使用wininet 写的
写个分析过程吧。。
在浏览器里面输入,http://qzone.qq.com/,打开fiddler
然后登录,发现输入完帐号的时候就会提交一个http请求
GET http://check.ptlogin2.qq.com/check?uin=314468953&appid=549000912&ptlang=2052&js_type=2&js_ver=10009&r=0.30714703394678744 HTTP/1.1
Host: check.ptlogin2.qq.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://i.qq.com/
Cookie: pgv_pvid=8548904480; ptisp=cnc; pt2gguin=o0393587787; ptcz=b11d6228b9569e5e22215ce25618d8a12fe5d5fb7a825ccc892ab2d855fb8dda; ptui_loginuin=314468953; ETK=; ptuserinfo=4576696c3072; qm_sid=b0c0d68b8e29dd52fb15cc2096eef4f4,1QG0yUkRQZEowdg..; qm_username=393587787; pgv_info=ssid=s225082240; qqmusic_uin=o0393587787; qqmusic_key=@m2RDPdJ0v; qqmusic_fromtag=6; rv2=802E73FD8393AE57310787192BD024EB8727D5B02BD5B4E1A9; property20=BAA0AC00D222A73215E9937E2C64F0655C0596EBD1C9CC559FF7875F4D6B511509CFD277762126E0; _qz_referrer=user.qzone.qq.com; ptui_qstatus=1
Connection: keep-alive
返回信息
HTTP/1.1 200 OK
Server: tencent http server
Pragma: No-cache
P3P: CP="CAO PSA OUR"
Set-Cookie: confirmuin=0; PATH=/; DOMAIN=ptlogin2.qq.com;
Set-Cookie: ptvfsession=1b5634b30466ab9bad9b07fdb1976033bcb3b3db696719c93c7756b1e3fe143a2496cce0b28ab87b83d2c442d5b95ea9; PATH=/; DOMAIN=ptlogin2.qq.com;
Connection: close
Content-Type: application/x-javascript; charset=utf-8
ptui_checkVC('0','!MWV','\x00\x00\x00\x00\x12\xbe\x6a\x59');
ptui_checkVC('0','!MWV','\x00\x00\x00\x00\x12\xbe\x6a\x59')
这玩意计算密码时会用到的。
然后我们输入密码,登录
发送的包
GET http://ptlogin2.qq.com/login?ptlang=2052&u=314468953&p=[COLOR="Red"]0D053799267BA502FDFD8C73268CA1C6[/COLOR]&[COLOR="Red"]verifycode=!MWV[/COLOR]&css=http://imgcache.qq.com/ptcss/b2/sjpt/549000912/qzonelogin_ptlogin.css&mibao_css=m_qzone&aid=549000912&u1=http%3A%2F%2Fqzs.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone&ptredirect=1&h=1&from_ui=1&dumy=&fp=loginerroralert&action=2-11-15291&g=1&t=1&dummy=&js_type=2&js_ver=10009 HTTP/1.1
Host: ptlogin2.qq.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://i.qq.com/
Cookie: pgv_pvid=8548904480; ptisp=cnc; pt2gguin=o0314468953; ptcz=b11d6228b9569e5e22215ce25618d8a12fe5d5fb7a825ccc892ab2d855fb8dda; ptui_loginuin=314468953; ETK=; ptuserinfo=46694679; qm_sid=b0c0d68b8e29dd52fb15cc2096eef4f4,1QG0yUkRQZEowdg..; qm_username=393587787; pgv_info=ssid=s225082240; qqmusic_uin=o0393587787; qqmusic_key=@m2RDPdJ0v; qqmusic_fromtag=6; confirmuin=0; ptvfsession=da17d906a7773860956ac7169def1913fd828fe0b57ac18b50b88d6fae81f18ba88e2aa10a8156857ad29a1769d1d7cf; _qz_referrer=user.qzone.qq.com
Connection: keep-alive
关键注意这两个地方就行了,密码是怎么加密的呢?
调试登录页面,在login的js里下断
i是密码
hexchar2bin、md5等跟进去可以看到js代码
pt.uin其实是\x00\x00\x00\x00\x12\xbe\x6a\x59
B.verifycode.value很明显是!MWV
这些东西都是第一次输入帐号之后发送的请求返回的。
还有一个ptvsession,如果你是用socket去post的话,要把这个加上,我这里就不需要了
然后看登录的包
GET http://ptlogin2.qq.com/login?ptlang=2052&u=314468953&p=71EC15D3B9DE0B3A0A9C1594EE888A80&verifycode=!JCP&css=http://imgcache.qq.com/ptcss/b2/sjpt/549000912/qzonelogin_ptlogin.css&mibao_css=m_qzone&aid=549000912&u1=http%3A%2F%2Fqzs.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone&ptredirect=1&h=1&from_ui=1&dumy=&fp=loginerroralert&action=2-11-10935&g=1&t=1&dummy=&js_type=2&js_ver=10009 HTTP/1.1
Host: ptlogin2.qq.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://i.qq.com/
Cookie: pgv_pvid=8548904480; ptisp=cnc; pt2gguin=o0314468953; ptcz=b11d6228b9569e5e22215ce25618d8a12fe5d5fb7a825ccc892ab2d855fb8dda; ptui_loginuin=314468953; ETK=; ptuserinfo=46694679; qm_sid=b0c0d68b8e29dd52fb15cc2096eef4f4,1QG0yUkRQZEowdg..; qm_username=393587787; pgv_info=ssid=s225082240; qqmusic_uin=o0393587787; qqmusic_key=@m2RDPdJ0v; qqmusic_fromtag=6; confirmuin=0; ptvfsession=87e8c9727b1b194d69129cd23b1bb915336628f4f4b466fdf2c42fcd6e6a20cf3be3599ce164bdb30eab80adec323c81; _qz_referrer=user.qzone.qq.com
Connection: keep-alive
登录返回的skey需要获取下,通过它计算一个g_tk,这个在发表说说跟文章时都需要
HTTP/1.1 200 OK
Date: Thu, 21 Mar 2013 06:32:36 GMT
Server: Tencent Login Server/2.0.0
P3P: CP="CAO PSA OUR"
Set-Cookie: pt2gguin=o0314468953; EXPIRES=Fri, 02-Jan-2020 00:00:00 GMT; PATH=/; DOMAIN=qq.com;
Set-Cookie: uin=o0314468953; PATH=/; DOMAIN=qq.com;
Set-Cookie: [COLOR="Red"]skey=@91lFrIZry[/COLOR]; PATH=/; DOMAIN=qq.com;
Set-Cookie: ETK=; PATH=/; DOMAIN=ptlogin2.qq.com;
Set-Cookie: RK=ph5+gHdbUv; EXPIRES=Sun, 19-Mar-2023 06:32:36 GMT; PATH=/; DOMAIN=qq.com;
Set-Cookie: ptuserinfo=46694679; PATH=/; DOMAIN=ptlogin2.qq.com;
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
Connection: Close
Content-Type: application/x-javascript; charset=utf-8
ptuiCB('0','0','http://qzs.qq.com/qzone/v5/loginsucc.html?para=izone','1','登录成功!', 'FiFy');
然后去发表说说抓包,这个就很好分析了,改下包模拟提交就可以,发文章也是一样.
不过要注意编码,说说是utf-8,文章是gb2312,不过也可以在post的内容中对编码做修改
源码:
LoginQQ.rar
[课程]FART 脱壳王!加量不加价!FART作者讲授!