Android登录学校正方教务处--CSDN第一次发帖

最新推荐文章于 2018-10-14 12:02:51 发布

haiLIian

最新推荐文章于 2018-10-14 12:02:51 发布

阅读量802

点赞数

本文链接：https://blog.csdn.net/u010175503/article/details/32999763

版权

最近想写一个仅供学校学生使用的福利app，登录验证方式就想到了学校教务系统的验证，没有和老师有任何的沟通，也没有私有接口

======================================================================================================

先说环境吧，燕山大学教务处 http://jwc.ysu.edu.cn/ 开发环境为Eclipse+ADT22.3，HAXM加速的Android2.3模拟器

再说软件吧，Firefox + Live Http Header扩展

最后就是测试账号吧，咳咳，是楼主的

=====================================================================================================

demo已共享到github https://github.com/hailian/ysujwc

======================================================================================================

点击登录到教务系统

然后就跳转，地址栏就变成如下

括号中间的字符串随机出线。。。。

一、得到这些随机字符

打开Firefox，回到http://jwc.ysu.edu.cn/，等待载入完成后，打开Live HTTP headers；

再点击登录镜像系统，把Live HTTP headers滚动条拖到最上面，看到如图选中的，即为地址

下面就是获取这些地址；

try {
DefaultHttpClient client = new DefaultHttpClient();
HttpGet httpGet = new HttpGet("http://jwc.ysu.edu.cn/zjdxgc/default2.aspx");
//
//
HttpResponse response = client.execute(httpGet);
int responseCode = response.getStatusLine().getStatusCode();
Log.e("responseCode--", "" + responseCode);
//
Header[] headers = response.getAllHeaders();
for (Header header : headers) {
Log.d("header",
header.getName() + ": " + header.getValue());
}
} catch (Exception e) {
e.printStackTrace();
}
}

实验发现GET方式过去，responseCode是200，并不是上图的302，自然得不到Location；

原来是自动重定向，以上代码改为

try {
DefaultHttpClient client = new DefaultHttpClient();
HttpGet httpGet = new HttpGet(
"http://jwc.ysu.edu.cn/zjdxgc/default2.aspx");
//
//
HttpParams params = new BasicHttpParams();
params.setParameter("http.protocol.handle-redirects", false);
httpGet.setParams(params);
//
HttpResponse response = client.execute(httpGet);
int responseCode = response.getStatusLine().getStatusCode();
Log.e("responseCode--", "" + responseCode);
//
Header[] headers = response.getAllHeaders();
for (Header header : headers) {
Log.d("header",
header.getName() + ": " + header.getValue());
}

if (responseCode == 302) {
Header locationHeader = response
.getFirstHeader("Location");
if (locationHeader != null) {
url_location = "http://jwc.ysu.edu.cn"
+ locationHeader.getValue();
Log.i("url_location---", url_location);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}

这样就获得了地址

二、获取Post键值对，和验证码

再验证码输入0000，再次打开Live HTTP headers ，然后点击网页上登录，弹出验证码不正确；

切换到HTTP headers 页面，拖到最上，点击Replay...

其中txtUserName为学号，TextBox2为密码，txtSecretCode为验证码，这是显而易见的；

但是__VIEWSTATE和RadioButtonList1是什么意思，还有转码。。。

想了想，我认为RadioButtonList1的转码是输入验证码时，其下面的“学生”，后来证明了我的想法；

但是这个__VIEWSTATE是不是与ip有关呢？我去隔壁宿舍登了一下，证明无关，那我就写死吧。。

后来证明错了。。__VIEWSTATE是一个与时间有关的字符串。

查看网页源代码，发现第78行有这个字符串

想到了读取输入流，转换成字符串再解析，但由于上一个是禁止自动重定向，这次新建一个；解析是用String.split()方法

try {
DefaultHttpClient client = new DefaultHttpClient();
HttpGet httpGet = new HttpGet(
"http://jwc.ysu.edu.cn/zjdxgc/default2.aspx");
//
HttpGet httpGet2 = new HttpGet(
"http://jwc.ysu.edu.cn/zjdxgc/default2.aspx");
//
//
HttpParams params = new BasicHttpParams();
params.setParameter(
"http.protocol.handle-redirects", false);
httpGet.setParams(params);
//
HttpResponse response = client.execute(httpGet);
HttpResponse response2 = client.execute(httpGet2);
int responseCode = response.getStatusLine()
.getStatusCode();
int responseCode2 = response2.getStatusLine()
.getStatusCode();
Log.e("responseCode--", "" + responseCode);
Log.e("responseCode2--", "" + responseCode2);
//
Header[] headers = response.getAllHeaders();
for (Header header : headers) {
Log.d("header", header.getName() + ": "
+ header.getValue());
}

