|
|
近日,研究Tencent网页模拟登录的过程,过程有些忐忑,但最终还是实现了这一功能。先将结果写于此,供大家参考:
其加密过程在c_login_old.js文件中执行,将JS关键代码提取出来如下:
function hexchar2bin(str) {
var arr = [];
for (var i = 0; i < str.length; i = i + 2) {
arr.push("\\x" + str.substr(i, 2))
}
arr = arr.join("");
eval("var temp = '" + arr + "'");
return temp
}
function getEncryption(password, uin, vcode) {
var str1 = hexchar2bin(md5(password));
var str2 = md5(str1 + uin);
var str3 = md5(str2 + vcode.toUpperCase());
return str3
}
function uin2hex(str) {
var maxLength = 16;
str = parseInt(str);
var hex = str.toString(16);
var len = hex.length;
for (var i = len; i < maxLength; i++) {
hex = "0" + hex
}
var arr = [];
for (var j = 0; j < maxLength; j += 2) {
arr.push("\\x" + hex.substr(j, 2))
}
var result = arr.join("");
eval('result="' + result + '"');
alert(result)
return result
}
将其转换为Python脚本如下,测试有效。
# -*- coding: utf-8 -*-
'''
Version : Python27
Author : Spring God
Date : 2014-4-26
'''
import md5
def hexchar2bin(hexchar):
params = ''
for i in range(0, len(hexchar), 2):
params += chr(int(hexchar[i:i+2], 16))
return params
def uin2hex(uin):
hex_str = str(hex(int(uin)))[2:]#.upper()
hex_len = len(hex_str)
hex_str = '0'*(16-hex_len) + hex_str
return hexchar2bin(hex_str)
def getEncryption(password, uin, vcode):
str1 = md5.md5(password).hexdigest()
str2 = md5.md5(hexchar2bin(str1)+uin2hex(uin)).hexdigest()
str3 = md5.md5((str2+vcode).upper()).hexdigest().upper()
return str3
if __name__ == '__main__':
print(getEncryption('密码','QQ','验证码'))
需要注意的是:验证码怎么获取,我在腾讯微博登录时通过分析网络传输数据得到如下方式来获取验证码
def check(account):
check_page = 'https://ssl.ptlogin2.qq.com/check?uin=%s&appid=46000101&low_login=1' % account
headers = {
'Referer': 'https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=46000101',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36'}
res = urllib2.urlopen(check_page)
data = res.read()
params = re.search("'(.*?)','(.*?)',", data)
#print(params.groups())
'''
第一个参数:0-默认验证码; 1-需要验证码
第二个参数:默认验证码; 验证码cap_cd
获取验证码地址:https://ssl.captcha.qq.com/getimage?uin=1090523513&aid=46000101&cap_cd=cbDkfT8sXEd21HNyJXwSFPDwR2Sw70dK
第三个参数:用户帐号HEX值
'''
if(None == params):
return None
if(params.group(1) == '0'):
return params.group(2)
elif(params.group(1) == '1'):
img_page = 'https://ssl.captcha.qq.com/getimage?uin=%s&aid=46000101&cap_cd=%s' % (account, params.group(2))
img_data = urllib2.urlopen(img_page).read()
with open(r'verifyCode.jpg', 'wb') as _file:
_file.write(img_data)
_file.close()
os.popen(r'start verifyCode.jpg')
return verifyCode = raw_input(u'输入验证码:')
else:
return None
return None
至于登录,就简单了
def login(account, pwd):
verrifyCode = check(account)
if(None == verrifyCode):
return False
print(u'登录中...')
