近日,研究Tencent网页模拟登录的过程,过程有些忐忑,但最终还是实现了这一功能。先将结果写于此,供大家参考:
其加密过程在c_login_old.js文件中执行,将JS关键代码提取出来如下:
function hexchar2bin(str) { var arr = []; for (var i = 0; i < str.length; i = i + 2) { arr.push("\\x" + str.substr(i, 2)) } arr = arr.join(""); eval("var temp = '" + arr + "'"); return temp } function getEncryption(password, uin, vcode) { var str1 = hexchar2bin(md5(password)); var str2 = md5(str1 + uin); var str3 = md5(str2 + vcode.toUpperCase()); return str3 } function uin2hex(str) { var maxLength = 16; str = parseInt(str); var hex = str.toString(16); var len = hex.length; for (var i = len; i < maxLength; i++) { hex = "0" + hex } var arr = []; for (var j = 0; j < maxLength; j += 2) { arr.push("\\x" + hex.substr(j, 2)) } var result = arr.join(""); eval('result="' + result + '"'); alert(result) return result }
将其转换为Python脚本如下,测试有效。
# -*- coding: utf-8 -*- ''' Version : Python27 Author : Spring God Date : 2014-4-26 ''' import md5 def hexchar2bin(hexchar): params = '' for i in range(0, len(hexchar), 2): params += chr(int(hexchar[i:i+2], 16)) return params def uin2hex(uin): hex_str = str(hex(int(uin)))[2:]#.upper() hex_len = len(hex_str) hex_str = '0'*(16-hex_len) + hex_str return hexchar2bin(hex_str) def getEncryption(password, uin, vcode): str1 = md5.md5(password).hexdigest() str2 = md5.md5(hexchar2bin(str1)+uin2hex(uin)).hexdigest() str3 = md5.md5((str2+vcode).upper()).hexdigest().upper() return str3 if __name__ == '__main__': print(getEncryption('密码','QQ','验证码'))
需要注意的是:验证码怎么获取,我在腾讯微博登录时通过分析网络传输数据得到如下方式来获取验证码
def check(account): check_page = 'https://ssl.ptlogin2.qq.com/check?uin=%s&appid=46000101&low_login=1' % account headers = { 'Referer': 'https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=46000101', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36'} res = urllib2.urlopen(check_page) data = res.read() params = re.search("'(.*?)','(.*?)',", data) #print(params.groups()) ''' 第一个参数:0-默认验证码; 1-需要验证码 第二个参数:默认验证码; 验证码cap_cd 获取验证码地址:https://ssl.captcha.qq.com/getimage?uin=1090523513&aid=46000101&cap_cd=cbDkfT8sXEd21HNyJXwSFPDwR2Sw70dK 第三个参数:用户帐号HEX值 ''' if(None == params): return None if(params.group(1) == '0'): return params.group(2) elif(params.group(1) == '1'): img_page = 'https://ssl.captcha.qq.com/getimage?uin=%s&aid=46000101&cap_cd=%s' % (account, params.group(2)) img_data = urllib2.urlopen(img_page).read() with open(r'verifyCode.jpg', 'wb') as _file: _file.write(img_data) _file.close() os.popen(r'start verifyCode.jpg') return verifyCode = raw_input(u'输入验证码:') else: return None return None
至于登录,就简单了
def login(account, pwd): verrifyCode = check(account) if(None == verrifyCode): return False print(u'登录中...') pwd = password.getEncryption(pwd, account, verifyCode) login_page = 'https://ssl.ptlogin2.qq.com/login?u='+account+'&verifycode='+self.verifyCode+'&p='+pwd+'&pt_rsa=0&ptredirect=1&u1=http%3A%2F%2Ft.qq.com&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=1-11-1398479501082&js_ver=10076&js_type=1&login_sig=AzGRTF28dkUVNnUrx8c0RlDtx4Rl-6gfJ4Z6SIC1VLphoHULwNooXLsFaS12t2p8&low_login_enable=1&low_login_hour=720&aid=46000101&daid=6&' res = urllib2.urlopen(login_page) data = res.read().decode('utf-8') params = re.search("'.*?','.*?','.*?','.*?','(.*?)', '(.*?)'", data) print(params.group(1)+params.group(2))
