Python simulates Sina Weibo login using RSA cryptographic algorithm module

When the PC logs on to Sina Weibo, the client uses JS to encrypt the username and password beforehand, and get a set of parameters before the post, which will also be part of the post_data. In this way, you can't use the usual simple way to simulate a post login (such as Renren).

It is essential to get Sina Weibo data through crawlers and to simulate login.

1, before submitting the POST request, need get get four parameters (Servertime,nonce,pubkey and RSAKV), not previously mentioned just to get a simple servertime,nonce, here is mainly because of JS on the user name, The password encryption method has changed.

1.1 Due to the change in encryption, we will use the RSA module here, the RSA public key encryption algorithm introduction can refer to the relevant content in the network. To download and install the RSA module:

Download: https://pypi.python.org/pypi/rsa/3.1.1

RSA Module Document Address: http://stuvel.eu/files/python-rsa-doc/index.html

Choose your own RSA installation package (. Egg) According to your version of Python and install it under win with the command line Easy_ Install.exe (win on install Setuptool download from here: Setuptools-0.6c11.win32-py2.6.exe installation file) to install, for example: Easy_install Rsa-3.1.1-py2.6.egg, the final command line test import RSA, no error is installed successfully.

1.2 Get and view Sina Weibo login js file

View the source code of the Sina pass URL (http://login.sina.com.cn/signup/signin.php), where you can find the address of the JS http://login.sina.com.cn/js/sso/ Ssologin.js, but the content is encrypted after opening, you can find an online decryption site to decrypt, see the end user name and password encryption method.

1.3 Login

Login first step, add your own user name (username), request Prelogin_url link address:

Prelogin_url = ' http://login.sina.com.cn/sso/prelogin.php?entry=sso&callback= Sinassocontroller.prelogincallback&su=%s&rsakt=mod&client=ssologin.js (v1.4.4) '% username

Use the Get method to get a similar content:

Sinassocontroller.prelogincallback ({"Retcode": 0, "servertime": 1362041092, "pcid": " gz-6664c3dea2bfdaa3c94e8734c9ec2c9e6a1f "," nonce ":" iryp4n "," PubKey ":" Eb2a38568661887fa180bddb5cabd5f21c7bfd59c090cb2d245a87ac253062882729293e5506350508e7f9aa3bb77f4333231490f915f6d63c55fe2f0 8a49b353f444ad3993cacc02db784abbb8e42a9b1bbfffb38be18d78e87a0e41b9b8f73a928ee0ccee1f6739884b9777e4fe9e88a1bbe495927ac4a79 9b3181d6442443 "," rsakv ":" 1330428213 "," Exectime ": 1})

And then extract the Servertime,nonce,pubkey and rsakv that we want. Of course, the values of PubKey and RSAKV can be written dead in code, they are fixed values.

2, before username after BASE64 calculation:

The code is as follows:

Username_ = Urllib.quote (username)
Username = base64.encodestring (username) [:-1]

Password is encrypted by three times, and the value of Servertime and nonce is added to interfere with the SHA1. That is: two times SHA1 encryption, the result plus servertime and nonce value, and then SHA1 to calculate once.

In the latest RSA encryption method, username is still the same as the previous processing;

Password encryption method is different from the original:

2.1 Create an RSA public key, two parameters of the public key Sina Weibo gave a fixed value, but given is a 16 binary string, the first is the first step of login PubKey, the second is the JS encrypted file of ' 10001 '.

These two values need to be converted from 16 to 10, but can also be written dead in the code. This puts 10001 directly to death as 65537. The code is as follows:

The code is as follows:

Rsapublickey = Int (PubKey, 16)
Key = RSA. PublicKey (Rsapublickey, 65537) #创建公钥
message = str (servertime) + ' \ t ' + str (nonce) + ' \ n ' + str (password) #拼接明文js加密文件中得到
passwd = rsa.encrypt (message, key) #加密
passwd = Binascii.b2a_hex (passwd) #将加密信息转换为16进制.

2.2 Request Pass Url:login_url = ' http://login.sina.com.cn/sso/login.php?client=ssologin.js (v1.4.4) '

Header information that needs to be sent

The code is as follows:

Postpara = {
' Entry ': ' Weibo ',
' Gateway ': ' 1 ',
' From ': ',
' SaveState ': ' 7 ',
' Userticket ': ' 1 ',
' Ssosimplelogin ': ' 1 ',
' VSNF ': ' 1 ',
' Vsnval ': ',
' su ': encodedusername,
' Service ': ' Miniblog ',
' Servertime ': Servertime,
' Nonce ': nonce,
' Pwencode ': ' RSA2 ',
' SP ': Encodedpassword,
' Encoding ': ' UTF-8 ',
' Prelt ': ' 115 ',
' RSAKV ': rsakv,
' URL ': ' Http://weibo.com/ajaxlogin.php?framelogin=1&callback=parent.sinaSSOController.feedBackUrlCallBack ',
' ReturnType ': ' META '
}

RSAKV is added to the requested content, the value of Pwencode is modified to RSA2, and the others are the same as before.

Organize the parameters well, post requests. Check whether the login is successful, you can refer to the post after the content of a sentence location.replace ("http://weibo.com/ajaxlogin.php?framelogin=1&callback= parent.sinassocontroller.feedbackurlcallback&retcode=101&reason=%b5%c7%c2%bc%c3%fb%bb%f2%c3%dc%c2%eb% B4%ed%ce%f3 ");

If retcode=101 indicates that the login failed. The result is similar after a successful login, but the value of Retcode is 0.

3. After successful login, the URL in the replace message in body is the URL we want to use next. Then use the Get method to the above URL to send a request to the server, save this request cookie information, is the login cookie we need.

