【某OTA网站】phantom-token 1004

新版1004 phantom-token

请求头中包含phantom-token

定位到 window.signature

熟悉的vmp 和xhs一样

最新环境检测点

最新检测 canvas 下的 toDataURL方法较严

过程中 会用setAttribute给canvas 设置width height 从而使toDataURL返回不同的值

如果写死toDataURL的·返回值 就会被检测到

根据代码运行过程 实现不同的返回值

最后再加上 toString保护

可以发现明文 由#拼接 前后并加上3个随机字符

"\7Vd1f35a3b7cb51a5c525dae43ae89113f.iM#Q1P1746791297762`lQ#&GDhttps%3A%2F%2Fhk.trip.com%2Fhotels%2Fdetail%2F%3FcityId%3D36%26hotelId%3D68087435%26checkIn%3D2025-05-09%26checkOut%3D2025-05-10%26adult%3D2%26children%3D0%26subStamp%3D610%26crn%3D1%26travelpurpose%3D0%26curr%3DCNY%26link%3Dtitle%26hoteluniquekey%3DH4sIAAAAAAyQI#mh,1746757262522.4469wWoXds1f-rt#23|3939585e-5cc8-43af-b0c3-56074e83420cOf%#^B3692c3b2c2[k#jrS24‚9C#:qtWin32po7#7|-480n7‚#Rf.zh-CN92#hZ<1920x10801LL#‚mz1920x1032fO+#byW400(OY#H+*normalV4l#P5I;96#.X&c3#odhY?`#Zp1C~t#z}Z150d.d#SE5Google Inc. (Intel)p€E#eEP10320668147Mo"

['1f35a3b7cb51a5c525dae43ae89113f', '1746791297762', '{location.href}', '1746757262522.4469wWoXds1f', '3939585e-5cc8-43af-b0c3-56074e83420c', '692c3b2c', '24', 'Win32', '-480', 'zh-CN', '1920x1080', '1920x1032', '400', 'normal', 'P5I;96', '.X&\x81c3', 'odhY?`', 'Zp1C~t', '150', 'Google Inc. (Intel)', '1032066814']

这里可以发现一些浏览器环境指纹
时间戳 location.href crypto.randomUUID
692c3b2c 是canvas的指纹
Screen.colorDepth
navigator.platform
availwidth
availHeight
等等
可以去对比和自己环境的不同