-
-
web QQ 登录
-
发表于: 2013-6-6 21:04
-
关于webqq 登录的协议网上已经有很多了;今天特地弄了点时间来写个webqq登录的过程;web QQ协议 分析
抓包工具: httpwatch
web QQ 数据1。。
当输入QQ号码时,焦点移动到密码框时,这时会给服务器发送一串数据主要是判断当前qq是否需要输入验证码;
发送的数据格式是
9f7K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6M7$3I4Q4x3X3g2H3N6r3I4G2k6$3W2F1x3W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3j5$3S2W2j5$3E0Q4x3@1k6#2K9h3&6Q4x3@1c8Q4c8e0c8Q4b7V1c8Q4b7e0m8Q4c8e0N6Q4z5f1q4Q4z5o6c8c8f1g2!0q4y4g2)9^5c8W2!0n7y4#2)9J5y4X3q4H3M7r3W2V1i4K6y4p5x3e0l9H3x3K6V1H3x3#2)9J5y4X3A6K6i4K6g2X3N6X3g2J5i4K6y4p5x3e0l9H3x3K6q4Q4x3U0k6B7M7#2)9#2k6Y4c8&6M7r3g2Q4x3@1b7H3i4K6t1$3L8r3!0Y4K9h3&6Q4y4h3k6K6K9h3N6Q4x3@1c8@1y4s2k6W2L8@1&6#2i4K6u0m8c8#2S2m8N6V1u0n7g2i4A6k6h3p5I4j5M7q4W2t1N6#2u0*7k6%4y4v1j5V1E0V1L8s2y4%4P5f1y4U0N6i4g2a6e0V1I4%4f1q4N6B7z5q4k6o6e0s2M7I4k6#2S2c8z5h3k6F1L8#2A6A6x3p5c8Q4x3U0k6#2x3g2)9K6c8r3S2@1N6s2m8Q4x3U0f1K6b7g2)9J5y4e0u0r3i4K6t1#2x3V1k6%4k6h3u0Q4x3X3g2I4M7g2)9J5k6h3y4G2L8g2)9J5y4e0u0r3L8r3!0Y4K9h3&6H3M7X3!0^5P5g2)9J5k6h3S2@1L8h3I4Q4x3U0k6J5i4K6y4p5x3q4)9J5k6e0V1@1y4o6M7I4x3o6p5H3z5o6R3@1y4e0l9H3y4e0R3`.
下面是抓包工具所抓取;
########################################################
GET /check?uin=1500807270&appid=1003903&js_ver=10031&js_type=0&login_sig=t4veoNu*GXAvBBUzYXLXpYHwRzgsJbKdlswyCcuuONLwPWj8VCLw1gXQ9fnoZi0D&u1=http%3A%2F%2Fweb.qq.com%2Floginproxy.html&r=0.9447101088450058 HTTP/1.1
Accept: */*
Referer: 786K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6#2K9g2)9J5k6i4m8@1L8r3!0Y4K9h3^5J5i4K6u0W2M7i4q4Q4x3X3g2U0L8$3#2Q4x3V1k6U0k6$3W2Q4x3X3c8T1K9h3&6Q4x3V1k6D9L8$3N6A6L8W2)9K6c8Y4c8S2M7X3N6W2N6q4)9K6c8s2y4W2L8r3k6Q4x3U0k6K6N6s2W2D9k6g2)9K6c8o6g2Q4x3U0k6E0K9h3u0S2L8#2)9#2k6X3y4K6M7#2)9K6c8r3#2Q4y4h3k6%4k6h3u0I4M7g2)9J5y4X3q4H3M7r3W2V1i4K6y4p5x3e0l9H3x3K6V1H3x3#2)9J5y4X3g2F1j5h3u0D9k6g2)9#2k6Y4q4D9L8$3N6A6L8W2)9K6c8o6m8Q4x3U0k6F1L8#2)9#2k6Y4k6W2M7X3W2X3P5h3W2E0k6#2)9K6c8o6q4Q4x3U0k6K6i4K6g2X3N6i4u0D9i4K6y4p5K9s2c8@1M7q4)9J5y4e0y4m8i4K6t1#2x3V1k6Q4x3U0f1J5c8Y4N6W2j5W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6t1#2x3V1k6D9L8$3N6A6L8Y4m8J5L8%4S2&6i4K6u0W2K9s2c8E0L8q4)9J5y4X3k6Q4y4h3k6#2M7X3I4Q4x3@1c8D9L8$3N6A6L8X3g2J5M7X3!0J5j5h3I4W2M7Y4c8Q4x3U0k6K6N6s2u0G2L8X3N6Q4y4h3k6D9L8$3N6A6L8W2)9K6c8o6m8Q4x3U0k6D9L8$3N6A6L8W2)9#2k6Y4y4@1j5i4c8W2i4K6y4p5x3e0m8Q4x3U0k6@1i4K6y4p5x3U0l9I4x3K6l9#2x3e0j5H3x3o6p5`.
