Requests - Request does not pass

b3ast1ns1d3 · Jul 29, 2025 at 10:04 PM

Здравствуйте. Решил сегодня написать скрипт для автопрохождения игр в магните. Прошил приложение через apk-mitm, установил, скачал http toolkit, запустил, запросы идут, все четко, но регистрация не идет из разряда вообще.

Запрос выглядит так

какой запрос отправляю я

возможно могут быть отличия в значениях переменных, но это сути вот вообще не играет

и по итогу я получаю это мол доступ запрещен, посидел, подумал, поискал библиотеку для генерации x-device-id (запрос зависит от него и x-device-platform, x-app-version), нашел какой то uuid, сделал все, опять доступ запрещен. еще посидел подумал. пришла идея, что возможно в ранних запросах, которые отправляются до самой регистрации номера есть запросы, которые отвечают за предоставление доступа определенному x-device-id. попробовал. скопировал практически все post запросы, в которых как либо фигурирует x-device-id, снова та же проблема, доступ запрещен. Еще посидел подумал, пришла идея, что возможно, в каком то запросе выдается этот x-device-id, посмотрел куки разных запросов, посмотрел headers , тела запросов , мимо. По итогу, сейчас сижу с таким кодом
import requests
import uuid
import json
from datetime import datetime, timezone, timedelta

experiments_and_features_url = 'https://middle-api.magnit.ru/ab/v1/experiments-and-features'
experiments_and_features_json = {"namespace":"omni_app","split-id":"5cda467f-a111-362e-b156-7abd26fc467a","device-id":"5cda467f-a111-362e-b156-7abd26fc467a","additionals":["feature_id"]}
random_uid = uuid.uuid4()
print(random_uid)
experiments_and_features_headers = {
"Accept-Encoding": "gzip",
"Connection": "Keep-Alive",
"Content-Length": "154", # Note: requests usually handles this automatically
"Content-Type": "application/json; charset=UTF-8",
"Host": "middle-api.magnit.ru", # Usually not needed in requests
"User-Agent": "okhttp/4.12.0",
"x-app-version": "8.63.0",
"x-device-id": f"{random_uid}",
"x-device-platform": "Android",
"x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",
"x-platform-version": "34"
}
experiments_and_features_requests = requests.post(experiments_and_features_url, headers=experiments_and_features_headers,json=experiments_and_features_json)

soft_update_url = 'https://middle-api.magnit.ru/mymagnit/v1/soft-update'
soft_update_url_headers = {
"Accept-Encoding": "gzip",
"Connection": "Keep-Alive",
"User-Agent": "okhttp/4.12.0",
"x-app-version": "8.63.0",
"x-device-id": f"{random_uid}",
"x-device-platform": "Android",
"x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",
"x-platform-version": "34"
}
soft_update_requests = requests.get(soft_update_url, headers=soft_update_url_headers)
print(soft_update_requests.text)
server_time_url = 'https://middle-api.magnit.ru/v1/user/serverTime'
server_time_headers = {
"Accept-Encoding": "gzip",
"Connection": "Keep-Alive",
"Content-Length": "43", # Note: requests will handle this automatically for you
"Content-Type": "application/json; charset=UTF-8",
"User-Agent": "okhttp/4.12.0",
"x-app-version": "8.63.0",
"x-device-id": f"{random_uid}",
"x-device-platform": "Android",
"x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",
"x-platform-version": "34"
}
tz = timezone(timedelta(hours=3))
current_time = datetime.now(tz).isoformat(timespec='milliseconds')
server_time_json = {"userTime":f"{current_time}"}
server_time_requests = requests.post(server_time_url, headers=server_time_headers, json=server_time_json)
print(server_time_requests.text)

experiments_and_features_requests1 = requests.post(experiments_and_features_url, headers=experiments_and_features_headers,json=experiments_and_features_json)

city_fials_url = 'https://middle-api.magnit.ru/v2/cities?city_fias_id=c2deb16a-0330-4f05-821f-1d09c93331e6'
city_fials_headers = {
"Accept-Encoding": "gzip",
"Connection": "Keep-Alive",
"Host": "middle-api.magnit.ru",
"User-Agent": "okhttp/4.12.0",
"x-app-version": "8.63.0",
"x-device-id": f"{random_uid}",
"x-device-platform": "Android",
"x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",
"x-platform-version": "34"
}
city_fials_requests = requests.post(city_fials_url, headers=city_fials_headers)
print(city_fials_requests.text)

recomendation_url = 'https://middle-api.magnit.ru/recoms/v1/recommendations'
recomendation_headers = {
"Accept-Encoding": "gzip",
"baggage": "sentry-environment=production,sentry-public_key=6d4cfb7c8887ad7d38f6d3182a75acda,sentry-release=ru.tander.magnit%408.63.0%2B1174258,sentry-trace_id=f727147d7c69457489db2a93dcfca7f3",
"Connection": "Keep-Alive",
"Content-Type": "application/json; charset=UTF-8",
"sentry-trace": "f727147d7c69457489db2a93dcfca7f3-b20e50b17b1d47ba",
"User-Agent": "okhttp/4.12.0",
"x-app-version": "8.63.0",
"x-device-id": f"{random_uid}",
"x-device-platform": "Android",
"x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",
"x-platform-version": "34"
}
recomendation_json = {"catalogType":"2","limit":20,"offset":0,"service":"express","stores":[{"catalogType":"2","code":"997206","service":"express"},{"catalogType":"3","code":"shop_group_location_74265_distr","service":"apteka"}],"type":"main"}
recomendation_requests = requests.post(recomendation_url, headers=recomendation_headers, json=recomendation_json)
print(recomendation_requests.text)

