RSA公开密钥密码体制。所谓的公开密钥密码体制就是使用不同的加密密钥与解密密钥,是一种“由已知加密密钥推导出解密密钥在计算上是不可行的”密码体制。
前端使用的對密碼的加密方式
获取modules的方式
使用python 对密码加密
password = str(mm).encode("utf8").decode("utf8") name = str(yhm).encode("utf8").decode("utf8") weibo_rsa_e = 65537 message = str(password).encode() rsa_n = binascii.b2a_hex(binascii.a2b_base64(modules)) key = rsa.PublicKey(int(rsa_n, 16), weibo_rsa_e) encropy_pwd = rsa.encrypt(message, key) password = binascii.b2a_base64(encropy_pwd)
用bs4 获取csrftoken
page = session.get(url) soup = bs(page.text, "html.parser") # 获取认证口令csrftoken csrftoken = soup.find(id="csrftoken").get("value")
完整获取cookie代码
# -*- coding:UTF-8 -*- import binascii import requests from bs4 import BeautifulSoup as bs import time import rsa def get_cookie(yhm, mm): now_time = int(time.time()) url = "http://学校地址/jwglxt/xtgl/login_slogin.html?language=zh_CN&_t=" session = requests.Session() publickey = session.get( 'http://学校地址/jwglxt/xtgl/login_getPublicKey.html?time=1611556780554&_=1611556779458').json() modules = publickey["modulus"] page = session.get(url) soup = bs(page.text, "html.parser") # 获取认证口令csrftoken csrftoken = soup.find(id="csrftoken").get("value") password = str(mm).encode("utf8").decode("utf8") name = str(yhm).encode("utf8").decode("utf8") weibo_rsa_e = 65537 message = str(password).encode() rsa_n = binascii.b2a_hex(binascii.a2b_base64(modules)) key = rsa.PublicKey(int(rsa_n, 16), weibo_rsa_e) encropy_pwd = rsa.encrypt(message, key) password = binascii.b2a_base64(encropy_pwd) header = { 'Accept': 'text/html, */*; q=0.01', 'Accept-Encoding': 'gzip, deflate', 'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0', 'Connection': 'keep-alive', 'Referer': url + str(now_time), 'Upgrade-Insecure-Requests': '1', } data = { 'csrftoken': csrftoken, 'mm': password, 'mm': password, 'yhm': name } request = session.post(url, headers=header, data=data) cookie = request.request.headers['cookie'] return cookie if __name__ == '__main__': yhm = '' # 账号 mm = "" # 密码 cookie = get_cookie(yhm, mm) print(cookie)
难点可能就是RSA 加密,通过公钥进行加密,使用python 实现
解密方式2:
# -*- coding:UTF-8 -*- import requests import base64 import rsa from bs4 import BeautifulSoup as bs yhm = '*****' mm = b"*****" session = requests.Session() publickey = session.get( 'http://*******/jwglxt/xtgl/login_getPublicKey.html?time=1611556780554&_=1611556779458').json() b_modulus = base64.b64decode(publickey['modulus']) # 将base64解码转为bytes b_exponent = base64.b64decode(publickey['exponent']) # 将base64解码转为bytes # 公钥生成, python3从bytes中获取int:int.from_bytes(bstring,'big') mm_key = rsa.PublicKey(int.from_bytes(b_modulus, 'big'), int.from_bytes(b_exponent, 'big')) # 利用公钥加密,bytes转为base64编码 rsa_mm = base64.b64encode(rsa.encrypt(mm, mm_key)) url = "http://*******/jwglxt/xtgl/login_slogin.html?time=1611556053622" headers = { 'Connection': 'keep-alive', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'Upgrade-Insecure-Requests': '1', 'Origin': 'http://25.system.haue.edu.cn:38025', 'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Referer': 'http://25.system.haue.edu.cn:38025/jwglxt/xtgl/login_slogin.html?time=1611555951506', 'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8', } page = session.get(url) soup = bs(page.text, "html.parser") # 获取认证口令csrftoken csrftoken = soup.find(id="csrftoken").get("value") postdata = {'csrftoken': csrftoken, 'yhm': yhm, 'mm': rsa_mm, "language": "zh_CN"} rq = session.post(url, data=postdata) print(rq.request.headers['Cookie'])