騰訊的拍拍網今日特價秒殺器--拍拍搶拍精靈實現過程--核心代碼 by wyw308 / http://blog.csdn.net/wyw308
Cookie欺騙 騰訊拍拍秒殺活動的驗證碼漏洞
請猛擊下載:http://blog.csdn.net/wyw308/archive/2011/05/10/6408159.aspx
結合網絡上前輩的寶貴經驗,配合自己手動抓包分析。發現:
1:再進入倒計時時無論你點刷新有多快,其實頁面都是5秒鐘纔給你提交一次。(可惡的拍拍,蒙了多少樸實鞋童,沒分析之前按一到搶拍時間就狂點“刷新”按鈕,現在才明白白瞎了)
2:騰訊的驗證碼來源於第三方服務器,其Set-Cookie並不是保存到本地的cookie,它是一個標誌爲httponly的cookie,只存儲在標頭。具體的驗證碼地址爲專門服務器http://captcha.qq.com/getimage,因此可以進行cookie欺騙。
開發思路:
1:考慮人性化效果,利用webBrowser模擬頁面登陸進入搶拍界面,利用webBrowser動態生成主要cookie及post數據元素。
2:手動提前獲取多組驗證碼,保存到容器。
3:時間一到,利用提前獲取的驗證碼,手工構造post數據以及cookie數據,利用httpwebrequest進行底層自動提交。
4:查看返回結果。
[這裏只是給出了思路及核心實現代碼,細節優化略]
請猛擊下載:http://blog.csdn.net/wyw308/archive/2011/05/10/6408159.aspx
一:取寶貝的開始剩餘時間:注意,拍拍網對於寶貝的開始搶拍時間有延時處理,比如倒計時到了3,2,1,孃的,他不開始,又重新回到了3,3,3。。。然後忽然就開始了,這裏需要進行一些技術處理,如自己延時或者直接網上覈對,但各有利弊,具體方法大家自己想。這裏只給取倒計時by/ http://blog.csdn.net/wyw308
/// <summary>
/// 返回倒計時毫秒by/ http://blog.csdn.net/wyw308
/// </summary>
/// <returns></returns>
private double RemainTime(out string jsonstr)
{
Random ran = new Random();
double c = ran.NextDouble();//隨機處理by /http://blog.csdn.net/wyw308
string url = "http://ext.paipai.com/oneaday/comdynum?" + GetInputValue("ComdyId") + "&t=" + c.ToString();//寶貝搶拍上架地址by/ http://blog.csdn.net/wyw308
CookieContainer cc = new CookieContainer();
HttpHelper.NetworkDelay =0 ;
HttpHelper.Encoding = Encoding.GetEncoding("GB2312");
string result = HttpHelper.GetHtml(url, cc);
result = HttpFunction.Regex_str(result, "{.+?}");
jsonstr = result;
Dictionary<string, object> aa = bym.Json.jsonFormat.Deserialize(result); //json格式化返回數據by /http://blog.csdn.net/wyw308
string a = aa["UploadSec"].ToString();
if (a != null && a != "")
return double.Parse(a) * 1000;
else
return -1;
}
二:驗證碼容器,將提前獲取的驗證碼及cookie值保存到此,然後使用
/// <summary>
/// 驗證碼cookie極點隊容器 by/ http://blog.csdn.net/wyw308
///將提前獲取的驗證碼及cookie值保存到此,然後使用
/// </summary>
public class PPCode
{
//by/ http://blog.csdn.net/wyw308
private string vcode;
private string vcookie;
public PPCode()
{
}
public PPCode(string VCODE, string VCOOKIE)
{
this.vcode = VCODE;
this.vcookie = VCOOKIE;
}
public string VCODE
{
get
{
return this.vcode;
}
set
{
this.vcode = value;
}
}
public string VCOOKIE
{
get
{
return this.vcookie;
}
set
{
this.vcookie = value;
}
}
}
/// <summary>
/// 訪問驗證碼,取cookie及驗證碼值 by/ http://blog.csdn.net/wyw308
/// </summary>
private void GetPPcode()
{
// by/ http://blog.csdn.net/wyw308
Random ran = new Random();
double c = ran.NextDouble();
HttpHelper.Referer = HttpFunction.UrlEnCode(webBrowser1.Url.ToString(), "GB2312").Replace("%3D", "=");//當前頁面地址
string url = "http://ptlogin2.paipai.com/getimage?aid=17000101&CacheTime=" + c;
url = "http://captcha.qq.com/getimage?aid=17000101&CacheTime=" + c;//驗證碼的真實地址 by /http://blog.csdn.net/wyw308
// url = "http://captcha.qq.com/getimage";
CookieContainer ckcode = new CookieContainer();
pictureBox1.Image = new Bitmap(HttpHelper.GetStream(url, HttpHelper.CookieContainer, out c_v));
txt_code.Text = "";
txt_code.Focus();
}
三:根據頁面動態手工構建post方法,這樣比較靈活機動,操作起來交互效果好,by/ http://blog.csdn.net/wyw308
/// <summary>
/// 動態構造post的數據 by/ http://blog.csdn.net/wyw308
/// </summary>
/// <param name="vcode"></param>
/// <returns></returns>
private string GetPostD()
{
// by/ http://blog.csdn.net/wyw308
string pd = string.Empty;
string PostInput = "ComdyId,clsId,Address1,Address,Region,AddressId,PostCode,Name,Mobile,Phone,BuyNum,shippingFeeItem,commodityattr,Encrypt,Rule,BcLevel,sendtype";
