Login to Dr.com ideas and code sharing in python
- 2020-04-02 13:45:46
- OfStack
Premise: your isp must support web login.
Note: the login page of each ISP is different, but I guess the algorithm is the same, so the solution should be similar, but the key of the form may not be the same.
First, analyze the login page.
The page head is inlaid < The script > Tag, where all the submitt-related scripts are located. The key parts of the page are two forms: f1 and f0. The entire f0 is invisible, but clicking on the f1 submission directly invokes the f0 submission rather than the submission itself. The table layout of the form is no joke...
Part of the HTML
<form name="f1" method="post" action="" onsubmit="return ee()">
<table border="0" width="100%" cellspacing="1" cellpadding="0" height="100%" class="f1">
...
<tr>
<td height="34" width="35%" align="right"> account Account </td><td height="34" width="64%"> <input name="DDDDD" type="text" maxlength="26" class="input-border"></td>
</tr>
<tr>
<td height="32" width="35%" align="right"> password Password </td><td height="32" width="64%"> <input name="upass" type="password" maxlength="16" class="input-border"></td>
</tr>
<tr>
<td height="57" width="35%"> </td><td height="57" width="64%"> <input type="submit" name="0MKKey" value="" onclick="cc(0)" class="login-b"> <input type="submit" name="" value="" onclick="reset();return false;"></td>
</tr>
...
</form>You can see here that when you click submit, you call cc(0), and when you submit, you call the ee() function
Js:
function cc(ss) {
f0.R1.value = ss;
}
function ee() {
if (f1.DDDDD.value == "") {
alert(" Please enter your account number Please enter your account account number");
return false;
}
f0.DDDDD.value = f1.DDDDD.value
if (ps == 0) {
f0.upass.value = xproc1(f1.upass.value);
} else {
tmpchar = pid + f1.upass.value + calg;
f0.upass.value = calcMD5(tmpchar) + calg + pid;
f0.R2.value = 1;
}
document.f0.submit();
return false;
}Obviously, when you click submit, you're going to do a bunch of assignments to f0, and if there's no problem, you're going to submit f0
F0:
<form name="f0" method="post" action=""><input type="hidden" name="DDDDD" value="0"><input type="hidden" name="upass" value="0">
<input type="hidden" name="R1" value="0"><input type="hidden" name="R2" value="0"><input type="hidden" name="para" value="00">
<input type="hidden" name="0MKKey" value="123456">
</form>Refer to the content in js, using python dict to represent f0 has the following pseudo-code:
f0={}
f0["DDDDD"] = f1['DDDD']
f0["upass"] = calcMD5(pid + f1['upass'] + calg) + calg + pid;
f0["R1"] = ss
f0["R2"] = 1
f0["para"] = 00
f0["0MKKey"] = 123456Where ss, pid and calg are constants, f1['DDDD'] and f1['upass'] are the user name and password strings entered by the user respectively
The key is the calcMD5 algorithm.
From the point of view of the function name and the function itself, this function is an implementation of MD5. However, there are some problems in the process of porting js code: the shift operation of js and python behaves differently.
Since the entire f0['upass'] field is constant except for the password entered by the user, it is completely possible to calculate f0['upass'] with js. In python, just save the string.
Checking cookies reveals that the entire web page is not using cookies.
After the login jump to the logout page, analysis of the logout page found that logout only needs to visit a specific page on the line.
So the whole idea is very simple, pos login server to achieve login, get designated web page logout. The implementation code is as follows:
import sys
from urllib import urlencode
from urllib2 import urlopen
username = "s10********"
upass = "6696a3***********************************"
LOGIN = "http://202.1**.***.***/"
LOGOUT = "http://202.1**.***.***/F.htm"
def post(url, data=None):
if data:
data = urlencode(data)
response = urlopen(url, data)
return response.read()
def login():
data={}
data["DDDDD"] = username
data["upass"] = upass
data["R1"] = 0
data["R2"] = 1
data["para"] = 00
data["0MKKey"] = 123456
post(LOGIN, data)
pass
def logout():
post(LOGOUT)
def main(argv):
if argv[0] in ('login','in','i'):
login()
elif argv[0] in ('logout','out','o'):
logout()
pass
pass
if __name__ == '__main__':
main(sys.argv[1:]);