核心信息:
//用戶代理 UserAgent,是指瀏覽器,它的信息包括硬件平臺、系統軟件、應用軟件和用戶個人偏好。在X.400電子系統中,用戶代理是一種對數據打包、創造分組頭,以及編址、傳遞消息的部件。用戶代理並不是僅指瀏覽器,還包括搜索引擎。
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
//指定“no-cache”值表示服務器必須返回一個刷新後的文檔,即使它是代理服務器而且已經有了頁面的本地拷貝。
Pragma: no-cache
Pragma: no-cache
//初始URL中的主機和端口。
Host: passport.baidu.com
//禁止追蹤
DNT: 1
Connection: keep-alive
Connection: keep-alive
//緩存方式
Cache-Control: no-cache
Cache-Control: no-cache
//瀏覽器所希望的語言種類,當服務器能夠提供一種以上的語言版本時要用到。
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
//瀏覽器能夠進行解碼的數據編碼方式,比如gzip。Servlet能夠向支持gzip的瀏覽器返回經gzip編碼的HTML頁面。許多情形下這可以減少5到10倍的下載時間。
Accept-Encoding: gzip, deflate
Accept-Encoding: gzip, deflate
//瀏覽器可接受的MIME類型。
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
發送 Cookie
UBI: fi_PncwhpxZ~TaKAZJs2KmY1aj~eJSAy5waoThqofQDTY~GMYKTqMLZwI855qbp5KfkoVWSLWDm426-o6Za
PSTM: 1440874285
HOSUPPORT: 1
H_PS_PSSID: 16716_1435_16710_16975_17012_12867_16937_16800_16935_17003_15310_11732_13932_16969_10634_16866_17051
BIDUPSID: F2D05C9CD65A4B08A3398B45DCCE79FA
BDRCVFR[gltLrB7qNCt]: mk3SLVN4HKm
BAIDUID: F2D05C9CD65A4B08A3398B45DCCE79FA:FG=1
發送表單數據
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
發送 Cookie
UBI: fi_PncwhpxZ~TaKAZJs2KmY1aj~eJSAy5waoThqofQDTY~GMYKTqMLZwI855qbp5KfkoVWSLWDm426-o6Za
PSTM: 1440874285
HOSUPPORT: 1
H_PS_PSSID: 16716_1435_16710_16975_17012_12867_16937_16800_16935_17003_15310_11732_13932_16969_10634_16866_17051
BIDUPSID: F2D05C9CD65A4B08A3398B45DCCE79FA
BDRCVFR[gltLrB7qNCt]: mk3SLVN4HKm
BAIDUID: F2D05C9CD65A4B08A3398B45DCCE79FA:FG=1
發送表單數據
//驗證碼
verifycode:
username: 13543452240
u: http://zongheng.baidu.com/sendbduss.do?source=0&location=http%3A%2F%2Fwww.zongheng.com%2F&_t=1440874289725
tt: 1440874310669
tpl: zongheng
token: ba24e21e7854ca8ff0c97d3374f3cd67
subpro:
staticpage: http://passport.zongheng.com/v3Jump.html
safeflg: 0
rsakey: Qa94r9ecjnjSIN8kwVwGearzOG7Sjco9
quick_user: 0
ppui_logintime: 20266
password: QzfsW8bF6OMeq9cYgOH/eZDdUGsRkmmCCpczv/z4WFK7xTOWmtAfd2oOaS64YzhghDqYRKxPwmyEOP9NW+/Tj3t3gr73SR7oDh71HtXWd/h+pSWyG1K/y8ZplEz2Ud8ed0JyK03i/lLOvrVO4IXVoRuSNs5tXlfPm/VpbZGwh6s=
mem_pass: on
logLoginType: pc_loginBasic
logintype: basicLogin
loginmerge: true
isPhone: false
idc:
gid: 2CAD7C5-2890-4E73-9EF4-7D4884DD7BE5
detect: 1
crypttype: 12
codestring:
charset: utf-8
callback: parent.bd__pcbs__ok0875
apiver: v3
響應頭 Δ328ms
Vary: Accept-Encoding
