记某高校图形验证码一次简单绕过

最新推荐文章于 2024-07-11 17:24:34 发布

神风静默

最新推荐文章于 2024-07-11 17:24:34 发布

阅读量211

点赞数 2

文章标签：网络安全 java c#

本文链接：https://blog.csdn.net/m0_59926335/article/details/137425789

版权

访问网址，其页面如下

F12打开页面控制台发现其可直接获取到验证码，直接登录即可

通过抓包发现其直接返回给前端，直接编写代码获取验证码，登录即可

 @Override
    public String accessWebApp(UniversityUserVo userVo) throws IOException {
        getWebApp(userVo);
        String url = BASE_URL + "/XXXXX.aspx";
        CloseableHttpResponse response = httpGet(url);
        try {
            Header[] headers = response.getHeaders("Set-Cookie");
            for (Header header : headers) {
                String[] cookieValues = header.getValue().split(";");
                for (String cookieValue : cookieValues) {
                    String[] parts = cookieValue.trim().split("=");
                    if (parts.length == 2) {
                        return parts[1];
                    }
                }
            }
            return null;
        } finally {
            response.close();
        }


    }

@Override
    public UniversityUserVo login(UniversityUserVo userVo) throws IOException {
        String url = BASE_URL + "/XXXX";
        String imgKey = accessWebApp(userVo);
        Map<String, String> headersParams = new HashMap<>(1);
        headersParams.put("Cookie", "CheckCode=" + imgKey);

        Map<String, Object> params = new LinkedHashMap<>();
        params.put("__LASTFOCUS", "");
        params.put("__VIEWSTATE", userVo.getDataKeys().get("__VIEWSTATE"));
        params.put("__VIEWSTATEGENERATOR", userVo.getDataKeys().get("__VIEWSTATEGENERATOR"));
        params.put("__EVENTTARGET", "");
        params.put("__EVENTARGUMENT", "");
        params.put("__EVENTVALIDATION", userVo.getDataKeys().get("__EVENTVALIDATION"));
        params.put("btn_login", "");
        params.put("hdd_cwcs", "0");
        params.put("Txt_xh", userVo.getUsername());
        params.put("Txt_Psw", userVo.getPassword());
        params.put("checkcode", imgKey);

        // 发送POST请求
        CloseableHttpResponse response = httpPost(url, headersParams, params);

        try {
            // 获取响应头中的Set-Cookie标头
            Header[] headers = response.getHeaders("Set-Cookie");
            if (headers == null) {
                throw new RuntimeException("登录失败");
            }

            String html = EntityUtils.toString(response.getEntity(), "utf-8");


            // 检查是否包含指定关键字
            if (StringUtils.containsAny(html, "重新登录", "不正确")) {

                Document doc = Jsoup.parse(html);
                // 获取script标签
                String scriptText = extractAlertMessage(Objects.requireNonNull(doc.body().select("script").first()).data());

                userVo.setAlert(scriptText);
                return userVo;
            }

            // 使用正则表达式提取Cookie值
            Pattern pattern = Pattern.compile(COOKIE_PATTERN);
            for (Header header : headers) {
                Matcher matcher = pattern.matcher(header.getValue());
                if (matcher.find()) {
                    userVo.setCookie("checkcode=" + imgKey + ";" + matcher.group(1) + "=" + matcher.group(2) + ";");
                    return userVo;
                }
            }
        } catch (IOException e) {
            // 记录异常信息
            e.printStackTrace();
        } finally {
            response.close();
        }

        return userVo;
    }