Impersonate a login in Python using the request Library (iv): Beep (encrypted, with verification code)

Source: Internet
Author: User

Packet Capture analysis

Get Verification Code

Get encrypted public key

Where the hash is changed, the public key key remains unchanged


Where the user name is not encrypted and the password is encrypted.

Because a hash value is returned at the same time when the public key is obtained, it is assumed that the hash value is related to password encryption.

Analyze JS code via Google Chrome Console

Right-click the login button, check, view the Event Listeners, a.btn.btn-login the right side of the login.4f030c3....js:6 to view the JS code.

Click {} in the lower left corner to expand the code

Because there is action=getkey in the link to get the public key and hash, try to search for Getkey in the source code, then find such a function:

1Encryptpassword:function(E, t) {2     varn = This,3r =!1;4     return$.ajax ({5URL: "" +math.random (),6Async:!17}). Done (function(t) {8T && t.error && (n.publictip = "Login failed, server exception occurred", E =NULL);9         vari =NewJsencrypt;Ten I.setpublickey (t.key); One         varA = I.encrypt (T.hash +e); AE =A, -r =!0 -     }), theR? E: "" -}

Observing the 10th and 11 lines, we know that the hash and the variable e are encrypted by RSA and now need to determine what E is. Set a breakpoint at the location of the 11th line of code, enter the user name password verification code and click Login, here the Password box input is ' MyPassword '

Click E to display the value of E, it appears that E is the password plaintext.

Therefore, it can be guessed that the process of encryption is: the password string is preceded by string hash value, and then RSA encryption. The following test checks to see if the guesses are correct.

Analog Login

The headers of each request completely replicates the contents of the capture package.

1. Get the Verification code

1 defGet_code ():2Url=''3headers={Copy the headers} to which the packet was caught4 session.headers.clear ()5 session.headers.update (Headers)6R=session.get (URL)7File=open ('code.jpg','WB')8 file.write (r.content)9File.close ()


1 defGet_key ():2Url=''3headers={Copy the headers} to which the packet was caught4 session.headers.clear ()5 session.headers.update (Headers)6R=session.get (URL)7Jsondata=json.loads (R.text)8     #hash change, key unchanged9     return(jsondata['Hash'],jsondata['Key'])

3. Encryption, refer to the appendix of the demo login of the blog Park

1 defEncrypt (Hash,key,password):2      fromCrypto.publickeyImportRSA3      fromCrypto.cipherImportpkcs1_v1_54 (Rsa.importkey (bytes (Key,'Utf-8')))6     returnSTR (b64encode (encryptor.encrypt (bytes (Hash+password,'Utf-8'))),'Utf-8')

4. Login

1 defLogin (Code,username,password):2     #Note that the verification code will automatically be capitalized in the login page3Url='Https://'4headers={Copy the headers} to which the packet was caught5data={'CType':'2',6           'Vctype':'1',7           'Captcha': Code,8           'User': Username,9           'pwd':p Assword,Ten           'Keep':'true', One           'Gourl':''} A session.headers.clear () - session.headers.update (Headers) (url,data=data) the     returnR.text

If the login succeeds, it will return "code": 0

5. Testing


When not logged in, the title of Testurl is "bilibili-hint", log in with the title "Beep @@facesymbol@@つロ Cheers ~-bilibili"

session.headers.clear () r=session.get (testurl) P=r.text.find ('<title> ') +len ('<title>')print(r.text[p:r.text.find ('  <', p)])

Impersonate a login in Python using the request Library (iv): Beep (encrypted, with verification code)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.