Transfer-Encoding: chunked
Pragma: public
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Last-Modified: Sat, 29 Aug 2015 18:52:07 18AugGMT
Expires: 0
Etag: w/"NWCZSRAtTJuAKSuXPTGfrybJep4Uu7Ps:1440874327"
Date: Sat, 29 Aug 2015 18:52:07 GMT
Content-Type: text/html
Content-Encoding: gzip
Connection: keep-alive
Cache-Control: public
收到的 Cookie
USERNAMETYPE: 3
UBI: fi_PncwhpxZ~TaL902PKy-dLNuHXHIXCfAoio8uSphdKLcOUgX~6tPeszSRclJGh4I2JOyHjF89eJpUNN-pSY7AWQZg9~lUka36Lzgi-vwAcSonARzzJoORX9aCMR0yze0BG9xmQd0eLHjt1HTp4MKrqisD67rt
STOKEN: 831edce8a805251f2804d16f097bc9f38df98fb3d107267581f1481eaf007029
SAVEUSERID: a619ac30812bc617e9fdea028cd957
PTOKEN: deleted
PTOKEN: d56a25169bf00e85b3526db09775ebd9
PASSID: yZuogE
HISTORY: 4ae4298bf57103aa5139faa502cd2fd4a5185c
BDUSS: GhSaWRGaEF3eTRtSTJTQU9NMndMTmkyek1NeVl2TzZ3Q0tvbm5mSExJVlhqQWxXQVFBQUFBJCQAAAAAAAAAAAEAAABF25csu6jT6s7UzP27qNPqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFf~4VVX~-FVR
響應主體 Δ0ms
<!DOCTYPE html><html><head><meta http-equiv=Content-Type content="text/html; charset=UTF-8"></head><body><script> var href = decodeURIComponent("http:\/\/passport.zongheng.com\/v3Jump.html")+"?" var accounts = '&accounts=' href += "err_no=0&callback=parent.bd__pcbs__ok0875&codeString=&userName=13543452240&phoneNumber=&mail=&hao123Param=R2hTYVdSR2FFRjNlVFJ0U1RKVFFVOU5NbmRNVG1reWVrMU5lVmwyVHpaM1EwdHZibTVtU0V4SlZsaHFRV3hYUVZGQlFVRkJKQ1FBQUFBQUFBQUFBQUVBQUFCRjI1Y3N1NmpUNnM3VXpQMjdxTlBxQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBRmZ%2BNFZWWH4tRlZS&u=http://zongheng.baidu.com/sendbduss.do%3Fsource%3D0%26location%3Dhttp%253A%252F%252Fwww.zongheng.com%252F%26_t%3D1440874289725&tpl=&secstate=&gotourl=&authtoken=&loginproxy=&resetpwd=&vcodetype=&lstr=<oken=&bckv=1&bcsync=DwCry5RutZZ06iU%2BuYc%2FwZrAQJnInlokriRZJWd%2FF5RI8mItiLYvSbtnU%2FVSlAywgH0ozO5vdRICJ2F%2B3Xe%2BgxuGEbPQMGeZi9dUzXCVCG%2FELi5Xtw9Nq%2BEwpSaiJeE4mcbaTIS19CYg7roJ28UN4vg6X0JL1PAC5bRU3pjzOb4NFmRa%2By8pJxELNwSKh0hl%2FwWA0YYBmT4EDr7cZiL6cDOX83kgCoH8fvcuPh%2BoTwk57lk2tCeA6l0PIm%2FUAdHh9ns2LQEr4qBL35J54REy4OLV9xGGVP8L9hCnB%2BEU2eUAEyF5J%2FGcRjy1ivrQgXcTvb1mkcLoKpMf%2FeB5NopdSQ%3D%3D&bcchecksum=1222223214&code=&bdToken=&bctime=1440874327"+accounts; if(window.location){ window.location.replace(href); }else{ document.location.replace(href); } </script>
verifycode:
username: 13543452240
