[Python simulated logon] RSA encrypted and replayed login, pythonrsa

[Python simulated logon] RSA encrypted and replayed login, pythonrsa

Python simulated Logon: [Python Data Analysis] Python simulated Logon (1) requests. Session Application
The last logon was the most basic, all in plain text, and the POST data can be seen in the browser. Next let's make it a little harder-simulate login blog Garden (http://www.cnblogs.com)

Logon features: The user name and password are encrypted with RSA, And the POST data cannot be viewed in the browser.

 

Figure 1
For example, you cannot explicitly view the post content in the POST data.

Logon simulation steps

Since the browser debugging function cannot detect POST data, try using Fiddler. This is a network packet capture tool, which is very useful. After logging on, you will see
Figure 2
The data in POST is input1, input2, and remember, which is consistent with the source code obtained from the signin PAGE analysis.
Figure 3
Input1 indicates the user name that has been encrypted, input2 indicates the password that has been encrypted, and remember indicates that the user name is remembered or not remembered. Due to the principle of RSA, the encrypted content can be different, but the decrypted data is the same, so we can use replay to log on, that is, copy the content to our POST data.
Pay attention to the issue of cookies. Do not select the following cookies:
Figure 4
Because this is the cookie on the login page, we will use the following cookies:
Figure 5,

That is, cookies containing. CNBlogCookies, which are also cookies on the home page.
To verify whether the logon is successful, we open the followers page after logon, because no user's fan page can be seen before logon.
Use requests. Session to write the following code:

Import requestsimport reimport jsonfrom bs4 import BeautifulSoups = requests. session () headers = {'accept': 'application/json, text/javascript, */*; q = 000000', 'Referer': 'http: // passport.cnblogs.com/user/signin ', 'User-agent': 'mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/8080', 'cooker ': '_ gads = ID = fc58354935efbd89: T = 1458638388: S = ALNI_MYEtsucyem4nWeL9mdxvQmfAZlTgQ; _ ga = GA1.2.111229817.1458781632 ;. CNBlogsCookie = your username} login_data = {'input1': 'Your username encrypted content', 'input2': 'Your Password Encrypted content', 'member ': 'false'} url = 'HTTP: // passport.cnblogs.com/user/signin'req = s. post (url, data = login_data, headers = headers) print (req. status_code) #200 print (req. content. decode () # {"success": false, "message": "You are logged on"} f = s. get ('HTTP: // home.cnblogs.com/u/whatbeg/followers/1', headers = headers) print (f. status_code) print (f. text)

Then run the following commands:

Figure 6
Figure 7
Logon successful is displayed.
In this way, you can log on to a non-https website that uses RSA-encrypted user name and password and does not require a verification code. I hope to help people in need.

This article is intended for communication and learning purposes only. Do not take advantage of any behaviors that do not comply with Internet morality.
Address: http://whatbeg.com/2016/04/14/logincnblogs.html