reg_url = 'https://id.magnit.ru/v1/auth/otp'
reg_json = {"aud":"loyalty-mobile","phone":"79820783265","captcha-token":"captcha-token","forceSMS":True}
reg_headers = {
"Accept-Encoding": "gzip",
"baggage": "sentry-environment=production,sentry-public_key=6d4cfb7c8887ad7d38f6d3182a75acda,sentry-release=ru.tander.magnit@8.63.0+1174258,sentry-trace_id=f727147d7c69457489db2a93dcfca7f3",
"Connection": "Keep-Alive",
"Content-Type": "application/json; charset=UTF-8",
"Host": "id.magnit.ru",
"sentry-trace": "f727147d7c69457489db2a93dcfca7f3-b20e50b17b1d47ba",
"User-Agent": "Dalvik/2.1.0 (Linux; U; Android 14; RMX3938 Build/UP1A.231005.007)",
"x-app-version": "8.63.0",
"x-device-id": f"{random_uid}",
"x-device-platform": "Android",
"x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",
"x-platform-version": "34",
"x-request-sign": "00e702727d545926fc7b7054b7f8241e62fb2e1e29340be4ffe0d56bf4e82dd6ec9f0ed1d7bb2f98cecb3fcecb8c219e8ec410eca7f453f7f301fe33046ca73c"
}
z = requests.post(reg_url, headers=reg_headers, json=reg_json)
print(z.text)

Python
import requests

import uuid

import json

from datetime import datetime, timezone, timedelta



experiments_and_features_url = 'https://middle-api.magnit.ru/ab/v1/experiments-and-features'

experiments_and_features_json = {"namespace":"omni_app","split-id":"5cda467f-a111-362e-b156-7abd26fc467a","device-id":"5cda467f-a111-362e-b156-7abd26fc467a","additionals":["feature_id"]}

random_uid = uuid.uuid4()

print(random_uid)

experiments_and_features_headers = {

    "Accept-Encoding": "gzip",

    "Connection": "Keep-Alive",

    "Content-Length": "154",  # Note: requests usually handles this automatically

    "Content-Type": "application/json; charset=UTF-8",

    "Host": "middle-api.magnit.ru",  # Usually not needed in requests

    "User-Agent": "okhttp/4.12.0",

    "x-app-version": "8.63.0",

    "x-device-id": f"{random_uid}",

    "x-device-platform": "Android",

    "x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",

    "x-platform-version": "34"

}

experiments_and_features_requests = requests.post(experiments_and_features_url, headers=experiments_and_features_headers,json=experiments_and_features_json)



soft_update_url = 'https://middle-api.magnit.ru/mymagnit/v1/soft-update'

soft_update_url_headers = {

    "Accept-Encoding": "gzip",

    "Connection": "Keep-Alive",

    "User-Agent": "okhttp/4.12.0",

    "x-app-version": "8.63.0",

    "x-device-id": f"{random_uid}",

    "x-device-platform": "Android",

    "x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",

    "x-platform-version": "34"

}

soft_update_requests = requests.get(soft_update_url, headers=soft_update_url_headers)

print(soft_update_requests.text)

server_time_url = 'https://middle-api.magnit.ru/v1/user/serverTime'

server_time_headers  = {

    "Accept-Encoding": "gzip",

    "Connection": "Keep-Alive",

    "Content-Length": "43",  # Note: requests will handle this automatically for you

    "Content-Type": "application/json; charset=UTF-8",

    "User-Agent": "okhttp/4.12.0",

    "x-app-version": "8.63.0",

    "x-device-id": f"{random_uid}",

    "x-device-platform": "Android",

    "x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",

    "x-platform-version": "34"

}

tz = timezone(timedelta(hours=3))

current_time = datetime.now(tz).isoformat(timespec='milliseconds')

server_time_json = {"userTime":f"{current_time}"}

server_time_requests = requests.post(server_time_url, headers=server_time_headers, json=server_time_json)

print(server_time_requests.text)



experiments_and_features_requests1 = requests.post(experiments_and_features_url, headers=experiments_and_features_headers,json=experiments_and_features_json)



city_fials_url = 'https://middle-api.magnit.ru/v2/cities?city_fias_id=c2deb16a-0330-4f05-821f-1d09c93331e6'

city_fials_headers = {

    "Accept-Encoding": "gzip",

    "Connection": "Keep-Alive",

    "Host": "middle-api.magnit.ru",

    "User-Agent": "okhttp/4.12.0",

    "x-app-version": "8.63.0",

    "x-device-id": f"{random_uid}",

    "x-device-platform": "Android",

    "x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",

    "x-platform-version": "34"