if (responseCode == 302 && responseCode2 == 200) {
String[] html = EntityUtils.toString(
response2.getEntity()).split("\n");
String[] inCodeStr = html[77].split("\"");
String key = inCodeStr[5];
Log.i("", key);
Header locationHeader = response
.getFirstHeader("Location");
if (locationHeader != null) {
String location = "http://jwc.ysu.edu.cn"
+ locationHeader.getValue();
Log.i("url_location---", location);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}

然后log显示的为

验证码，就简单的用GET流生成Bitmap

HttpURLConnection h;
try {
h = (HttpURLConnection) new URL(url_yzm).openConnection();
h.setReadTimeout(5000);
h.setDoInput(true);
h.connect();
Bitmap bm = BitmapFactory.decodeStream(h.getInputStream());
//
h.getInputStream().close();
// img_yzm.setImageBitmap(bm);
Message msg = new Message();
msg.what = HANDLER_IMG_SUCCEED;
msg.obj = bm;
handler.sendMessage(msg);
Log.i("yzm---", "yzm success");
} catch (MalformedURLException e) {
Log.e("MalformedURLException", e.toString());
Log.i("yzm---", "yzm fail1");
} catch (IOException e) {
Log.e("MalformedURLException", e.toString());
Log.i("yzm---", "yzm fail2");
}

三、post吧

直接上代码

try {
HttpClient client = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(url);
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("__VIEWSTATE", key));
// "dDwyODE2NTM0OTg7Oz6EIvBWZGpFetygfIX+qirD5BTcnA=="));
// params.add(new BasicNameValuePair("__VIEWSTATE",
// "dDwyODE2NTM0OTg7Oz7vFIof%2Bc6rGXD5W9puRFp5VKKG%2FQ%3D%"));
params.add(new BasicNameValuePair("txtUserName", ed_id
.getText().toString()));
params.add(new BasicNameValuePair("TextBox2", ed_pwd
.getText().toString()));
params.add(new BasicNameValuePair("txtSecretCode",
ed_yzm.getText().toString()));
params.add(new BasicNameValuePair("RadioButtonList1",
"学生"));
// params.add(new BasicNameValuePair("RadioButtonList1",
// "%D1%A7%C9%FA"));
params.add(new BasicNameValuePair("Button1", ""));
params.add(new BasicNameValuePair("lbLanguage", ""));
params.add(new BasicNameValuePair("hidPdrs", ""));
params.add(new BasicNameValuePair("hidsc", ""));
//

httpPost.setEntity(new UrlEncodedFormEntity(params,
HTTP.ISO_8859_1));

HttpResponse response = client.execute(httpPost);
int responseCode = response.getStatusLine()
.getStatusCode();
Log.e("responseCode--", "" + responseCode);
//
if (responseCode == 200) {
String[] result = EntityUtils.toString(
response.getEntity()).split("\n");
String loginState = result[4].substring(9,
result[4].length() - 9);
Log.d(TAG, loginState);
if (loginState.equals("正方教务管理系统")) {
Log.v("loginState--", loginState);
Log.v("namelist--88", result[88]);
Log.v("namelist--89", result[89]);
Log.v("namelist--90", result[90]);
Log.v("namelist--91", result[91]);
Log.v("namelist--92", result[92]);
String[] namelist = result[88].split("<");
String[] names = namelist[1].split(">");
String name = names[1];
Log.i(TAG, name);

} else {
Log.e(TAG, "login fail");
Message msg = new Message();
msg.what = HANDLER_LOGIN_FAIL;
handler.sendMessage(msg);
}

}

} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}