绕过SSL证书

JDK：jdk1.6.0_05

IDE：Eclipse3.6

jar包：commons-httpclient-3.1.jar、commons-codec-1.3.jar、commons-logging.jar、gson-2.2.3.jar、htmlparser.jar

浏览器：谷歌浏览器

登录分析

google浏览器敲入https://mp.weixin.qq.com，按F12进入控制，Source选项找到wxm2-loginformxx.js，按"{}"按钮格式化一下js，发现如下一段代码，正是微信公众平台的提交登录的js代码，其中密码是用MD5加密的，imgcode是验证码，一般为空。

1 2 3 4 5 6 7 8 9

jQuery.post("/cgi-bin/login?lang=zh_CN", {username: e.account, pwd: t.md5(e.password.substr(0, 16)), imgcode: c.data("isHide") ? "" : e.verify, f: "json"}, function(t) { 回调函数,返回值处理..... }, "json")

模拟登录

微信公众平台现在采取的https的登录，但是免签名的，我试过用代码的话，用http也是可以登录的，我这里采取的还是https，现在写代码绕过https检查，然后再登录，具体实现如下：

MySecureProtocolSocketFactory.java用于实现绕过https检查

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111

package com.weixin; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketAddress; import java.net.UnknownHostException; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate;   import javax.net.SocketFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager;   import org.apache.commons.httpclient.ConnectTimeoutException; import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;   /** * 忽略数字证书 * @author 小叶 *@date 2013-5-13 */ public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory { SSLContext sslContext = null;   private SSLContext createSSLContext(){ try{ SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new SecureRandom()); return sslContext; }catch (Exception e) { throw new RuntimeException(e); } }   private SSLContext getSSLContext(){ if(this.sslContext == null) { this.sslContext = createSSLContext(); } return this.sslContext; }     @Override public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose); }   @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(host, port); }   @Override public Socket createSocket(String host, int port, InetAddress localAddress, int localPort) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(host, port, localAddress, localPort); }   @Override public Socket createSocket(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { if(params == null) { throw new IllegalArgumentException("Parameters may not be null"); } int timeout = params.getConnectionTimeout(); SocketFactory socketfactory = getSSLContext().getSocketFactory(); if(timeout == 0) { return socketfactory.createSocket(host, port, localAddress,localPort); }else{ Socket socket = socketfactory.createSocket(); SocketAddress localaddr = new InetSocketAddress(localAddress, localPort); SocketAddress remoteaddr = new InetSocketAddress(host, port); socket.bind(localaddr); socket.connect(remoteaddr, timeout); return socket; } }       private static class TrustAnyTrustManager implements X509TrustManager{ /** * 重写验证方法，取消检测SSL */ @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {   } @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {   } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[]{}; } } }

Weixin.java用于模拟登录

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.NameValuePair; import org.apache.commons.httpclient.URI; import org.apache.commons.httpclient.cookie.CookiePolicy; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.protocol.Protocol;   /** * 模拟微信登录 * * @author 小叶 *@date 2013-5-13 */ public class Weixin { static { Protocol myhttps = new Protocol("https", new MySecureProtocolSocketFactory(), 443); Protocol.registerProtocol("https", myhttps); }   public static void main(String[] args) throws Exception{ // 创造httpclient实例 HttpClient client = new HttpClient(); client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); // 设置cookie管理策略 client.getParams().setParameter("http.protocol.single-cookie-header", true);   PostMethod post = new PostMethod(); //模拟浏览器 post.setRequestHeader("User-Agent","Mozilla/5.0 (Windows NT 6.2; WOW64)" + " AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 " + "Safari/537.22");   //登录请求提交地址 post.setURI(new URI("https://mp.weixin.qq.com/cgi-bin/login?lang=zh_CN"));   //构造请求参数 NameValuePair[] params = new NameValuePair[] { new NameValuePair("username", "用户名"), new NameValuePair("pwd", DigestUtils.md5Hex("密码" .getBytes())), new NameValuePair("f", "json"), new NameValuePair("imagecode", "") }; post.setQueryString(params); client.executeMethod(post); System.out.println(post.getResponseBodyAsString()); }   }

执行完毕，控制台输出返回值如下:

1 2 3 4 5 6

{ "Ret": 302, "ErrMsg": "/cgi-bin/indexpage?t=wxm-index&lang=zh_CN&token=454282364", "ShowVerifyCode": 0, "ErrCode": 0 }

登录已经搞定，继续准备获取好友，以及主推消息。且听下回分解。