最近拼多多客服软件暴露一个极端批量登陆功能,不需要账户密码登陆,不需要扫码,其实技术原理很简单。
原理:通过微信接口获取店铺列表,然后通过店铺ID获取微信的Token,直接将微信Token注入cefsharp即可实现登陆。
使用到的组件:
1.cefsharp,谷歌浏览器开源组件
2.Titanium数据包分析组件
实现方法:
1.先构建数据包拦截类,数据包拦截类官方示例稍微改动一下即可。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading.Tasks;
using Titanium.Web.Proxy;
using Titanium.Web.Proxy.EventArguments;
using Titanium.Web.Proxy.Http;
using Titanium.Web.Proxy.Models;
namespace PddService.FiddlerEx
{
public class NetFiddler
{
Action<int,string> LogAction { get; set; }
Action<string> DebugLog { get; set; }
public NetFiddler(Action<int, string> _LogAction, Action< string> _DebugLog)
{
LogAction = _LogAction;
DebugLog = _DebugLog;
}
public ProxyServer proxyServer = new ProxyServer();
public void StartRun(Action<int,string> _runCallBack)
{
try
{
proxyServer.BeforeRequest += OnRequest;
proxyServer.BeforeResponse += OnResponse;
//proxyServer.CertificateManager.TrustRootCertificate(true);
//proxyServer.CertificateManager.CertificateEngine = Titanium.Web.Proxy.Network.CertificateEngine.DefaultWindows;
//proxyServer.CertificateManager.EnsureRootCertificate();
proxyServer.ServerCertificateValidationCallback += OnCertificateValidation;
proxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;
var explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8036, true)
{
// Use self-issued generic certificate on all https requests
// Optimizes performance by not creating a certificate for each https-enabled domain
// Useful when certificate trust is not required by proxy clients
//GenericCertificate = new X509Certificate2(Path.Combine(System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "genericcert.pfx"), "password")
};
//explicitEndPoint.BeforeTunnelConnect += OnBeforeTunnelConnect;
proxyServer.AddEndPoint(explicitEndPoint);
proxyServe