12306登陆接口更改后的随机参数的获取
来源:互联网 发布:淘宝刷手违法吗 编辑:程序博客网 时间:2024/06/08 06:25
登录时截获发送的数据包如图:
上图画红圈的就是12036系统生成的随机参数,每次登陆参数名称不一样,值也不一样,如果登陆没有这个参数的话,那肯定是不能成功的。那如何获取到这个随机参数呢?
用抓包工具抓某一刷票软件的登陆的http请求,结果发现它访问了一个js,js地址为:https://kyfw.12306.cn/otn/dynamicJs/ljrkadr,于是找到了js代码,格式化了下如下:
var submitForm; (function($) { var jq = $.ajax; function fw(kw) { var hasKey = false; var values = kw['values']; var html = $(kw['key']).html(); if (html) { for (var i = 0; i < values.length; i++) { if (html.indexOf(values[i]) > -1) { hasKey = true; break; } } } return hasKey; } function bin216(s) { var i, l, o = "", n; s += ""; b = ""; for (i = 0, l = s.length; i < l; i++) { b = s.charCodeAt(i); n = b.toString(16); o += n.length < 2 ? "0" + n: n; } return o; }; var Base32 = new function() { var delta = 0x9E3779B8; function longArrayToString(data, includeLength) { var length = data.length; var n = (length - 1) << 2; if (includeLength) { var m = data[length - 1]; if ((m < n - 3) || (m > n)) return null; n = m; } for (var i = 0; i < length; i++) { data[i] = String.fromCharCode(data[i] & 0xff, data[i] >>> 8 & 0xff, data[i] >>> 16 & 0xff, data[i] >>> 24 & 0xff); } if (includeLength) { return data.join('').substring(0, n); } else { return data.join(''); } }; function stringToLongArray(string, includeLength) { var length = string.length; var result = []; for (var i = 0; i < length; i += 4) { result[i >> 2] = string.charCodeAt(i) | string.charCodeAt(i + 1) << 8 | string.charCodeAt(i + 2) << 16 | string.charCodeAt(i + 3) << 24; } if (includeLength) { result[result.length] = length; } return result; }; this.encrypt = function(string, key) { if (string == "") { return ""; } var v = stringToLongArray(string, true); var k = stringToLongArray(key, false); if (k.length < 4) { k.length = 4; } var n = v.length - 1; var z = v[n], y = v[0]; var mx, e, p, q = Math.floor(6 + 52 / (n + 1)), sum = 0; while (0 < q--) { sum = sum + delta & 0xffffffff; e = sum >>> 2 & 3; for (p = 0; p < n; p++) { y = v[p + 1]; mx = (z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z); z = v[p] = v[p] + mx & 0xffffffff; } y = v[0]; mx = (z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4) ^ (sum ^ y) + (k[p & 3 ^ e] ^ z); z = v[n] = v[n] + mx & 0xffffffff; } return longArrayToString(v, false); }; }; var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; function encode32(input) { input = escape(input); var output = ""; var chr1, chr2, chr3 = ""; var enc1, enc2, enc3, enc4 = ""; var i = 0; do { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); enc1 = chr1 >> 2; enc2 = ((chr1 & 3) << 4) | (chr2 >> 4); enc3 = ((chr2 & 15) << 2) | (chr3 >> 6); enc4 = chr3 & 63; if (isNaN(chr2)) { enc3 = enc4 = 64; } else if (isNaN(chr3)) { enc4 = 64; } output = output + keyStr.charAt(enc1) + keyStr.charAt(enc2) + keyStr.charAt(enc3) + keyStr.charAt(enc4); chr1 = chr2 = chr3 = ""; enc1 = enc2 = enc3 = enc4 = ""; } while ( i < input . length ); return output; }; function aj() { var dobj = new Object(); dobj['jsv'] = window.helperVersion; jq({ url: 'https://kyfw.12306.cn/otn/dynamicJs/suczpkp', data: dobj, type: 'POST', success: function(data, textStatus) { if (timmer) clearInterval(timmer); }, error: function(XMLHttpRequest, textStatus, errorThrown) {} }); } var timmer = null; (function check(src) { checkSelf(); function checkSelf() { var formArr = $('form'); if (formArr.length > 1) {} } timmer = setInterval(gc, 2000); })('1_111'); //入口 $(document).ready(function() { (function() { var dobj = new Object(); dobj['jsv'] = window.helperVersion; jq({ url: 'https://kyfw.12306.cn/otn/dynamicJs/suczpkp', data: dobj, type: 'POST', success: function(data, textStatus) {}, error: function(XMLHttpRequest, textStatus, errorThrown) {} }); var form = document.forms[0]; var oldSubmit; if (null != form && form != 'undefined' && form.id == 'loginForm') { form.oldSubmit = form.submit; submitForm = function() { var