Objective
Log on to the site, often encounter token parameters, token association is not difficult, it is difficult to find out the first time the server returned the value of the token where the location, taken out can be dynamically associated with
Login Pull-Hook net
1. First find the Login homepage https://passport.lagou.com/login/login.html, enter the account number and password login, grab the package to see the details
2. Re-login once to see the packet, the head has two parameters is dynamic, token and code values will be different each time, can only be used once
X-Anit-Forge-Token: 45aa69d8-4afa-4235-8957-9dde7af1903eX-Anit-Forge-Code: 20765316
Find where token is generated
1. Open the login home https://passport.lagou.com/login/login.html, directly press F5 refresh (only do the refresh action, do not enter the account and password), and then from the returned page to find the location of the token generated
Look at the contents of the note:
</script> <!-- 页面样式 --> <!-- 动态token,防御伪造请求,重复提交 --> <script> window.X_Anti_Forge_Token = ‘286fd3ae-ef82-4019-89c4-9408947a0e26‘; window.X_Anti_Forge_Code = ‘74603111‘;</script>
Front-end code, comment content exposes the token location, hey!
2. Then parse the value of token and code two parameters from the returned HTML
# Coding:utf-8Import requestsImport reFrom BS4Import BeautifulSoup# SHANGHAI-long QQ Exchange Group: 512200893DefGettokencode(s):"To extract Token,code from the login page, then add <!--page style to the header information--><!--dynamic token, defend against forgery request, repeat submit--<script type=" text/ JavaScript "> window. X_anti_forge_token = ' dde4db4a-888e-47ca-8277-0c6da6a8fc19 '; Window. X_anti_forge_code = ' 61142241 '; </script> ' url =' https://passport.lagou.com/login/login.html ' H = {"User-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) gecko/20100101 firefox/44.0 ",}# Update Session Headers S.headers.update (h) data = S.get (URL, verify=False) soup = BeautifulSoup (data.content,"Html.parser", from_encoding=' utf-8 ') Tokencode = {} try:t = Soup.find_all (' script ') [1].get_text ( ) print (t) tokencode[' x_anti_forge_token '] = Re.findall (r "Token = ' (. +?) '", t) [0] tokencode[' x_anti_ Forge_code '] = Re.findall (r "code = ' (. +?) '", t) [0] except:print ("Get token and Code failed") tokencode[' X_anti_forge_token '] = " " tokencode[' x_anti_forge_code ') = "" return tokencode /c14>
Analog Login
1. Log in when the password parameters, although encrypted, but is a fixed encryption, so the direct copy of the packet capture encryption string on the line.
# Coding:utf-8Import requestsImport reFrom BS4Import BeautifulSoupDefLogin(s, gtoken, User, PSW):"Function: Login hook Web site:p Aram S: pass s = requests.session ():p Aram Gtoken: Previous function Gettokencode returned Tokencode:p Aram User: Account:p Aram PSW: Password: return: Back to json ' URL2 =' Https://passport.lagou.com/login/login.json ' H2 = {"User-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) gecko/20100101 firefox/44.0 ","Content-type":"Application/x-www-form-urlencoded; Charset=utf-8 ","X-requested-with": "XMLHttpRequest", "X-anit-forge-token": Gtoken[ ' X_anti_forge_token '], " X-anit-forge-code ": gtoken[ "Referer": # update s header s.headers.update (h2) BODY = { Span class= "hljs-string" > "isvalidate": ' true ', "username": User, "password": PSW, "Request_form_verifycode": " submit ": " "} r2 = S.post (Url2, Data=body, Verify=false) print (r2.text) return R2.json ()
Password encryption
1. Here the password is MD5 encryption (Baidu read the other big God's blog, just know)
# Coding:utf-8Import requestsImport refrom bs4 import beautifulsoup Import Hashlibdef encryptPwd< Span class= "Hljs-params" > (passwd): # the password was MD5 double-encrypted passwd = HASHLIB.MD5 (Passwd.encode (# veennike This value is a write dead value found in the js file passwd = ' veenike ' +passwd+ ' veenike ' passwd = HASHLIB.MD5 (Passwd.encode (return Passwdif __name__ = "__main__": # Test password 123456 print (encryptpwd (
Output Result:
2. Comparing with the data of the grab packet, the discovery is the same, indicating that the encryption succeeds
Reference code:
# Coding:utf-8Import requestsImport reFrom BS4Import BeautifulSoupImport URLLIB3Import Hashliburllib3.disable_warnings ()ClassLoginlgw():Def__init__(self, s): Self.s = SDefGettokencode(self):"To extract Token,code from the login page, then add <!--page style to the header information--><!--dynamic token, defend against forgery request, repeat submit--<script type=" text/ JavaScript "> window. X_anti_forge_token = ' dde4db4a-888e-47ca-8277-0c6da6a8fc19 '; Window. X_anti_forge_code = ' 61142241 '; </script> ' url =' https://passport.lagou.com/login/login.html ' H = {"User-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) gecko/20100101 firefox/44.0 ",}# Update Session Headers Self.s.headers.update (h) data = Self.s.get (URL, verify=False) soup = BeautifulSoup (data.content,"Html.parser", from_encoding=' Utf-8 ') Tokencode = {}Try:t = Soup.find_all (' Script ') [1].get_text () print (t) tokencode[' X_anti_forge_token '] = Re.findall (r "Token = ' (. +?) '", t) [0] Tokencode[' X_anti_forge_code '] = Re.findall (r "Code = ' (. +?) '", t) [0]Return TokencodeExcept:print ("Get token and code failed") tokencode[' X_anti_forge_token '] ="" tokencode[' X_anti_forge_code '] =""Return TokencodeDefEncryptpwd(SELF,PASSWD):# MD5 dual encryption for password passwd = HASHLIB.MD5 (Passwd.encode (' Utf-8 '). Hexdigest ()# Veennike This value is a write-dead value found in the js file passwd =' Veenike ' +passwd+' veenike ' passwd = Hashlib.md5 (Passwd.encode (' Utf-8 '). Hexdigest ()return passwdDefLogin(Self, user, PSW):"Function: Login Web site:p Aram User: Account:p Aram PSW: Password: return: Returns JSON ' Gtoken = Self.gettokencode () print (Gtoken) print (g token[' X_anti_forge_token ']) print (gtoken[' X_anti_forge_code ']) Url2 =' Https://passport.lagou.com/login/login.json ' H2 = {"User-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) gecko/20100101 firefox/44.0 ","Content-type":"Application/x-www-form-urlencoded; Charset=utf-8 ","X-requested-with":"XMLHttpRequest","X-anit-forge-token": gtoken[' X_anti_forge_token '],"X-anit-forge-code": gtoken[' X_anti_forge_code '],"Referer":"Https://passport.lagou.com/login/login.html",}# update S head self.s.headers.update (h2) passwd = self.encryptpwd (PSW) BODY = { "isvalidate": ' true ', "username": User, "password": passwd, "Request_form_verifycode": " submit ": " "} r2 = Self.s.post (URL2, Data=body, Verify=false) try:print (r2.text) return R2.json () except:print (" Login Exception info:%s "% R2.text) return noneif __name__ = = "__main__": s = requests.session () LGW = LOGINLGW (s) lgw.login ( " 15221000000 ", " 123456 ")
Python interface Automation 23-token Parameter association login (login pull net)