最近有任务需要实现通过用户名和口令自动登陆189邮箱,并下载189邮箱中的内容,所以通过burp研究了下189邮箱登陆的过程。幸亏189邮箱请求过程中没有参数是通过js生成的,不然就蛋疼了。
由于登陆过程设计到cookie,所以需要Cookielib模块,初始代码如下:
mcj=cookielib.MozillaCookieJar() opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(mcj)) urllib2.install_opener(opener)
在浏览器中访问mail.189.cn并登陆的详细过程与python实现如下:
1、可以看到第一个数据包不是mail.189.cn的,是因为访问mail.189.cn时通过js跳转了。
<html>
<head>
</head>
<script language="javascript">
function redirect(){
window.location="http://webmail6.189.cn/webmail/
";
}
</script>
<body onload="redirect()">
</body>
</html>
浏览器可以自动进行js跳转,但是python中的urllib2模块不行,所以python操作时需要通过正则表达式提取上面响应中window.location后面的地址。
#step 1
#get domain and url1
data=urllib2.urlopen("http://mail.189.cn").read()
url1=re.search('window.location="((.*?)/webmail/)"',data)
if url1:
domain=url1.group(2)
url1=url1.group(1)
print url1
print domain
else:
sys.exit(1)
2、提取跳转中的url,进行访问(当然这个url并不固定,子域名是随机的,访问mail.189.cn时生成)
请求和响应的头部信息如下,可以看到此过程中没有cookie交互。
GET /webmail/ HTTP/1.1 Host: webmail16.189.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://mail.189.cn/ Connection: keep-alive
HTTP/1.1 200 OK Server: nginx/1.4.4 Date: Tue, 10 Dec 2013 02:22:55 GMT Content-Type: text/html;charset=utf-8 Connection: keep-alive Vary: Accept-Encoding Cache-Control: no-cache Expires: Thu, 01 Dec 1994 16:00:00 GMT Set-Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; path=/ Content-Length: 16497
响应数据包的内容中有下一步需要访问的url:
<div>天翼帐号登录</div> <!--<iframe allowtransparency="true" src="ubd/ubd.html" frameborder="0" scrolling="no"></iframe>--> <iframe allowtransparency="true" allowtransparency="true" src="/webmail/uniPlatformLogin.do?rd=-1252321056" frameborder="0" scrolling="no"></iframe> <div></div> <div> <a href="javascript:void(0);" onclick="testbegin()"><span id="speedfn">登录太慢?点击解决</span><span></span></a> <a href="http://epay.21cn.com/initOrder.do?productID=P20130116121717796&packageID=S20130116121850546" target="_blank">订购VIP服务 >></a> </div> <div> <div><a href="http://market.21cn.com/w/free/test/test/189HappyPerYear.html" target="_blank">中国电信天翼年欢惠双节大促销! </a></div> <div>| <a href="http://help.189.cn/plus/list.php?tid=592" target="_blank">新手指南</a></div> </div> </div>
其中框架的src就是下一步需要访问的url,需要通过正则表达式来提取。
#step 2
#browser url1 (example:http://webmail16.189.cn/webmail/)
data=urllib2.urlopen(url1).read()
url2=re.search('<iframe allowtransparency="true" allowtransparency="true" src="/webmail/(.*?)"',data)
if url2:
url2=url1+url2.group(1)
print url2
else:
sys.exit(1)
3、访问上面正则提取的url(example:http://webmail16.189.cn/webmail/uniPlatformLogin.do?rd=-816835472)
请求数据包为
GET /webmail/uniPlatformLogin.do?rd=-816835472 HTTP/1.1 Host: webmail16.189.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://webmail16.189.cn/webmail/ Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl Connection: keep-alive
相应数据包为
HTTP/1.1 302 Found Server: nginx/1.4.4 Date: Tue, 10 Dec 2013 02:22:55 GMT Content-Type: text/html Content-Length: 424 Connection: keep-alive Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1¶s=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect Set-Cookie: LSID=000003061955488-20131210022255886462-022; domain=.189.cn; path=/ The URL has moved <a href="http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1¶s=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect">here</a>
可以看到url进行自动跳转,urllib2模块是可以自动跳转的,所以不用任何操作,直接访问即可。
#step 3 #browser url1 data=urllib2.urlopen(url2) url3=data.geturl()
上面页面自动跳转到http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1¶s=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect
4、这个页面就是提交登陆信息的页面,发现和上面跳转后的地址一模一样,所以上一步需要通过geturl()来获取跳转后的url来供这一步访问。
