正方教務管理系統RSA 加密
RSA公开密钥密码体制。所谓的公开密钥密码体制就是使用不同的加密密钥与解密密钥,是一种“由已知加密密钥推导出解密密钥在计算上是不可行的”密码体制。
前端使用的對密碼的加密方式
获取modules的方式
使用python 对密码加密
password = str(mm).encode("utf8").decode("utf8") name = str(yhm).encode("utf8").decode("utf8") weibo_rsa_e = 65537 message = str(password).encode() rsa_n = binascii.b2a_hex(binascii.a2b_base64(modules)) key = rsa.PublicKey(int(rsa_n, 16), weibo_rsa_e) encropy_pwd = rsa.encrypt(message, key) password = binascii.b2a_base64(encropy_pwd)
用bs4 获取csrftoken
page = session.get(url) soup = bs(page.text, "html.parser") # 获取认证口令csrftoken csrftoken = soup.find(id="csrftoken").get("value")
完整获取cookie代码
# -*- coding:UTF-8 -*-
import binascii
import requests
from bs4 import BeautifulSoup as bs
import time
import rsa
def get_cookie(yhm, mm):
now_time = int(time.time())
url = "http://学校地址/jwglxt/xtgl/login_slogin.html?language=zh_CN&_t="
session = requests.Session()
publickey = session.get(
'http://学校地址/jwglxt/xtgl/login_getPublicKey.html?time=1611556780554&_=1611556779458').json()
modules = publickey["modulus"]
page = session.get(url)
soup = bs(page.text, "html.parser")
# 获取认证口令csrftoken
csrftoken = soup.find(id="csrftoken").get("value")
password = str(mm).encode("utf8").decode("utf8")
name = str(yhm).encode("utf8").decode("utf8")
weibo_rsa_e = 65537
message = str(password).encode()
rsa_n = binascii.b2a_hex(binascii.a2b_base64(modules))
key = rsa.PublicKey(int(rsa_n, 16), weibo_rsa_e)
encropy_pwd = rsa.encrypt(message, key)
password = binascii.b2a_base64(encropy_pwd)
header = {
'Accept': 'text/html, */*; q=0.01',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0',
'Connection': 'keep-alive',
'Referer': url + str(now_time),
'Upgrade-Insecure-Requests': '1',
}
data = {
'csrftoken': csrftoken,
'mm': password,
'mm': password,
'yhm': name
}
request = session.post(url, headers=header, data=data)
cookie = request.request.headers['cookie']
return cookie
if __name__ == '__main__':
yhm = '' # 账号
mm = "" # 密码
cookie = get_cookie(yhm, mm)
print(cookie)
难点可能就是RSA 加密,通过公钥进行加密,使用python 实现
解密方式2:
# -*- coding:UTF-8 -*-
import requests
import base64
import rsa
from bs4 import BeautifulSoup as bs
yhm = '*****'
mm = b"*****"
session = requests.Session()
publickey = session.get(
'http://*******/jwglxt/xtgl/login_getPublicKey.html?time=1611556780554&_=1611556779458').json()
b_modulus = base64.b64decode(publickey['modulus']) # 将base64解码转为bytes
b_exponent = base64.b64decode(publickey['exponent']) # 将base64解码转为bytes
# 公钥生成, python3从bytes中获取int:int.from_bytes(bstring,'big')
mm_key = rsa.PublicKey(int.from_bytes(b_modulus, 'big'), int.from_bytes(b_exponent, 'big'))
# 利用公钥加密,bytes转为base64编码
rsa_mm = base64.b64encode(rsa.encrypt(mm, mm_key))
url = "http://*******/jwglxt/xtgl/login_slogin.html?time=1611556053622"
headers = {
'Connection': 'keep-alive',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'Upgrade-Insecure-Requests': '1',
'Origin': 'http://25.system.haue.edu.cn:38025',
'Content-Type': 'application/x-www-form-urlencoded',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Referer': 'http://25.system.haue.edu.cn:38025/jwglxt/xtgl/login_slogin.html?time=1611555951506',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8',
}
page = session.get(url)
soup = bs(page.text, "html.parser")
# 获取认证口令csrftoken
csrftoken = soup.find(id="csrftoken").get("value")
postdata = {'csrftoken': csrftoken, 'yhm': yhm, 'mm': rsa_mm, "language": "zh_CN"}
rq = session.post(url, data=postdata)
print(rq.request.headers['Cookie'])
