java使用httpclient简单模拟登陆微信公众开放平台

注意:本文使用的不是微信公众平台的api,只是采用的模拟登陆的方式.

微信公众账号平台地址:https://mp.weixin.qq.com/

1 分析登陆信息,获取url

使用谷歌浏览器打开https://mp.weixin.qq.com/, 然后打开源码,或者点击右键审查元素(F12也可以).

 

我们能看到一个wxm2-loginform1c0c.js 估计一下应该是登陆的js，点击打开该js。

能够看到里面有这么一段：

t.post("/cgi-bin/login?lang=zh_CN", {
username: e.account,
pwd: t.md5(e.password.substr(0, 16)),
imgcode: c.data("isHide") ? "" : e.verify,
f: "json"
}, 

我们知道了真实的登陆地址其实是：

https://mp.weixin.qq.com/cgi-bin/login?lang=zh_CN 然后采用的是post请求。

上面还可以使用抓包工具（如fiddle）进行抓取分析真实地址。

2, 下面开始模拟登陆

我们使用的地址是https 貌似http也可以，为了使用https 我们采用取消绕过https检查的方式

代码如下：主要是重写了checkClientTrusted 方法 不进行验证。

package com.zhanghenglei.weixin;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
 
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 
/**
 * 忽略数字证书
 * @author 
 */
public class MySecureProtocolSocketFactory implements
		SecureProtocolSocketFactory {
	SSLContext sslContext = null;
 
	private SSLContext createSSLContext(){
		 try{
			 SSLContext sslContext = SSLContext.getInstance("SSL");
			 sslContext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new SecureRandom());
			 return sslContext;			 
		 }catch (Exception e) {
			 throw new RuntimeException(e);
		}
	}
 
	private SSLContext getSSLContext(){
		if(this.sslContext == null)
		{
			this.sslContext = createSSLContext();
		}
		return this.sslContext;
	}
 
 
	@Override
	public Socket createSocket(Socket socket, String host, int port,
			boolean autoClose) throws IOException, UnknownHostException {
		return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
	}
 
	@Override
	public Socket createSocket(String host, int port) throws IOException,
			UnknownHostException {
		return getSSLContext().getSocketFactory().createSocket(host, port);
	}
 
	@Override
	public Socket createSocket(String host, int port, InetAddress localAddress,
			int localPort) throws IOException, UnknownHostException {
		return getSSLContext().getSocketFactory().createSocket(host, port, localAddress, localPort);
	}
 
	@Override
	public Socket createSocket(String host, int port, InetAddress localAddress,
			int localPort, HttpConnectionParams params) throws IOException,
			UnknownHostException, ConnectTimeoutException {
		if(params == null)
		{
			throw new IllegalArgumentException("Parameters may not be null");
		}
		int timeout = params.getConnectionTimeout();
		SocketFactory socketfactory = getSSLContext().getSocketFactory();
		if(timeout == 0)
		{
			return socketfactory.createSocket(host, port, localAddress,localPort);
		}else{
			Socket socket = socketfactory.createSocket();
			SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
			SocketAddress remoteaddr = new InetSocketAddress(host, port);
			socket.bind(localaddr);
			socket.connect(remoteaddr, timeout);
			return socket;
		}
	}
 
 
 
	private static class TrustAnyTrustManager implements X509TrustManager{
		/**
		 * 重写验证方法，取消检测SSL
		 */
		@Override
		public void checkClientTrusted(X509Certificate[] arg0, String arg1)
				throws CertificateException {
 
		}
		@Override
		public void checkServerTrusted(X509Certificate[] arg0, String arg1)
				throws CertificateException {
 
		}
		@Override
		public X509Certificate[] getAcceptedIssuers() {
			return new X509Certificate[]{};
		}
	}
}

 

3、采用httpclient登陆，具体代码如下

 

package com.zhanghenglei.weixin;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.protocol.Protocol;
 
/**
 * 模拟微信登录
 * 
 * @author 小叶
 *@date 2013-5-13
 */
public class Weixin {
	static {
		Protocol myhttps = new Protocol("https",
				new MySecureProtocolSocketFactory(), 443);
		Protocol.registerProtocol("https", myhttps);
	}
 
	public static void main(String[] args) throws Exception{
		
		System.setProperty ("jsse.enableSNIExtension", "false");
		
		// 创造httpclient实例
		HttpClient client = new HttpClient();
		client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); // 设置cookie管理策略
		client.getParams().setParameter("http.protocol.single-cookie-header",
				true);
 
		PostMethod post = new PostMethod();
		//模拟浏览器
		post.setRequestHeader("User-Agent","Mozilla/5.0 (Windows NT 6.2; WOW64)" +
				" AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 " +
				"Safari/537.22");
		//这个必须设置 否则无法登录 还是尽量完全模拟浏览器的行为
		post.setRequestHeader("Referer", "https://mp.weixin.qq.com");
		//登录请求提交地址
		post.setURI(new URI("https://mp.weixin.qq.com/cgi-bin/login?lang=zh_CN"));
 
		//构造请求参数
		NameValuePair[] params = new NameValuePair[] {
				new NameValuePair("username", "henglei1228@126.com"),
				new NameValuePair("pwd", DigestUtils.md5Hex("****"
						.getBytes())), new NameValuePair("f", "json"),
				new NameValuePair("imagecode", "") };
		post.setQueryString(params);
		int aa = client.executeMethod(post);
		System.out.println(aa);
		System.out.println(post.getResponseBodyAsString());
		
		/*
		//接着发一个get请求来确认是否登录成功。 因为我的微信还没有验证，所有进入的是acct/realnamepage?action=showsubmit&step=3&lang=zh_CN页面
		GetMethod get = new GetMethod();
		get.setURI(new URI("https://mp.weixin.qq.com/acct/realnamepage?action=showsubmit&step=3&lang=zh_CN"));
		client.executeMethod(get);
		System.out.println(get.getResponseBodyAsString());*/
	}
 
}