请求包:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1¶s=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect Cookie: LSID=000003061955488-20131210022255886462-022; JSESSIONID=abcqG9dPjteLKg30huAlu Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 82 userName=13541295162&password=541374wang&Readed=on&ibtn_Login=%E7%99%BB++%E5%BD%95
响应包
HTTP/1.1 200 OK
Server: Tengine/1.4.6
Date: Tue, 10 Dec 2013 02:23:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP=CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE
Content-Language: zh-CN
Set-Cookie: SSON=57effa525080063a774c0b063df3844dde36dbf3ae12389fa35a9bc0a8f4af06242f3ebac906aae12b53a172e297961464dff7892744a04edf979e4387a75ed82e640250917828c0; domain=.e.189.cn; path=/
Content-Length: 1412
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="http://open.e.189.cn:80/api/">
<title>éå®åä¸</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
<script type="text/javascript">
document.domain = "189.cn";
function redirect() {
//window.parent.location.href = 'http://webmail16.189.cn/webmail/uniPlatformLoginReturn.do?appId=189mail¶s=735B84CA0128CC47A9607CC19EF8C8FBE21CF6CCABAE6CDA9DF1154D3C9602348D6CD6F894A0C062F5DD8EF4B75CDF9AE27F6234F342D891CBE54AA48D5784D3872902682F4AF44F7F13A4A51B13D1C76B50B0929B0031E5E3F1E92D&sign=355E65D6D9EC521B996F5A5CE19A6E107EA9A3B6';
window.open ('http://webmail16.189.cn/webmail/uniPlatformLoginReturn.do?appId=189mail¶s=735B84CA0128CC47A9607CC19EF8C8FBE21CF6CCABAE6CDA9DF1154D3C9602348D6CD6F894A0C062F5DD8EF4B75CDF9AE27F6234F342D891CBE54AA48D5784D3872902682F4AF44F7F13A4A51B13D1C76B50B0929B0031E5E3F1E92D&sign=355E65D6D9EC521B996F5A5CE19A6E107EA9A3B6','_parent');
}
</script>
</head>
<body onLoad="redirect()">
</body>
</html>
其中响应中包含着下一步需要访问的页面,需要通过正则表达式提取。
#step4 #login post_data="userName="+username+"&password="+password+"&Readed=on&ibtn_Login=%E7%99%BB++%E5%BD%95" print post_data data=urllib2.urlopen(url3,post_data).read() url4=re.search(r"window.parent.location.href = '(.*?)';",data) if url4: url4=url4.group(1) print url4 else: print "invalid username or password" sys.exit(1)
5、提取上面的js中的地址,进行访问
请求头:
GET /webmail/uniPlatformLoginReturn.do?appId=189mail¶s=735B84CA0128CC47A9607CC19EF8C8FBE21CF6CCABAE6CDA9DF1154D3C9602348D6CD6F894A0C062F5DD8EF4B75CDF9AE27F6234F342D891CBE54AA48D5784D3872902682F4AF44F7F13A4A51B13D1C76B50B0929B0031E5E3F1E92D&sign=355E65D6D9EC521B996F5A5CE19A6E107EA9A3B6 HTTP/1.1 Host: webmail16.189.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1¶s=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; LSID=000003061955488-20131210022255886462-022 Connection: keep-alive
响应:
HTTP/1.1 302 Found Server: nginx/1.4.4 Date: Tue, 10 Dec 2013 02:23:21 GMT Content-Type: text/html Content-Length: 86 Connection: keep-alive Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://webmail16.189.cn/webmail/forwardlogin.jsp Set-Cookie: LSID=000003061955488-20131210022255886462-022; domain=.189.cn; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT Set-Cookie: SESSION_ID=000000084761504-20131210022321330526-022; domain=.189.cn; path=/ Set-Cookie: ACCOUNT=13541295162@189.cn; domain=.189.cn; path=/ Set-Cookie: SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074; domain=.189.cn; path=/ The URL has moved <a href="http://webmail16.189.cn/webmail/forwardlogin.jsp">here</a>
可以看到页面又自动跳转了,所以不用管,继续看跳转后的包。
GET /webmail/forwardlogin.jsp HTTP/1.1 Host: webmail16.189.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1¶s=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; SESSION_ID=000000084761504-20131210022321330526-022; ACCOUNT=13541295162@189.cn; SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074 Connection: keep-alive HTTP/1.1 200 OK Server: nginx/1.4.4 Date: Tue, 10 Dec 2013 02:23:22 GMT Content-Type: text/html;charset=utf-8 Connection: keep-alive Vary: Accept-Encoding Content-Length: 347 <html> <head> <title></title> </head> <body> <table width="100%" height="100%" align="center" cellpadding="0" cellspacing="0"> <tr> <td valign="middle" align="center"> å è½½ä¸... </td> </tr> </table> <script> window.location.href="/webmail/logon.do?uud=1"; </script> </body> </html>
