先声明一下,我是个0基础的人。我一开始是想用Python进行模拟登陆网页,经过一番折腾,用session来记录每一次信息,获取了验证码(也成功的获取到了RSA加密公钥)。最后发现密码是加密后提交给服务器,我发现从服务器获取的公钥通过“RSA在线加密”加密密码后,提示我{"statusCode":-1,"message":"输入内容包含非法字符,请重新输入!","success":false}
如下是我的python代码,大概意思就是不断请求url,然后截取我需要的部分。
import requests
from lxml import etree
import os, base64
from sympy.interactive import session
def text():
# 手动输入验证码
text = input("输入验证码:")
return text
def password():
# 手动输入验证码
password = input("公钥编码后的密码:")
return password
def denglu():
"""先创建一个方法"""
login_url = "https://center.xiaofubao.com/#/login"
# 实例化一个session对象,用来保存cookie信息
session = requests.session()
# 创建请求头headers
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"}
#html = session.get(login_url,headers=headers).content.decode()
# print(html)
url = "https://center.xiaofubao.com/center/common/security/token" #获取一个TOKEN来获得验证码
resp = session.get(url,headers=headers).content.decode()
print(resp)
print(resp[68:124])#获取token
data = {"securityToken": resp[68:124],
"centerPlatform": "YXY",
"shiroJID": "",
"ymId": ""}
resp2 = session.post("https://center.xiaofubao.com/center/common/security/imageCaptcha", headers=headers, data=data) #截取验证码
resp2 = resp2.text
resp2 = resp2[64:-17]#获取验证码
# img_str = 'abcdefgh12345oK='#比如生成后的码就这么放,替换下面的base64_data即可
img_data = base64.b64decode(resp2) #翻译验证码
# 注意:如果是"data:image/jpg:base64,",那你保存的就要以png格式,如果是"data:image/png:base64,"那你保存的时候就以jpg格式。
with open('QQQQ.JPEG', 'wb') as f:
f.write(img_data)
resp3=session.post("https://center.xiaofubao.com/center/account/getPublicKey?shiroJID=", headers=headers)
resp3 = resp3.text
print (resp3)
print (text())
print (password())
data1 = {"mobilePhone": "13111225555",
"password": password,
"imageCaptchaValue": text,
"securityToken": resp[68:124],
"centerPlatform": "YXY",
"shiroJID": "",
"ymId": ""
}
#
# # 发送post请求,获取登陆成功页面,到这一步就获得了登陆账号的cookie信息
resp5=session.post("https://center.xiaofubao.com/center/account/doLoginByPwd",headers=headers,data=data1)
resp5 = resp5.text
print(resp5)
if __name__ == '__main__':
denglu()
C:\Users\Administrator.pyenv\pyenv-win\versions\3.9.10\python3.9.exe C:/Users/Administrator/Desktop/YML/session.py
{"statusCode":0,"message":"操作成功","data":{"level":0,"securityToken":"2e41657d792840fe91a629cf50a8a941Fax1lP79IFEH0WXDUMK+Jg=="},"success":true}
2e41657d792840fe91a629cf50a8a941Fax1lP79IFEH0WXDUMK+Jg==
{"statusCode":0,"message":"操作成功","data":{"publicKey":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCur8MZ3Ye0jv+oie3WdcuShKjMzT1/PMUTdE8aH+p/gm2M+MNIlBHw+tWTDxv8TyoyDxoNmTWXg+kHku/Ni/MqUdjF/hGr4GdUGDH/oQdgdIsUZE48EWJLMmv9yAHvhk4mtf23Wg90+/j6VJyu/qCE/DPNjlTu8h5bubdTCnDXUQIDAQAB"},"success":true}
输入验证码:53dj
53dj
公钥编码后的密码:NdfyhgKYEDeHx7hioJ3V8XWgH/W6YTsNexs1ofW3ddTvtQxgbfimwjNJUWHX5ik0Utftez4YysL1T/MdABmU5boCqX5vQ3fn/kgHl63wDN+ldWrv42GhJ/Vsh2fg7DbjWOGXEaTBraA++9GFPaod4/TgvnQW9FfGX5QaJoGNLtQ=
NdfyhgKYEDeHx7hioJ3V8XWgH/W6YTsNexs1ofW3ddTvtQxgbfimwjNJUWHX5ik0Utftez4YysL1T/MdABmU5boCqX5vQ3fn/kgHl63wDN+ldWrv42GhJ/Vsh2fg7DbjWOGXEaTBraA++9GFPaod4/TgvnQW9FfGX5QaJoGNLtQ=
{"statusCode":-1,"message":"输入内容包含非法字符,请重新输入!","success":false}
进程已结束,退出代码为 0
我后来不断的翻阅,我去找了js文件获取到了一些我认为有用的代码。(我也不确定到底是不是,0基础QAQ)
ce = function (e) {
Object(p['getAjax']) ('/center/account/getPublicKey', {
}, function (t) {
if (t && t.data.publicKey) {
var
a = Object(f['a']) (e),
n = new window.JSEncrypt;
n.setPublicKey(t.data.publicKey),
oe(n.encrypt(a).replace(/\s/g, ''))
}
})
},
oe = function (e) {
Object(p['operateAjax']) ('/center/account/doLoginByPwd', l() ({
}, E.formDataByAccount, {
securityToken: N,
password: e,
returnUrl: b().returnUrl
}), function (e) {
le(e)
})
},
第一个ce部分应该是获取公钥然后加密原密码,我猜测问题出在
oe(n.encrypt(a).replace(/\s/g, ''))
可能改变了加密后的密码吧!
还请指导一下:
①如何成功加密原密码。就差临门一脚了。(可能您看着我这个问题/代码很呆,但是我真的有在很努力的尝试解决了【泪目】)
②如果有python去除图片中指定颜色的代码,能分享给老弟那更是感激不尽!
rsa加密,秘钥的格式不要改变,改变就有可能报字符非法。