Skip to content

获得校内状态之模拟登陆版

HTTP抓包分析如下:
在清除了所有cookie之后访问Login.do:

?View Code TEXT
GET /Login.do HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: www.xiaonei.com
Connection: Keep-Alive

返回的response如下:

?View Code TEXT
HTTP/1.1 200 OK
Server: nginx/0.7.58
Date: Fri, 10 Jul 2009 08:04:36 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Encoding: gzip
Set-Cookie: kl=null; domain=.xiaonei.com; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT
Set-Cookie: societyguester=null; domain=.xiaonei.com; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT
Set-Cookie: XNESSESSIONID=9fc32ecc347c; domain=.xiaonei.com; path=/
Content-Length: 3108

提交登陆信息后获得:

?View Code TEXT
POST /Login.do HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.xiaonei.com/Login.do
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Host: login.xiaonei.com
Content-Length: 83
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: XNESSESSIONID=9fc32ecc347c
 
email=不告诉你&password=就是不告诉你&origURL=&formName=&method=&submit=%E7%99%BB%E5%BD%95

成功登陆后 返回如下:

?View Code TEXT
HTTP/1.1 302 Found
Server: nginx/0.7.58
Date: Fri, 10 Jul 2009 08:04:44 GMT
Content-Type: text/html
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://home.xiaonei.com/Home.do
Set-Cookie: kl=null; domain=.xiaonei.com; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT
Set-Cookie: societyguester=null; domain=.xiaonei.com; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT
Set-Cookie: login_email=null; domain=.xiaonei.com; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT
Set-Cookie: _de=B548F92A119B4C3D; domain=.xiaonei.com; expires=Mon, 05-Jul-2010 08:04:44 GMT
Set-Cookie: userid=200273337; domain=xiaonei.com; path=/
Set-Cookie: univid=1300014; domain=xiaonei.com; path=/
Set-Cookie: gender=1; domain=xiaonei.com; path=/
Set-Cookie: univyear=2004; domain=xiaonei.com; path=/
Set-Cookie: WebOnLineNotice_200273337=1; domain=.xiaonei.com; path=/; expires=Fri, 10-Jul-2009 08:09:44 GMT
Set-Cookie: societyguester=68448d3ce5e5188daaa5e2e4df8c57357; domain=.xiaonei.com; path=/
Set-Cookie: kl=f2efd4c3b713c43cc8bec00e0fd891a7_200273337; domain=.xiaonei.com; path=/
Set-Cookie: hostid=200273337; domain=.xiaonei.com; path=/
Set-Cookie: jebecookies=200273337|1|1986-8-2|20|0|1005_;1300014_;0_; domain=.xiaonei.com; path=/
Content-Length: 69

登陆后访问Home.do的抓包如下:

?View Code TEXT
GET /Home.do HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.xiaonei.com/Login.do
Accept-Language: zh-cn
Cookie: XNESSESSIONID=9fc32ecc347c; _de=B548F92A119B4C3D; userid=200273337; univid=1300014; gender=1; univyear=2004; WebOnLineNotice_200273337=1; societyguester=68448d3ce5e5188daaa5e2e4df8c57357; kl=f2efd4c3b713c43cc8bec00e0fd891a7_200273337; hostid=200273337; jebecookies=200273337|1|1986-8-2|20|0|1005_
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Connection: Keep-Alive
Cache-Control: no-cache
Host: home.xiaonei.com

分析结论如下:
GET Login.do –>获取XNSESSIONID–> POST Login.do附带cookie –>从Response里获取cookie–>GET Home.do附带cookie –>解析