这次虽然也是跳转,不过是通过js跳转的,urllib2模块不会自动跳转的,所以需要提取其中的url供下一步访问。
#step 5 #browser url4 data=urllib2.urlopen(url4).read() url5=re.search(r'window.location.href="(.*?)"',data) if url5: url5=domain+url5.group(1) print url5 else: sys.exit(1)
6、访问上一步提取的url
GET /webmail/logon.do?uud=1 HTTP/1.1 Host: webmail16.189.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://webmail16.189.cn/webmail/forwardlogin.jsp Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; SESSION_ID=000000084761504-20131210022321330526-022; ACCOUNT=13541295162@189.cn; SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074 Connection: keep-alive HTTP/1.1 302 Found Server: nginx/1.4.4 Date: Tue, 10 Dec 2013 02:23:23 GMT Content-Type: text/html Content-Length: 79 Connection: keep-alive Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Location: http://webmail16.189.cn/webmail/signOn.do Set-Cookie: VERIFY_LOGON=7e0763f479ce9f4a98cba921d38659c2; domain=.189.cn; path=/ The URL has moved <a href="http://webmail16.189.cn/webmail/signOn.do">here</a>
可以看到又是自动跳转,不用管,看看跳转后的数据包,如下
GET /webmail/signOn.do HTTP/1.1 Host: webmail16.189.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://webmail16.189.cn/webmail/forwardlogin.jsp Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; SESSION_ID=000000084761504-20131210022321330526-022; ACCOUNT=13541295162@189.cn; SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074; VERIFY_LOGON=7e0763f479ce9f4a98cba921d38659c2 Connection: keep-alive HTTP/1.1 200 OK Server: nginx/1.4.4 Date: Tue, 10 Dec 2013 02:23:24 GMT Content-Type: text/html;charset=utf-8 Connection: keep-alive Vary: Accept-Encoding Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Length: 52201
ok,到现在获取的cookie信息已经足够了。后面就不用管了。
详细的代码如下:
#coding=utf-8
import urllib2
import urllib
import cookielib
import sys
import re
def mail189_login(username,password):
mcj=cookielib.MozillaCookieJar()
opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(mcj))
urllib2.install_opener(opener)
headers ={"User-agent":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1"}
#step 1
#get domain and url1
data=urllib2.urlopen("http://mail.189.cn").read()
url1=re.search('window.location="((.*?)/webmail/)"',data)
if url1:
domain=url1.group(2)
url1=url1.group(1)
print url1
print domain
else:
sys.exit(1)
#step 2
#browser url1
data=urllib2.urlopen(url1).read()
url2=re.search('<iframe allowtransparency="true" allowtransparency="true" src="/webmail/(.*?)"',data)
if url2:
url2=url1+url2.group(1)
print url2
else:
sys.exit(1)
#step 3
#browser url1
data=urllib2.urlopen(url2)
url3=data.geturl()
#step4
#login
post_data="userName="+username+"&password="+password+"&Readed=on&ibtn_Login=%E7%99%BB++%E5%BD%95"
print post_data
data=urllib2.urlopen(url3,post_data).read()
url4=re.search(r"window.parent.location.href = '(.*?)';",data)
if url4:
url4=url4.group(1)
print url4
else:
print "invalid username or password"
sys.exit(1)
#step 5
#browser url4
data=urllib2.urlopen(url4).read()
url5=re.search(r'window.location.href="(.*?)"',data)
if url5:
url5=domain+url5.group(1)
print url5
else:
sys.exit(1)
#step 6
#browser url5
data=urllib2.urlopen(url5)
print data.geturl()
#print mcj._cookies.values()
cookie_str=""
for cookie in mcj:
cookie_str=cookie_str+cookie.name+"="+cookie.value+"; "
cookie_str=cookie_str[:-2]
print cookie_str
转载请注明:jinglingshu的博客 » 189邮箱登陆过程分析与python实现