python接口自动化之抓包与参数关联的讲解

一、前言

参数关联是接口测试和性能测试最为重要的一个步骤，很多接口的请求参数是动态的，并且需要从上一个接口的返回值里面取出来，一般只能用一次就失效了。
最常见的案例就是网站的登录案例，很多网站的登录并不仅仅只传username和psw两个参数，往往有其它的动态参数。
有时候还需要带上cookies参数，如JSESSIONID

二、登录参数

首先分析下目标网站【学信网：https://account.chsi.com.cn/passport/login】的登录接口请求参数。
先随便输入账号和密码，使用chalres工具抓包查看请求参数，用两个参数是网页自动给的参数（用户没输入），特别关注lt

关闭浏览器后，重复上面操作，再抓包看请求参数，会发现变了

 备注：execution参数是表示网站刷新次数，可以刷新下再登录，就变了 

三、获取接口返回数据

我们想登录的话，必须先得到 lt 和 execution 这2个参数，编写函数得到这两个值

# -*- coding: utf-8 -*-

"""
@author: lucas
@Function:
@file: get_it_execution.py
@time: 2021/10/16 10:45 上午
"""
import requests
from lxml import etree
import urllib3

urllib3.disable_warnings()

s = requests.session()


def get_it_execution():
    result = {}
    loginurl = "https://account.chsi.com.cn/passport/login"
    h1 = {
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36"
    }
    s.headers.update(h1)
    r = s.get(loginurl, verify=False)
    dom = etree.HTML(r.content.decode("utf-8"))

    try:
        result["lt"] = dom.xpath('//input[@name="lt"]')[0].get("value")
        result["execution"] = dom.xpath('//input[@name="execution"]')[0].get("value")
        print(result)
    except:
        print("lt、execution参数获取失败！")
    return result


if __name__ == "__main__":
    result = get_it_execution()

