Apache HttpClient模拟登陆网站(待续)
2007-04-05 16:21
375 查看
网上有一些相册的下载工具,设置好帐号密码就可以下图片到本地。现在用java代码模拟一下。
HTTPClient的包有类似的例子。
public static void test() throws HttpException, IOException ...{
final String HOST = "photo.server.net";
final int PORT = 80;
final String getMethodStr= "/userAccount/1524712";
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost(HOST, PORT, "http");
client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
//Get first
GetMethod getMethod = new GetMethod(getMethodStr);
client.executeMethod(getMethod);
System.err.println("------ Get content /userAccount/1524712: ");
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getRequestCharSet());
Header[] headers = getMethod.getResponseHeaders();
for (Header header : headers) ...{
System.err.println(header.toString());
}
getMethod.releaseConnection();
//Get the useful session
//CookieSpec cookieSpec = CookiePolicy.getDefaultSpec();
Cookie[] getCookies = client.getState().getCookies();
System.err.println("----- -Useful cookies: ");
for (Cookie cookie : getCookies) ...{
System.err.println(cookie.toString());
}
//POST password
//其实无论客户端的页面怎么复杂,但是发过去的也只是包,可以使用一些抓包工具获取。
final String url = "http://" + HOST + getMethodStr;
final String encodedUrl = url.replaceAll(":", "%3A");
final String postUrl = "/@restrict?furl=" + encodedUrl;
PostMethod postMethod = new PostMethod(postUrl);
NameValuePair text = new NameValuePair("text", "");
NameValuePair pwd = new NameValuePair("pwd", "hello");
NameValuePair abId = new NameValuePair("ab_id", "");
postMethod.setRequestBody(new NameValuePair[]...{text, pwd, abId});
client.executeMethod(postMethod);
System.err.println("----------------");
System.err.println("get post feedback:");
printOutStream(postMethod.getResponseBodyAsStream(), postMethod.getResponseCharSet());
postMethod.releaseConnection();
//Redirect to other page.
int statusCode = postMethod.getStatusCode();
System.err.println(statusCode);
if (statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY)...{
Header locationHeader = postMethod.getResponseHeader("location");
if (locationHeader != null) ...{
String redirectUri = locationHeader.getValue();
if (redirectUri == null || "".equals(redirectUri)) ...{
redirectUri = "/";
}
getMethod = new GetMethod(redirectUri);
client.executeMethod(getMethod);
System.err.println("get redirect:");
headers = getMethod.getResponseHeaders();
for (Header header : headers) ...{
System.err.println(header.toString());
}
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getResponseCharSet());
getMethod.releaseConnection();
}
}
}
可以看到在一般的网站里面session-id是一直传递的。这里面的很都步骤都是可以使用java的URLConnection的,但有一种情况它不能很好处理. 例如, 登陆成功后, 服务器response.sendRedirect到一个新的URL, 这个时候返回的HTTP相应包应该只有HTTP头的, 里面包含一些返回状态码和要导向的URL地址.
HTTP/1.0 302 Moved Temporarily
Date: Sat, 03 Mar 2007 00:00:27 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://photo.xxxxxx.com/newurl
Content-Type: text/html; charset=UTF-8
Via: 1.0 photo.xxxx.com:8000 (Microsoft-IIS/7.1)
Connection: close
碰到(statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY)...这些返回码的时候, URLConnection会主动跳转到这个location, 但是却没传递任何的cookies, 服务器肯定不认帐了. URLConnection虽然有设置requestProperty设置请求的属性, 但上面这种情况好像是无法设置cookies头的, 而且他提供的设置setDefaultProperty好像也不管用. 甚至你连location也无法获取到.
顺便在这里提一下, 一些防盗链接其实可以用cookies头, 如果是经过当前网站来的请求, 藏点东西在cookies头里面; 还有一种可能是用Referer, 请求一个页面的时候, 不敢确定是不是因为返回了Cache-Control这些头,之后再去该网站拿其他东西的时候都要发送个Referer过去.
//第一次请求的返回包
HTTP/1.0 200 OK
Date: Fri, 02 Mar 2007 23:54:04 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491; path=/; domain=.photo.xxxxx.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 2762
Via: 1.0 photo.xxxx.net:8000 (Microsoft-IIS/7.1)
Connection: keep-alive
//再次请求包
Host: s.photo.xxxxx.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Accept: image/png,*/*;q=0.5
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://photo.xxx.net/userName/1524712
Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491
可以看到HttpClient还是很好用的, 用它甚至可以做一些简单的程序做点自动化的web页面的测试d.
