12306 automatic ticket placement-Logon, 12306 ticket placement

12306 automatic ticket placement-Logon, 12306 ticket placement

12306 after the website launches the image verification code, it puts forward higher requirements for the ticketing software. This article does not involve automatic identification verification code login (mainly limited by the capabilities of bloggers ), provide a way-CAPTCHA human bypass platform, which can almost crack all verification codes. This article mainly describes how to learn the logon process of website 12306. Do not speak out. please correct me if you have any questions, the bloggers also started to contact crawlers.

I don't need to talk about it anymore. Just do it.

 

First open the 12306 login page https://kyfw.12306.cn/otn/login/init

 

Enter the account password to log on directly, will be transferred to the following page https://kyfw.12306.cn/otn/index/initMy12306

 

The red line is the user name, so we finally want to visit this page to find our user name, simple

 

Okay. Let's take a look at our requests throughout the login process.

 

The request to open the logon page is missing. If you do not find the logon page, you should find that the logon page is required. Here I will explain my understanding, during the login process, we need to send the verification code, which is sent as an independent request. Then, the server needs to know whether the verification code was sent by James Zhang or by James Li, therefore, when we open the login page, the server will record the session or cookie, and all our subsequent requests will carry the cookie to let the server know that it was a request sent by Michael Zhang, instead of Li Si. This is probably the case. Maybe I am not quite right. I have understood this. Sorry.

Here we use the requests library, which is not convenient.

Import requests # a database that provides UserAgent, so you don't have to do that much. It is convenient to import from fake_useragent to UserAgent # disable the security Request warning from urllib3 import disable_warningsfrom urllib3.exceptions import warning) session = requests. session () # Set not to verify SSL. You should see HTTPSsession. verify = Falseua = UserAgent (verify_ssl = False) # request header, the most basic anti-crawler camouflage headers = {"User-Agent": ua. random, "Host": "kyf201712306.cn ", "Referer": "https://kyfw.12306.cn/otn/passport? Redirect =/otn/"} # Open login page url =" https://kyfw.12306.cn/otn/login/init "session. get (url, headers = headers)

The session of the requests library saves cookie information for us as long as we continue to use the session request.

I am using the Chrome browser, but many requests do not see the response data. It is really cool. When I write every request, I print it out with code, which is very painful,

Because I want to write a blog post and want to give it to everyone, all of them have installed a virtual machine Windows xp and install Fiddler to see some information. I am still used to Chrome, I try to follow Chrome's instructions.

Among all the requests, we mainly focus on the requests whose Type is equal to document and xhr. The order of requests in the process is from top to bottom. We can see uamtk and captcha_js.js behind init? -= 1510993251087,

Obviously, this is a request sent when we open the login page. The server tells us that you haven't logged on yet. I am just opening the login page, but of course you haven't logged on. But we probably know that the server will send us a request for https://kyf201712306.cn/passport/web/auth/uamtk. The later request is obviously JavaScript, so we don't need to worry about it for the moment.

The following is the xhr request: https://kyfw.12306.cn/passport/captcha/captcha-check

This is the request to send the verification code, the verification code of 12306 belongs to the coordinate verification code, all we see sent is a coordinate, on this request we see the https://kyfw.12306.cn/passport/captcha/captcha-image? Login_site = E & module = login & rand = sjrand & 0.9919795512111436

Oh, this is a Verification Code request. To send a Verification Code request, you must first obtain the verification code. Multiple requests are made to find that the data in the form is not changed except the last random number. Next, the coordinates of the verification code.

First, we need to find the coordinates of the origin site. This is a comparison with the coordinates sent by normal logon. It will probably be OK, and then we will determine the coordinate splicing, x1, y1, y1, x1, this is also a rough comparison with the coordinates sent by normal logon. I will only talk about the general principle here. I will try it on my own as needed. The code below

Verification Code Function

Def captcha (): # The request data remains unchanged. the random number can use random. random () data = {"login_site": "E", "module": "login", "rand": "sjrand" 0.17231872703389062 ": ""} # obtain the verification code param = parse. urlencode (data) url = "https://kyfw.12306.cn/passport/captcha/captcha-image? {}". Format (param) response = session. get (url, headers = headers) if response. status_code = 200: # obtain and open the verification code, and then... find the coordinates manually. I started to talk about file = BytesIO (response. content) img = Image. open (file) img. show () positions = input ("Enter the Verification Code:") # Send the verification code data = {"answer": positions, "login_site": "E", "rand ": "sjrand"} url = "https://kyfw.12306.cn/passport/captcha/captcha-check" response = session. post (url, headers = headers, data = data) if response. status_code = 200: result = json. loads (response. text) print (result. get ("result_message") # The code returned after the request is successful is 4. The return True if result is displayed based on the request information. get ("result_code") = "4" else False return False

After the Verification Code passed, it is necessary to send Account Login, continue to see the following request https://kyfw.12306.cn/passport/web/login

The account and password are successfully logged on. Can you see them? Okay.

