用HttpClient模擬登陸OpenID.org.cn
阿新 • • 發佈:2019-01-11
在模擬登陸之前做的準備工作就是利用抓包工具分析資料,推薦用wireshark。本次抓openid.org.cn,純屬演示,沒實際意義,切勿搞破壞或者偷資料。
抓包下來的資料如下:
看來OpenID沒做什麼安全機制方面的考慮,就單純的講文字域username,password post到www.openid.org.cn/login上。
OK。萬事俱備只欠東風,開始模擬登陸吧。
package test; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.List; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.HttpClient; import org.apache.http.client.ResponseHandler; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.BasicResponseHandler; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.message.BasicNameValuePair; import org.apache.http.protocol.HTTP; public class SimulateLogin { private HttpClient httpClient; public SimulateLogin(String loginURL,String userName, String password) { this.httpClient = new DefaultHttpClient(); // 構造一個POST請求 HttpPost httpPost = new HttpPost(loginURL); //httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"); //如果對方系統沒做特殊限制,可不用 // 將要POST的資料封包 List<NameValuePair> params = new ArrayList<NameValuePair>(); params.add(new BasicNameValuePair("username", userName)); params.add(new BasicNameValuePair("password", password)); // 封包新增到Post請求 try { httpPost.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8)); } catch (UnsupportedEncodingException e1) { e1.printStackTrace(); } HttpResponse response = postMethod(httpPost); } /** * 嗅探指定的GET頁面 * @param url * @return String txt */ public String notifyGetPage(String url) { HttpGet get = new HttpGet(url); ResponseHandler<String> responseHandler = new BasicResponseHandler(); String txt = null; try { txt = httpClient.execute(get, responseHandler); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { get.abort(); } return txt; } /** * 嗅探指定的POST頁面,,因為post方法要封裝引數,因此在函式外部封裝好傳參 * @param post * @return String txt */ public String notifyPostPage(HttpPost post) { ResponseHandler<String> responseHandler = new BasicResponseHandler(); String txt = null; try { txt = httpClient.execute(post,responseHandler); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { post.abort(); } return txt; } // 用post方法向伺服器請求 並獲得響應,因為post方法要封裝引數,因此在函式外部封裝好傳參 public HttpResponse postMethod(HttpPost post) { HttpResponse resp = null; try { resp = httpClient.execute(post); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { post.abort(); } return resp; } // 用get方法向伺服器請求 並獲得響應 public HttpResponse getMethod(String url) { HttpGet get = new HttpGet(url); HttpResponse resp = null; try { resp = httpClient.execute(get); } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { get.abort(); } return resp; } public static void main(String[] args) { SimulateLogin simulateLogin = new SimulateLogin("http://www.openid.org.cn/login","【使用者名稱】", "【密碼】"); System.out.println(simulateLogin.notifyGetPage("http://www.openid.org.cn/sites")); //獲得我訪問過的站點資訊 } }
很簡單吧..這是最簡單的登陸,如果站點用到驗證碼,或者用JS加密字串,SSL的話,肯定會讓你折騰大半天的。。