u: http://zongheng.baidu.com/sendbduss.do?source=0&location=http%3A%2F%2Fwww.zongheng.com%2F&_t=1440874289725
tt: 1440874310669
tpl: zongheng
token: ba24e21e7854ca8ff0c97d3374f3cd67
subpro:
staticpage: http://passport.zongheng.com/v3Jump.html
safeflg: 0
rsakey: Qa94r9ecjnjSIN8kwVwGearzOG7Sjco9
quick_user: 0
ppui_logintime: 20266
password: QzfsW8bF6OMeq9cYgOH/eZDdUGsRkmmCCpczv/z4WFK7xTOWmtAfd2oOaS64YzhghDqYRKxPwmyEOP9NW+/Tj3t3gr73SR7oDh71HtXWd/h+pSWyG1K/y8ZplEz2Ud8ed0JyK03i/lLOvrVO4IXVoRuSNs5tXlfPm/VpbZGwh6s=
mem_pass: on
logLoginType: pc_loginBasic
logintype: basicLogin
loginmerge: true
isPhone: false
idc:
gid: 2CAD7C5-2890-4E73-9EF4-7D4884DD7BE5
detect: 1
crypttype: 12
codestring:
charset: utf-8
callback: parent.bd__pcbs__ok0875
apiver: v3
響應頭 Δ328ms
Vary: Accept-Encoding
Transfer-Encoding: chunked
Pragma: public
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Last-Modified: Sat, 29 Aug 2015 18:52:07 18AugGMT
Expires: 0
Etag: w/"NWCZSRAtTJuAKSuXPTGfrybJep4Uu7Ps:1440874327"
Date: Sat, 29 Aug 2015 18:52:07 GMT
Content-Type: text/html
Content-Encoding: gzip
Connection: keep-alive
Cache-Control: public
收到的 Cookie
USERNAMETYPE: 3
UBI: fi_PncwhpxZ~TaL902PKy-dLNuHXHIXCfAoio8uSphdKLcOUgX~6tPeszSRclJGh4I2JOyHjF89eJpUNN-pSY7AWQZg9~lUka36Lzgi-vwAcSonARzzJoORX9aCMR0yze0BG9xmQd0eLHjt1HTp4MKrqisD67rt
STOKEN: 831edce8a805251f2804d16f097bc9f38df98fb3d107267581f1481eaf007029
SAVEUSERID: a619ac30812bc617e9fdea028cd957
PTOKEN: deleted
PTOKEN: d56a25169bf00e85b3526db09775ebd9
PASSID: yZuogE
HISTORY: 4ae4298bf57103aa5139faa502cd2fd4a5185c
BDUSS: GhSaWRGaEF3eTRtSTJTQU9NMndMTmkyek1NeVl2TzZ3Q0tvbm5mSExJVlhqQWxXQVFBQUFBJCQAAAAAAAAAAAEAAABF25csu6jT6s7UzP27qNPqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFf~4VVX~-FVR
響應主體 Δ0ms
<!DOCTYPE html><html><head><meta http-equiv=Content-Type content="text/html; charset=UTF-8"></head><body><script> var href = decodeURIComponent("http:\/\/passport.zongheng.com\/v3Jump.html")+"?" var accounts = '&accounts=' href += "err_no=0&callback=parent.bd__pcbs__ok0875&codeString=&userName=13543452240&phoneNumber=&mail=&hao123Param=R2hTYVdSR2FFRjNlVFJ0U1RKVFFVOU5NbmRNVG1reWVrMU5lVmwyVHpaM1EwdHZibTVtU0V4SlZsaHFRV3hYUVZGQlFVRkJKQ1FBQUFBQUFBQUFBQUVBQUFCRjI1Y3N1NmpUNnM3VXpQMjdxTlBxQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBRmZ%2BNFZWWH4tRlZS&u=http://zongheng.baidu.com/sendbduss.do%3Fsource%3D0%26location%3Dhttp%253A%252F%252Fwww