Why? I haven't seen the initMy12306 request yet. Can I continue to renew it? https://kyf201712306.cn/passport/web/auth/uamtk? Unfamiliarity

Let's make a comparison. It's different. The verification is passed. Happy! Haha! Success! There seems to be something more. What about newapptk? Do not understand, continue to read the following

Knock on the blackboard !!! Are you looking at the subsequent requests? Which one are you looking at? Are you asleep? Https://kyfw.12306.cn/otn/uamauthclient

Verification passed, but I circled all the points. Can't I see them? Tk. Check newapptk again. Do you understand? The above request server returns the newapptk data. We use the following request to assign this value to tk and then send it to the server. Then the server tells us that the verification is successful,

What is the use of apptk, like the previous tk? Don't know, then look down, oh, to the station https://kyfw.12306.cn/otn/index/initMy12306

We have already succeeded. Our account name is the red dot. Of course, I won't show you my account name. It's all done here. Isn't apptk used? It's useless. It's over.

I have to paste the code, and I almost forgot.

Complete code

#-*-Coding: UTF-8-*-import jsonfrom urllib import parsefrom io import BytesIOfrom config import * import requestsfrom PIL import Imagefrom fake_useragent import UserAgent # disable security Request warning from urllib3 import into url3.libtions import into (optional) session = requests. session () session. verify = Falseua = UserAgent (verify_ssl = False) headers = {"User-Agent": ua. random, "Host": "kyf000012306.cn", "Referer": "https://kyfw.12306.cn/otn/passport? Redirect =/otn/"} def login (): # Open the login page url =" https://kyfw.12306.cn/otn/login/init "session. get (url, headers = headers) # Send verification code if not captcha (): return False # Send logon information data = {"username": USER_NAME, "password": PASSWORD, "appid": "otn"} url = "https://kyfw.12306.cn/passport/web/login" response = session. post (url, headers = headers, data = data) if response. status_code = 200: result = json. loads (response. t Ext) print (result. get ("result_message"), result. get ("result_code") if result. get ("result_code ")! = 0: return False data = {"appid": "otn"} url = "https://kyfw.12306.cn/passport/web/auth/uamtk" response = session. post (url, headers = headers, data = data) if response. status_code = 200: result = json. loads (response. text) print (result. get ("result_message") newapptk = result. get ("newapptk") data = {"tk": newapptk} url = "https://kyfw.12306.cn/otn/uamauthclient" response = session. post (url, headers = Headers, data = data) if response. status_code == 200: print (response. text) url = "https://kyfw.12306.cn/otn/index/initMy12306" response = session. get (url, headers = headers) if response. status_code = 200 and response. text. find ("User Name ")! =-1: return True return Falsedef captcha (): data = {"login_site": "E", "module": "login", "rand": "sjrand ", "0.17231872703389062": ""} # obtain the verification code param = parse. urlencode (data) url = "https://kyfw.12306.cn/passport/captcha/captcha-image? {}". Format (param) response = session. get (url, headers = headers) if response. status_code = 200: file = BytesIO (response. content) img = Image. open (file) img. show () positions = input ("Enter the Verification Code:") # Send the verification code data = {"answer": positions, "login_site": "E", "rand ": "sjrand"} url = "https://kyfw.12306.cn/passport/captcha/captcha-check" response = session. post (url, headers = headers, data = data) if response. status_code = 200: result = json. loads (response. text) print (result. get ("result_message") return True if result. get ("result_code") = "4" else False return Falseif _ name _ = "_ main _": if login (): print ("Success") else: print ("Failed ")

I'm tired of adding the execution results. I'm going to dinner.

 

I hate writing articles. Really, this is my first crawler article. It took me two hours to write the code. It took me a whole afternoon to write the document. Ah, I was still not good at writing articles. I wanted to write a python public account for secondary development. After writing the results several times, I deleted them all at the beginning. The text was really bad, and the logic was confusing, I can't see it myself. Let's take a look. I hope to give more comments. I will accept them modestly and correct them slowly.