运行结果：

{'lt': 'LT-217451-dkzeNOshAhPiLR2oNKrVxbW6ZJUtY-cas', 'execution': 'f01b9e46c-53d2-44a0-9af9-92a69cc53443_ZXlKaGJHY2lPaUpJVXpVeE1pSjkuU2l0S056bG5RVVZaUjJ4SVFXSkxVRTFhZVhSaVVrSmFRMFYwV0ZCMVZHeDJlRXMzUlRsbFltSlBabnAzY2tkM1kySlhTR3RJUmpGSlZGaEZWMjFxTnpSak9EUnhkRXB2Y1RKNlVuZzBOa2dyUVZsbmVFRktlRGMyTmprdk9WYzRNa1F3Y2tacEwxWkNaR0p2UVU5UFoweENWV1F5VlhaUFlVTjZMMVIwU2xWcVdqRlFNV1JwUTNkcE5FcDNRVXBHVUUxWFJtNHZabnB5WTBWcWVDOHZjV2t2ZEhGVFRVbGhRWFJKTTBkQ1MycDJORVo1TlN0YVpGcElOWGhNVHpWc01sUktZMkkzUmtScVMwTnNkV3g1TmpSclJXTnZMMmh4VERKdVFsSmxTVk54U0RadVZHRmhaeXRLVlhZeE56TlRSa3hLYVhwaVQxZE5ZVnBvTXpSNlF6WndRMm94YzJGSVQyd3ZVV1J2T0dSVVNEVnJSWEpQZHl0VGFtNTVjblpKUjNkdVFtYzJkSEZaTnpjNVpGbGtWbU53UW1wS00xYzBUbEpxWkRkNk1YSnNLMDVQTDFGc2R6UlFNVzFuTVhnNFRpc3hhMFZFV2sxcFlYTTVZbE5WU2paclFXSjNjbTEyV201eE5tWTBhVWxwT1hOelJuWnFUR0ZNTmtGNlJFZDBlRkJuV0VWSFUycEtPVXRVV0c5aWJIRnpNM0ZLVGpSNU9EVmpjel21OeVRFVXphMGxvTTFJeU1HUjNWM014SzBneVREUkJTQzlUVVhCdFdsRnJSRFV4TVRCWlRUQnRWalpsVkhWdVJYbEJXRUo0TjB4UlVXWlFjV0UyV0V0RU5FbzRZVzlDWldGQ1RsUjRZWGg2TDJOcE5IcGtXRlY1ZW0xbVZVSXJNelV6TDIxSFdIUnZVazlRTml0R0sxY3dZMFI0SzFkSlprdHpiRmRQZFhOeFZGVnpSakl3WjFKUGNqaDBiMjFtYjBGR0sxcGtVVFphY3poWVpqY3haa0V5TmtOSU5tVm9VVEl5UVRabGEzcERhemszYVdWdWNIQkhjRTlhVGtwS056VXJaa056TUVKM05FSndVa2gzTlRCUFVWQmlWekZGYWpsa1dVVlBha3AxT1hobFUxWXZZblk0Ukd0NmFtaEZLMmhHWkZkd1pIZDFhSEExVHk5Q1JVaFJNbmR2Y0VabU9GZ3ljVkJXWW1ZclF6Z3JjQzlPWkhKVE9YQnZjbFZvY0N0WFFXVnRNbE41ZUd4VFJWUnFTV2hLZFZoeWVVeHpNbFJEYkRsbldEbGtMMUJQV0hCSVRFNVFTa0pZY1hWTGRFNDBPRFkwSzFkaWNtOW5iMDFKTWpseWQxRmllVFpUWVdSeU5qZEdaa1FyTlZaTWVYQXJhVXRRUVdWaVptdFVjMG92WVhCM2VEUlZlbTB2U1hCNlNqVlFkVTh6VmpScGVFazBlSHBvVEZKd2RqWlVMelk1VTFGS1QwUlJaRWxHTW5Gck5tczFiRU5pT0hGbU0yNDVRMUZYYjBReU5qbHhOMDE0TVd0aVRqUjVNemxWUzBkVWJ6TkpNbVp2UlU1SVIyUlZOWE5QWVVoRmRVRlhORVF5UVZORFF6aDJlbk5tTkZrM1Z6WnhVMlo2YUZadGJteHpMMmh4YmtJNVExRldaRE51ZEU5V1psaDNhMUpOTlRkeVNYQk9WMDl2VlRkSllVRTBhREJ1ZUVkemF5OHlhV3RtU1ZGbFNGWklVMmRMVUZaaGRuQnpNWEJMVWxKdWJtNUtRV1ZJWm10WlZERkliR2hyWWprNFZETlJTMlF6WW5WcVdsWTBjWE5qUldoeVMwbHZkbU5SUW10S01ITllhREJoYkhWeGNXeENjVlZRWmtJd1dYaHhRemR6YkRWQ1RUQnBSV0V4VkVRNGNITTVaMlpITkhZNU5HcHBWRFZMYWpWRlZ5OU1VWGczUWt4Qk5EaERkV05IY2tSUVZGVTBkRTVRVXlzNGFHNVJOMDEzY0dNNVJITXhhWGxtTjJOUmRYcDNOVXB0Y2tWNWMzRnhaamxpU25kWVVVazVha05uUkc5YU1tdFdOV0ZKWnpSclZHdHhTbFZ6UW5CQlRHWXllblpKTUVoblV6WnNZbEUxTmxCSlZqSTJTMjFtYmxRMlR5c3hSM2xpVlRscldXdHNZa3BFT1VGRU9VSTFNRWN3VjNnM04xTnZVa0ZrVFVsek0zWlpWbXgyTm5OU1IwczNia3BIWjFOWVYwTm5lbFZrT0ROVE1scE5aVTVzV21sYVlTOXdiMGhuYjBOUFpVTktRM0IxY1RGb09YTk9WazU1TDNObU1tVjRaa05uYm1aTU1XTTNjSEJtWW1WWU1FWldNR1JvWm1sSGRtWmxNMlJPZWpaTlZ6TnlaMnR0V0ROSlMzbDZPVXB2ZWxwNllrVlJRazlKWjJOVU5YYzNlR3MzY0d4dGJsRkxiR0ZaU2pGQ1drbGpTbkpYZHpNMk9IZE9iMXBvUTBaa2NWRjVPWHBKYmxOMGNGTjVVVU4wTWk5d2NXVkZSak54TUN0S2RHMW1SSGxzY1dOVmNrdElOMnA2YlV0bWEzWlVNVUVyU1N0TGJGWkNiVk0xU1RSQ01raElRM2hTUlhkelQwSk1VVXhTUVUxbFptdEpUV0p3YW5SeWJYVkpaR0ZETkdSc1NYWlBha2w1ZWtkbmJXZHBWWEZvYzNoaWRGRllTV0ZsUlRjeVJIQXZTVGx2VFhKNWVWZHhjV3RzYUhabWFtaHJNemRUWjNkbU5ISnZMM0ZwWWxoVmEwRkRWRWhwUzBwd1RGcGtaMkZZYTNCR2VXOTZNR1pKUlVJMWFYTlpibWRXVTBFNFJXTk9NRVUwVGs1SmRTc3pTM1pvWVdsMlYxcGhaakp3U2xWd1pYWnRRWFJRU1hJMk0xTjNSRGhsUnk5T1RIQnRTeThyUkRobWQwUkdaMU5MYms5MFltWlJNa1ZvT1d0Mk5uRklkVmhaYjI5SWEzaERTbEJNVVhKUk4yOVlWa0Z2U21Kak4xRm5XVTFTZFhnMFNVMUxhR1l2YkUxWk0zbEVOR2xqUTB3clFYaDNSMWh3VEdGeVlqWmxhME40ZUd0eGFFOTFjbmt2VnpWc1FtRmlRMHR0VkU1cFlVOUxRVkkzYWtWb01WZHNORlZJU3pKcE56UXlkbFZ5THpSWVpWRnpjVVZ2VGxoaWFuVnpZVE00Unl0NlVUQnllWEp0YWsxM1UyY3pkVWN5YVdzcmF6Qm1kbGQwYTAxWk9XRXplWGhXWld4dVpHUkdlVWxtVlcxWEwzQkVaMWt2ZFdkNGNta3hjbTVQWm1ZeVl6TXZZMHNyV1doV0syaFBWazV1TlRabFprOWpVVWRQYkVab1oybG9jVFJJTUZsQlJFZHhXbkJIY201Tk9HVjBMMDlHVDNvMk1Va3lVMHRtU2s4emNHZG5jRVVyVVhsRGJWaFdXRXNyTUZkb1puWnZMMnN5UTFaNU9IcENjazByTkVGVE1IbHpNbWRVZEVkak4zZE5aRXhGUjJScVYxY3dhM2M5UFEuUENtRGR6YUMwMVJCRExOR2VHUEZYbDhFWHRfeTJQbmJheUlhWTdZYlMxR2x4Q1dIbUlmTzVWaVUxcFhRcHZ0MjFRdk52RlF2a3pZWUY1OGRFaHgzTFE='}