用这个破解别人的相册? 估计效率是不怎么行的, 服务器狠些,再加个随机图片验证,或者几次失败之后封杀你的连接:)
HTTPClient的包有类似的例子。
public static void test() throws HttpException, IOException ...{
final String HOST = "photo.server.net";
final int PORT = 80;
final String getMethodStr= "/userAccount/1524712";
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost(HOST, PORT, "http");
client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
//Get first
GetMethod getMethod = new GetMethod(getMethodStr);
client.executeMethod(getMethod);
System.err.println("------ Get content /userAccount/1524712: ");
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getRequestCharSet());
Header[] headers = getMethod.getResponseHeaders();
for (Header header : headers) ...{
System.err.println(header.toString());
}
getMethod.releaseConnection();
//Get the useful session
//CookieSpec cookieSpec = CookiePolicy.getDefaultSpec();
Cookie[] getCookies = client.getState().getCookies();
System.err.println("----- -Useful cookies: ");
for (Cookie cookie : getCookies) ...{
System.err.println(cookie.toString());
}
//POST password
//其实无论客户端的页面怎么复杂,但是发过去的也只是包,可以使用一些抓包工具获取。
final String url = "http://" + HOST + getMethodStr;
final String encodedUrl = url.replaceAll(":", "%3A");
final String postUrl = "/@restrict?furl=" + encodedUrl;
PostMethod postMethod = new PostMethod(postUrl);
NameValuePair text = new NameValuePair("text", "");
NameValuePair pwd = new NameValuePair("pwd", "hello");
NameValuePair abId = new NameValuePair("ab_id", "");
postMethod.setRequestBody(new NameValuePair[]...{text, pwd, abId});
client.executeMethod(postMethod);
System.err.println("----------------");
System.err.println("get post feedback:");
printOutStream(postMethod.getResponseBodyAsStream(), postMethod.getResponseCharSet());
postMethod.releaseConnection();
//Redirect to other page.
int statusCode = postMethod.getStatusCode();
System.err.println(statusCode);
if (statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY)...{
Header locationHeader = postMethod.getResponseHeader("location");
if (locationHeader != null) ...{
String redirectUri = locationHeader.getValue();
if (redirectUri == null || "".equals(redirectUri)) ...{
redirectUri = "/";
}
getMethod = new GetMethod(redirectUri);
client.executeMethod(getMethod);
System.err.println("get redirect:");
headers = getMethod.getResponseHeaders();
for (Header header : headers) ...{
System.err.println(header.toString());
}
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getResponseCharSet());
getMethod.releaseConnection();
}
}
}
可以看到在一般的网站里面session-id是一直传递的。这里面的很都步骤都是可以使用java的URLConnection的,但有一种情况它不能很好处理. 例如, 登陆成功后, 服务器response.sendRedirect到一个新的URL, 这个时候返回的HTTP相应包应该只有HTTP头的, 里面包含一些返回状态码和要导向的URL地址.
HTTP/1.0 302 Moved Temporarily
Date: Sat, 03 Mar 2007 00:00:27 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://photo.xxxxxx.com/newurl
Content-Type: text/html; charset=UTF-8
Via: 1.0 photo.xxxx.com:8000 (Microsoft-IIS/7.1)
Connection: close
碰到(statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY)...这些返回码的时候, URLConnection会主动跳转到这个location, 但是却没传递任何的cookies, 服务器肯定不认帐了. URLConnection虽然有设置requestProperty设置请求的属性, 但上面这种情况好像是无法设置cookies头的, 而且他提供的设置setDefaultProperty好像也不管用. 甚至你连location也无法获取到.
顺便在这里提一下, 一些防盗链接其实可以用cookies头, 如果是经过当前网站来的请求, 藏点东西在cookies头里面; 还有一种可能是用Referer, 请求一个页面的时候, 不敢确定是不是因为返回了Cache-Control这些头,之后再去该网站拿其他东西的时候都要发送个Referer过去.
//第一次请求的返回包
HTTP/1.0 200 OK
Date: Fri, 02 Mar 2007 23:54:04 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491; path=/; domain=.photo.xxxxx.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 2762
Via: 1.0 photo.xxxx.net:8000 (Microsoft-IIS/7.1)
Connection: keep-alive
//再次请求包
Host: s.photo.xxxxx.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Accept: image/png,*/*;q=0.5
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://photo.xxx.net/userName/1524712
Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491
可以看到HttpClient还是很好用的, 用它甚至可以做一些简单的程序做点自动化的web页面的测试d.
用这个破解别人的相册? 估计效率是不怎么行的, 服务器狠些,再加个随机图片验证,或者几次失败之后封杀你的连接:)
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 使用HttpClient模拟网站登陆sina邮箱(保持远程服务器session和cookie)
- 用Apache httpclient模拟登陆学生个人信息系统
- httpclient模拟需要登陆之后才能访问第三方网站(并且需要一些人工参与的操作)
- HttpClient4登陆有验证码的网站
- 详解抓取网站,模拟登陆,抓取动态网页的原理和实现(Python,C#等)
- 一个比较笨的模拟登陆其他网站的方法
- 【教程】模拟登陆网站 之 C#版(内含两种版本的完整的可运行的代码)
- 详解抓取网站,模拟登陆,抓取动态网页的原理和实现
- 模拟登陆某大论坛网站(基于商业秘密不注明名称)
- 如何用Python,C#等语言去实现抓取静态网页+抓取动态网页+模拟登陆网站
- Apache2.4 Virtual Hosts配置:模拟真实网站+同时开发多个Web项目
- 玩玩网络课堂的外挂-网站模拟登陆
- 使用scrapy 模拟登陆网站后 抓取会员中心相关信息
- httpclient模拟登陆facebook.com
- 网页版的模拟登陆有验证码的网站
- 手把手教你如何利用工具(IE9的F12)去分析模拟登陆网站(百度首页)的内部逻辑过程
- C# 模拟网站登陆
- 模拟登陆网站 之 Python版(内含两种版本的完整的可运行的代码)
- php模拟post提交数据,用处很多,可用来网站的采集,登陆等等
- 使用C#的HttpWebRequest模拟登陆网站