I use python to sign in www.cnblogs.com,and after I check his login website,I found this:
var encrypt = new JSEncrypt();
encrypt.setPublicKey('MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp0wHYbg/NOPO3nzMD3dndwS0MccuMeXCHgVlGOoYyFwLdS24Im2e7YyhB0wrUsyYf0/nhzCzBK8ZC9eCWqd0aHbdgOQT6CuFQBMjbyGYvlVYU2ZP7kG9Ft6YV6oc9ambuO7nPZh+bvXH0zDKfi02prknrScAKC0XhadTHT3Al0QIDAQAB');
var encrypted_input1 = encrypt.encrypt($('#input1').val());
var encrypted_input2 = encrypt.encrypt($('#input2').val());
var ajax_data = {
input1: encrypted_input1,
input2: encrypted_input2,
remember: $('#remember_me').prop('checked')
};
if(enable_captcha){
var captchaObj = $("#captcha_code_input").get(0).Captcha;
ajax_data.captchaId = captchaObj.Id;
ajax_data.captchaInstanceId = captchaObj.InstanceId;
ajax_data.captchaUserInput = $("#captcha_code_input").val();
}
is_in_progress = true;
$.ajax({
url: ajax_url,
type: 'post',
data: JSON.stringify(ajax_data),
contentType: 'application/json; charset=utf-8',
dataType: 'json',
headers: {
'VerificationToken': 'yWC66hohU9yO4keaqd7SFXXx_YkwvNNlcuqLrzBFKEMHt_J42D6z13UbU3GgtpB6SWFT6sZP4aLHBNKtwFfBHQTu4941:-_LZEKC3uHj-M3Tstw990NrioRtbZ600ENJIeG2oh-f-z9cVfr0i7tXVmShhfpdpI1kfLcmkINk5-YZTyyO4U9DIG4k1'
},
success: function (data) {
if (data.success) {
$('#tip_btn').html('登录成功,正在重定向...');
location.href = return_url;
} else {
$('#tip_btn').html(data.message + "<br/><br/>联系 contact@cnblogs.com");
is_in_progress = false;
if(enable_captcha)
{
。。。。。。。
and I used fiddler to catch the POST data:
{"input1":"pBehzuZMcdE1y+R9ljgZoQqkKyFGH/SB4xwbZu9wzwAu/i/g5Wes3ZtgSwMJpi1SvDIMAaZ88S3LjHdryIYaoPibLJ8sAo4ACL9AOVZvmaRZ4taZcxnqhQ/J0Stits9ztJ8yTnXJ3u5qxcHQ0RYmOwGWe9lc6iM9Uc1uHKb/4fI=",
"input2":"HvBB37tUGqnDVi12YcA4ocEsEtj+TDDHW0ogSiIbxZ+UnwCtGLVZY5K4BcZGDGTDjZVRQOaNaAlzx0HLDL0CokFjeIaTlAif4KXj9WeCqpTGsDvMq7bQ4cNkh+YB/kJ0Cac+xDogYfnIBi9ICIyKwqlVmpgw/k4O2ltKsvbHjS8=",
"remember":false}
and then I wrote the python codes like follows (key codes, not all):
#构造文件头
def getOpener(head):
#设置一个cookie处理器,它负责从服务器下载cookie到本地,并且在发送请求时带上本地的cookie
cj = http.cookiejar.CookieJar()
pro = urllib.request.HTTPCookieProcessor(cj)
opener = urllib.request.build_opener(pro)
header = []
for key, value in head.items():
elem = (key, value)
header.append(elem)
opener.addheaders = header
return opener
#构造header,一般header至少要包含一下两项。这两项是从抓到的包里分析得出的。
header = {
'Connection': 'Keep-Alive',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Language': 'zh-CN,zh;q=0.8',
'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11',
'Accept-Encoding': 'gzip, deflate, sdch',
'Host': 'passport.cnblogs.com',
'X-Requested-With': 'XMLHttpRequest',
'Content-Type': 'application/json; application/x-www-text/html; charset=utf-8',
'VerificationToken': 'ondnfIYF6IYZzotbg8_GtgFx-r5UA6qT4F692IBvPYwUCO7kDZJp88sjPEPqd3N6QFXjstaOU33OFHHXL-Oev5haLpw1:_ksfA6WvcIOeTpu9yv5bX1qZjZk1OkUHe0Y5U8cOxOQWhuxjusdZYR7jBlccng1qUkQ_s5LyNSVcnB59RCkcV9p3Qe81'
}
url = 'http://ift.tt/1Uc3761'
opener = getOpener(header)
op = opener.open(url)
data = op.read()
data = ungzip(data) # 解压
#_EVENTVALIDATION = getEVENT(data.decode())
#post数据接收和处理的页面(我们要向这个页面发送我们构造的Post数据)
url += '/user/signin'
print(url)
id = 'gHpecRGOqSvPDeqQjE9EeCXr7ZdeodJ7cDi+qlE3jFQa670+ugD0S+fFurA4J6kfAJECTjl5CLafi5LjsUX3JxKW+YleiIijaDJc6GFbDnRqaXMlNwdlcSmdRMmE7KGgjTfK2xkRcE4zIKWuL5f28zknnQYcCy9dFYsJlAZE19I='
password = '33exXhdtTqY0ubYJO1tXEgxqq4AUrCW/kPVFBYycTR0IbuejFkqdE/TsidPKfKPC+A84AmtKL0TiMetZmtoCQYM/G74/AVLdDgCGqKNUqrG0bfqJoJqMeVPlOXXlkxajF+gsbkU/z9KxxYFUoLFB2Iwe9yKzcwgAyoj8BrGUDHk='
print(id)
print(password)
#构造Post数据,他也是从抓大的包里分析得出的。
postDict = {
'input1': id,
'input2': password,
'remember': 'true'
#'__EVENTVALIDATION' : _EVENTVALIDATION,
}
#需要给Post数据编码
postData = urllib.parse.urlencode(postDict)
#print(postData)
postData = postData.encode()
print(postData)
op = opener.open(url, postData)
data = op.read()
print(data.decode())
but then I received the message: {"success":false,"message":"The parameter is incorrect.\r\n"}
I don't know why, any ideas ?
Aucun commentaire:
Enregistrer un commentaire