本文阅读前了解知识:什么时候需要使用 UrlEncode 和 UrlDecode 函数
作者使用谷歌瀏覽器,通過按下 f12 對第三方網站 http 協議的接口抓包進行分析操作。
場景
運維小哥哥偶爾使用某某外包公司的網站系統,做設備錄入工作,流程簡單:
- 錄入設備基本信息,有 7、8 個欄位需要輸入,然後點擊保存按鈕;
- 基本信息保存成功,進入設備類型選擇操作,然後點擊生成設備標識按鈕;
- 設備標識生成成功,錄入設備關聯的模塊信息,簡單設備只需要錄入 2 條模塊,複雜的設備有 6 條模塊,每個模塊有 3、4 個欄位需要輸入,最後點擊保存。
一條設備錄入成功,單身多年的手速可能也花不了幾分鐘,其實這也沒啥。
突然領導說有 1000 個設備需要搞?運維小哥哥哭了😂,這時就該開發人員上場了:
- 運維準備一個 excel 模板,輸入需要錄入的 1000 個設備基本信息、設備類型信息,這個工作量不大,就半天吧,最多一天工作量;
- 開發做個 c/s 客戶端小工具,程式中按業務要求配置模塊錄入規則;
- 程式執行過程中錄入一個設備就把生成的設備標識與設備關聯;
- 全部錄入完成,提供一個 excel 導出,可將設備基本信息、生成的設備標識全部關聯導出,工作完成。
經過幾天的開發工作,開發哥哥將精心打磨的小工具交給運維小哥,運維小哥哥使用後投來了讚許的目光...
問題
前面鋪墊的話有點囉嗦了,開發這個小工具時,開發小哥遇到一個問題:
xxx 接口
这是某个接口的信息,Content-Type 是 application/x-www-form-urlencoded,下面参数使用的Form Data,即参数使用了UrlEncode,比如未编码前的一个参数:
"Content":"{"AP_Name":"HK_7889","IP":"192.168.0.1"}"
编码后(可以使用这个在线 URL 编码解码工具验证):
"Content":"%7B%22AP_Name%22%3A%22HK_7889%22%2C%22IP%22%3A%2292.168.0.1%22%7D"
使用Postman测试时,未对参数使用UrlEncode,接口测试成功,开发这个小工具时,有 3 个接口都是类似的,未进行UrlEncode操作:
var client = new RestClient("http://admin.lqclass.com/api/device");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("Content", "{\"AP_Name\":\"HK_7889\",\"IP\":\"92.168.0.1\"}");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
但遇到稍微複雜一點的接口,比如截圖中的參數為:
"Content":"{"AP_Name":"HK_7889","IP":"192.168.0.1","Module":[{"M_Name":"cameri0","Desc":"cameri0","AP_PUID":"54632325461320320"},{"M_Name":"cameri1","Desc":"cameri1","AP_PUID":"54636325461320320"},{"M_Name":"cameri2","Desc":"cameri2","AP_PUID":"54632325421320320"}]}"
Content值格式化看得清楚一点,Module是设备关联的模块信息:
{
"AP_Name": "HK_7889",
"IP": "192.168.0.1",
"Module": [
{
"M_Name": "cameri0",
"Desc": "cameri0",
"AP_PUID": "54632325461320320"
},
{
"M_Name": "cameri1",
"Desc": "cameri1",
"AP_PUID": "54636325461320320"
},
{
"M_Name": "cameri2",
"Desc": "cameri2",
"AP_PUID": "54632325421320320"
}
]
}
实际UrlEncode后的参数为:
"Content":"%7B%22AP_Name%22%3A%22HK_7889%22%2C%22IP%22%3A%22192.168.0.1%22%2C%22Module%22%3A%22%255B%257B%2522M_Name%2522%253A%2522cameri0%2522%252C%2522Desc%2522%253A%2522cameri0%2522%252C%2522AP_PUID%2522%253A%252254632325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri1%2522%252C%2522Desc%2522%253A%2522cameri1%2522%252C%2522AP_PUID%2522%253A%252254636325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri2%2522%252C%2522Desc%2522%253A%2522cameri2%2522%252C%2522AP_PUID%2522%253A%252254632325421320320%2522%257D%255D%22%7D"
本来一般接口,如上面成功执行的 C#代码那般直接未UrlEncode调用是没问题的。
但這個接口調用,伺服器返回錯誤信息:“xxx 解析失敗”,調用代碼如下:
