原文地址https://www.cnblogs.com/yoyoketang/p/9098096.html

原文地址https://www.cnblogs.com/yoyoketang/p/6886610.html

原文地址https://www.cnblogs.com/yoyoketang/

原文地址https://www.cnblogs.com/yoyoketang/p/7259993.html

前言

登录网站的时候,经常会遇到传token参数,token关联并不难,难的是找出服务器第一次返回token的值所在的位置,取出来后就可以动态关联了

登录拉勾网

1.先找到登录首页https://passport.lagou.com/login/login.html,输入账号和密码登录,抓包看详情

1070438-20180527231155953-689282773.png

2.再重新登录一次抓包看的时候,头部有两个参数是动态的,token和code值每次都会不一样,只能用一次

X-Anit-Forge-Token: 45aa69d8-4afa-4235-8957-9dde7af1903e

X-Anit-Forge-Code: 20765316

找到token生成的位置

1.打开登录首页https://passport.lagou.com/login/login.html,直接按F5刷新(只做刷新动作,不输入账号和密码),然后从返回的页面找到token生成的位置

window.X_Anti_Forge_Code= '74603111';

前端的代码,注释内容暴露了token位置,嘿嘿!

1070438-20180527233948521-958401619.png

2.接下来从返回的html里面解析出token和code两个参数的值

#coding:utf-8

importrequestsimportrefrom bs4 importBeautifulSoup#作者:上海-悠悠 QQ交流群:512200893

defgetTokenCode(s):'''要从登录页面提取token,code, 然后在头信息里面添加

window.X_Anti_Forge_Token = 'dde4db4a-888e-47ca-8277-0c6da6a8fc19';

window.X_Anti_Forge_Code = '61142241';

'''url= 'https://passport.lagou.com/login/login.html'h={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0",

}#更新session的headers

s.headers.update(h)

data= s.get(url, verify=False)

soup= BeautifulSoup(data.content, "html.parser", from_encoding='utf-8')

tokenCode={}try:

t= soup.find_all('script')[1].get_text()print(t)

tokenCode['X_Anti_Forge_Token'] = re.findall(r"Token = '(.+?)'", t)[0]

tokenCode['X_Anti_Forge_Code'] = re.findall(r"Code = '(.+?)'", t)[0]except:print("获取token和code失败")

tokenCode['X_Anti_Forge_Token'] = ""tokenCode['X_Anti_Forge_Code'] = ""

return tokenCode

模拟登陆

1.登陆的时候这里密码参数虽然加密了,但是是固定的加密方式,所以直接复制抓包的加密后字符串就行了

#coding:utf-8

importrequestsimportrefrom bs4 importBeautifulSoup#作者:上海-悠悠 QQ交流群:512200893

deflogin(s, gtoken, user, psw):'''function:登录拉勾网网站

:param s: 传s = requests.session()

:param gtoken: 上一函数getTokenCode返回的tokenCode

:param user: 账号

:param psw: 密码

:return: 返回json'''url2= 'https://passport.lagou.com/login/login.json'h2={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0","Content-Type": "application/x-www-form-urlencoded; charset=UTF-8","X-Requested-With": "XMLHttpRequest","X-Anit-Forge-Token": gtoken['X_Anti_Forge_Token'],"X-Anit-Forge-Code": gtoken['X_Anti_Forge_Code'],"Referer": "https://passport.lagou.com/login/login.html",

}#更新s的头部

s.headers.update(h2)

body={"isValidate":'true',"username": user,"password": psw,"request_form_verifyCode": "","submit": ""}

r2= s.post(url2 , data=body, verify=False)print(r2.text)return r2.json()

密码加密

1.这里密码是md5加密的(百度看了其它大神的博客,才知道的)

#coding:utf-8

importrequestsimportrefrom bs4 importBeautifulSoupimporthashlibdefencryptPwd(passwd):#作者:上海-悠悠 QQ交流群:512200893

