python实现扫码登录微视网页版、qq扫码登录
一、通过抓包软件观察获取相关参数的链接
1.前期准备
url = 'https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=716027609&daid=383&style=33&theme=2&login_text=%E6%8E%88%E6%9D%83%E5%B9%B6%E7%99%BB%E5%BD%95&hide_title_bar=1&hide_border=1&target=self&s_url=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&pt_3rd_aid=1101083114&pt_feedback_link=https%3A%2F%2Fsupport.qq.com%2Fproducts%2F77942%3FcustomInfo%3D.appid1101083114'
- 这个参数是从访问此链接地址生成的cookie值
- 利用cookies.get_dict()读取获取所需参数
所需参数值:pt_login_sig
session = requests.session()
url = session.get('https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=716027609&daid=383&style=33&theme=2&login_text=%E6%8E%88%E6%9D%83%E5%B9%B6%E7%99%BB%E5%BD%95&hide_title_bar=1&hide_border=1&target=self&s_url=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&pt_3rd_aid=1101083114&pt_feedback_link=https%3A%2F%2Fsupport.qq.com%2Fproducts%2F77942%3FcustomInfo%3D.appid1101083114')
#输出url.cookies.get_dict() = {'pt_clientip': '6efd753d11226d2c', 'pt_guid_sig': '63d……', 'pt_local_token': '-103596158', 'pt_login_sig': 'nxb9p……', 'pt_serverip': 'c1c30991b9db63b3', 'uikey': '5d0……'}
#所需要要的参数是:pt_login_sig
pt_login_sig = url.cookies.get_dict()['pt_login_sig']
2.获取二维码链接和所需参数
- 找到二维码链接
- 网址t={}是随机参数:random.random()
loginurl = 'https://ssl.ptlogin2.qq.com/ptqrshow?appid=716027609&e=2&l=M&s=3&d=72&v=4&t={}&daid=383&pt_3rd_aid=1101083114'.format(random.random())
- 通过该链接进行二维码扫码操作
class showpng(Thread):
def __init__(self, data):
Thread.__init__(self)
self.data = data
def run(self):
img = Image.open(BytesIO(self.data))
img.show()
loginurl = session.get('https://ssl.ptlogin2.qq.com/ptqrshow?appid=716027609&e=2&l=M&s=3&d=72&v=4&t={}&daid=383&pt_3rd_aid=1101083114'.format(random.random()),headers=headers)
t = showpng(loginurl.content)
t.start()
- 通过该链接获取另外所需参数值
所需参数值:qrsig
- 该参数值也是访问loginurl链接地址生成的cookie值
qrsig = loginurl.cookies.get_dict()['qrsig']
3.找到二维码确认链接地址
明确所需参数值
- 通过抓包软件获取了下面链接
tokenurl = 'https://ssl.ptlogin2.qq.com/ptqrlogin?u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&ptqrtoken={}&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-{}&js_ver=21010623&js_type=1&login_sig={}&pt_uistyle=40&aid=716027609&daid=383&pt_3rd_aid=1101083114&'
- 通过上面链接发现有三个变量参数值
ptqrtoken
action
login_sig
- login_sig值我们已经找到就是pt_login_sig值
- action值是时间戳可以用:int(time.time() * 1000)
- ptqrtoken 是qrsig值加密后的参数,qrsig值我们已经获取,主要就破解这个值
破解qrsig值,获取ptqrtoken值
- F12通过搜索ptqrtoken,再c_longin_2.js文件找到
ptqrtoken = k["default"].str.hash33(k["default"].cookie.get("qrsig"))
- 可以看出hash33为加密代码,找到这段代码进行破解
"hash33": function(t) {
for (var e = 0, i = 0, n = t.length; i < n; ++i)
e += (e << 5) + t.charCodeAt(i);
return 2147483647 & e
}
破解步骤(方法1)
- 创建js文件,命名为jsdm.js,内容为:
function hash33(t) {
for (var e = 0, i = 0, n = t.length; i < n; ++i)
e += (e << 5) + t.charCodeAt(i);
return 2147483647 & e
}
- 在agnet.py添加读取jsdm.js文件,获取ptqrtoken,其内容为:
import execjs
# 读取js
def djs(js):
f = open(js, 'r', encoding='utf-8')
jst = ''
while True:
readline = f.readline()
if readline:
jst += readline
else:
break
return jst
#读取jsdm.js
def getjs():
return djs('jsdm.js')
