Research on the mechanism of anti-brush ticket and. NET HttpRequest Proxy

Recently should be friends about testing his vote on the voting site mechanism of the ability, the following some experience and experience.

The friend website uses PHP to write, walks is HttpRequest, he first thought IP authentication should be almost. But honestly this is very low, manual replacement proxy Server manual brush can be. But the programmer's hand is the program, so,

First of all, Baidu to some free proxy server, very many sites to share these. Save to TXT file in a certain format.

The second step is to use fiddler to intercept the message and get its HTTP request header and body:

This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/net/

The third step is to use. NET HttpRequest. Logic is traversal agent TXT agent, forged fiddler heard the request message (of course, some of these cookies and other details need to change according to the different circumstances discussed)

_contentslist = File.ReadAllLines (@ "C:\Proxy.txt");
     
           var contents = _contentslist.tolist (); var proxy = string.
           Empty;
     
           var port = 0;
                   foreach (var item in contents) {New Thread (() => {try {//get agent var list = Item.
                       Split (': ');
                       Proxy = list[0];
     
                       Port = Convert.ToInt32 (list[1]); Fake message var request = (HttpWebRequest) We
                       Brequest.create (@ "Http://XXX.COM"); Request.
                       Proxy = new WebProxy (proxy, port); Request. useragent = @ "mozilla/5.0 (Windows NT 6.3; WOW64;
                       rv:28.0) gecko/20100101 firefox/28.0 "; Request.
                       Referer = @ "Http://XXX.COM"; ReQuest.
                       method = ' Get '; Request.
                       Host = @ "xxx.com"; Request.
     
                       Accept = @ "*/*"; Request.
                       Headers.add (@ "Accept-language", @ "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3"); Request.
                       Headers.add (@ "accept-encoding", @ "gzip, deflate"); Request.
                       Headers.add (@ "X-requested-with", @ "XMLHttpRequest"); var response = Request.
                       GetResponse (); Console.WriteLine (Response.
                   ToString ());
                   catch (Exception e) {Console.WriteLine (e.message); }
               }
               ). Start ();

Then my friend found out that it was a big problem, so he used the verification code verification mode, that is, first the server will send you the verification code, the URI of the request you sent must contain the same code.

This is a very good way to kill at least the vast majority of the brush ticket software. But I still want to experiment, this has a kind of battle taste. Ha ha

In fact, this logic is one time. Give me the verification code picture, I recognize it, and then send it again. The difficulty lies in the OCR of the verification code.

At first my friend verification code is very simple, is a few numbers, so I directly use the most basic OCR recognition on the kill.

Then he added noise, OK, this is no problem. We reduce noise, and then recognize, although machine learning takes a while, but the correct rate is still some.

Finally, he adopted a random generation of Chinese characters, I found that the Chinese character OCR is a very troublesome thing. This is also my next step to study the point, later will be an article on OCR.

Then he said he would add some cookies to verify something, and here I think my friend's website is quite perfect now. Then I asked my boss, if it was him, he would be how to brush the ticket.

My boss reply very simple, the tenant manual brush, as you technology how, I give them two cents a vote, you calculate the time cost, completely row.

Although this may be he casually say, but I have some sentiment.