.zongheng.com%252F%26_t%3D1440874289725&tpl=&secstate=&gotourl=&authtoken=&loginproxy=&resetpwd=&vcodetype=&lstr=<oken=&bckv=1&bcsync=DwCry5RutZZ06iU%2BuYc%2FwZrAQJnInlokriRZJWd%2FF5RI8mItiLYvSbtnU%2FVSlAywgH0ozO5vdRICJ2F%2B3Xe%2BgxuGEbPQMGeZi9dUzXCVCG%2FELi5Xtw9Nq%2BEwpSaiJeE4mcbaTIS19CYg7roJ28UN4vg6X0JL1PAC5bRU3pjzOb4NFmRa%2By8pJxELNwSKh0hl%2FwWA0YYBmT4EDr7cZiL6cDOX83kgCoH8fvcuPh%2BoTwk57lk2tCeA6l0PIm%2FUAdHh9ns2LQEr4qBL35J54REy4OLV9xGGVP8L9hCnB%2BEU2eUAEyF5J%2FGcRjy1ivrQgXcTvb1mkcLoKpMf%2FeB5NopdSQ%3D%3D&bcchecksum=1222223214&code=&bdToken=&bctime=1440874327"+accounts; if(window.location){ window.location.replace(href); }else{ document.location.replace(href); } </script>
整合後得到(多次抓取後不相同的地方):
發送 Cookie
UBI: fi_PncwhpxZ~TaKAcsgiukurYX~bjBxM2Cm-d6x1bOHomipF~NPSN3xBGhD-fkwY7QKXMdGtbGGEkfH6rvQ
PSTM: 1440874509
H_PS_PSSID: 1425_16997_16975_12657_17012_12867_16800_16934_17004_15773_12342_13932_16969_10632_16866_17050
BIDUPSID: 21447B391F8874869C7BFFD4B51D8474
BAIDUID: 21447B391F8874869C7BFFD4B51D8474:FG=1
發送表單數據
u: http://zongheng.baidu.com/sendbduss.do?source=0&location=http%3A%2F%2Fwww.zongheng.com%2F&_t=1440874506320
tt: 1440874525779
token: b753754fb9ad1d985154eec7c6015320
rsakey: utuY20mVmofD3tjcZrV1uzvK4lpjPvCU
ppui_logintime: 18414
password: TsBsc8UGkjwxfd3E9BHnQ1pCoik5hfjKbbHYcMWGoocjW1/1l2RqJomIxbwhnbd5r8sWwFhheHpQoU4Ex4a+sOT3REfRV3jnwQoBaMZ2dLzI9NNne/NR1V1gL9Z0Nz3J0a6C9iHglJywzhgTVwTiOshvw3X9/idtTBGlq79Z7Tk=
gid: E42C04A-88D7-427B-AA02-0B4C2AB883F0
callback: parent.bd__pcbs__5qwpki
收到的 Cookie
USERNAMETYPE: 3
UBI: fi_PncwhpxZ~TaL9xQBSBqH-3L1dTsNNQk8R8DWYT5iAPwnL4gPQEcTXh3vugMdjEblVyepe-BoSr33XpvbwLE4zSKmqQANQPWvdqGevAL6QEsMsXhit~afIK3SfiY5zmFqtxJiEPa9yJFyLnmL2d1eXWfq
STOKEN: 2d327b0913875334b2368a899f675fed2688318f8988a44914b0c0af37301fdc
PTOKEN: b9beddf75543aaf10ae721dbe744f038
PASSID: 8rH1Bp
BDUSS: UdmOX54b01FOWV6WWNkRmlWRDBSSklQanJMN3BNbDVZU2x2eGJnZlJERXVqUWxXQUFBQUFBJCQAAAAAAAAAAAEAAABF25csu6jT6s7UzP27qNPqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4A4lUuAOJVZ
UBI: fi_PncwhpxZ~TaKAcsgiukurYX~bjBxM2Cm-d6x1bOHomipF~NPSN3xBGhD-fkwY7QKXMdGtbGGEkfH6rvQ
PSTM: 1440874509
H_PS_PSSID: 1425_16997_16975_12657_17012_12867_16800_16934_17004_15773_12342_13932_16969_10632_16866_17050
BIDUPSID: 21447B391F8874869C7BFFD4B51D8474
BAIDUID: 21447B391F8874869C7BFFD4B51D8474:FG=1
發送表單數據
