本文主要是介绍西柚校园网之python模拟登录,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
最近爱上了爬虫,学会了抓网易云加密的评论后对校园网的MD5加密有点感兴趣,于是开始操作,首先是
登录界面http://172.16.245.50/
密码输入123456,此时按下F12,点击登录,然后会提示密码错误,没关系,包已经抓到了,点开网络,看到有两个包
- 第一个GET
| callback | 用于跨域请求的参数 |
| username | 一般是学号 |
| ip | ip地址 |
| _ | 时间戳 |
- 第二个GET
参数很多,仔细观察可以知道,password和chksum和info是被加密的
接下来,进入源码看看是如何加密的,搜索password
password直接用的是拼接,ok,那么下一步就是搜索hmd5
ok,这就是password的加密过程,接下来是搜索chksum
可以看到,将token和username进行拼接后再进行sha1加密,就可以得到chksum,接下来搜索info
这个稍显复杂,要先将数据转为字符串再进行 xEncode加密,然后再进行base64加密就可以得到i
了,然后info就出来了,接下来就是几种加密方式
base64(all.min.js)
xEncode
下面是部分代码供参考。
# Base64 加密算法
_PADCHAR = "="
_ALPHA = "LVoJPiCN2R8G90yg+hmFHuacZ1OWMnrsSTXkYpUq/3dlbfKwv6xztjI7DeBE45QA"def _getbyte(s, i):x = ord(s[i])if x > 255:print("INVALID_CHARACTER_ERR: DOM Exception 5")exit(0)return xdef get_base64(s):i = 0b10 = 0x = []imax = len(s) - len(s) % 3if len(s) == 0:return swhile i < imax:b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8) | _getbyte(s, i + 2)x.append(_ALPHA[(b10 >> 18)])x.append(_ALPHA[((b10 >> 12) & 63)])x.append(_ALPHA[((b10 >> 6) & 63)])x.append(_ALPHA[(b10 & 63)])i += 3if len(s) - imax == 1:b10 = _getbyte(s, i) << 16x.append(_ALPHA[(b10 >> 18)] + _ALPHA[((b10 >> 12) & 63)] + _PADCHAR + _PADCHAR)elif len(s) - imax == 2:b10 = (_getbyte(s, i) << 16) | (_getbyte(s, i + 1) << 8)x.append(_ALPHA[(b10 >> 18)] + _ALPHA[((b10 >> 12) & 63)] + _ALPHA[((b10 >> 6) & 63)] + _PADCHAR)return "".join(x)# Xencode 加密算法
def force(msg):ret = []for w in msg:ret.append(ord(w))return bytes(ret)def ordat(msg, idx):if len(msg) > idx:return ord(msg[idx])return 0def sencode(msg, key):l = len(msg)pwd = []for i in range(0, l, 4):pwd.append(ordat(msg, i) | ordat(msg, i + 1) << 8 | ordat(msg, i + 2) << 16| ordat(msg, i + 3) << 24)if key:pwd.append(l)return pwddef lencode(msg, key):l = len(msg)ll = (l - 1) << 2if key:m = msg[l - 1]if m < ll - 3 or m > ll:returnll = mfor i in range(0, l):msg[i] = chr(msg[i] & 0xff) + chr(msg[i] >> 8 & 0xff) + chr(msg[i] >> 16 & 0xff) + chr(msg[i] >> 24 & 0xff)if key:return "".join(msg)[0:ll]return "".join(msg)def get_xencode(msg, key):if msg == "":return ""pwd = sencode(msg, True)pwdk = sencode(key, False)if len(pwdk) < 4:pwdk = pwdk + [0] * (4 - len(pwdk))n = len(pwd) - 1z = pwd[n]y = pwd[0]c = 0x86014019 | 0x183639A0m = 0e = 0p = 0q = math.floor(6 + 52 / (n + 1))d = 0while 0 < q:d = d + c & (0x8CE0D9BF | 0x731F2640)e = d >> 2 & 3p = 0while p < n:y = pwd[p + 1]m = z >> 5 ^ y << 2m = m + ((y >> 3 ^ z << 4) ^ (d ^ y))m = m + (pwdk[(p & 3) ^ e] ^ z)pwd[p] = pwd[p] + m & (0xEFB8D130 | 0x10472ECF)z = pwd[p]p = p + 1y = pwd[0]m = z >> 5 ^ y << 2m = m + ((y >> 3 ^ z << 4) ^ (d ^ y))m = m + (pwdk[(p & 3) ^ e] ^ z)pwd[n] = pwd[n] + m & (0xBB390742 | 0x44C6F8BD)z = pwd[n]q = q - 1return lencode(pwd, False)# md5加密算法
def get_md5(password, token):return hmac.new(token.encode(), password.encode(), hashlib.md5).hexdigest()# sha1加密算法
def get_sha1(value):return hashlib.sha1(value.encode()).hexdigest()def get_info():info_temp = {"username": username,"password": password,"ip": ip,"acid": ac_id,"enc_ver": enc}i = re.sub("'", '"', str(info_temp))i = re.sub(" ", '', i)return idef get_ip():global iphost_name = socket.gethostname()ip = socket.gethostbyname(host_name)def encrypt():global i, hmd5, chksumi = get_info()i = "{SRBX1}" + get_base64(get_xencode(i, token))hmd5 = get_md5(password, token)chksum = get_sha1(get_chksum())print("---加密完成---")这篇关于西柚校园网之python模拟登录的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