//post的input數據列表,根據抓包和webbrorser分析得到,by /http://blog.csdn.net/wyw308
string[] s_input = PostInput.Split(new char[] { ',' });
for (int i = 0; i < s_input.Length; i++)
{
if (i == 0)
pd = GetInputValue(s_input[i]);
else
pd = pd + "&" + GetInputValue(s_input[i]);
}
string PostSelect = "mProvince,mCity,mTown";//post的select數據列表by /http://blog.csdn.net/wyw308
string[] s_select = PostSelect.Split(new char[] { ',' });
for (int j = 0; j < s_select.Length; j++)
{
pd = pd + "&" + GetSelectValue(s_select[j]);
}
pd = pd + "&Remark=";
return pd;
}
/// <summary>
/// 取頁面input控件值 by/ http://blog.csdn.net/wyw308
/// </summary>
/// <param name="InputName"></param>
/// <returns></returns>
private string GetInputValue(string InputName)
{
// by/ http://blog.csdn.net/wyw308
string str = string.Empty;
HtmlDocument doc = webBrowser1.Document;
HtmlElement ipt = doc.GetElementsByTagName("input")[InputName];
str = InputName + "=" + HttpFunction.UrlEnCode(ipt.GetAttribute("value"), "GB2312");
return str;
}
/// <summary>
/// 取頁面select控件值 by/ http://blog.csdn.net/wyw308
/// </summary>
/// <param name="InputName"></param>
/// <returns></returns>
private string GetSelectValue(string InputName)
{
// by/ http://blog.csdn.net/wyw308
string str = string.Empty;
HtmlDocument doc = webBrowser1.Document;
HtmlElement sels = doc.GetElementsByTagName("select")[InputName];
HtmlElementCollection opts = sels.Children;//取頁面select的有效值時坎坷了老半天,立標留念by /http://blog.csdn.net/wyw308
for (int i = 0; i < opts.Count; i++)
{
if (opts[i].OuterHtml.Contains("selected"))
str = InputName + "=" + opts[i].GetAttribute("value");
}
return str;
}
四:動態構建提交需要的cookie by/ http://blog.csdn.net/wyw308
/// <summary>
/// 動態構建cookie容器 by/ http://blog.csdn.net/wyw308
/// </summary>
/// <param name="ck_str"></param>
/// <param name="domain"></param>
/// <returns></returns>
public static CookieContainer GetCookieFromStr(string ck_str, string domain)
{
by/ http://blog.csdn.net/wyw308
CookieContainer myCookieContainer = new CookieContainer();
string cookieStr = ck_str;
string[] cookstr = cookieStr.Split(';');
foreach (string str in cookstr)
{
string[] cookieNameValue = str.Split('=');
if (cookieNameValue.Length > 1 )
{
Cookie ck = new Cookie(cookieNameValue[0].Trim().ToString(), str.Substring(cookieNameValue[0].Trim().ToString().Length + 2));//網上一個寫好的方法,做了調整by/ http://blog.csdn.net/wyw308
ck.Domain = domain;
ck.Path = "/";
myCookieContainer.Add(ck);
}
}
return myCookieContainer;
}
五:自動通過底層提交post及cookie數據,模擬搶拍。
/// <summary>
/// 動態構建post及cookie,自動提交
/// by/ http://blog.csdn.net/wyw308
/// </summary>
private void PostToPai()
{
// by/ http://blog.csdn.net/wyw308
int r_q = 0, r_succ = 0;
bool qp_ok = false;
string domain = "ext.paipai.com";//cookie的域名,一定要寫對,by /http://blog.csdn.net/wyw308
string url = HttpFunction.UrlEnCode(webBrowser1.Url.ToString(), "GB2312").Replace("%3D", "=");//當前頁面地址
HtmlElement hl = webBrowser1.Document.GetElementById("fixupformid");
string PostUrl = string.Format(hl.GetAttribute("action"));//得到提交的地址
//動態構建提交需要的cookie值 by/ http://blog.csdn.net/wyw308
string ck_str = webBrowser1.Document.Cookie;//頁面數據生成的cookie值
string ck1 = "";
string ck2 = "";
int ver_num = ck_str.IndexOf("verifysession");//截取無用的驗證碼cookie串,用提前獲取的驗證碼替換
if (ver_num != -1)
{
ck1 = ck_str.Substring(0, ver_num);
ck2 = ck_str.Substring(ver_num + 98);
