百度登录

PC上我的账号登录登录需要验证码,然后用手机就不需要验证码。

设置Fiddler的Agent为WinPhone,然后浏览器打开百度进行登录,我用的是谷歌浏览器。

分析抓包内容,其登录的主要加密参数就是password。

登录的代码如下:

Sub Main()
    Dim strText As String
    Dim objHttp As Object
    Dim UserName As String
    Dim PassWord As String
    Dim PostData
    
    UserName = "abcd"
    PassWord = "1234"
    
    Set objHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
    
    PostData = "username=" & UserName
    PostData = PostData & "&password=" & GetPassword(PassWord, objHttp)
    PostData = PostData & "&tpl=wimn"
    With objHttp
        .Open "POST", "https://wappass.baidu.com/wp/api/login", False
        .setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
        .Send PostData
    End With
    
    '=========下面是验证登录=======
    With objHttp
        .Open "GET", "http://i.baidu.com/", False
        .Send
        strText = .responsetext
        Debug.Print Mid(strText, InStr(strText, "user-nick") - 10, 200)
    End With
    
    Set objHttp = Nothing
End Sub

Private Function GetPassword(PassWord As String, Optional ByVal objHttp As Object = Nothing) As String
    Dim strText As String
    Dim strJS As String
    Dim serverTimeVar As String
    Dim SBCtoDBC As String
    Dim biRadixBase As String
    Dim BarrettMu As String
    Dim Rsa As String
    Dim PassWordFunc As String
    
    If objHttp Is Nothing Then Set objHttp = CreateObject("WinHttp.WinHttpRequest.5.1")
    
    With objHttp
        .Open "GET", "http://wappass.baidu.com/wp/api/security/antireplaytoken?tpl=wimn", False
        .Send
        strText = .responsetext
    End With
    serverTimeVar = "var serverTime=""" & Split(Split(strText, ",""time"":""")(1), """")(0) & """;"
    
    With objHttp
        .Open "GET", "http://wappass.baidu.com/static/touch/js/base_3d7603a.js", False
        .Send
        strText = .responsetext
    End With
    BarrettMu = Split(strText, "!function(t)")(0) & ";"
    biRadixBase = "var biRadixBase" & Split(Split(strText, "var biRadixBase")(1), "!function(t,e)")(0) & ";"
    SBCtoDBC = "var SBCtoDBC=function(t)" & Split(Split(strText, "_SBCtoDBC:function(t)")(1), ",inputBlur")(0) & ";"
    
    With objHttp
        .Open "GET", "http://wappass.baidu.com/static/touch/js/login_843d752.js", False
        .Send
        strText = .responsetext
    End With
    Rsa = "var rsa=""" & Split(Split(strText, ",rsa:""")(1), """")(0) & """;"
    
    PassWordFunc = "function GetPassword(pwd){"
    PassWordFunc = PassWordFunc & "pwd=SBCtoDBC(pwd)+serverTime;"
    PassWordFunc = PassWordFunc & "setMaxDigits(131);"
    PassWordFunc = PassWordFunc & "var u=new RSAKeyPair(""10001"", """", rsa);"
    PassWordFunc = PassWordFunc & "return encryptedString(u,pwd)};"
    
    strJS = serverTimeVar & BarrettMu & biRadixBase & SBCtoDBC & Rsa & PassWordFunc
    strJS = "<html><script>" & strJS & "</script></html>"
    
    With CreateObject("htmlfile")
        .Write strJS
        GetPassword = .parentwindow.GetPassword(PassWord)
    End With
    
    Set objHttp = Nothing
End Function

 

posted @ 2017-01-23 13:36  wcymiss  阅读(2539)  评论(0编辑  收藏  举报