VC显示网页验证码、模拟CSDN网页登录

这两天，本来想花点时间研究一下QQ空间、农场外挂，于是抓包分析一了下，只可惜，在QQ网页登录时进行了加密处理，可惜我对网页编程一窍不通。有些朋友曾讲过那些是通过JS代码进行加密，可惜我JS也是一片空白，真是“出师未杰身先死”，惭愧惭愧......

 

于是只好挑CSDN这类简易一些的尝试学习一下（仅供学习交流），下面是学习笔记：

 

程序运行截图：

 

 

1、本机环境：Windows XP SP3、ADSL

 

2、开发工具：WildPackets OmniPeek V5.1.4

                    Visual C++ 6.0

                    IE6.0

                    FlexEdit V2.3.1871

 

3、数据包截图：

 

(QQ登录时，在密码2222加密时卡壳了，我尝试过很多加密算法，最终以失败告终......)

 

 

4、验证码显示使用IStream和IPicture来显示：

/************************************************************************/ /* 函数说明：获取应用程序当前目录 /* 参 数：无 /* 返 回 值：返回目录路径、CString类型字符串 /* By:Koma 2009.10.13 11:23 /************************************************************************/ CString C***Dlg::GetExePath() { char pathbuf[260]; int pathlen = ::GetModuleFileName(NULL,pathbuf,260); // 替换掉单杠 while(TRUE) { if(pathbuf[pathlen--]=='//') break; } pathbuf[++pathlen]= 0x0; CString fname = pathbuf; return fname; }

 

/************************************************************************/ /* 函数说明：下载验证码图片 /* 参 数：无 /* 返 回 值：无 /* By:Koma 2009.10.13 11:50 /************************************************************************/ void C***Dlg::DownURLImage() { CInternetSession session; CString strUrl; CFile *pFile,out; char buff[512]; CString strPath; // 产生八位随机数数组成验证码 int nRand1 = rand()%100000+10000; int nRand2 = rand()%200000+10000; strUrl.Format("http://passport.csdn.net/ShowExPwd.aspx?temp=%d%d",nRand1,nRand2); strPath = GetExePath() + "//test.tmp"; pFile = session.OpenURL(strUrl); out.Open(strPath, CFile::modeCreate | CFile::modeWrite); while(pFile->Read(buff,512)){ out.Write(buff,512); } out.Flush(); out.Close(); }

 

/************************************************************************/ /* 函数说明：显示验证码图片 /* 参 数：无 /* 返 回 值：无 /* By:Koma 2009.10.13 13:12 /************************************************************************/ void C***Dlg::ShowImage() { ::CoInitialize(NULL); // 初始化COM HRESULT hr; CFile file; CString strPath; CPaintDC dc(this); strPath = GetExePath() + "//test.tmp"; file.Open(strPath, CFile::modeRead | CFile::shareDenyNone); DWORD dwSize = file.GetLength(); HGLOBAL hMem = ::GlobalAlloc( GMEM_MOVEABLE, dwSize ); LPVOID lpBuf = ::GlobalLock( hMem ); file.ReadHuge( lpBuf, dwSize ); file.Close(); ::GlobalUnlock( hMem ); // 由HGLOBAL得到IStream，参数TRUE 表示释放IStream的同时，释放内存 hr = ::CreateStreamOnHGlobal(hMem,TRUE,&pStream ); ASSERT(SUCCEEDED(hr)); hr = ::OleLoadPicture(pStream, dwSize, TRUE, IID_IPicture,(LPVOID *)&pPicture); ASSERT(hr==S_OK); long nWidth,nHeight; // 宽高 MM_HIMETRIC模式，单位是0.01毫米 pPicture->get_Width( &nWidth ); // 宽 pPicture->get_Height( &nHeight ); // 高 CSize sz(nWidth,nHeight); // 原大显示 dc.HIMETRICtoDP(&sz); // 转换MM_HIMETRIC模式单位为MM_TEXT像素单位 pPicture->Render(dc.m_hDC,10,100,sz.cx,sz.cy,0,nHeight,nWidth,-nHeight,NULL); CRect rect(10,100,sz.cx + 10,sz.cy + 100); // 将图片区域保存，以便后面只刷新图片区域 m_PicRect = rect; if(pPicture) // 释放IPicture指针 pPicture->Release(); if(pStream) // 释放IStream指针，同时释放hMem pStream->Release(); ::CoUninitialize(); }

 

5、经过OmniPeek抓包分析得到：

 

登录时POST格式：

__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyMzU0NzEzNDkPFgIeCkZpbmlzaFN0YXlnFgJmD2QWBAIBDxYCHgRUZXh0BQznlKjmiLfnmbvlvZVkAgIPZBYCAgMPZBYCAgEPFgIeB1Zpc2libGVoZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUeY3RsMDAkQ1BIX0NvbnRlbnQkY2JfU2F2ZVN0YXRlBR1jdGwwMCRDUEhfQ29udGVudCRJbWFnZV9Mb2dpbjFp31Bt8XH%2B3e%2Bh97Uk6ofQQady&ctl00%24CPH_Content%24tb_LoginNameOrLoginEmail=testkoma&ctl00%24CPH_Content%24tb_Password=ningyusky&ctl00%24CPH_Content%24tb_ExPwd=BZTS3&ClientKey=c77f51c7-cbaf-427d-9314-a04303f79847&ctl00%24CPH_Content%24cb_SaveState=on&from=http%3A%2F%2Fhi.csdn.net%2F&MailParameters=&PrePage=&MailParameters=&ctl00%24CPH_Content%24Image_Login.x=33&ctl00%24CPH_Content%24Image_Login.y=13