}
else
ck1 = ck_str;
string postd = GetPostD();//得到post數據by/ http://blog.csdn.net/wyw308
for (int i = 0; i < pp.Count; i++)//循環已經提前獲取的驗證碼及cookie by/ http://blog.csdn.net/wyw308
{
if (i == 0 && !ckb_sg.Checked)//第一次提交隨機延時
{
WriMsg("開始搶拍了....");
//Random r = new Random();
int tys = int.Parse(txt_ys.Text.Trim());
//int ys = r.Next(tys, 2 * tys + 1000);
WriMsg("延時" + tys.ToString() + "毫秒...");
Thread.Sleep(tys);
}
ck_str = ck1 + pp[i].VCOOKIE + ck2;
CookieContainer PostCookie = new CookieContainer();
PostCookie = HttpWeb.GetCookieFromStr(ck_str, domain);//構造最終提交的cookieby/ http://blog.csdn.net/wyw308
string postdata = string.Format(postd + "&verifycode=" + pp[i].VCODE);//構造最終post數據by/ http://blog.csdn.net/wyw308
HttpHelper.Encoding = Encoding.GetEncoding("GB2312");
if (ckb_sg.Checked || i == 0)
HttpHelper.NetworkDelay = 0;
else
HttpHelper.NetworkDelay = int.Parse(txt_jg.Text.Trim());//發送請求隨機間隔時間
HttpHelper.Referer = HttpFunction.UrlEnCode(url, "GB2312");
WriMsg("正在發送請求...");
r_q = r_q + 1;
if (string.IsNullOrEmpty(postdata))//記錄異常,由於拍拍反限制因此有莫名錯誤,調試時使用,by /http://blog.csdn.net/wyw308
{
string errmsg = i.ToString() + "#Err#PostUrl:/r/n" + url + "/r/n" + PostUrl + "/r/n" + pp[i].VCODE + "#" + pp[i].VCOOKIE + "/r/n/r/nPostData:/r/n" + postdata + "/r/n/r/nCookie:/r/n" + ck_str + "/r/n/r/nResult:/r/n";
HttpPaipai.Msg(HttpFunction.UrlDeCode(errmsg, "GB2312"));
return;
}
string result = HttpHelper.GetHtml(PostUrl, postdata, true, PostCookie);//最終提交請求by /http://blog.csdn.net/wyw308
result = HttpFunction.NoHTML(HttpFunction.Regex_goup_str(result, "<h5>.+?</h5>|<h5 id=/"errorMsg/">.+?</h5>|ErrMsg:/".+?/",")).Replace(",,", "");
if (result.Contains("恭喜您"))
{
r_succ = r_succ + 1;
if (r_succ >= int.Parse(txt_succ.Text.Trim()))
qp_ok = true;
}
tsl4.Text = "請求:" + r_q.ToString() + ";成功:" + r_succ.ToString();
WriMsg(result);
//記錄日誌,方便調試用
//string msg = "PostUrl:/r/n" + url + "/r/n" + PostUrl + "/r/n" + pp[i].VCODE + "#" + pp[i].VCOOKIE + "/r/n/r/nPostData:/r/n" + postdata + "/r/n/r/nCookie:/r/n" + HttpWeb.GetCookieFromCookieContainer(PostCookie, "http://" + domain) + "/r/n/r/nResult:/r/n" + result;
//HttpPaipai.Msg(HttpFunction.UrlDeCode(msg, "GB2312"));
if (qp_ok)
{
pp.Clear();
label3.Text = pp.Count.ToString();
return;
}
}
//搶拍結束後如果沒有搶到立即轉到手工模式,補救 by/ http://blog.csdn.net/wyw308
if (!qp_ok)
{
WriMsg("本輪運氣不佳,請輸入驗證碼快速補搶...");
pp.Clear();
label3.Text = pp.Count.ToString();
ckb_sg.Checked = true;
GetPPcode();
}
}
軟件下載:http://blog.csdn.net/wyw308/archive/2011/05/10/6408159.aspx
用到的httphelp類(感謝原作者),這裏做了些細微調整by/ http://blog.csdn.net/wyw308:
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Threading;
namespace bym
{
public class HttpHelper
{
#region 私有變量
private static CookieContainer cc = new CookieContainer();
private static string contentType = "application/x-www-form-urlencoded";
private static string accept = "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-silverlight, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-silverlight-2-b1, */*";
private static string userAgent = "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)";
private static Encoding encoding = Encoding.GetEncoding("utf-8");
private static int delay = 1000;//延遲訪問防止連續訪問被發現 3秒
private static int maxTry =2;
private static int currentTry = 0;
private static string referer;
#endregion
#region 屬性
/// <summary></summary>
