"0","pageNumber":"0","requestToken":"c717fa357ee747d484c740c02d75c308"}' --compressed 'https://e5.witontek.com/ehospital5/patient/patientList?v=6948810999301663&connect_redirect=1'

5.获取医生排班可预约时间段

curl -H 'Host: e5.witontek.com' -H 'Content-Type: application/json' -H 'Origin: https://e5.witontek.com' -H 'Accept: application/json, text/plain, */*' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/605.1.15 (KHTML, like Gecko) MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat MicroMessenger/6.8.0(0x16080000) MacWechat/2.4.1(0x12040110) NetType/WIFI WindowsWechat' -H 'Referer: https://e5.witontek.com/ehospital5web/web-new/stdxyxydefsyy/front.html?interfaceType=wechat&hospital_id=stdxyxydefsyyadmin&action=common-index&openid=ocQovxB5hRbnB7ptj88yYGhlu_Hw&code=8373c4f4ac874e8a8fb0d6bf1d6b0b66&r=0.30143476' -H 'Accept-Language: zh-cn' --data-binary '{"requestData":{"hospital_id":"stdxyxydefsyyadmin","clinic_date":"2020-06-29","schedule_id":"","clinic_time":"上午","department_code":"301060","doctor_code":"1131"},"pageSize":"0","pageNumber":"0","requestToken":"c717fa357ee747d484c740c02d75c308"}' --compressed 'https://e5.witontek.com/ehospital5/schedule/qryVisitTime?v=7941816960514363&connect_redirect=1'

6.预约

实际只需要 3,4,5 三个 api ,就可以获取预约所需要的信息

curl -H ‘Host: e5.witontek.com ‘ -H ‘Accept: application/json, text/plain, /’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36’ -H ‘Content-Type: application/json; charset=UTF-8’ -H ‘Origin: https://postwoman.io’ -H ‘Sec-Fetch-Site: cross-site’ -H ‘Sec-Fetch-Mode: cors’ -H ‘Sec-Fetch-Dest: empty’ -H ‘Referer: https://postwoman.io/?method=POST&url=https://e5.witontek.com&path=/ehospital5/subscription/addSubscription?v=1643512450386708&connect_redirect=1&contentType=application/json&params=%5B%7B%22key%22:%22v%22,%22value%22:%221643512450386708%22%7D,%7B%22key%22:%22connect_redirect%22,%22value%22:%221%22%7D%5D&rawParams=%7B%0A%09%22requestData%22:%20%7B%0A%09%09%22sub_diagnostic_fee%22:%20%220%22,%0A%09%09%22department_id%22:%20%22c717fa357ee747d484c740c02d75c308%22,%0A%09%09%22department_code%22:%20%22301060%22,%0A%09%09%22clinic_time%22:%20%22%E4%B8%8B%E5%8D%88%22,%0A%09%09%22register_level%22:%20%22%22,%0A%09%09%22doctor_code%22:%20%221024%22,%0A%09%09%22source_no%22:%20%22355%22,%0A%09%09%22source_order%22:%20%22%22,%0A%09%09%22visit_time%22:%20%2214:30-15:30%22,%0A%09%09%22clinic_date%22:%20%222020-06-30%22,%0A%09%09%22patient_id%22:%20%222cfc077d0d85405e80b90e870eed147b%22,%0A%09%09%22registration_type%22:%20%22clinic_specialist%22,%0A%09%09%22doctor_id%22:%20%221024%22,%0A%09%09%22doctor_name%22:%20%22%E9%99%88%E7%AB%8B%E6%9B%99%22,%0A%09%09%22clinic_time_quantum%22:%20%2214:30-15:30%22,%0A%09%09%22hospital_id%22:%20%22stdxyxydefsyyadmin%22%0A%09%7D,%0A%09%22pageSize%22:%20%220%22,%0A%09%22pageNumber%22:%20%220%22,%0A%09%22requestToken%22:%20%22cd72b445cd2146b880a523248e0b8709%22%0A%7D’ -H ‘Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7’ –data-binary ‘{ “requestData”: { “sub_diagnostic_fee”: “0”, “department_id”: “c717fa357ee747d484c740c02d75c308”, // api#3 “department_code”: “301060”, // api#3 “clinic_time”: “下午” // api#3, “register_level”: “”, “doctor_code”: “1024”, // api#3 “source_no”: “355”, // api#5 “source_order”: “”, “visit_time”: “14:30-15:30”, // api#5 “clinic_date”: “2020-06-30”, // 预约日期,实际测试支持比前端日期更长的日期。具体有没有上下界未做测试 “patient_id”: “c717fa357ee747d484c740c02d75c308”, // api#4 “registration_type”: “clinic_specialist”, “doctor_id”: “1024”, // api#3 “doctor_name”: “陈立曙”, // api#3 “clinic_time_quantum”: “14:30-15:30”, // api#5 “hospital_id”: “stdxyxydefsyyadmin” }, “pageSize”: “0”, “pageNumber”: “0”, “requestToken”: “c717fa357ee747d484c740c02d75c308” }’ –compressed ‘https://e5.witontek.com/ehospital5/subscription/addSubscription?v=1643512450386708&connect_redirect=1’

keyboard_arrow_up