先聲明一下,我是個0基礎的人。我一開始是想用Python進行模擬登陸網頁,經過一番折騰,用session來記錄每一次信息,獲取了驗證碼(也成功的獲取到了RSA加密公鑰)。最後發現密碼是加密後提交給服務器,我發現從服務器獲取的公鑰通過“RSA在線加密”加密密碼後,提示我{"statusCode":-1,"message":"輸入內容包含非法字符,請重新輸入!","success":false}
如下是我的python代碼,大概意思就是不斷請求url,然後截取我需要的部分。
import requestsfrom lxml import etreeimport os, base64from sympy.interactive import sessiondef text(): # 手動輸入驗證碼 text = input("輸入驗證碼:") return textdef password(): # 手動輸入驗證碼 password = input("公鑰編碼後的密碼:") return passworddef denglu(): """先創建一個方法""" login_url = "https://center.xiaofubao.com/#/login" # 實例化一個session對象,用來保存cookie信息 session = requests.session() # 創建請求頭headers headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"} #html = session.get(login_url,headers=headers).content.decode() # print(html) url = "https://center.xiaofubao.com/center/common/security/token" #獲取一個TOKEN來獲得驗證碼 resp = session.get(url,headers=headers).content.decode() print(resp) print(resp[68:124])#獲取token data = {
"securityToken": resp[68:124], "centerPlatform": "YXY", "shiroJID": "", "ymId": ""} resp2 = session.post("https://center.xiaofubao.com/center/common/security/imageCaptcha", headers=headers, data=data) #截取驗證碼 resp2 = resp2.text resp2 = resp2[64:-17]#獲取驗證碼 # img_str = 'abcdefgh12345oK='#比如生成後的碼就這麼放,替換下面的base64_data即可 img_data = base64.b64decode(resp2) #翻譯驗證碼 # 注意:如果是"data:image/jpg:base64,",那你保存的就要以png格式,如果是"data:image/png:base64,"那你保存的時候就以jpg格式。 with open('QQQQ.JPEG', 'wb') as f: f.write(img_data) resp3=session.post("https://center.xiaofubao.com/center/account/getPublicKey?shiroJID=", headers=headers) resp3 = resp3.text print (resp3) print (text()) print (password()) data1 = {
"mobilePhone": "13111225555", "password": password, "imageCaptchaValue": text, "securityToken": resp[68:124], "centerPlatform": "YXY", "shiroJID": "", "ymId": "" } # # # 發送post請求,獲取登陸成功頁面,到這一步就獲得了登陸賬號的cookie信息 resp5=session.post("https://center.xiaofubao.com/center/account/doLoginByPwd",headers=headers,data=data1) resp5 = resp5.text print(resp5)if __name__ == '__main__': denglu()
C:\Users\Administrator.pyenv\pyenv-win\versions\3.9.10\python3.9.exe C:/Users/Administrator/Desktop/YML/session.py
{"statusCode":0,"message":"操作成功","data":{"level":0,"securityToken":"2e41657d792840fe91a629cf50a8a941Fax1lP79IFEH0WXDUMK+Jg=="},"success":true}
2e41657d792840fe91a629cf50a8a941Fax1lP79IFEH0WXDUMK+Jg==
{"statusCode":0,"message":"操作成功","data":{"publicKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCur8MZ3Ye0jv+oie3WdcuShKjMzT1/PMUTdE8aH+p/gm2M+MNIlBHw+tWTDxv8TyoyDxoNmTWXg+kHku/Ni/MqUdjF/hGr4GdUGDH/oQdgdIsUZE48EWJLMmv9yAHvhk4mtf23Wg90+/j6VJyu/qCE/DPNjlTu8h5bubdTCnDXUQIDAQAB"},"success":true}
輸入驗證碼:53dj
53dj
公鑰編碼後的密碼:NdfyhgKYEDeHx7hioJ3V8XWgH/W6YTsNexs1ofW3ddTvtQxgbfimwjNJUWHX5ik0Utftez4YysL1T/MdABmU5boCqX5vQ3fn/kgHl63wDN+ldWrv42GhJ/Vsh2fg7DbjWOGXEaTBraA++9GFPaod4/TgvnQW9FfGX5QaJoGNLtQ=
NdfyhgKYEDeHx7hioJ3V8XWgH/W6YTsNexs1ofW3ddTvtQxgbfimwjNJUWHX5ik0Utftez4YysL1T/MdABmU5boCqX5vQ3fn/kgHl63wDN+ldWrv42GhJ/Vsh2fg7DbjWOGXEaTBraA++9GFPaod4/TgvnQW9FfGX5QaJoGNLtQ=
{"statusCode":-1,"message":"輸入內容包含非法字符,請重新輸入!","success":false}
進程已結束,退出代碼為 0
我後來不斷的翻閱,我去找了js文件獲取到了一些我認為有用的代碼。(我也不確定到底是不是,0基礎QAQ)
ce = function (e) { Object(p['getAjax']) ('/center/account/getPublicKey', { }, function (t) { if (t && t.data.publicKey) { var a = Object(f['a']) (e), n = new window.JSEncrypt; n.setPublicKey(t.data.publicKey), oe(n.encrypt(a).replace(/\s/g, '')) } }) }, oe = function (e) { Object(p['operateAjax']) ('/center/account/doLoginByPwd', l() ({ }, E.formDataByAccount, { securityToken: N, password: e, returnUrl: b().returnUrl }), function (e) { le(e) }) },
第一個ce部分應該是獲取公鑰然後加密原密碼,我猜測問題出在
oe(n.encrypt(a).replace(/\s/g, ''))
可能改變了加密後的密碼吧!
還請指導一下:
①如何成功加密原密碼。就差臨門一腳了。(可能您看著我這個問題/代碼很呆,但是我真的有在很努力的嘗試解決了【淚目】)
②如果有python去除圖片中指定顏色的代碼,能分享給老弟那更是感激不盡!