Log on to the website

The first step we need to achieve when writing irrigation robots, capturing resource robots, and Web online game auxiliary tools is user login. So how to use C # to simulate a user's logon pull? To log on to a user, you must first know how to determine whether the user is logged on to a general website.

HTTP is a connectionless protocol. That is to say, the content and status of this conversation have nothing to do with the previous one. To achieve persistent interaction with users, before the website and the browser establish a session, they will create a session in the server memory. This session identifies the user (browser) and each session has a unique ID, when a session is established for the first time, the server sends the generated ID to the browser. In the following browser, each request sent to the server will contain the sessionid, which indicates its identity.

The server uses memory to save information in the session. What does the browser use to save the sessionid allocated by the server? Yes, it is a cookie. When a session is created, the browser's request to the server does not contain the sessionid in the cookie. The server considers the session as a brand new session and allocates a piece of memory to the session, at the same time, the session ID is sent to the browser using set-cookie in the HTTP header.

Now the principle has been clarified, so we can achieve a website login. Here we will take the grand logon as an example.

To write this protocol-oriented networkProgramThe packet capture tool is indispensable. The first thing we need to do is to use the packet capture tool to analyze the content sent and received during logon in a common browser so that we can use C # To simulate browser packet sending. There are many packet capture tools. Let's look at my personal hobbies. I mainly use HTTP analyzer, which is specially designed for HTTP. The packet capture tool is too powerful to capture all the protocol packages, which is not conducive to our analysis.

1. It is best to clear all cookie records of IE to avoid impact on packet capture analysis, and then enable the packet capture program.

2. Enter the http://zh.sdo.com/web1.0/home/fastlogin.asp in IE for this quick login address and we will see a lot of packets of requests and responses have been captured.

3. Enter the user name and password, and click "Log On". In ie, the user can log on normally and stop packet capture. All the information we need is captured.

4. shanda's login mechanism is still relatively complicated, involving several servers. After analysis, we learned that (this is a long process. The specific analysis of the specific website is as follows, I will not write this analysis process.) The logon mechanism is as follows:

1) Internet request https://cas.sdo.com: 80/CAS/login? Service = http://zh.sdo.com/web1.0/home/index.asp page, which provides IEA sessionid, such as set-cookie: ASP. net_sessionid = avcbse55l5e03suqi4dx3555; Path =/

2) IE also obtains a ticket in the HTTP body. This ticket will be useful for Logon. Of course, this is definitely not the case for other websites. Here we analyze the ticket. Location. href = http://www.sdo.com/login2.asp? Sd-1420e593-d2cf-4c9c-b249-07fe27932a21-2008-05-06_01 % 3a25% 3a41. 484 & service = http % 3A % 2f % 2fzh.sdo.com % 2fweb1. 0% 2 fhome % 2ffastlogin. asp % 3 ftest % 3d1; here the parameter lt is what I call ticket.

3) post the obtained lt, username, password, and other irrelevant parameters to the https://cas.sdo.com: 80/CAS/login. posttarget. aspx? Service = http://zh.sdo.com/web1.0/home/fastlogin_after.asp, the specific captured post data such: warn = false & _ eventid = submit & idtype = 0 & gamearea = 0 & gametype = 0 & challenge = 3623 & lt = sd-1420e593-d2cf-4c9c-b249-07fe27932a21-2008-05-06_01 % 3a25% 3a41. 484 & username = studyzy & Password = 1234 & EKEY = & challenge = 3623. Here we only care about the three parameters lt, username, and password.

4) Obtain a page that can only be accessed after logon and test whether the logon is successful.

5. Well, we have analyzed the entire logon mechanism. Next we will considerCode. For HTTP, C # includes webrequest, webresponse, httpwebrequest, and httpwebresponse. We mainly perform operations based on these classes. Of course, we can use socket-based programming, but this is not necessary here.

It is easy to obtain the HTML of a page without setting cookies or postdata:

Public   Static   String Gethtml ( String URL)
{
Webrequest WRT;
WRT = Webrequest. Create (URL );
WRT. Credentials = Credentialcache. defaultcredentials;
Webresponse wrp;
Wrp = WRT. getresponse ();
Return   New Streamreader (wrp. getresponsestream (), encoding. Default). readtoend ();
}  

 

To obtain the cookie returned by the server, you can use the wrp. headers. Get ("Set-cookie") method.

If you need to add the cookie to the request and post the data, it is actually very easy. You only need to set the stream of contentlength and request in the httpwebrequest object.

Httpwebrequest. contentlength = Byterequest. length;
Stream stream;
Stream = Httpwebrequest. getrequeststream ();
Stream. Write (byterequest, 0 , Byterequest. Length );
Stream. Close ();

 

I won't post all the codes. I made a demo and added it to the attachment. If you are interested in the research, please take a look. /Files/studyzy/loginsdodemo.rar

The Code implements the login of Shanda account. In fact, the login is not complete yet. Next, select a specific server, and transfer ticket to a specific server for verification. The principle is the same, I will not go into details here.

After a successful login, we only need to keep up with the cookie every time we send a request. The server considers that the login user is performing the operation, and then we can add and download resources as needed, you just need to write an article in IE, capture the packet, and use C # To send the same package!

[From the deep-blue residence in the blog Park, reprinted please indicate the author's source] Tag: vertical and horizontal world, C #, login, simulation, Robot