pwd = password.getEncryption(pwd, account, verifyCode)
login_page = 'https://ssl.ptlogin2.qq.com/login?u='+account+'&verifycode='+self.verifyCode+'&p='+pwd+'&pt_rsa=0&ptredirect=1&u1=http%3A%2F%2Ft.qq.com&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=1-11-1398479501082&js_ver=10076&js_type=1&login_sig=AzGRTF28dkUVNnUrx8c0RlDtx4Rl-6gfJ4Z6SIC1VLphoHULwNooXLsFaS12t2p8&low_login_enable=1&low_login_hour=720&aid=46000101&daid=6&'
res = urllib2.urlopen(login_page)
data = res.read().decode('utf-8')
params = re.search("'.*?','.*?','.*?','.*?','(.*?)', '(.*?)'", data)
print(params.group(1)+params.group(2))
贴上完整代码段
# password.py
# -*- coding: utf-8 -*-
'''
Version : Python27
Author : Spring God
Date : 2014-4-26
'''
import md5
def hexchar2bin(hexchar):
params = ''
for i in range(0, len(hexchar), 2):
params += chr(int(hexchar[i:i+2], 16))
return params
def uin2hex(uin):
hex_str = str(hex(int(uin)))[2:]#.upper()
hex_len = len(hex_str)
hex_str = '0'*(16-hex_len) + hex_str
return hexchar2bin(hex_str)
def getEncryption(uin, password, vcode):
str1 = md5.md5(password).hexdigest()
str2 = md5.md5(hexchar2bin(str1)+uin2hex(uin)).hexdigest()
str3 = md5.md5((str2+vcode).upper()).hexdigest().upper()
return str3
if __name__ == '__main__':
print(getEncryption('QQ','密码','验证码'))
# Tencent.py
# -*- coding: utf-8 -*-
'''
Version : Python27
Author : Spring God
Date : 2013-6-28
'''
import urllib
import urllib2
import cookielib
import io
import gzip
import re
import os
import password
class Tencent(object):
def __init__(self):
self.verifyCode = None
self.uin = None
self.newtask = None
self.daytask = None
# 安装cookie 支持登录操作
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
urllib2.install_opener(opener)
def check(self, account):
'''
应用ID:46000101(微博)
https://ssl.ptlogin2.qq.com/check?regmaster=&uin=947742112&appid=46000101&js_ver=10076&js_type=1&login_sig=ohbOoy-NhVcIjEGkjmMCUcg4BG6Xn8C9q182ebLKuXLuK1rawH0w0LEuAJYNM9GW&u1=http%3A%2F%2Ft.qq.com&r=0.7585592269897461
'''
self.uin = account
check_page = 'https://ssl.ptlogin2.qq.com/check?uin=%s&appid=46000101&low_login=1' % account
headers = {
'Referer': 'https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=46000101',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36'}
res = urllib2.urlopen(check_page)
data = res.read()
params = re.search("'(.*?)','(.*?)',", data)
#print(params.groups())
'''
第一个参数:0-默认验证码; 1-需要验证码
第二个参数:默认验证码; 验证码cap_cd
获取验证码地址:https://ssl.captcha.qq.com/getimage?uin=1090523513&aid=46000101&cap_cd=cbDkfT8sXEd21HNyJXwSFPDwR2Sw70dK
第三个参数:用户帐号HEX值
'''
if(None == params):
return False
if(params.group(1) == '0'):
self.verifyCode = params.group(2)
elif(params.group(1) == '1'):
img_page = 'https://ssl.captcha.qq.com/getimage?uin=%s&aid=46000101&cap_cd=%s' % (account, params.group(2))
img_data = urllib2.urlopen(img_page).read()
with open(r'verifyCode.jpg', 'wb') as _file:
_file.write(img_data)
_file.close()
os.popen(r'start verifyCode.jpg')
self.verifyCode = raw_input(u'输入验证码:')
else:
return False
return True
def login(self, account, pwd):
if(False == self.check(account)):
return False
print(u'登录中...')
pwd = password.getEncryption(account, pwd, self.verifyCode)
login_page = 'https://ssl.ptlogin2.qq.com/login?u='+account+'&verifycode='+self.verifyCode+'&p='+pwd+'&pt_rsa=0&ptredirect=1&u1=http%3A%2F%2Ft.qq.com&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=1-11-1398479501082&js_ver=10076&js_type=1&login_sig=AzGRTF28dkUVNnUrx8c0RlDtx4Rl-6gfJ4Z6SIC1VLphoHULwNooXLsFaS12t2p8&low_login_enable=1&low_login_hour=720&aid=46000101&daid=6&'
res = urllib2.urlopen(login_page)
data = res.read().decode('utf-8')
params = re.search("'.*?','.*?','.*?','.*?','(.*?)', '(.*?)'", data)
print(params.group(1)+params.group(2))
if __name__ == '__main__':
app = Tencent()
app.login('QQ', '密码')
下面是测试结果
转载请注明出处:http://www.iyunv.com/doudongchun/p/3694922.html |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-4-22 10:52:06
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