#对密码进行了md5双重加密

passwd = hashlib.md5(passwd.encode('utf-8')).hexdigest()#veennike 这个值是在js文件找到的一个写死的值

passwd = 'veenike'+passwd+'veenike'passwd= hashlib.md5(passwd.encode('utf-8')).hexdigest()returnpasswdif __name__ == "__main__":#测试密码123456

print(encryptPwd("123456"))

输出结果:

1070438-20180527232251228-1133827746.png

2.跟抓包的数据对比,发现是一样的,说明加密成功

1070438-20180527232440530-1811294784.png

参考代码:

#coding:utf-8

importrequestsimportrefrom bs4 importBeautifulSoupimporturllib3importhashlib

urllib3.disable_warnings()#作者:上海-悠悠 QQ交流群:512200893

classLoginLgw():def __init__(self, s):

self.s=sdefgetTokenCode(self):'''要从登录页面提取token,code, 然后在头信息里面添加

window.X_Anti_Forge_Token = 'dde4db4a-888e-47ca-8277-0c6da6a8fc19';

window.X_Anti_Forge_Code = '61142241';

'''url= 'https://passport.lagou.com/login/login.html'h={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0",

}#更新session的headers

self.s.headers.update(h)

data= self.s.get(url, verify=False)

soup= BeautifulSoup(data.content, "html.parser", from_encoding='utf-8')

tokenCode={}try:

t= soup.find_all('script')[1].get_text()print(t)

tokenCode['X_Anti_Forge_Token'] = re.findall(r"Token = '(.+?)'", t)[0]

tokenCode['X_Anti_Forge_Code'] = re.findall(r"Code = '(.+?)'", t)[0]returntokenCodeexcept:print("获取token和code失败")

tokenCode['X_Anti_Forge_Token'] = ""tokenCode['X_Anti_Forge_Code'] = ""

returntokenCodedefencryptPwd(self,passwd):#对密码进行了md5双重加密

passwd = hashlib.md5(passwd.encode('utf-8')).hexdigest()#veennike 这个值是在js文件找到的一个写死的值

passwd = 'veenike'+passwd+'veenike'passwd= hashlib.md5(passwd.encode('utf-8')).hexdigest()returnpasswddeflogin(self, user, psw):'''function:登录拉勾网网站

:param user: 账号

:param psw: 密码

:return: 返回json'''gtoken=self.getTokenCode()print(gtoken)print(gtoken['X_Anti_Forge_Token'])print(gtoken['X_Anti_Forge_Code'])

url2= 'https://passport.lagou.com/login/login.json'h2={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0","Content-Type": "application/x-www-form-urlencoded; charset=UTF-8","X-Requested-With": "XMLHttpRequest","X-Anit-Forge-Token": gtoken['X_Anti_Forge_Token'],"X-Anit-Forge-Code": gtoken['X_Anti_Forge_Code'],"Referer": "https://passport.lagou.com/login/login.html",

}#更新s的头部

self.s.headers.update(h2)

passwd=self.encryptPwd(psw)

body={"isValidate":'true',"username": user,"password": passwd,"request_form_verifyCode": "","submit": ""}

r2= self.s.post(url2 , data=body, verify=False)try:print(r2.text)returnr2.json()except:print("登录异常信息:%s" %r2.text)returnNoneif __name__ == "__main__":

s=requests.session()

lgw=LoginLgw(s)

lgw.login("15221000000", "123456")

Logo
EazyDevelop社区

一站式 AI 云服务平台

更多推荐

cover

国内低代码平台:2025 年国内主流平台盘点

avatar EazyDevelop社区
cover

从零开始搭建个人RAG知识库:RAGFlow+DeepSeek保姆级教程!

avatar EazyDevelop社区
cover

5分钟搞定!MySQL/PostgreSQL 到 Elasticsearch 的实时同步

avatar EazyDevelop社区