var client = new RestClient("http://admin.lqclass.com/api/device");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("Content", "{\"AP_Name\":\"HK_7889\",\"IP\":\"192.168.0.1\",\"Module\":[{\"M_Name\":\"cameri0\",\"Desc\":\"cameri0\",\"AP_PUID\":\"54632325461320320\"},{\"M_Name\":\"cameri1\",\"Desc\":\"cameri1\",\"AP_PUID\":\"54636325461320320\"},{\"M_Name\":\"cameri2\",\"Desc\":\"cameri2\",\"AP_PUID\":\"54632325421320320\"}]}");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
两处调用代码哪里不同?只是 Content 值不一样,最后怀疑是不是需要手动进行UrlEncode?又不是 url 参数,为啥需要编码呢?不管啦,先编码了再说。
問題解決
參數編碼後,調用:
var client = new RestClient("http://admin.lqclass.com/api/device");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("Content", "%7B%22AP_Name%22%3A%22HK_7889%22%2C%22IP%22%3A%22192.168.0.1%22%2C%22Module%22%3A%22%255B%257B%2522M_Name%2522%253A%2522cameri0%2522%252C%2522Desc%2522%253A%2522cameri0%2522%252C%2522AP_PUID%2522%253A%252254632325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri1%2522%252C%2522Desc%2522%253A%2522cameri1%2522%252C%2522AP_PUID%2522%253A%252254636325461320320%2522%257D%252C%257B%2522M_Name%2522%253A%2522cameri2%2522%252C%2522Desc%2522%253A%2522cameri2%2522%252C%2522AP_PUID%2522%253A%252254632325421320320%2522%257D%255D%22%7D");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content);
哈哈,成功了,这里简单猜测下:别人的服务对接收的参数可能做了UrlDecode操作。
其实中间还做了一个参数的UrlEncode操作,即下面的Module参数值:
"Content":{"AP_Name":"HK_7889","IP":"192.168.0.1","Module":[{"M_Name":"cameri0","Desc":"cameri0","AP_PUID":"54632325461320320"},{"M_Name":"cameri1","Desc":"cameri1","AP_PUID":"54636325461320320"},{"M_Name":"cameri2","Desc":"cameri2","AP_PUID":"54632325421320320"}]}
第一次UrlEncode,即先对Module的值进行UrlEncode:
"Content":{"AP_Name":"HK_7889","IP":"192.168.0.1","Module":%5B%7B%22M_Name%22%3A%22cameri0%22%2C%22Desc%22%3A%22cameri0%22%2C%22AP_PUID%22%3A%2254632325461320320%22%7D%2C%7B%22M_Name%22%3A%22cameri1%22%2C%22Desc%22%3A%22cameri1%22%2C%22AP_PUID%22%3A%2254636325461320320%22%7D%2C%7B%22M_Name%22%3A%22cameri2%22%2C%22Desc%22%3A%22cameri2%22%2C%22AP_PUID%22%3A%2254632325421320320%22%7D%5D}
第二次UrlEncode即是上面成功的参数方式了,对整个Content的值进行UrlEncode,看上面成功的参数,不重复贴了。
最後總結
抓别人数据包时,不要凭印象、已有知识判定该怎么怎么做,比如前面的参数,不使用UrlEncode时,调用成功了,其他包我是否也沿用相同的方式使用就正确呢?搞不定时,多尝试猜测的方法。
總結:“管他的,干就是了”。
本文使用的UrlEncode C# 代码:
public static string UrlEncode(string str)
{
StringBuilder sb = new StringBuilder();
byte[] byStr = System.Text.Encoding.UTF8.GetBytes(str); //默认是System.Text.Encoding.Default.GetBytes(str)
for (int i = 0; i < byStr.Length; i++)
{
sb.Append(@"%" + Convert.ToString(byStr[i], 16));
}
return (sb.ToString());
}