四、JSESSIONID

登录里面实际上会有一个非常重要的cookies参数JSESSIONID，这个JSESSIONID也是动态的，每次重新打开页面都会变。

这个参数也是第一次访问登录页面时候，服务器会自动返回过来的，使用浏览器无痕模式首次访问就能抓取到了。

cookies参数关联实现就非常简单了，直接用requests.session()去发个get请求就能自动保存了，所以上一步get_it_execution()实际上也同步了cookies参数。

五、参考代码 

# -*- coding: utf-8 -*-

"""
@author: lucas
@Function:
@file: get_it_execution.py
@time: 2021/10/16 10:45 上午
"""
import requests
from lxml import etree
import urllib3

urllib3.disable_warnings()

s = requests.session()


def get_it_execution():
    result = {}
    loginurl = "https://account.chsi.com.cn/passport/login"
    h1 = {
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36"
    }
    s.headers.update(h1)
    r = s.get(loginurl, verify=False)
    dom = etree.HTML(r.content.decode("utf-8"))

    try:
        result["lt"] = dom.xpath('//input[@name="lt"]')[0].get("value")
        result["execution"] = dom.xpath('//input[@name="execution"]')[0].get("value")
        print(result)
    except:
        print("lt、execution参数获取失败！")
    return result


def login(result, user='13812348888', psw='123456'):
    loginurl = "https://account.chsi.com.cn/passport/login"
    h2 = {
        "Referer": loginurl,
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*
function intialViewHeight(){
    if( $(".left-box").length > 0 ){
        var leftHeight = $(".left-box").height() - 40,
            rightHeight = $(".right-box").height();
        if( leftHeight > rightHeight ){
            $(".right-box").height(leftHeight);
        }else if( rightHeight > leftHeight ){
            $(".left-box").height(rightHeight + 20);
        }
    }else{
        return false;
    }
}