源代码如下:
一个通用的模拟request的函数

?View Code PHP
/*
Author : 小包 silwings 艾特 gmail 到特 com
Copyright Reserved 转载请注明作者
*/
function http_request($host, $method, $body="", $cookie="", $lang="zh-cn",$encoding="gzip, deflate")
{
$fp = fsockopen($host, 80, $errno, $errstr, 15);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
    return "";
} 
//$fp = fopen("debug.txt", "w+");
$delimiter = "\r\n";
fputs($fp, "$method".$delimiter);
fputs($fp, 'Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*'.$delimiter);
fputs($fp, 'Accept-Language: '.$lang.$delimiter);
fputs($fp, "Accept-Encoding: ".$encoding.$delimiter);
fputs($fp, 'User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)'.$delimiter);
if(!empty($cookie)){
	fputs($fp,"Cookie: $cookie".$delimiter);
	}
fputs($fp, 'Cache-Control: no-cache'.$delimiter);
fputs($fp, "Host: $host".$delimiter);
fputs($fp, "Connection: Keep-Alive".$delimiter);
if(substr(trim($method),0,4) == "POST"){
	fputs($fp, 'Content-Type: application/x-www-form-urlencoded'.$delimiter);
	fputs($fp, 'Content-Length: '.strlen($body).$delimiter);
	fputs($fp, $delimiter);
	fputs($fp, $body.$delimiter);
	}
else{
	fputs($fp, $delimiter);
	}
//Response
$response="";
while(!feof($fp)){
	$response .= fgets($fp, 1024);
	}
fclose($fp);
return $response; 
}
 
function get_uncompressed_body($response){
	$delimiter = "\r\n";
	$res = substr($response,strpos($response,"$delimiter$delimiter")+4);
	//return gzuncompress($res);
	return $res;
}

模拟xiaonei登陆过程的代码:

?View Code PHP
include 'functions.php';
$email = "不告诉你";
$password = "就是不告诉你";
$response = http_request("www.xiaonei.com","GET /Login.do HTTP/1.1");
preg_match('/XNESSESSIONID=[0-9A-Za-z]+;/', $res, $matches);
$cookie = $matches[0];
$body = "email=$email&password=$password&origURL=&formName=&method=&submit=%E7%99%BB%E5%BD%95";
$response = http_request("www.xiaonei.com","POST /Login.do HTTP/1.1",$body,$cookie);
preg_match_all("/Set-Cookie:\s([0-9A-Za-z_]+=[0-9A-Fa-f\|;_-]+;)\sdomain=[\.]?xiaonei\.com/",$response,$matches,PREG_SET_ORDER);
foreach($matches as $var){
	$cookie .= $var[1];
	}
$response = http_request("home.xiaonei.com","GET /Home.do HTTP/1.1","",$cookie,"zh-cn","");
$body = get_uncompressed_body($response);
preg_match('/<span id="currentStatus" class="currentStatus">[\s]+(.*)<\/span>[\s]+<span id="statusUpdateTime" class="changetime">/s', $body, $matches);
echo '<span>'.$matches[1].'</span>';

Posted in MrCongWang.com. Tagged with , , .

By silwings
July 10, 2009

5 comments

5 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Saurooon said
    on July 24, 2009

    Super post, Need to mark it on Digg
    Thanks

  2. dickfu said
    on August 5, 2009

    请求的时候$encoding=”gzip, deflate” 不要gzip,得到的response就不用gunzip了

  3. silwings said
    on August 5, 2009

    你还真详细看了一遍啊。。

  4. ElenaLisvato said
    on August 6, 2009

    I don’t usually reply to posts but I will in this case. I’ve been experiencing this very same problem with a new WordPress installation of mine. I’ve spent weeks calibrating and getting it ready when all of a sudden… I cannot delete any content. It’s a workaround that, although isn’t perfect, does the trick so thanks! I really hope this problem gets solved properly asap.

  5. qilbore said
    on September 29, 2009

    你好,我是php初学者,想在自己的博客调用校内状态,直接复制你的代码没有反应,能不能打个包发给我啊,希望有个详细说明

Some HTML is OK

(required)

(required, but never shared)

or, reply to this post via trackback.