网上有一些相册的下载工具,设置好帐号密码就可以下图片到本地。现在用java代码模拟一下。
HTTPClient的包有类似的例子。
可以看到在一般的网站里面session-id是一直传递的。这里面的很都步骤都是可以使用java的URLConnection的,但有一种情况它不能很好处理. 例如, 登陆成功后, 服务器response.sendRedirect到一个新的URL, 这个时候返回的HTTP相应包应该只有HTTP头的, 里面包含一些返回状态码和要导向的URL地址.
碰到(statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY)这些返回码的时候, URLConnection会主动跳转到这个location, 但是却没传递任何的cookies, 服务器肯定不认帐了. URLConnection虽然有设置requestProperty设置请求的属性, 但上面这种情况好像是无法设置cookies头的, 而且他提供的设置setDefaultProperty好像也不管用. 甚至你连location也无法获取到.
顺便在这里提一下, 一些防盗链接其实可以用cookies头, 如果是经过当前网站来的请求, 藏点东西在cookies头里面; 还有一种可能是用Referer, 请求一个页面的时候, 不敢确定是不是因为返回了Cache-Control这些头,之后再去该网站拿其他东西的时候都要发送个Referer过去.
//第一次请求的返回包
//再次请求包
可以看到HttpClient还是很好用的, 用它甚至可以做一些简单的程序做点自动化的web页面的测试d.
用这个破解别人的相册? 估计效率是不怎么行的, 服务器狠些,再加个随机图片验证,或者几次失败之后封杀你的连接:)
HTTPClient的包有类似的例子。
public
static
void
test()
throws
HttpException, IOException
{
final String HOST = "photo.server.net";
final int PORT = 80;
final String getMethodStr= "/userAccount/1524712";
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost(HOST, PORT, "http");
client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
//Get first
GetMethod getMethod = new GetMethod(getMethodStr);
client.executeMethod(getMethod);
System.err.println("------ Get content /userAccount/1524712: ");
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getRequestCharSet());
Header[] headers = getMethod.getResponseHeaders();
for (Header header : headers) {
System.err.println(header.toString());
}
getMethod.releaseConnection();
//Get the useful session
//CookieSpec cookieSpec = CookiePolicy.getDefaultSpec();
Cookie[] getCookies = client.getState().getCookies();
System.err.println("----- -Useful cookies: ");
for (Cookie cookie : getCookies) {
System.err.println(cookie.toString());
}
//POST password
//其实无论客户端的页面怎么复杂,但是发过去的也只是包,可以使用一些抓包工具获取。
final String url = "http://" + HOST + getMethodStr;
final String encodedUrl = url.replaceAll(":", "%3A");
final String postUrl = "/@restrict?furl=" + encodedUrl;
PostMethod postMethod = new PostMethod(postUrl);
NameValuePair text = new NameValuePair("text", "");
NameValuePair pwd = new NameValuePair("pwd", "hello");
NameValuePair abId = new NameValuePair("ab_id", "");
postMethod.setRequestBody(new NameValuePair[]{text, pwd, abId});
client.executeMethod(postMethod);
System.err.println("----------------");
System.err.println("get post feedback:");
printOutStream(postMethod.getResponseBodyAsStream(), postMethod.getResponseCharSet());
postMethod.releaseConnection();
//Redirect to other page.
int statusCode = postMethod.getStatusCode();
System.err.println(statusCode);
if (statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY){
Header locationHeader = postMethod.getResponseHeader("location");
if (locationHeader != null) {
String redirectUri = locationHeader.getValue();
if (redirectUri == null || "".equals(redirectUri)) {
redirectUri = "/";
}
getMethod = new GetMethod(redirectUri);
client.executeMethod(getMethod);
System.err.println("get redirect:");
headers = getMethod.getResponseHeaders();
for (Header header : headers) {
System.err.println(header.toString());
}
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getResponseCharSet());
getMethod.releaseConnection();
}
}
}
final String HOST = "photo.server.net";
final int PORT = 80;
final String getMethodStr= "/userAccount/1524712";
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost(HOST, PORT, "http");
client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
//Get first
GetMethod getMethod = new GetMethod(getMethodStr);
client.executeMethod(getMethod);
System.err.println("------ Get content /userAccount/1524712: ");
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getRequestCharSet());
Header[] headers = getMethod.getResponseHeaders();
for (Header header : headers) {
System.err.println(header.toString());
}
getMethod.releaseConnection();
//Get the useful session
//CookieSpec cookieSpec = CookiePolicy.getDefaultSpec();
Cookie[] getCookies = client.getState().getCookies();
System.err.println("----- -Useful cookies: ");
for (Cookie cookie : getCookies) {
System.err.println(cookie.toString());
}
//POST password
//其实无论客户端的页面怎么复杂,但是发过去的也只是包,可以使用一些抓包工具获取。
final String url = "http://" + HOST + getMethodStr;
final String encodedUrl = url.replaceAll(":", "%3A");
final String postUrl = "/@restrict?furl=" + encodedUrl;
PostMethod postMethod = new PostMethod(postUrl);
NameValuePair text = new NameValuePair("text", "");
NameValuePair pwd = new NameValuePair("pwd", "hello");
NameValuePair abId = new NameValuePair("ab_id", "");
postMethod.setRequestBody(new NameValuePair[]{text, pwd, abId});
client.executeMethod(postMethod);
System.err.println("----------------");
System.err.println("get post feedback:");
printOutStream(postMethod.getResponseBodyAsStream(), postMethod.getResponseCharSet());
postMethod.releaseConnection();
//Redirect to other page.