贴上完整代码段
# password.py # -*- coding: utf-8 -*- ''' Version : Python27 Author : Spring God Date : 2014-4-26 ''' import md5 def hexchar2bin(hexchar): params = '' for i in range(0, len(hexchar), 2): params += chr(int(hexchar[i:i+2], 16)) return params def uin2hex(uin): hex_str = str(hex(int(uin)))[2:]#.upper() hex_len = len(hex_str) hex_str = '0'*(16-hex_len) + hex_str return hexchar2bin(hex_str) def getEncryption(uin, password, vcode): str1 = md5.md5(password).hexdigest() str2 = md5.md5(hexchar2bin(str1)+uin2hex(uin)).hexdigest() str3 = md5.md5((str2+vcode).upper()).hexdigest().upper() return str3 if __name__ == '__main__': print(getEncryption('QQ','密码','验证码'))
# Tencent.py # -*- coding: utf-8 -*- ''' Version : Python27 Author : Spring God Date : 2013-6-28 ''' import urllib import urllib2 import cookielib import io import gzip import re import os import password class Tencent(object): def __init__(self): self.verifyCode = None self.uin = None self.newtask = None self.daytask = None # 安装cookie 支持登录操作 cj = cookielib.CookieJar() opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj)) urllib2.install_opener(opener) def check(self, account): ''' 应用ID:46000101(微博) https://ssl.ptlogin2.qq.com/check?regmaster=&uin=947742112&appid=46000101&js_ver=10076&js_type=1&login_sig=ohbOoy-NhVcIjEGkjmMCUcg4BG6Xn8C9q182ebLKuXLuK1rawH0w0LEuAJYNM9GW&u1=http%3A%2F%2Ft.qq.com&r=0.7585592269897461 ''' self.uin = account check_page = 'https://ssl.ptlogin2.qq.com/check?uin=%s&appid=46000101&low_login=1' % account headers = { 'Referer': 'https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=46000101', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36'} res = urllib2.urlopen(check_page) data = res.read() params = re.search("'(.*?)','(.*?)',", data) #print(params.groups()) ''' 第一个参数:0-默认验证码; 1-需要验证码 第二个参数:默认验证码; 验证码cap_cd 获取验证码地址:https://ssl.captcha.qq.com/getimage?uin=1090523513&aid=46000101&cap_cd=cbDkfT8sXEd21HNyJXwSFPDwR2Sw70dK 第三个参数:用户帐号HEX值 ''' if(None == params): return False if(params.group(1) == '0'): self.verifyCode = params.group(2) elif(params.group(1) == '1'): img_page = 'https://ssl.captcha.qq.com/getimage?uin=%s&aid=46000101&cap_cd=%s' % (account, params.group(2)) img_data = urllib2.urlopen(img_page).read() with open(r'verifyCode.jpg', 'wb') as _file: _file.write(img_data) _file.close() os.popen(r'start verifyCode.jpg') self.verifyCode = raw_input(u'输入验证码:') else: return False return True def login(self, account, pwd): if(False == self.check(account)): return False print(u'登录中...') pwd = password.getEncryption(account, pwd, self.verifyCode) login_page = 'https://ssl.ptlogin2.qq.com/login?u='+account+'&verifycode='+self.verifyCode+'&p='+pwd+'&pt_rsa=0&ptredirect=1&u1=http%3A%2F%2Ft.qq.com&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=1-11-1398479501082&js_ver=10076&js_type=1&login_sig=AzGRTF28dkUVNnUrx8c0RlDtx4Rl-6gfJ4Z6SIC1VLphoHULwNooXLsFaS12t2p8&low_login_enable=1&low_login_hour=720&aid=46000101&daid=6&' res = urllib2.urlopen(login_page) data = res.read().decode('utf-8') params = re.search("'.*?','.*?','.*?','.*?','(.*?)', '(.*?)'", data) print(params.group(1)+params.group(2)) if __name__ == '__main__': app = Tencent() app.login('QQ', '密码')
下面是测试结果
转载于:https://www.cnblogs.com/doudongchun/p/3694922.html