# 获取ptqrtoken
def ptqrtoken(qrsign):
# 加载js
execjs_execjs = execjs.compile(getjs())
return execjs_execjs.call('hash33', qrsign)
#测试
qrsign = '8P*NydFzgI51G7T4LYWABFgp-z888KcgrC1XkiD3IcnfOrdrA-e8YeyXSGKjOw'
print(ptqrtoken(qrsign))
#输出ptqrtoken(qrsign) = 324610216
破解步骤(方法2)
- 也可以直接将js代码压缩进行运行
ptqrtoken = execjs.compile('''function s(t){for(var e=0,i=0,n=t.length;i<n;++i){e+=(e<<5)+t.charCodeAt(i)}return 2147483647&e};''').call('s', qrsig)
三个参数已通过上面方法获取
- 输入参数访问链接输出
qrsig = loginurl.cookies.get_dict()['qrsig']
#方法1
ptqrtoken = agent.ptqrtoken(qrsig)
#方法2
#ptqrtoken = execjs.compile('''function s(t){for(var e=0,i=0,n=t.length;i<n;++i){e+=(e<<5)+t.charCodeAt(i)}return 2147483647&e};''').call('s', qrsig)
print(ptqrtoken)
tokenurl = 'https://ssl.ptlogin2.qq.com/ptqrlogin?u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&ptqrtoken={}&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-{}&js_ver=21010623&js_type=1&login_sig={}&pt_uistyle=40&aid=716027609&daid=383&pt_3rd_aid=1101083114&'
tokendate = session.get(tokenurl.format(ptqrtoken, int(time.time() * 1000), loginsig), headers=headers)
- tokendate 访问后输出参数
ptuiCB(‘66’,‘0’,’’,‘0’,‘二维码未失效。(871394992)’, ‘’)
ptuiCB(‘65’, ‘0’, ‘’, ‘0’, ‘二维码已失效。(130030768)’, ‘’)
ptuiCB(‘0’,‘0’,‘http…’,‘0’,‘登录成功!’, ‘李’)
二、继续访问链接获取真正的cookie值
- 通过上面访问输出可以看出已经获取了登录后的用户信息,但是并没有真正获取到登录后用户Cookies值
- 在抓包软件继续查找寻找了下面两个链接
date = 'https://graph.qq.com/oauth2.0/authorize'
date1 = 'https://h5.weishi.qq.com/weishi/account/login?r_url=http%3A%2F%2Fmedia.weishi.qq.com%2F&loginfrom=qc&code=07512228944E3F895DAAE2D7732E13DA&state=state'
- 通过观察找到需要的变量参数
ui
g_tk
code
获取UI参数。同上方法在pt_adapt.js文件中找到
var guid = function() {
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
}).toUpperCase();
};
- 同上面方法1进行获取ui,把上面js代码添加到jsdm.js文件
function hash33(t) {
for (var e = 0, i = 0, n = t.length; i < n; ++i)
e += (e << 5) + t.charCodeAt(i);
return 2147483647 & e
}
function guid() {
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
}).toUpperCase();
};
- 同时在agent.py添加,这样就可以获取到ui值
# 获取UI
def guid():
# 加载js
execjs_execjs = execjs.compile(getjs())
return execjs_execjs.call('guid')
获取g_tk值,同上方法在pt_adapt.js文件中找到
getToken = function() {
var str = Q.getCookie('p_skey') || '',
hash = 5381;
for (var i = 0, len = str.length; i < len; ++i) {
hash += (hash << 5) + str.charCodeAt(i);
}
return hash & 0x7fffffff;
};
- 发现里面有个参数p_skey,这个参数是访问tokendate地址链接生成新的网址所生成的cookie值
tokenurl = 'https://ssl.ptlogin2.qq.com/ptqrlogin?u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&ptqrtoken={}&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-{}&js_ver=21010623&js_type=1&login_sig={}&pt_uistyle=40&aid=716027609&daid=383&pt_3rd_aid=1101083114&'
t = showpng(loginurl.content)
t.start()
while 1:
tokendate = session.get(tokenurl.format(ptqrtoken, int(time.time() * 1000), loginsig), headers=headers)
p = re.compile("ptuiCB\('(.*)','(.*)','(.*)','(.*)','(.*)',.*\)")
ret = p.search(tokendate.text).groups()
if ret[0] == "66":
print('二维码未失效,请扫码!')
elif ret[0] == "67":
print('已扫码,请确认!')
elif ret[0] == "65":
print('二维码已失效,请重新运行!')
if ret[0] == '0':
print('已确认,登录成功!')
