DoubleLi

qq: 517712484 wx: ldbgliet

  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::

这两天,本来想花点时间研究一下QQ空间、农场外挂,于是抓包分析一了下,只可惜,在QQ网页登录时进行了加密处理,可惜我对网页编程一窍不通。有些朋友曾讲过那些是通过JS代码进行加密,可惜我JS也是一片空白,真是“出师未杰身先死”,惭愧惭愧......

于是只好挑CSDN这类简易一些的尝试学习一下(仅供学习交流),下面是学习笔记:

程序运行截图:

CSDN Login

1、本机环境:Windows XP SP3、ADSL

2、开发工具:WildPackets OmniPeek V5.1.4

                    Visual C++ 6.0

                    IE6.0

                    FlexEdit V2.3.1871

3、数据包截图:

QQ Login

(QQ登录时,在密码2222加密时卡壳了,我尝试过很多加密算法,最终以失败告终......)

4、验证码显示使用IStream和IPicture来显示:

  1. /************************************************************************/      
  2. /* 函数说明:获取应用程序当前目录                                        
  3. /* 参    数:无                                    
  4. /* 返 回 值:返回目录路径、CString类型字符串     
  5. /* By:Koma   2009.10.13 11:23                                
  6. /************************************************************************/      
  7. CString C***Dlg::GetExePath()    
  8. {    
  9.     char pathbuf[260];       
  10.     int  pathlen = ::GetModuleFileName(NULL,pathbuf,260);       
  11.      
  12.     // 替换掉单杠    
  13.     while(TRUE)       
  14.     {       
  15.         if(pathbuf[pathlen--]=='//')       
  16.             break;       
  17.     }       
  18.     pathbuf[++pathlen]=   0x0;       
  19.     CString  fname = pathbuf;       
  20.     return   fname;       

 

  1. /************************************************************************/      
  2. /* 函数说明:下载验证码图片                                        
  3. /* 参    数:无                                    
  4. /* 返 回 值:无     
  5. /* By:Koma   2009.10.13 11:50                                 
  6. /************************************************************************/  
  7. void C***Dlg::DownURLImage() 
  8.     CInternetSession    session; 
  9.     CString     strUrl; 
  10.     CFile       *pFile,out;  
  11.     char        buff[512]; 
  12.     CString     strPath; 
  13.      
  14.     // 产生八位随机数数组成验证码 
  15.     int         nRand1 = rand()%100000+10000; 
  16.     int         nRand2 = rand()%200000+10000; 
  17.  
  18.     strUrl.Format("http://passport.csdn.net/ShowExPwd.aspx?temp=%d%d",nRand1,nRand2); 
  19.     strPath = GetExePath() + "//test.tmp"
  20.     pFile = session.OpenURL(strUrl);  
  21.     out.Open(strPath, CFile::modeCreate | CFile::modeWrite);  
  22.     while(pFile->Read(buff,512)){  
  23.         out.Write(buff,512);  
  24.     }  
  25.     out.Flush(); 
  26.     out.Close();  

 

  1. /************************************************************************/      
  2. /* 函数说明:显示验证码图片                                        
  3. /* 参    数:无                                    
  4. /* 返 回 值:无     
  5. /* By:Koma   2009.10.13 13:12                                 
  6. /************************************************************************/  
  7. void C***Dlg::ShowImage() 
  8.     ::CoInitialize(NULL);           // 初始化COM  
  9.     HRESULT hr;  
  10.     CFile   file; 
  11.     CString strPath; 
  12.     CPaintDC dc(this); 
  13.      
  14.     strPath = GetExePath() + "//test.tmp"
  15.     file.Open(strPath, CFile::modeRead | CFile::shareDenyNone); 
  16.  
  17.     DWORD   dwSize = file.GetLength();  
  18.     HGLOBAL hMem = ::GlobalAlloc( GMEM_MOVEABLE, dwSize );  
  19.     LPVOID  lpBuf = ::GlobalLock( hMem );  
  20.  
  21.     file.ReadHuge( lpBuf, dwSize );  
  22.     file.Close();  
  23.     ::GlobalUnlock( hMem );  
  24.      
  25.     // 由HGLOBAL得到IStream,参数TRUE 表示释放IStream的同时,释放内存  
  26.     hr = ::CreateStreamOnHGlobal(hMem,TRUE,&pStream );  
  27.     ASSERT(SUCCEEDED(hr));  
  28.      
  29.     hr = ::OleLoadPicture(pStream, dwSize, TRUE, IID_IPicture,(LPVOID *)&pPicture);  
  30.     ASSERT(hr==S_OK);  
  31.      
  32.     long nWidth,nHeight;                // 宽高 MM_HIMETRIC模式,单位是0.01毫米  
  33.     pPicture->get_Width( &nWidth );      // 宽  
  34.     pPicture->get_Height( &nHeight );    // 高  
  35.  
  36.     CSize sz(nWidth,nHeight);           // 原大显示 
  37.     dc.HIMETRICtoDP(&sz);               // 转换MM_HIMETRIC模式单位为MM_TEXT像素单位  
  38.      
  39.     pPicture->Render(dc.m_hDC,10,100,sz.cx,sz.cy,0,nHeight,nWidth,-nHeight,NULL);  
  40.     CRect rect(10,100,sz.cx + 10,sz.cy + 100); 
  41.  
  42.     // 将图片区域保存,以便后面只刷新图片区域 
  43.     m_PicRect = rect; 
  44.     if(pPicture)                        // 释放IPicture指针 
  45.         pPicture->Release(); 
  46.     if(pStream)                         // 释放IStream指针,同时释放hMem 
  47.         pStream->Release(); 
  48.     ::CoUninitialize(); 