}

city_fials_requests = requests.post(city_fials_url, headers=city_fials_headers)

print(city_fials_requests.text)



recomendation_url = 'https://middle-api.magnit.ru/recoms/v1/recommendations'

recomendation_headers = {

    "Accept-Encoding": "gzip",

    "baggage": "sentry-environment=production,sentry-public_key=6d4cfb7c8887ad7d38f6d3182a75acda,sentry-release=ru.tander.magnit%408.63.0%2B1174258,sentry-trace_id=f727147d7c69457489db2a93dcfca7f3",

    "Connection": "Keep-Alive",

    "Content-Type": "application/json; charset=UTF-8",

    "sentry-trace": "f727147d7c69457489db2a93dcfca7f3-b20e50b17b1d47ba",

    "User-Agent": "okhttp/4.12.0",

    "x-app-version": "8.63.0",

    "x-device-id": f"{random_uid}",

    "x-device-platform": "Android",

    "x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",

    "x-platform-version": "34"

}

recomendation_json = {"catalogType":"2","limit":20,"offset":0,"service":"express","stores":[{"catalogType":"2","code":"997206","service":"express"},{"catalogType":"3","code":"shop_group_location_74265_distr","service":"apteka"}],"type":"main"}

recomendation_requests = requests.post(recomendation_url, headers=recomendation_headers, json=recomendation_json)

print(recomendation_requests.text)







reg_url = 'https://id.magnit.ru/v1/auth/otp'

reg_json = {"aud":"loyalty-mobile","phone":"79820783265","captcha-token":"captcha-token","forceSMS":True}

reg_headers = {

    "Accept-Encoding": "gzip",

    "baggage": "sentry-environment=production,sentry-public_key=6d4cfb7c8887ad7d38f6d3182a75acda,sentry-release=ru.tander.magnit@8.63.0+1174258,sentry-trace_id=f727147d7c69457489db2a93dcfca7f3",

    "Connection": "Keep-Alive",

    "Content-Type": "application/json; charset=UTF-8",

    "Host": "id.magnit.ru",

    "sentry-trace": "f727147d7c69457489db2a93dcfca7f3-b20e50b17b1d47ba",

    "User-Agent": "Dalvik/2.1.0 (Linux; U; Android 14; RMX3938 Build/UP1A.231005.007)",

    "x-app-version": "8.63.0",

    "x-device-id": f"{random_uid}",

    "x-device-platform": "Android",

    "x-device-tag": "FE913FE1-A297-47B5-A8F6-223BB80349C7_46C51FB7-814E-4D26-BDEF-C08215DF6D56",

    "x-platform-version": "34",

    "x-request-sign": "00e702727d545926fc7b7054b7f8241e62fb2e1e29340be4ffe0d56bf4e82dd6ec9f0ed1d7bb2f98cecb3fcecb8c219e8ec410eca7f453f7f301fe33046ca73c"

}

z = requests.post(reg_url, headers=reg_headers, json=reg_json)

print(z.text)
Если кто шарит - помогите пожалуйста.

playwright · Jul 29, 2025 at 10:08 PM

Hidden content. You need to be registered to see it.
Click to expand...

playwright · Jul 29, 2025 at 10:10 PM

Hidden content. You need to be registered to see it.
Click to expand...

Апатия · Jul 29, 2025 at 10:14 PM

во первых капча
во вторых это скорее всего одноразовый токен, тебе надо разобрать как он генерируется

Autostatus in VK and autobio in Telegram with the current Spotify song

[Telegram_accounts] Error when importing existing orders: you need to get data about the account

Errors 403 404 soundclass

Tell me what is it for garbage and how to decipher it

Software for generating Octobrowser and acting proys

How to "emulate" Wi Fi?

Software for changing passwords firstmail

Bot for feedback from the admin panel | Bypassing spamblock.

Bot assistant for buying advertising | Checking statuses/pins + avatars

DICEBOT for forum | AIOGRAM bot with a beautiful menu

[Actual] User Bot Auto Buying gifts telegrams

Unconfirmed orders - remark for fpc

NFT DRANINER Under the guise of a guarantor bot

How to get ayy yuzer

Do Parsers Chata TG on Python no longer work?

Script for downloading all VK music + with cover + with text MusixMatch or Genius

Guide on how to make an animated message effect in aiogram

Requests - Request does not pass

Plugin for auto -salary TG Akks from Lolz to FP

The simplest eternal online VKontakte

Throw the plugins for fpc pzhzh

YouTube Video Archives | Python

Simple Fake Cheat Loader | Loader

[TG DRAIN] Telegram drainer

Telegram bot for drawings

Parser Youpin898 (Steam skins)

How to decompile .pyc?

Scam BUSINESS BOOK GRABER GHUTAROV through TG BUSINESS

Pyanty - Web automation, module for managing dolphin via Selenium, and Dolphin API

Emunium - module for simulating human behavior in Selenium/Pyppeteer

Requests - Request does not pass