#ret[2]是生成新网址
session.get(ret[2])
p_skey = session.cookies.get('p_skey')
print(p_skey)
- 将所获取的p_skey值放入上面js代码中破解出g_tk值
- 同上面方法1进行获取g_tk值,把上面js代码添加到jsdm.js文件
function hash33(t) {
for (var e = 0, i = 0, n = t.length; i < n; ++i)
e += (e << 5) + t.charCodeAt(i);
return 2147483647 & e
}
function guid() {
return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
}).toUpperCase();
};
function getToken(p_skey) {
var str = p_skey || '',
hash = 5381;
for (var i = 0, len = str.length; i < len; ++i) {
hash += (hash << 5) + str.charCodeAt(i);
}
return hash & 0x7fffffff;
}
- 同时在agent.py添加,这样就可以获取到g_tk值
# 获取g_tk
def get_g_tk(p_skey):
# 加载js
execjs_execjs = execjs.compile(getjs())
return execjs_execjs.call('getToken', p_skey)
- 已经获取了ui和g_tk参数
while 1:
tokendate = session.get(tokenurl.format(ptqrtoken, int(time.time() * 1000), loginsig), headers=headers)
p = re.compile("ptuiCB\('(.*)','(.*)','(.*)','(.*)','(.*)',.*\)")
ret = p.search(tokendate.text).groups()
if ret[0] == "66":
print('二维码未失效,请扫码!')
elif ret[0] == "67":
print('已扫码,请确认!')
elif ret[0] == "65":
print('二维码已失效,请重新运行!')
if ret[0] == '0':
print('已确认,登录成功!')
ui = agent.guid()
#将ui放入session.cookies中
c = RequestsCookieJar()
c.set('ui', ui, path='/', domain='weishi.qq.com')
session.cookies.update(c)
session.get(ret[2])
p_skey = session.cookies.get('p_skey')
g_tk = agent.get_g_tk(p_skey)
print(g_tk)
获取code值,需要ui和g_tk参数才能获取
- 从抓包软件可以找到需要post参数,再加上ui和g_tk变量参数,通过读取url获取链接截取code值,最后将code值放入最后链接访问获取最终cookie值。
payload = {'response_type': 'code', 'client_id': '1101083114', 'redirect_uri': 'https://h5.weishi.qq.com/weishi/account/login?r_url=http%3A%2F%2Fmedia.weishi.qq.com%2F&loginfrom=qc', 'scope': '', 'state': 'state', 'switch': '', 'from_ptlogin': '1', 'src': '1', 'update_auth': '1', 'openapi': '80901010', 'g_tk': g_tk, 'auth_time': int(time.time() * 1000), 'ui': ui}
urlencode = parse.urlencode(payload)
date = session.post('https://graph.qq.com/oauth2.0/authorize', data=urlencode).url
pattern = re.compile(r'[A-Za-z0-9]{16,}')
code = pattern.findall(date)[0]
session.get('https://h5.weishi.qq.com/weishi/account/login?r_url=http%3A%2F%2Fmedia.weishi.qq.com%2F&loginfrom=qc&code={}&state=state'.format(code))
三、最后保存cookies值并进行验证
完整代码
# -*- coding: utf-8 -*-
import pickle
from urllib import parse
import re
import random
import agent
from threading import Thread
import time
import requests
from io import BytesIO
from PIL import Image
import os
requests.packages.urllib3.disable_warnings()
headers = {'User-Agent': agent.get_user_agents(), "Host": "ssl.ptlogin2.qq.com", 'Referer':'https://xui.ptlogin2.qq.com/'}
class showpng(Thread):
def __init__(self, data):
Thread.__init__(self)
self.data = data
def run(self):
img = Image.open(BytesIO(self.data))
img.show()
def islogin(session):
try:
session.cookies.load(ignore_discard=True)
except Exception:
pass
loginurl = session.post('https://media.weishi.qq.com/media-api/getPersonalInfo?data=%7B%22personId%22%3A%221570763357553271%22%7D').json()
if loginurl['code'] == 0:
print('Cookies值有效,无需扫码登录!')
