所需工具：

• findller
• chrome

獲取外賣歷史訂單地址為：

http://e.waimai.meituan.com/v2/order/history/r/query?getNewVo=1&wmOrderPayType=2&wmOrderStatus=-2&sortField=1&startDate=2017-05-30&endDate=2017-05-30&lastLabel=&nextLabel=&signToken=05StD%7BKnLehoTpdt%3BjdsaJIg3tMxPAH%5B%40Mn%40luuu4hmFQeD%60Hu7Ie%3Bnd%7BFWr%60pNUD2KnwqI7cUOGZlM%3BSEuvA%60FmNLtujpdz%60AX-a%3B4o-uk)MKl3%7B5dXjUENrzN4rf1XDumEGM%60Vzws0)cA0%3A3RVHe%3F%3F&_token=eJx90FtvolAQAOD%252FwqtEzo2byT6g1iqpFi9QpekDwikcrFAPqGCz%252F32PrJL1ZQnJfBmGmcn8SHwSST0IxKPLUlkIE1ODqgaRAaFIhf%252FmMMS6yG25N5R67xBqmqwh9HHNLETiHWKR0TXjQ74RCyIi3mvNRJRISVl%252B9xSFds8B2wesu6esPAZZN8z3ygkpOY8oVxJWlDmvJfm%252F5ZJoul9dm6qQyJBAUa9CLENstjJaaY2QEG4EhcBVwJAhUls1X8Ux7tKEms5AfRC4CzbTAHlQMxfgB%252Bmtml0AagUf9HcXcBMxzVZiP0gaaa1wK3CXobfC9391rZkhTra7nkzE4BbLWyxYnEk9idpVlILyFO%252BsjeV0XvrVxLGH1dDdTdhgOXATfTOwKRrxz8JbeGnu5HyQmfTlyyT7qRb5VvhEybGfsz23Gcs4K%252BfWBVmHPqDea7EgMdeSsJ4PYE3rEDg1mb88ueF5aKrBxh5bgZGMLkfDnZ7cYHYpHY5jpMxY5kdPkwkx5%252BNtZ%252BjlW4sV1heNYzNIYZYEq2f%252Fkzn87bVGGYSHMb5Uqun3s9oLy8ErDXS63L2BacFZAfR0Napm6y0dZdGUTDuH2Vt2TM2td1gbxtI1o5G3Pq3wNF7aQ38%252B9jvpeUNG1cLJlCrIPt15BVKkq9t17X5fknNleRf%252FGcI%252BsDfr8vxL%252Bv0HGsLkRQ%253D%253D

裏面有一個signToken,我們該如何獲取signToken的值呢？

用chrome訪問http://e.waimai.meituan.com/v2/order/history 這個頁面後，發現有一個

http://e.waimai.meituan.com/static/59229326/js/page/order/history.js 比較可疑，

於是拿出來分析，通過查詢發現裏面有signToken

經過分析，得到大概是下面這段js代碼

define(‘module/ajax_util‘,["module/interface"],function(e){var r=jQuery.ajax,t=$(".J-csrf-token"),n=$(".J-sign-token"),a=t.val(),o=n.val(),d=[e.order.getNewOrderFromInterval,e.order.queryProcessedOrderList,e.order.queryHisOrderList];t.remove(),n.remove();var
 
 i=function(r){return r&&r.indexOf(e.order.queryHisOrderList)>-1?100007:r&&r.indexOf(e.order.recipientPhone)>-1?100008:r&&r.indexOf(e.order.getPrintOrderInfo)>-1?100009:null},u=location.origin,s=function(e){var r=[];for(var t in e)r.push(t+"="+e[t]);return r.join("&")},f=function
 
(e,r){for(var t=0,n=e.length;n>t;t++)if(r&&-1!==r.indexOf(e[t]))return!0},c=function(e){
    if(e){
        for(var r="",t=0,n=e.length;n>t;t++)
            r+=String.fromCharCode(2^e.charCodeAt(t));
        return r
    }return""
},l=c(o);

$.ajax=function(e){e.type&&"post"===e.type.toLowerCase()&&(e.data&&"function"==typeof e.data.append?e.data.append("csrfToken",a):e.data=$.extend(e.data||{},{csrfToken:a}))
,f(d,e.url)&&(e.data&&"function"==typeof e.data.append?e.data.append("signToken",l):e.data=$.extend(e.data||{},{signToken:l}));
var t=function(e,r,t){};e.success&&jQuery.isFunction(e.success)&&(t=e.success),e.success=function(e,r,n){4001===e.code?alert(e.msg):4002===e.code?top.location.reload():1017===e.code?alert(e.msg):t(e,r,n)};var n=function(e,r,t){};"function"==typeof e.error&&(n=e.error),e.error=function(r,t,a){n(r,t,a);({eventTime:Math.floor((new Date).getTime()/1e3),responseCode:r.status,url:e.url,param:e.data,msg:t})};
var o=i(e.url);if(o){Rohr_Opt.Flag=o;var c=s(e.data?e.data:{});Rohr_Opt.reload(u+e.url+(c?(e.url.indexOf("?")>-1?"&":"?")+c:"")),e.data?e.data._token=rohrdata:e.data={_token:rohrdata}
}return r(e)
}
});

signToken的取值：

1.獲取http://e.waimai.meituan.com/v2/order/history 頁面隱藏表單域J-sign-token的值

<input type="hidden" class="J-sign-token" value="27QvFyIlNgjmVrfv9hfqcHKe1vOzRCJYBOlBnwww6joDSgFbJw5Kg9lfyDUpbrLWF0IlusK5aWMEXnO9QGwtCbDoLNvwhrfxbCZ/c96m/wi+OIn1y7fZhWGLpxL6pd3ZFwoGEObTxuq2+aC281PTJg=="/>

2.通過以下算法得到r的值，即為signToken

for(var r="",t=0,n=e.length;n>t;t++)
     r+=String.fromCharCode(2^e.charCodeAt(t));

美團外賣商家獲取訂單-signToken取值