/// Cookie容器
///
public static CookieContainer CookieContainer
{
get
{
return cc;
}
}
/// <summary></summary>
/// 獲取網頁源碼時使用的編碼
///
/// <value></value>
public static Encoding Encoding
{
get
{
return encoding;
}
set
{
encoding = value;
}
}
public static int NetworkDelay
{
get
{
Random r = new Random();
return (r.Next(delay , delay * 2));
}
set
{
delay = value;
}
}
public static int MaxTry
{
get
{
return maxTry;
}
set
{
maxTry = value;
}
}
public static string Referer
{
get
{
return referer;
}
set
{
referer = value;
}
}
#endregion
#region 公共方法
/// <summary></summary>
/// 獲取指定頁面的HTML代碼
///
/// <param name="url">指定頁面的路徑
/// <param name="postData">回發的數據
/// <param name="isPost">是否以post方式發送請求
/// <param name="cookieCollection">Cookie集合
/// <returns></returns>
public static string GetHtml(string url, string postData, bool isPost, CookieContainer cookieContainer)
{
int err_num = 0;
if (string.IsNullOrEmpty(postData))
{
err_num = 1;
// return GetHtml(url, cookieContainer);
}
Thread.Sleep(NetworkDelay);//延遲訪問
currentTry++;
HttpWebRequest httpWebRequest = null;
HttpWebResponse httpWebResponse = null;
try
{
byte[] byteRequest = Encoding.Default.GetBytes(postData);
err_num = 2;
httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(url);
err_num = 3;
httpWebRequest.CookieContainer = cookieContainer;
err_num = 4;
httpWebRequest.ContentType = contentType;
err_num = 5;
httpWebRequest.ServicePoint.ConnectionLimit = maxTry;
err_num = 6;
httpWebRequest.Referer = referer;
err_num = 7;
httpWebRequest.Accept = accept;
err_num = 7;
httpWebRequest.UserAgent = userAgent;
err_num = 8;
httpWebRequest.Method = isPost ? "POST" : "GET";
err_num = 8;
httpWebRequest.ContentLength = byteRequest.Length;
err_num = 9;
Stream stream = httpWebRequest.GetRequestStream();
err_num = 10;
stream.Write(byteRequest, 0, byteRequest.Length);
err_num = 11;
stream.Close();
err_num = 12;
httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse();
err_num = 13;
Stream responseStream = httpWebResponse.GetResponseStream();
err_num = 14;
StreamReader streamReader = new StreamReader(responseStream, encoding);
err_num = 15;
string html = streamReader.ReadToEnd();
err_num = 16;
streamReader.Close();
err_num = 17;
responseStream.Close();
err_num = 18;
currentTry = 0;
err_num = 19;
httpWebRequest.Abort();
err_num = 20;
httpWebResponse.Close();
err_num = 21;
return html;
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine(DateTime.Now.ToString("HH:mm:ss ") + e.Message);
Console.ForegroundColor = ConsoleColor.White;
HttpWeb.WriteLog(err_num.ToString()+"#"+e.Message, "GetHtmlErr.log");
if (currentTry <= maxTry)
{
GetHtml(url, postData, isPost, cookieContainer);
}
currentTry--;
if (httpWebRequest != null)
{
httpWebRequest.Abort();
} if (httpWebResponse != null)
{
httpWebResponse.Close();
}
return string.Empty;
}
}
/// <summary></summary>
/// 獲取指定頁面的HTML代碼
///
/// <param name="url">指定頁面的路徑
/// <param name="cookieCollection">Cookie集合
/// <returns></returns>
public static string GetHtml(string url, CookieContainer cookieContainer)
{
int a = 0;
Thread.Sleep(NetworkDelay);
a = 1;
currentTry++;
HttpWebRequest httpWebRequest = null;
a = 2;
HttpWebResponse httpWebResponse = null;
try
{
a = 3;
httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(url);
a = 4;
httpWebRequest.CookieContainer = cookieContainer;
a = 5;
httpWebRequest.ContentType = contentType;