 

至于其他动作的话，自己抓包分析吧！

 

之前看到博客园深蓝居一篇文章关于C#写的CSDN提交表单

http://www.cnblogs.com/studyzy/archive/2008/05/08/1187626.html

 

所以在前辈的基础上，我增加了VC获取Cookie ClientKey值，下面是POST代码：

 

void C***Dlg::OnBtnLogin() { // TODO: Add your control notification handler code here UpdateData(TRUE); if(m_strUser.IsEmpty()) { MessageBox("用户名不能为空！","提示",MB_ICONERROR | MB_OK); (CEdit*)GetDlgItem(IDC_EDIT_USER)->SetFocus(); return; } if( m_strPassword.IsEmpty()) { MessageBox("密码不能为空！","提示",MB_ICONERROR | MB_OK); (CEdit*)GetDlgItem(IDC_EDIT_PASSWORD)->SetFocus(); return; } CString str; try { CInternetSession Session ; CHttpConnection *pHttpConnect = Session.GetHttpConnection("passport.csdn.net") ; if( pHttpConnect ) { CHttpFile* pFile = pHttpConnect->OpenRequest( CHttpConnection::HTTP_VERB_GET, _T("/UserLogin.aspx"), NULL, 1, NULL, NULL, INTERNET_FLAG_NO_COOKIES ); // 获取COOKIE ClientKey值 CInternetSession Session; Session.OpenURL("http://passport.csdn.net/UserLogin.aspx"); if(!Session.GetCookie("http://passport.csdn.net/UserLogin.aspx", _T("ClientKey"),m_strCookies)) { MessageBox("获取Cookies时出错！"); return; } CString strKey = m_strCookies; int result = strKey.Find("ClientKey=",0); m_strClientKey = strKey.Mid(result+10); UpdateData(TRUE); CString szFormData = "__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTE4NDgzMDI2NjcPFgIeCkZpbmlzaFN0YXloFgJmD2QWBAIBDxYCHgRUZXh0BQznlKjmiLfnmbvlvZVkAgIPZBYCAgMPZBYCAgEPFgIeB1Zpc2libGVoZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUeY3RsMDAkQ1BIX0NvbnRlbnQkY2JfU2F2ZVN0YXRlBR1jdGwwMCRDUEhfQ29udGVudCRJbWFnZV9Mb2dpbr5SL%2FGtMqVCJ%2FCh4jH%2FXp4DhlVU&ctl00%24CPH_Content%24tb_LoginNameOrLoginEmail="+ m_strUser +"&ctl00%24CPH_Content%24tb_Password="+ m_strPassword +"&ctl00%24CPH_Content%24tb_ExPwd="+ m_strCode +"&ClientKey="+ m_strClientKey +"&ctl00%24CPH_Content%24cb_SaveState=on&from=http%3A%2F%2Fhi.csdn.net%2Fmy.html&MailParameters=&MailParameters=&ctl00%24CPH_Content%24Image_Login.x=26&ctl00%24CPH_Content%24Image_Login.y=11"; if (pFile) { pFile->AddRequestHeaders("POST /UserLogin.aspx HTTP/1.1/r/n"); pFile->AddRequestHeaders("Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/QVOD, application/QVOD, */*/r/n"); pFile->AddRequestHeaders("Referer: http://passport.csdn.net/UserLogin.aspx/r/n"); pFile->AddRequestHeaders("Accept-Language: zh-cn/r/n"); pFile->AddRequestHeaders("Content-Type: application/x-www-form-urlencoded/r/n"); pFile->AddRequestHeaders("Accept-Encoding: gzip, deflate/r/n"); pFile->AddRequestHeaders("User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; POTU(RR:28031409:0:5513822); Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; CIBA)/r/n"); pFile->AddRequestHeaders("Connection: Keep-Alive/r/n"); pFile->AddRequestHeaders("Cache-Control: no-cache/r/n"); pFile->AddRequestHeaders(szFormData); pFile->SendRequest(); // 返回的HTML CString s ; while (pFile->ReadString(s)) str += s ; //MessageBox(str); pFile->Close(); delete pFile ; } CFile file; file.Open("Test.aspx",CFile::modeCreate | CFile::modeWrite,NULL); file.Write(str,str.GetLength()); file.Flush(); file.Close(); pHttpConnect->Close() ; delete pHttpConnect ; } wchar_t* pWChar = NULL; DWORD nLen1; // 将新浪网页UTF-8格式编码转换成Unicode nLen1 = MultiByteToWideChar(CP_UTF8,0,str,str.GetLength(),pWChar,0); pWChar = new wchar_t[nLen1 + 1]; memset(pWChar,0,(nLen1 + 1 ) * sizeof(wchar_t)); MultiByteToWideChar(CP_UTF8,0,str,str.GetLength(),pWChar,nLen1); char* pChar = NULL; DWORD nLen2; nLen2 = WideCharToMultiByte(CP_ACP,0,pWChar,nLen1,pChar,0,NULL,NULL); pChar = new char[nLen2 + 1]; memset(pChar,0, nLen2 + 1); WideCharToMultiByte(CP_ACP,0,pWChar,nLen1,pChar,nLen2,NULL,NULL); // 查找登录时服务器时返回的信息 str.Format("%s",pChar); MessageBox(str); } catch( CInternetException *e ) { e->Delete(); } }

 

（编程水平有限，其中代码并没有经过严格测试，难免有所不足，敬请谅解！）

 

6、源代码下载：

 

http://download.csdn.net/source/1740481