u: http://zongheng.baidu.com/sendbduss.do?source=0&location=http%3A%2F%2Fwww.zongheng.com%2F&_t=1440874506320
tt: 1440874525779
token: b753754fb9ad1d985154eec7c6015320
rsakey: utuY20mVmofD3tjcZrV1uzvK4lpjPvCU
ppui_logintime: 18414
password: TsBsc8UGkjwxfd3E9BHnQ1pCoik5hfjKbbHYcMWGoocjW1/1l2RqJomIxbwhnbd5r8sWwFhheHpQoU4Ex4a+sOT3REfRV3jnwQoBaMZ2dLzI9NNne/NR1V1gL9Z0Nz3J0a6C9iHglJywzhgTVwTiOshvw3X9/idtTBGlq79Z7Tk=
gid: E42C04A-88D7-427B-AA02-0B4C2AB883F0
callback: parent.bd__pcbs__5qwpki
收到的 Cookie
USERNAMETYPE: 3
UBI: fi_PncwhpxZ~TaL9xQBSBqH-3L1dTsNNQk8R8DWYT5iAPwnL4gPQEcTXh3vugMdjEblVyepe-BoSr33XpvbwLE4zSKmqQANQPWvdqGevAL6QEsMsXhit~afIK3SfiY5zmFqtxJiEPa9yJFyLnmL2d1eXWfq
STOKEN: 2d327b0913875334b2368a899f675fed2688318f8988a44914b0c0af37301fdc
PTOKEN: b9beddf75543aaf10ae721dbe744f038
PASSID: 8rH1Bp
BDUSS: UdmOX54b01FOWV6WWNkRmlWRDBSSklQanJMN3BNbDVZU2x2eGJnZlJERXVqUWxXQUFBQUFBJCQAAAAAAAAAAAEAAABF25csu6jT6s7UzP27qNPqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4A4lUuAOJVZ
登錄邏輯總結(直接訪問登錄頁面):
1、先登錄百度首頁www.baidu.com獲取cookies
PSTM: 1440874509
H_PS_PSSID: 1425_16997_16975_12657_17012_12867_16800_16934_17004_15773_12342_13932_16969_10632_16866_17050
BIDUPSID: 21447B391F8874869C7BFFD4B51D8474
BAIDUID: 21447B391F8874869C7BFFD4B51D8474:FG=1
H_PS_PSSID: 1425_16997_16975_12657_17012_12867_16800_16934_17004_15773_12342_13932_16969_10632_16866_17050
BIDUPSID: 21447B391F8874869C7BFFD4B51D8474
BAIDUID: 21447B391F8874869C7BFFD4B51D8474:FG=1
2、利用以上獲得的cookie直接訪問頁面
注:tt是一個時間戳,用以下方法生成
/// <summary>
/// 獲取時間戳
/// </summary>
public string GetTimeStamp()
{
TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);
return Convert.ToInt64(ts.TotalSeconds).ToString();
}
3、用token訪問該地址,獲取raskeyhttps://passport.baidu.com/v2/getpublickey?token=5d0fc87cb0de39982c06795d3356e239&tpl=zongheng&apiver=v3&tt=1441311621601&gid=59723A6-1178-4614-B7AF-779917BC4453&callback=bd__cbs__gaci47和publickey
4、利用rsa加密算法將密碼加密(公鑰:publickey)
var pemToXml = RsaHelper.PemToXml(result_publicKey.Pubkey);
pwd = RsaHelper.RSAEncrypt(pemToXml, pwd);
5、檢驗是否需要驗證碼
百度登錄有一點比較好,就是他生成驗證碼會有一個codetype,而且這個type同一個BAIDUID申請是不變的,服務器會根據這個申請的type提供一個codestring,也就是驗證碼(我們是看不懂的,這個需要我們提交給服務器讓它自動解析,就可以獲得驗證碼圖片)
6、提交數據登錄
如果返回的Json數據顯示err_0,即代表成功登陸,257爲驗證碼錯誤,7爲密碼錯誤
7、獲得百度提供的BDUSS,即可到想去的網站繼續進行下一步分析
上面寫的是編寫軟件時的大概步驟詳細步驟,具體步驟後面會繼續更新,希望能夠幫助到各位有需要的童鞋~歡迎各位評論交流
PS:模擬登錄最重要的步驟是抓包分析,獲取對應的Cookies,如果遇上問題,請先檢查代碼邏輯,看看是否已經獲得網站需要提供Cookie(有些不是必要的可以不傳)