a = 6;
httpWebRequest.ServicePoint.ConnectionLimit = maxTry;
a = 7;
httpWebRequest.Referer = referer;
a = 8;
httpWebRequest.Accept = accept;
a = 9;
httpWebRequest.UserAgent = userAgent;
a = 10;
httpWebRequest.Method = "GET";
a = 11;
httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse();
a = 12;
Stream responseStream = httpWebResponse.GetResponseStream();
a = 13;
StreamReader streamReader = new StreamReader(responseStream, encoding);
a = 14;
string html = streamReader.ReadToEnd();
a = 15;
streamReader.Close();
a = 16;
responseStream.Close();
a = 17;
currentTry--;
httpWebRequest.Abort();
a = 18;
httpWebResponse.Close();
a = 19;
return html;
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine(DateTime.Now.ToString("HH:mm:ss ") + e.Message);
Console.ForegroundColor = ConsoleColor.White;
HttpWeb.WriteLog(a.ToString()+"#"+e.Message, "GetHtml2.log");
if (currentTry <= maxTry)
{
GetHtml(url, cookieContainer);
}
currentTry--;
if (httpWebRequest != null)
{
httpWebRequest.Abort();
} if (httpWebResponse != null)
{
httpWebResponse.Close();
}
return string.Empty;
}
}
/// <summary></summary>
/// 獲取指定頁面的HTML代碼
///
/// <param name="url">指定頁面的路徑
/// <returns></returns>
public static string GetHtml(string url)
{
return GetHtml(url, cc);
}
/// <summary></summary>
/// 獲取指定頁面的HTML代碼
///
/// <param name="url">指定頁面的路徑
/// <param name="postData">回發的數據
/// <param name="isPost">是否以post方式發送請求
/// <returns></returns>
public static string GetHtml(string url, string postData, bool isPost)
{
return GetHtml(url, postData, isPost, cc);
}
/// <summary></summary>
/// 獲取指定頁面的Stream
///
/// <param name="url">指定頁面的路徑
/// <param name="postData">回發的數據
/// <param name="isPost">是否以post方式發送請求
/// <param name="cookieCollection">Cookie集合
/// <returns></returns>
public static Stream GetStream(string url, CookieContainer cookieContainer, out string ck_vccode)
{
//Thread.Sleep(delay);
int j = 0;
currentTry++;
HttpWebRequest httpWebRequest = null;
HttpWebResponse httpWebResponse = null;
try
{
httpWebRequest = (HttpWebRequest)HttpWebRequest.Create(url);
j =1;
j = 2;
httpWebRequest.CookieContainer = cookieContainer;
httpWebRequest.ContentType = contentType;
j = 3;
httpWebRequest.ServicePoint.ConnectionLimit = maxTry;
j = 4;
httpWebRequest.Referer = url;
j = 5;
httpWebRequest.Accept = accept;
j = 6;
httpWebRequest.UserAgent = userAgent;
j = 7;
httpWebRequest.Method = "GET";
j = 8;
httpWebResponse = (HttpWebResponse)httpWebRequest.GetResponse();
j = 9;
Stream responseStream = httpWebResponse.GetResponseStream();
j = 10;
ck_vccode = httpWebResponse.Headers["Set-Cookie"];
j =11;
ck_vccode = ck_vccode.Substring(0, ck_vccode.IndexOf("PATH") - 1);
currentTry--;
j = 12;
//httpWebRequest.Abort();
//httpWebResponse.Close();
return responseStream;
}
catch (Exception e)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine(DateTime.Now.ToString("HH:mm:ss ") + e.Message);
Console.ForegroundColor = ConsoleColor.White;
HttpWeb.WriteLog(j.ToString() + "#" + e.Message, "GetStreamErr.log");
if (currentTry <= maxTry)
{
GetHtml(url, cookieContainer);
}
currentTry--;
if (httpWebRequest != null)
{
httpWebRequest.Abort();
} if (httpWebResponse != null)
{
httpWebResponse.Close();
}
ck_vccode="";
return null;
}
}
#endregion
//CookieContainer co = new CookieContainer();//設置cookie
// co.SetCookies(new Uri(server), cookie);//SERVER 抓包裏的host
}
}