keyVlues = gc().split(':'); var inputObj = $('<input type="hidden" name="' + keyVlues[0] + '" value="' + encode32(bin216(Base32.encrypt(keyVlues[1], keyVlues[0]))) + '" />'); var myObj = $('<input type="hidden" name="myversion" value="' + window.helperVersion + '" />'); inputObj.appendTo($(form)); myObj.appendTo($(form)); delete inputObj; delete myObj; } } else { submitForm = function() { var keyVlues = gc().split(':'); return keyVlues[0] + ",-," + encode32(bin216(Base32.encrypt(keyVlues[1], keyVlues[0]))) + ":::" + 'myversion' + ",-," + window.helperVersion; }; } })(); //测试 弹出随机参数 var aa=submitForm(); alert(aa); }); function gc() { var key = 'NTQ2MTcz'; var value = ''; var cssArr = ['selectSeatType', 'ev_light', 'ev_light', 'fishTimeRangePicker', 'updatesFound', 'tipScript', 'refreshButton', 'fish_clock', 'refreshStudentButton', 'btnMoreOptions', 'btnAutoLogin', 'fish_button', 'defaultSafeModeTime', 'ticket-navigation-item']; var csschek = false; if (cssArr && cssArr.length > 0) { for (var i = 0; i < cssArr.length; i++) { if ($('.' + cssArr[i]).length > 0) { csschek = true; break; } } } if (csschek) { value += '0'; } else { value += '1'; } var idArr = ['btnMoreOptions', 'refreshStudentButton', 'fishTimeRangePicker', 'helpertooltable', 'outerbox', 'updateInfo', 'fish_clock', 'refreshStudentButton', 'btnAutoRefresh', 'btnAutoSubmit', 'btnRefreshPassenger', 'autoLogin', 'bnAutoRefreshStu', 'orderCountCell', 'refreshStudentButton', 'enableAdvPanel', 'autoDelayInvoke', 'refreshButton', 'refreshTimesBar', 'chkAllSeat']; var idchek = false; for (var i = 0; i < idArr.length; i++) { if ($('#' + idArr[i])[0]) { idchek = true; break; } } if (idchek) { value += '0'; } else { value += '1'; } var attrArr = ['helperVersion']; var attrLen = attrArr ? attrArr.length: 0; var attrchek = false; for (var p in parent) { if (!attrchek) { for (var k = 0; k < attrLen; k++) { if (String(p).indexOf(attrArr[k]) > -1) { attrchek = true; break; } } } else break; } for (var p in window) { if (!attrchek) { for (var k = 0; k < attrLen; k++) { if (String(p).indexOf(attrArr[k]) > -1) { attrchek = true; break; } } } else break; } var styleArr = ['.enter_right>.enter_enw>.enter_rtitle', '.objbox td']; var stylechek = false; if (styleArr && styleArr.length > 0) { for (var i = 0; i < styleArr.length; i++) { var tempStyle = $(styleArr[i]); if (tempStyle[0]) { for (var k = 0; k < tempStyle.length > 0; k++) { if (tempStyle.eq(k).attr('style')) { stylechek = true; break; } } } } } if (stylechek) { value += '0'; } else { value += '1'; } var keywordArr = [{ key: ".enter_right", values: ["亲", "抢票", "助手"] }, { key: ".cx_form", values: ["点发车", "刷票"] }, { key: "#gridbox", values: ["只选", "仅选", "checkBox", "checkbox"] }, { key: ".enter_w", values: ["助手"] }]; var keywordchek = false; if (keywordArr && keywordArr.length > 0) { for (var i = 0; i < keywordArr.length; i++) { var kw = keywordArr[i]; if (fw(kw)) { keywordchek = true; break; } } } if (keywordchek) { value += '0'; } else { value += '1'; } if (value.indexOf('0') > -1) { aj(); } return key + ':' + value; }})(jQuery);其中的
var aa=submitForm();
alert(aa);
这两句是我加的,用来测试随机参数,你可以新建一个网页,首先拖入jquery类库,然后再引用这段js,就可以看到效果了。
此文章只用于学习交流,请无用于非法用途!
0 0
- 12306登陆接口更改后的随机参数的获取
- 登陆后用户名的获取
- mysql更改密码后,无法登陆的问题
- 获取超链接后的参数
- 获取url?后的参数
- 更改svn的登陆账号
- 怎样获取未知DLL的接口参数
- 怎样获取未知DLL的接口参数
- 怎样获取未知DLL的接口参数
- 怎样获取未知DLL的接口参数
- 怎样获取未知DLL的接口参数
- 怎样获取未知DLL的接口参数
- 怎样获取未知DLL的接口参数
- 在服务器端获取javascript更改lable后的值
- 利用P/Invoke获取更改后的系统CultureInfo
- xUtils3获取同一个URL中被更改后的图片
- 更改后的comboboxcolumn
- 简单的登陆接口
- zepto和jquery的区别,zepto的不同使用8条小结
- Android 之 ListView 点击响应代码?
- UITableView常见属性汇总
- 自己搭建struts2+spring+hibernate+c3p0数据库连接池过程
- ubuntu下 使用AB做压力测试
- 12306登陆接口更改后的随机参数的获取
- 键盘弹出后输入框上移的解决方案
- 红黑树RB-tree
- 颜色知识学习
- java awt 实现简单的验证码图片的生成
- 关于仙童八叛徒(转)
- Graph: Single Source Shortest Path(TODO)
- 自定义状态栏背景(status bar)
- 跨平台移动开发phonegap/cordova 4 ios 开发环境搭建
