爬虫闯关链接:
1. http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/
2. http://www.heibanke.com/accounts/login
知识点:cookie & session , csrf , Web编程,多线程密码枚举
提示:和第三题一样,看清楚,题目在http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/登录后显示,而不是URL链接2的登录界面。从URL 1 或URL 2中获取Cookie(CSRFTOKEN)登录,然后得到一个提示密码很长的页面。随便输入帐号密码,会跳出一个页面让你找密码,密码文档页面加载非常慢,是由于后端人为限制时间,密码位置随机生成,从页数与行数可知密码一共100位。为了加快猜测时间,我们要为每一个密码页面开一个线程(多线程处理),提高枚举密码的速度。
参考代码:
#!/usr/bin/env python
# encoding: utf-8
import requests
import sys
import re
import threading
reload(sys)
sys.setdefaultencoding("utf-8")
csrf = ""
username = "Peter"
password = "112233"
final_password = ""
payload_login = {
"username":username,
"password":password,
"csrfmiddlewaretoken":csrf
}
dict = {}
thread = []
website_signUp = "http://www.heibanke.com/accounts/login"
website_login = "http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex03/"
website_PWlist = "http://www.heibanke.com/lesson/crawler_ex03/pw_list/?page=%s"
s = requests.Session()
s.get(website_signUp)
csrf = s.cookies["csrftoken"]
payload_login["csrfmiddlewaretoken"] = csrf
s.post(website_login,data=payload_login)
csrf = s.cookies["csrftoken"]
def GetPassword(page):
global dict
while True:
resp = s.get(website_PWlist%page)
word_pos = re.findall('<td data-toggle="tooltip" data-placement="left" title="password_pos">(d+)</td>', resp.content)
word_val = re.findall('<td data-toggle="tooltip" data-placement="left" title="password_val">(d+)</td>', resp.content)
for i in range(len(word_pos)):
dict[int(word_pos[i])] = word_val[i]
print word_pos[i]+" -- "+word_val[i]
if len(dict)==100:
break
def main():
global dict
global final_password
for i in range(1,14):
t = threading.Thread(target=GetPassword,args=(i,))
thread.append(t)
for i in thread:
i.start()
print "Thread Runing"
for i in thread:
i.join()
print "Thread Join"
if len(dict)==100:
k = dict.keys()
k.sort()
for i in range(len(dict)):
final_password += dict[k[i]]
print "[+]FOUND:" + final_password
if __name__ == '__main__':
main()