绕过SSL证书

JDK:jdk1.6.0_05

IDE:Eclipse3.6

jar包:commons-httpclient-3.1.jar、commons-codec-1.3.jar、commons-logging.jar、gson-2.2.3.jar、htmlparser.jar

浏览器:谷歌浏览器


登录分析


google浏览器敲入https://mp.weixin.qq.com,按F12进入控制,Source选项找到wxm2-loginformxx.js,按"{}"按钮格式化一下js,发现如下一段代码,正是微信公众平台的提交登录的js代码,其中密码是用MD5加密的,imgcode是验证码,一般为空。


1
2
3
4
5
6
7
8
9
jQuery.post("/cgi-bin/login?lang=zh_CN", 
                 {username: e.account,
                  pwd: t.md5(e.password.substr(0, 16)),
                  imgcode: c.data("isHide") ? "" : e.verify,
                  f: "json"},
                  function(t) {
           回调函数,返回值处理.....             
            },
                  "json")

模拟登录


微信公众平台现在采取的https的登录,但是免签名的,我试过用代码的话,用http也是可以登录的,我这里采取的还是https,现在写代码绕过https检查,然后再登录,具体实现如下:

MySecureProtocolSocketFactory.java用于实现绕过https检查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package com.weixin;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
 
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
 
/**
 * 忽略数字证书
 * @author 小叶
 *@date 2013-5-13
 */
public class MySecureProtocolSocketFactory implements
		SecureProtocolSocketFactory {
	SSLContext sslContext = null;
 
	private SSLContext createSSLContext(){
		 try{
			 SSLContext sslContext = SSLContext.getInstance("SSL");
			 sslContext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new SecureRandom());
			 return sslContext;			 
		 }catch (Exception e) {
			 throw new RuntimeException(e);
		}
	}
 
	private SSLContext getSSLContext(){
		if(this.sslContext == null)
		{
			this.sslContext = createSSLContext();
		}
		return this.sslContext;
	}
 
 
	@Override
	public Socket createSocket(Socket socket, String host, int port,
			boolean autoClose) throws IOException, UnknownHostException {
		return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
	}
 
	@Override
	public Socket createSocket(String host, int port) throws IOException,
			UnknownHostException {
		return getSSLContext().getSocketFactory().createSocket(host, port);
	}
 
	@Override
	public Socket createSocket(String host, int port, InetAddress localAddress,
			int localPort) throws IOException, UnknownHostException {
		return getSSLContext().getSocketFactory().createSocket(host, port, localAddress, localPort);
	}
 
	@Override
	public Socket createSocket(String host, int port, InetAddress localAddress,
			int localPort, HttpConnectionParams params) throws IOException,
			UnknownHostException, ConnectTimeoutException {
		if(params == null)
		{
			throw new IllegalArgumentException("Parameters may not be null");
		}
		int timeout = params.getConnectionTimeout();
		SocketFactory socketfactory = getSSLContext().getSocketFactory();
		if(timeout == 0)
		{
			return socketfactory.createSocket(host, port, localAddress,localPort);
		}else{
			Socket socket = socketfactory.createSocket();
			SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
			SocketAddress remoteaddr = new InetSocketAddress(host, port);
			socket.bind(localaddr);
			socket.connect(remoteaddr, timeout);
			return socket;
		}
	}
 
 
 
	private static class TrustAnyTrustManager implements X509TrustManager{
		/**
		 * 重写验证方法,取消检测SSL
		 */
		@Override
		public void checkClientTrusted(X509Certificate[] arg0, String arg1)
				throws CertificateException {
 
		}
		@Override
		public void checkServerTrusted(X509Certificate[] arg0, String arg1)
				throws CertificateException {
 
		}
		@Override
		public X509Certificate[] getAcceptedIssuers() {
			return new X509Certificate[]{};
		}
	}
}

Weixin.java用于模拟登录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.cookie.CookiePolicy;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.protocol.Protocol;
 
/**
 * 模拟微信登录
 * 
 * @author 小叶
 *@date 2013-5-13
 */
public class Weixin {
	static {
		Protocol myhttps = new Protocol("https",
				new MySecureProtocolSocketFactory(), 443);
		Protocol.registerProtocol("https", myhttps);
	}
 
	public static void main(String[] args) throws Exception{
		// 创造httpclient实例
		HttpClient client = new HttpClient();
		client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); // 设置cookie管理策略
		client.getParams().setParameter("http.protocol.single-cookie-header",
				true);
 
		PostMethod post = new PostMethod();
		//模拟浏览器
		post.setRequestHeader("User-Agent","Mozilla/5.0 (Windows NT 6.2; WOW64)" +
				" AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 " +
				"Safari/537.22");
 
		//登录请求提交地址
		post.setURI(new URI("https://mp.weixin.qq.com/cgi-bin/login?lang=zh_CN"));
 
		//构造请求参数
		NameValuePair[] params = new NameValuePair[] {
				new NameValuePair("username", "用户名"),
				new NameValuePair("pwd", DigestUtils.md5Hex("密码"
						.getBytes())), new NameValuePair("f", "json"),
				new NameValuePair("imagecode", "") };
		post.setQueryString(params);
		client.executeMethod(post);
		System.out.println(post.getResponseBodyAsString());
	}
 
}

执行完毕,控制台输出返回值如下:
1
2
3
4
5
6
{
"Ret": 302,
"ErrMsg": "/cgi-bin/indexpage?t=wxm-index&lang=zh_CN&token=454282364",
"ShowVerifyCode": 0,
"ErrCode": 0
}

登录已经搞定,继续准备获取好友,以及主推消息。且听下回分解。
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值