admin管理员组文章数量:1637795
记录中大网校破解登录后爬取的方法:
案例请求地址:中大网校会员中心-登陆入口-中大网校
使用工具:打码平台(超级鹰)
分析请求:
分析此请求,得知没有data,保持状态登录需要服务器知道是这个用户对应请求的相应验证码,所以要用session来维护状态
get_img ="https://user.wangxiao/apis//common/getImageCaptcha"
session = requests.session()
session.headers = {
'Referer' : "https://user.wangxiao/login?url=http%3A%2F%2Fks.wangxiao%2F",
"Content-Type": "application/json;charset=UTF-8",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
}
session.get("https://user.wangxiao/login?url=http%3A%2F%2Fks.wangxiao%2F")
time.sleep(0.5)
image_b = session.post(get_img).json()["data"].split(",")[1]
print(image_b)
with open("photo.png","wb") as f:
f.write(base64.b64decode(image_b))
获取到后验证码保存下来
接着接入超级鹰,识别获得验证码
超级鹰文件:
#!/usr/bin/env python
# coding:utf-8
import requests
from hashlib import md5
class Chaojiying_Client(object):
def __init__(self, username, password, soft_id):
self.username = username
password = password.encode('utf8')
self.password = md5(password).hexdigest()
self.soft_id = soft_id
self.base_params = {
'user': self.username,
'pass2': self.password,
'softid': self.soft_id,
}
self.headers = {
'Connection': 'Keep-Alive',
'User-Agent': 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)',
}
def PostPic(self, im, codetype):
"""
im: 图片字节
codetype: 题目类型 参考 http://www.chaojiying/price.html
"""
params = {
'codetype': codetype,
}
params.update(self.base_params)
files = {'userfile': ('ccc.jpg', im)}
r = requests.post('http://upload.chaojiying/Upload/Processing.php', data=params, files=files, headers=self.headers)
return r.json()
def PostPic_base64(self, base64_str, codetype):
"""
im: 图片字节
codetype: 题目类型 参考 http://www.chaojiying/price.html
"""
params = {
'codetype': codetype,
'file_base64':base64_str
}
params.update(self.base_params)
r = requests.post('http://upload.chaojiying/Upload/Processing.php', data=params, headers=self.headers)
return r.json()
def ReportError(self, im_id):
"""
im_id:报错题目的图片ID
"""
params = {
'id': im_id,
}
params.update(self.base_params)
r = requests.post('http://upload.chaojiying/Upload/ReportError.php', data=params, headers=self.headers)
return r.json()
if __name__ == '__main__':
chaojiying = Chaojiying_Client('超级鹰用户名', '超级鹰用户名的密码', '938422') #用户中心>>软件ID 生成一个替换 96001
im = open('a.jpg', 'rb').read() #本地图片文件路径 来替换 a.jpg 有时WIN系统须要//
print (chaojiying.PostPic(im, 9004)) #1902 验证码类型 官方网站>>价格体系 3.4+版 print 后要加()
#print chaojiying.PostPic(base64_str, 1902) #此处为传入 base64代码
调用获取验证码
im = open("photo.png","rb").read()
chaojiying = Chaojiying_Client('cjy账号', 'cjy密码', '938422') #用户中心>>软件ID 生成一个替换 96001 #本地图片文件路径 来替换 a.jpg 有时WIN系统须要//
image_code = chaojiying.PostPic(im, '1004')["pic_str"]
print(image_code)
接着研究登录的xhr请求:
明显看出密码经过了加密,只要解决密码的加密,带上验证码,账号就能成功登录
分析搜索:
搜索password寻找加密入口,encrypt顾名思义加密,所以进入查看
由此明显库看出是一个密钥,而JSEncrypt是前端常用的加密库,接下来就是查看用的什么类型加密。
并且i.encryptFn传入的参数是pwd+ress.data,而data的数据经过研究是另一个请求获得的数据见下图
所以登录前,需要请求一次getTime获得data数据
由此处可以看见e就是密码,还是明文格式,接着进入encrypt查看
由上图此处明显可以看到是RSA加密,接着再debug后能看到d已经是密文格式
接下来python使用RSA加密:
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
def dispose(s):
