1. 程式人生 > >最新微博登入過程分析

最新微博登入過程分析

使用requests登入新浪微博:

網上的程式碼都大多失效,也有使用新浪賬戶登入微博,但是如果新浪賬號沒有關聯微博就會出現失敗.本文使用微博主頁登入.微博的驗證碼使用打碼平臺解決,js加密使用pyv8本地執行

難點:

1.獲取到sp加密程式碼
2.登入跳轉

登入引數獲取:

首先請求連結獲取大部分引數:https://login.sina.com.cn/sso/prelogin.php?entry=weibo&callback=sinaSSOController.preloginCallBack&su=機密後的su&rsakt=mod&client=ssologin.js(v1.4.19)&_=時間

可以得到的引數有:

		servertime=int(param['servertime'])
		pubkey=param['pubkey']
        nonce=param['nonce']
        pcid=param['pcid']
        door=param['door']# 驗證碼
        prelt=t-int(preloginTimeStart)-int(exectime) # 也可以隨機一個數字

餘下一個sp使用pyv8獲取,或者使用Python重寫一下,由於我比較懶,就沒有重寫.:

        with PyV8.JSContext() as ctxt:
            with open('./get_sp.js', 'r')as f:
                js = f.read()
            ctxt.eval(js)
            get_sp = ctxt.locals.get_sp  # camshu 傳遞
            sp=get_sp(pubkey,servertime,nonce,password)

登入跳轉:

登入跳轉有一些繞,記錄下:

POST https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.19) HTTP/1.1
Host: login.sina.com.cn
Connection: keep-alive
Content-Length: 680
Cache-Control: max-age=0
Origin: https://weibo.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3590.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://weibo.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: SINAGLOBAL=172.16.138.138_1537105155.49900; SCF=AvhoDwG9H7yu7jEXVHdl6-5de0VlTAHM-DxWm_l0x4XpDGKskTrp37CzNMnsYpcH4s2pO0glnFW3SznVAWVTu8w.; Apache=172.16.118.82_1540427208.360746; SUB=_2AkMsjdc7dcPxrAZZnv8Sy2Llao1H-jyfWL7NAn7tJhMyAhgv7lg0qSVutBF-XJtoC2UuV4QFMS-224CfOqUeItU7; SUBP=0033WrSXqPxfM72wWs9jqgMF55529P9D9WhzedkNc8OigoN.dASp_B4J5JpV8sU4e0n01hMcehqRBGSDdJ2Vqcv_; ULOGIN_IMG=gz-50713e7e3077a79e850fa8875149b157e13b

entry=weibo&gateway=1&from=&savestate=7&qrcode_flag=false&useticket=1&pagerefer=&pcid=gz-50713e7e3077a79e850fa8875149b157e13b&door=ynuxh&vsnf=1&su=MTM5HYTGyOTI0NjU%3D&service=miniblog&servertime=1540447909&nonce=K5B8J1&pwencode=rsa2&rsakv=1330428213&sp=66464b8a605ajkgt3dggffed4db679fb24dd4754579fa7490bdb8199bce486bc695fb1fcd8ffe216b2fd3d28d08ecbf1333244c3325e35aca306cc55b582b1a72a6c531aa560b7403bd90bacb235f97ee1a835926fa4c4d596be0917eb9eacaca27363fe32ad7ae4f1e3e661201ff12d017df571a4cd7a08120334f4c5f2e1c3d&sr=1366*768&encoding=UTF-8&prelt=615&url=https%3A%2F%2Fweibo.com%2Fajaxlogin.php%3Fframelogin%3D1%26callback%3Dparent.sinaSSOController.feedBackUrlCallBack&returntype=META

第一次跳轉:

GET https://login.sina.com.cn/crossdomain2.php?action=login&entry=weibo&r=https%3A%2F%2Fpassport.weibo.com%2Fwbsso%2Flogin%3Fssosavestate%3D1571983888%26url%3Dhttps%253A%252F%252Fweibo.com%252Fajaxlogin.php%253Fframelogin%253D1%2526callback%253Dparent.sinaSSOController.feedBackUrlCallBack%2526sudaref%253Dweibo.com%26display%3D0%26ticket%3DST-NjEwODA2ODMzNw%3D%3D-1540447888-gz-5543B2E4AA42B67ED4C47EF9F7C5675C-1%26retcode%3D0&login_time=1540447887&sign=05ac6884d598bdbb&sr=1366%2A768 HTTP/1.1
Host: login.sina.com.cn
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3590.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.19)
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9

第二次跳轉:

GET https://passport.weibo.com/wbsso/login?ticket=ST-NjEwODA2ODMzNw%3D%3D-1540447888-gz-09C19EB32373370DE55ED4AE31CBA16F-1&ssosavestate=1571983888&callback=sinaSSOController.doCrossDomainCallBack&scriptId=ssoscript0&client=ssologin.js(v1.4.19)&_=1540447889783 HTTP/1.1
Host: passport.weibo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3590.0 Safari/537.36
Accept: */*
Referer: https://login.sina.com.cn/crossdomain2.php?action=login&entry=weibo&r=https%3A%2F%2Fpassport.weibo.com%2Fwbsso%2Flogin%3Fssosavestate%3D1571983888%26url%3Dhttps%253A%252F%252Fweibo.com%252Fajaxlogin.php%253Fframelogin%253D1%2526callback%253Dparent.sinaSSOController.feedBackUrlCallBack%2526sudaref%253Dweibo.com%26display%3D0%26ticket%3DST-NjEwODA2ODMzNw%3D%3D-1540447888-gz-5543B2E4AA42B67ED4C47EF9F7C5675C-1%26retcode%3D0&login_time=1540447887&sign=05ac6884d598bdbb&sr=1366%2A768
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9

2次跳轉之後就登入成功了,這個很多人的教程沒有寫,在這裡也啃了幾個小時.

引數SP

分析js後可以得到.這個比較簡單

			e.servertime = me.servertime;
            e.nonce = me.nonce;
            e.pwencode = "rsa2";
            e.rsakv = me.rsakv;
            // b即是sp引數
            var f = new sinaSSOEncoder.RSAKey;
            f.setPublic(me.rsaPubkey, "10001");
            b = f.encrypt([me.servertime, me.nonce].join("\t") + "\n" + b)

需要原始碼的聯絡我:[email protected]