int statusCode = postMethod.getStatusCode();
System.err.println(statusCode);
if (statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY){
Header locationHeader = postMethod.getResponseHeader("location");
if (locationHeader != null) {
String redirectUri = locationHeader.getValue();
if (redirectUri == null || "".equals(redirectUri)) {
redirectUri = "/";
}
getMethod = new GetMethod(redirectUri);
client.executeMethod(getMethod);
System.err.println("get redirect:");
headers = getMethod.getResponseHeaders();
for (Header header : headers) {
System.err.println(header.toString());
}
printOutStream(getMethod.getResponseBodyAsStream(), getMethod.getResponseCharSet());
getMethod.releaseConnection();
}
}
}
HTTP/1.0 302 Moved Temporarily
Date: Sat, 03 Mar 2007 00:00:27 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://photo.xxxxxx.com/newurl
Content-Type: text/html; charset=UTF-8
Via: 1.0 photo.xxxx.com:8000 (Microsoft-IIS/7.1)
Connection: close
Date: Sat, 03 Mar 2007 00:00:27 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://photo.xxxxxx.com/newurl
Content-Type: text/html; charset=UTF-8
Via: 1.0 photo.xxxx.com:8000 (Microsoft-IIS/7.1)
Connection: close
碰到(statusCode == HttpStatus.SC_MOVED_TEMPORARILY || statusCode == HttpStatus.SC_MOVED_PERMANENTLY)这些返回码的时候, URLConnection会主动跳转到这个location, 但是却没传递任何的cookies, 服务器肯定不认帐了. URLConnection虽然有设置requestProperty设置请求的属性, 但上面这种情况好像是无法设置cookies头的, 而且他提供的设置setDefaultProperty好像也不管用. 甚至你连location也无法获取到.
顺便在这里提一下, 一些防盗链接其实可以用cookies头, 如果是经过当前网站来的请求, 藏点东西在cookies头里面; 还有一种可能是用Referer, 请求一个页面的时候, 不敢确定是不是因为返回了Cache-Control这些头,之后再去该网站拿其他东西的时候都要发送个Referer过去.
//第一次请求的返回包
HTTP/1.0 200 OK
Date: Fri, 02 Mar 2007 23:54:04 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491; path=/; domain=.photo.xxxxx.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 2762
Via: 1.0 photo.xxxx.net:8000 (Microsoft-IIS/7.1)
Connection: keep-alive
Date: Fri, 02 Mar 2007 23:54:04 GMT
Server: Microsoft-IIS/6.3
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491; path=/; domain=.photo.xxxxx.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Content-Length: 2762
Via: 1.0 photo.xxxx.net:8000 (Microsoft-IIS/7.1)
Connection: keep-alive
//再次请求包
Host: s.photo.xxxxx.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Accept: image/png,*/*;q=0.5
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://photo.xxx.net/userName/1524712
Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.1.2) Gecko/20070219 Firefox/2.0.0.2
Accept: image/png,*/*;q=0.5
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: gb2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://photo.xxx.net/userName/1524712
Cookie: FOTOSSID=a2d1a5c9f34308c3b49ad88813f11491
可以看到HttpClient还是很好用的, 用它甚至可以做一些简单的程序做点自动化的web页面的测试d.
用这个破解别人的相册? 估计效率是不怎么行的, 服务器狠些,再加个随机图片验证,或者几次失败之后封杀你的连接:)