rsa_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA5Zq6ZdH/RMSvC8WKhp5gj6Ue4Lqjo0Q2PnyGbSkTlYku0HtVzbh3S9F9oHbxeO55E8tEEQ5wj/+52VMLavcuwkDypG66N6c1z0Fo2HgxV3e0tqt1wyNtmbwg7ruIYmFM+dErIpTiLRDvOy+0vgPcBVDfSUHwUSgUtIkyC47UNQIDAQAB"
rsa_keys = RSA.importKey(base64.b64decode(rsa_key))
rsa_new = PKCS1_v1_5.new(rsa_keys)
cipher = rsa_new.encrypt(s.encode("utf-8"))
return base64.b64encode(cipher).decode("utf-8")
上述代码就是python调用RSA的加密方式
维护登录状态:
在此处可以看见加载进入cookie中的数据,跟着将数据加入session的cookie中即可保持状态
知道加密流程后整理代码:
import json
import requests
import time
import base64
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
from encryption.中大网校登录ras.chaojiying_Python.chaojiying import Chaojiying_Client
get_img ="https://user.wangxiao/apis//common/getImageCaptcha"
session = requests.session()
session.headers = {
'Referer' : "https://user.wangxiao/login?url=http%3A%2F%2Fks.wangxiao%2F",
"Content-Type": "application/json;charset=UTF-8",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"
}
session.get("https://user.wangxiao/login?url=http%3A%2F%2Fks.wangxiao%2F")
time.sleep(0.5)
image_b = session.post(get_img).json()["data"].split(",")[1]
print(image_b)
with open("photo.png","wb") as f:
f.write(base64.b64decode(image_b))
datatime = session.post("https://user.wangxiao/apis//common/getTime").json()["data"]
print(datatime)
im = open("photo.png","rb").read()
chaojiying = Chaojiying_Client('cjy账号', 'cjy密码', '938422') #用户中心>>软件ID 生成一个替换 96001 #本地图片文件路径 来替换 a.jpg 有时WIN系统须要//
image_code = chaojiying.PostPic(im, '1004')["pic_str"]
print(image_code)
username = you id
password = "you**"
def dispose(s):
rsa_key = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDA5Zq6ZdH/RMSvC8WKhp5gj6Ue4Lqjo0Q2PnyGbSkTlYku0HtVzbh3S9F9oHbxeO55E8tEEQ5wj/+52VMLavcuwkDypG66N6c1z0Fo2HgxV3e0tqt1wyNtmbwg7ruIYmFM+dErIpTiLRDvOy+0vgPcBVDfSUHwUSgUtIkyC47UNQIDAQAB"
rsa_keys = RSA.importKey(base64.b64decode(rsa_key))
rsa_new = PKCS1_v1_5.new(rsa_keys)
cipher = rsa_new.encrypt(s.encode("utf-8"))
return base64.b64encode(cipher).decode("utf-8")
data = {
"imageCaptchaCode": image_code,
"password": dispose(password+datatime),
"userName": username,
}
#遇到Request Payload,传入就必须要用json.dumps()
resp = session.post("https://user.wangxiao/apis//login/passwordLogin",data = json.dumps(data))
dic = resp.json()['data']
print(dic)
session.cookies['UserCookieName'] = dic['userName']
session.cookies['OldUsername2'] = dic['userNameCookies']
session.cookies['OldUsername'] = dic['userNameCookies']
session.cookies['OldPassword'] = dic['passwordCookies']
session.cookies['UserCookieName_'] = dic['userName']
session.cookies['OldUsername2_'] = dic['userNameCookies']
session.cookies['OldUsername_'] = dic['userNameCookies']
session.cookies['OldPassword_'] = dic['passwordCookies']
session.cookies['autoLogin'] = "null"
session.cookies['userInfo'] = json.dumps(dic)
session.cookies['token'] = dic['token']
print(session)
允许结果:
接着即可在下面编写对该网站任意地方进行解析与请求
版权声明:本文标题:网络爬虫js逆向解决网站登录RSA加密问题,不使用selenium如何实现登录,session维持登录状态请求爬取 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://m.elefans.com/dianzi/1729255257a1192589.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论