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: ssl.ptlogin2.qq.com
Connection: Keep-Alive
Cookie:
########################################################
返回数据有两种情况
1.ptui_checkVC('1','2c18e75d3acac5280a8c057e1d07e1ff66e349fd6974a09e','\x00\x00\x00\x00\x59\x74\x80\x66');
2.ptui_checkVC('0','!TXP','\x00\x00\x00\x00\x59\x74\x80\x66');
其中 ‘1’代表需要验证码,‘0’代表不需要验证码 ('!TXP')就是默认的验证码;
获取验证码
337K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6M7$3I4Q4x3X3g2U0j5i4m8@1j5$3S2S2i4K6u0W2M7i4q4Q4x3X3g2U0L8$3#2Q4x3V1k6Y4k6i4c8A6L8h3q4Y4k6g2)9K6c8X3q4A6k6q4)9K6c8o6p5H3x3o6x3&6x3o6y4Q4x3U0k6J5i4K6y4p5x3q4)9J5k6e0l9@1x3K6t1$3y4U0R3%4y4U0p5&6y4e0j5#2y4U0j5%4i4K6t1$3N6h3W2F1i4K6y4p5i4@1f1@1i4@1u0p5i4@1p5H3i4@1f1%4i4K6W2m8i4K6R3@1f1g2q4Q4c8e0g2Q4z5p5k6Q4b7U0M7`.
返回的数据
HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Mon, 03 Jun 2013 16:37:53 GMT
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Pragma: No-cache
P3P: CP=CAO PSA OUR
Content-Length: 2692
Set-Cookie: verifysession=h01ce84b6410a1a8d190d977613ae1cb8c091910377e897fb37db1a9afc031603412b5a3eba8cd9466503d9fa03000a05ba; PATH=/; DOMAIN=qq.com;
其中 cookie: verifysession=h01ce84b6410a1a8d190d977613ae1cb8c091910377e897fb37db1a9afc031603412b5a3eba8cd9466503d9fa03000a05ba; 要保存登录时需要用到的(网上的资料上看到的) 后来我测试的时候,我是没用到这串数据,不知道是什么啥情况
登录时 ,要发送的数据如下
88cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6M7$3I4Q4x3X3g2H3N6r3I4G2k6$3W2F1x3W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3L8r3!0Y4K9h3&6Q4x3@1k6#2i4K6y4p5你的QQ号&p=(477EE3BBA9C7A642E839ACE55F32C1EE)为加密过的密码&verifycode=(tvte)验证码&webqq_type=10&remember_uin=1&login2qq=1&aid=1003903&u1=http%3A%2F%2Fweb.qq.com%2Floginproxy.html%3Flogin2qq%3D1%26webqq_type%3D10&h=1&ptredirect=0&ptlang=2052&from_ui=1&pttype=1&dumy=&fp=loginerroralert&action=2-17-15730&mibao_css=m_webqq&t=1&g=1&js_type=0&js_ver=10031&login_sig=a27Ga1qNTG6ldZNIXhgJJrSHeBBw-OQBmso*pQURbTJcfZ9jNZM3Nk7Hb8ffP9fB
########################################################
QQ密码加密方式为(参考网上资料)
MD5(hexchar2bin(MD5(密码))+pt.uin)+大写验证码); pt.uin === \x00\x00\x00\x00\x59\x74\x80\x66
其中 \x00\x00\x00\x00\x59\x74\x80\x66 就等于 0000000059748066 此为16进制数 转换成10进制数就是你的QQ号码;
########################################################
登录成功后返回的数据
ptuiCB('0','0','599K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6W2j5W2)9J5k6i4q4I4i4K6u0W2j5$3!0E0i4K6u0r3L8r3!0Y4K9h3&6H3M7X3!0^5P5g2)9J5k6h3S2@1L8h3I4Q4x3@1k6D9L8$3N6A6L8U0u0I4M7g2)9K6c8o6q4Q4x3U0k6%4k6h3u0I4M7g2)9#2k6Y4c8&6M7r3g2Q4x3@1b7I4x3q4)9J5y4#2)9J5b7#2)9J5y4K6m8Q4x3U0N6Q4x3V1y4Q4x3U0N6Q4c8e0N6Q4z5e0W2Q4b7V1u0Q4c8e0g2Q4b7V1c8Q4z5e0g2Q4c8e0k6Q4z5o6S2Q4z5e0m8Q4c8e0g2Q4z5p5q4Q4z5f1k6Q4c8f1k6Q4b7V1y4Q4z5o6q4Q4x3U0N6Q4x3V1x3`. 'Jyw');
附件中只写了登录过程,比较简单,代码很烂,大牛飘过;
[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入!
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