 

5、经过OmniPeek抓包分析得到:

登录时POST格式:

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyMzU0NzEzNDkPFgIeCkZpbmlzaFN0YXlnFgJmD2QWBAIBDxYCHgRUZXh0BQznlKjmiLfnmbvlvZVkAgIPZBYCAgMPZBYCAgEPFgIeB1Zpc2libGVoZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUeY3RsMDAkQ1BIX0NvbnRlbnQkY2JfU2F2ZVN0YXRlBR1jdGwwMCRDUEhfQ29udGVudCRJbWFnZV9Mb2dpbjFp31Bt8XH%2B3e%2Bh97Uk6ofQQady&ctl00%24CPH_Content%24tb_LoginNameOrLoginEmail=testkoma&ctl00%24CPH_Content%24tb_Password=ningyusky&ctl00%24CPH_Content%24tb_ExPwd=BZTS3&ClientKey=c77f51c7-cbaf-427d-9314-a04303f79847&ctl00%24CPH_Content%24cb_SaveState=on&from=http%3A%2F%2Fhi.csdn.net%2F&MailParameters=&PrePage=&MailParameters=&ctl00%24CPH_Content%24Image_Login.x=33&ctl00%24CPH_Content%24Image_Login.y=13

至于其他动作的话,自己抓包分析吧!

之前看到博客园深蓝居一篇文章关于C#写的CSDN提交表单

http://www.cnblogs.com/studyzy/archive/2008/05/08/1187626.html

所以在前辈的基础上,我增加了VC获取Cookie ClientKey值,下面是POST代码:

  1. void C***Dlg::OnBtnLogin()  
  2.     // TODO: Add your control notification handler code here 
  3.     UpdateData(TRUE); 
  4.     if(m_strUser.IsEmpty()) 
  5.     { 
  6.         MessageBox("用户名不能为空!","提示",MB_ICONERROR | MB_OK); 
  7.         (CEdit*)GetDlgItem(IDC_EDIT_USER)->SetFocus();  
  8.         return
  9.     } 
  10.     if( m_strPassword.IsEmpty()) 
  11.     { 
  12.         MessageBox("密码不能为空!","提示",MB_ICONERROR | MB_OK); 
  13.         (CEdit*)GetDlgItem(IDC_EDIT_PASSWORD)->SetFocus();  
  14.         return
  15.     } 
  16.     CString str; 
  17.     try 
  18.     { 
  19.         CInternetSession Session ;  
  20.         CHttpConnection *pHttpConnect = Session.GetHttpConnection("passport.csdn.net") ; 
  21.         if( pHttpConnect ) 
  22.         { 
  23.             CHttpFile* pFile = pHttpConnect->OpenRequest( CHttpConnection::HTTP_VERB_GET,  
  24.                 _T("/UserLogin.aspx"), 
  25.                 NULL, 
  26.                 1, 
  27.                 NULL, 
  28.                 NULL, 
  29.                 INTERNET_FLAG_NO_COOKIES ); 
  30.             // 获取COOKIE ClientKey值 
  31.             CInternetSession    Session; 
  32.             Session.OpenURL("http://passport.csdn.net/UserLogin.aspx"); 
  33.             if(!Session.GetCookie("http://passport.csdn.net/UserLogin.aspx"
  34.                 _T("ClientKey"),m_strCookies)) 
  35.             { 
  36.                 MessageBox("获取Cookies时出错!"); 
  37.                 return
  38.             } 
  39.             CString strKey  = m_strCookies; 
  40.             int     result  = strKey.Find("ClientKey=",0); 
  41.             m_strClientKey  = strKey.Mid(result+10); 
  42.  
  43.             UpdateData(TRUE); 
  44.             CString szFormData = "__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE4NDgzMDI2NjcPFgIeCkZpbmlzaFN0YXloFgJmD2QWBAIBDxYCHgRUZXh0BQznlKjmiLfnmbvlvZVkAgIPZBYCAgMPZBYCAgEPFgIeB1Zpc2libGVoZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUeY3RsMDAkQ1BIX0NvbnRlbnQkY2JfU2F2ZVN0YXRlBR1jdGwwMCRDUEhfQ29udGVudCRJbWFnZV9Mb2dpbr5SL%2FGtMqVCJ%2FCh4jH%2FXp4DhlVU&ctl00%24CPH_Content%24tb_LoginNameOrLoginEmail="+ m_strUser +"&ctl00%24CPH_Content%24tb_Password="+ m_strPassword +"&ctl00%24CPH_Content%24tb_ExPwd="+ m_strCode +"&ClientKey="+ m_strClientKey +"&ctl00%24CPH_Content%24cb_SaveState=on&from=http%3A%2F%2Fhi.csdn.net%2Fmy.html&MailParameters=&MailParameters=&ctl00%24CPH_Content%24Image_Login.x=26&ctl00%24CPH_Content%24Image_Login.y=11"
  45.             if (pFile) 
  46.             {    
  47.                 pFile->AddRequestHeaders("POST /UserLogin.aspx HTTP/1.1/r/n"); 
  48.                 pFile->AddRequestHeaders("Accept:   image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/QVOD, application/QVOD, */*/r/n"); 
  49.                 pFile->AddRequestHeaders("Referer:   http://passport.csdn.net/UserLogin.aspx/r/n"); 
  50.                 pFile->AddRequestHeaders("Accept-Language:   zh-cn/r/n"); 
  51.                 pFile->AddRequestHeaders("Content-Type:   application/x-www-form-urlencoded/r/n"); 
  52.                 pFile->AddRequestHeaders("Accept-Encoding:   gzip, deflate/r/n"); 
  53.                 pFile->AddRequestHeaders("User-Agent:   Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; POTU(RR:28031409:0:5513822); Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; CIBA)/r/n"); 
  54.                 pFile->AddRequestHeaders("Connection:   Keep-Alive/r/n"); 
  55.                 pFile->AddRequestHeaders("Cache-Control:   no-cache/r/n"); 
  56.                 pFile->AddRequestHeaders(szFormData); 
  57.                 pFile->SendRequest(); 
  58.                  
  59.                 // 返回的HTML 
  60.                 CString s ; 
  61.                 while (pFile->ReadString(s)) 
  62.                     str += s ; 
  63.                 //MessageBox(str); 
  64.                  
  65.                 pFile->Close(); 
  66.                 delete pFile ; 
  67.             } 
  68.             CFile file; 
  69.             file.Open("Test.aspx",CFile::modeCreate | CFile::modeWrite,NULL); 
  70.             file.Write(str,str.GetLength()); 
  71.             file.Flush(); 
  72.             file.Close(); 
  73.  
  74.             pHttpConnect->Close() ; 
  75.             delete pHttpConnect ; 
  76.         } 
  77.         wchar_t*    pWChar = NULL; 
  78.         DWORD       nLen1; 
  79.          
  80.         // 将新浪网页UTF-8格式编码转换成Unicode 
  81.         nLen1   = MultiByteToWideChar(CP_UTF8,0,str,str.GetLength(),pWChar,0); 
  82.         pWChar  = new wchar_t[nLen1 + 1]; 
  83.         memset(pWChar,0,(nLen1 + 1 ) * sizeof(wchar_t)); 
  84.         MultiByteToWideChar(CP_UTF8,0,str,str.GetLength(),pWChar,nLen1); 
  85.          
  86.         char*   pChar = NULL; 
  87.         DWORD   nLen2; 
  88.          
  89.         nLen2 = WideCharToMultiByte(CP_ACP,0,pWChar,nLen1,pChar,0,NULL,NULL);  
  90.         pChar = new char[nLen2 + 1]; 
  91.         memset(pChar,0, nLen2 + 1); 
  92.         WideCharToMultiByte(CP_ACP,0,pWChar,nLen1,pChar,nLen2,NULL,NULL); 
  93.          
  94.         // 查找登录时服务器时返回的信息 
  95.         str.Format("%s",pChar); 
  96.         MessageBox(str); 
  97.     } 
  98.     catch( CInternetException *e ) 
  99.     { 
  100.         e->Delete();     
  101.     } 

 

(编程水平有限,其中代码并没有经过严格测试,难免有所不足,敬请谅解!)

6、源代码下载:

http://download.csdn.net/source/1740481

 

 

from:

http://blog.csdn.net/wangningyu/article/details/4667954
posted on 2013-01-07 10:28  DoubleLi  阅读(2349)  评论(0编辑  收藏  举报