return session, True
else:
print('Cookies值已经失效,请重新扫码登录!')
return session, False
def wslogin():
# 写入
session = requests.session()
if not os.path.exists('wscookies.cookie'):
with open('wscookies.cookie', 'wb') as f:
pickle.dump(session.cookies, f)
# 读取
session.cookies = pickle.load(open('wscookies.cookie', 'rb'))
session, status = islogin(session)
if not status:
loginsig = session.get(
'https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=716027609&daid=383&style=33&theme=2&login_text=%E6%8E%88%E6%9D%83%E5%B9%B6%E7%99%BB%E5%BD%95&hide_title_bar=1&hide_border=1&target=self&s_url=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&pt_3rd_aid=1101083114&pt_feedback_link=https%3A%2F%2Fsupport.qq.com%2Fproducts%2F77942%3FcustomInfo%3D.appid1101083114')
loginsig = loginsig.cookies.get_dict()['pt_login_sig']
loginurl = session.get(
'https://ssl.ptlogin2.qq.com/ptqrshow?appid=716027609&e=2&l=M&s=3&d=72&v=4&t={}&daid=383&pt_3rd_aid=1101083114'.format(
random.random()), headers=headers)
qrsig = loginurl.cookies.get_dict()['qrsig']
# 方法1
ptqrtoken = agent.ptqrtoken(qrsig)
# 方法2
# ptqrtoken = execjs.compile('''function s(t){for(var e=0,i=0,n=t.length;i<n;++i){e+=(e<<5)+t.charCodeAt(i)}return 2147483647&e};''').call('s', qrsig)
tokenurl = 'https://ssl.ptlogin2.qq.com/ptqrlogin?u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&ptqrtoken={}&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-{}&js_ver=21010623&js_type=1&login_sig={}&pt_uistyle=40&aid=716027609&daid=383&pt_3rd_aid=1101083114&'
t = showpng(loginurl.content)
t.start()
while 1:
tokendate = session.get(tokenurl.format(ptqrtoken, int(time.time() * 1000), loginsig), headers=headers)
p = re.compile("ptuiCB\('(.*)','(.*)','(.*)','(.*)','(.*)',.*\)")
ret = p.search(tokendate.text).groups()
if ret[0] == "66":
print('二维码未失效,请扫码!')
elif ret[0] == "67":
print('已扫码,请确认!')
elif ret[0] == "65":
print('二维码已失效,请重新运行!')
if ret[0] == '0':
print('已确认,登录成功!')
ui = agent.guid()
session.get(ret[2])
p_skey = session.cookies.get('p_skey')
g_tk = agent.get_g_tk(p_skey)
payload = {'response_type': 'code', 'client_id': '1101083114',
'redirect_uri': 'https://h5.weishi.qq.com/weishi/account/login?r_url=http%3A%2F%2Fmedia.weishi.qq.com%2F&loginfrom=qc',
'scope': '', 'state': 'state', 'switch': '', 'from_ptlogin': '1', 'src': '1',
'update_auth': '1', 'openapi': '80901010', 'g_tk': g_tk,
'auth_time': int(time.time() * 1000), 'ui': ui}
urlencode = parse.urlencode(payload)
date = session.post('https://graph.qq.com/oauth2.0/authorize', data=urlencode).url
pattern = re.compile(r'[A-Za-z0-9]{16,}')
code = pattern.findall(date)[0]
session.get(
'https://h5.weishi.qq.com/weishi/account/login?r_url=http%3A%2F%2Fmedia.weishi.qq.com%2F&loginfrom=qc&code={}&state=state'.format(
code))
break
time.sleep(3)
with open('wscookies.cookie', 'wb') as f:
pickle.dump(session.cookies, f)
return session
if __name__ == '__main__':
wslogin()
四、更多文章
- 后期小编将开设登录后批量采集各平台数据(点赞、播放量、评论、图片、视频、音乐等)专栏文章!记得关注哟!😜
- 如果文章能帮到您,愿意给小编点个 赞 👍 吗,么么哒~😘 (●’◡’●)
扫一扫
5万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
