Use C # to log on to a website with a verification code)

In my previous article, I have explained how to log on to a general website and log on to C #. Many people ask what to do with a website that uses the verification code, here I will talk about the principle of the verification code and the corresponding logon method.

Source of Verification Code

A few years ago, most websites and forums did not have verification codes, because for general users, verification codes only increase user operations and reduce user experience. However, various irrigation robots, vote-casting robots, and malicious registration robots emerged one after another, greatly increasing the burden on the website and bringing a large amount of junk data to the website database. To prevent various robotsProgramSo the programmer came up with a verification code that can only be recognized by the human eye and is not easily recognized by the program!

A verification code is an image that uses letters, numbers, and even Chinese characters as the content of an image. In this way, the content of an image can be easily identified by human eyes and cannot be identified by programs. Before database operations (such as login verification, voting, posting, reply, registration, etc.), the program first verifies whether the Verification Code submitted by the client is the same as the content in the image, if they are the same, database operations are performed. If they are different, the system prompts an incorrect verification code and does not perform database operations. In this way, various robot programs will be rejected!

However, with the development of computer science, pattern recognition and other technologies become more and more mature, so the guy who writes robots can identify the content directly written in the image through the program and then submit it to the server, in this way, the verification code is equivalent to a false one. In order to prevent robot recognition, the image generation of the Verification Code is also constantly evolving, adding interference points, interference lines, text deformation, angle conversion, different colors ...... Various technologies that prevent computer recognition are also applied to verification codes. In the competition between the two technologies, we have formed the verification code we have seen. Many people have complained, "what is this verification code, the human eyes cannot tell what it is.

Verification code usage

The verification code is for a variety of robot programs, so the content in the verification code picture is not stored in the cookie, HTML and URL, if you see a verification code picture URL is http://xxxxxx.com/Expwd.aspx? Code = 1af8, And the content in the verification code image is 1af8, which is ridiculous. At the same time, if you find that the value of the verification code is saved in the cookie through packet capture or you can view the HTML, you will see the following: <input type = "hidden" id = "expwd" name = "expwd" value = "1af8"/> it is incredible to put the content of the verification code in a hidden element. For these behaviors, it is obvious that this programmer does not know what the verification code is for, but other people's websites have verification codes, and they also get a fashion with their own websites. Another funny thing is that the verification code looks like a verification code. The result is HTML.CodeNot an image, it is a <span> 1 </span> <span> A </span> <span> F </span> <span> 8 </span>. Don't take it for granted. I have met these situations in real life. I was most happy when I was a voter writer !!!

The content of the verification code must be stored on the server. Generally, we can add the randomly generated verification code to the session. When the user submits the verification code, the submitted content is compared with the verification code in the session. The background code on the page where the verification code is generated can be written as follows:

Protected Void Page_load ( Object Sender, eventargs E)
{
String Checkcode = Createcode ( 4 );
Session [ " Checkcode " ] = Checkcode;
Createimage (checkcode );
}

For example, when you log on for verification, you can enter:

Protected Void Btnlogin_click ( Object Sender, imageclickeventargs E)
{
If (Session [ " Checkcode " ] = Null )
{
Uihelper. Alert (page, " The verification code has expired. enter a new one. " );
Return ;
}
If (Session [ " Checkcode " ]. Tostring (). tolower () ! = Txbcode. Text. tolower ()) // Case Insensitive Verification Code
{
Uihelper. Alert (page, " Incorrect verification code " );
Return ;
}
// Database verification ......
}

 

Use C # to log on to a website with a verification code

We have a basic understanding of the principles and usage of the entire verification code. Now let's get down to it and talk about how to log on to the website with the verification code. Here we use csdn logon as an example.

1. log on to IE normally once and capture the data packets during logon.

2. Analyze the logon principles as follows:

1) Request a token.

ASP. net_sessionid = ydebagnqgiiixi2dvihfw355;Path =/; HTTPOnly, abcdef =; domain = csdn.net; expires = Tue, 22-apr-2008 17:57:01 GMT; Path =/, qwertop =; domain = csdn.net; expires = Tue, 22-apr-2008 17:57:01 GMT; path =/, activeusername = guest; domain = csdn.net; expires = Tue, 22-apr-2008 17:57:01 GMT; Path =/, username = guest; domain = csdn.net; expires = Tue, 22-apr-2008 17:57:01 GMT; path =/, pname =; domain = csdn.net; expires = Tue, 22-apr-2008 17:57:01 GMT; Path =/, clientkey =; expires = Tue, 22-apr-2008 17:57:01 GMT; Path = /, userid = 0; expires = Tue, 22-apr-2008 17:57:01 GMT; Path =/, clientkey = 933ffb09-5096-4fbb-b90f-5f0bff335b41; Path =/

2) There is a <input type = "hidden" name = "clientkey" value = "a50b14fa-2a75-4364-bbeb-3b498b72aa46"/> value in the HTML returned by the page, this value is also required for login submission, therefore, you need to separate them from the HTML code.

3) Send the sessionid as the content of the cookie to the page http://passport.csdn.net/ShowExPwd.aspx generated by the Verification code that returns a binary stream of an image.

4) convert the returned binary data into an image and present it to the user.

Image img = New Bitmap (
HTTP. getstreambybytes ( " Http://passport.csdn.net " , " Http://passport.csdn.net/ShowExPwd.aspx " , B,
Aspcookie, Out Header )); // Get Verification Code Image
This . Picturebox1.image = IMG;

5) The user enters the user name, password, and verification code, and then posts the clientkey separated from the preceding client key to http://passport.csdn.net/userlogin.aspxfor verification.

Parameters & mailparameters = & ctl00 % 24cph_content % 24image_login.x = 26 & ctl00 % 24cph_content % 24image_login.y = 11

6) if the verification succeeds, HTML containing user information (number of posts, points, blog rankings, etc.) will be returned. If the verification fails, a specific error message will be returned.

3. After analyzing the logon principle of csdn, the following code is implemented. The code implementation is relatively simple.ArticleThe Demo code used is modified, so it is not very beautiful. If you are interested, you can check it. /Files/studyzy/logincsdndemo.rar
After successful login

Now that the current user has successfully logged on, the next step is to post a blog or forum post on csdn. You only need to put the current sessionid in the cookie and use the cookie when submitting the post.

[This is from the deep blue residence in the blog Park. Please indicate the author's source for reprinting]