为idhttp伪造session

很多网站使用了session来 记录用户登录状态,idhttp本身是不记录session的, 需要通过一些技术手段来伪造session。   
    
以Get为例,idhttp伪造session
IdHttp1.Get(mURL1);
mStr := IdHttp1.Response.CustomHeaders.Values['Set-Cookie'];
if Pos(';',mStr)>0 then
Session_ID := LeftBStr(mStr,Pos(';',mStr)-1)
else
Session_ID := mStr;

IdHttp1.Request.CustomHeaders.Add('Cookie:' + Session_ID);
IdHttp1.Get(mURL2);

----------------------------------------------

目前很多网站如百度都禁止indy组 件访问。因此必须注意UserAgent和http1.1的 设置。

dHTTP1.Request.Connection:='Keep-Alive';   
IdHTTP1.Request.UserAgent:='Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)';   
IdHTTP1.Request.ContentType:='application/x-www-form-urlencoded';   
IdHTTP1.Request.Referer:='http://www.xxx.com';   
IdHTTP1.Request.Accept:='image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/msword, */*';   
IdHTTP1.Request.AcceptLanguage:='zh-cn';   
IdHTTP1.Request.AcceptEncoding:='gzip, deflate';   
IdHTTP1.Request.CacheControl:='no-cache';   
IdHTTP1.ReadTimeout:=60000;   
IdHTTP1.HTTPOptions:=IdHTTP1.HTTPOptions+[hoKeepOrigProtocol]; //关键这行   
IdHTTP1.ProtocolVersion:=pv1_1;
posted @ 2010-01-30 20:17  iAdo  阅读(1879)  评论(0编辑  收藏  举报