Recently, I have nothing to do, and I have entered the NetEase registration interface cheaply, and I have the opportunity to write an automatic registration tool to register the web page, saving the cumbersome registration process (I have friends who are engaged in work that seems to brush reputation and registration volume, and earn a little extra money), because some tools are too large, and it is also related to some of the company's interests. Please also take a detour---
I am using httpClient + jsoup
The following is a highlighted program principle:
domain : http://reg.163.com/reg/reg.jsp?product=urs
After analysis, since we only want to register, for us, we must first analyze the requests sent and the parameters carried by the main interface when registering
In the figure, you can see that this link is the most suspicious, when it is a post request first, and if you look closely, you will find that important information is username_r username, password and cpassword are passwords and repeated passwords. However, there is also the codez parameter that has been tried in many books, and it is found that it is not a fixed value, and radomPassId is likely to be a random number according to the name. Generally, in order to save trouble, even if these parameters are difficult to capture, but lazy people like to put them in the form form and submit it together with the form, try this method first, let's continue to locate the form form
Sure enough, I hit a hit, and I found that there are many input tags with the type attribute value hidden here, and the parameters are basically all here, and basically all of them have id attributes (I'm really lazy to go home). If it is really randomly generated locally, it is easy to say, but we found that when entering the verification code, the codez has a certain algorithm, and it is difficult to say whether the radomPassId thing is locally generated, now only check their js files, because these parameters are all with id attributes, so first check the id to check, first check the source code of the web page, find scrip and remove the tag containing the src attribute in the t tag
Click the link directly to enter, first look up from codez, enter the js interface to directly find #codez or codez
/js2/reg/checkForm.js?20150210100This interface will appear with 5 possible results
Interpreting this js fragment, we can learn that there may be an exception in the process of retrieving this codez, and the value of the codez after the exception is NULL by default. This means that codez can be NULL (too lazy, too lazy), and on the other hand, it proves that codez can directly carry the NULL value and pass it directly to the server, so that the codez value has been determined to be NULL.
Let's start looking for another indeterminate parameter radomPassID, which is known through the formsyscheckcode, start looking up in jssyscheckcode, finally there/js2/common.js?20150210100I found the js fragment of operating this tag through id, and after interpretation, I found that there should be no screenshot here, and the source code should be released (some children's shoes should be happy after reading it)
crawley.rar
(7.42 KB, Number of downloads: 0, Selling price: 2 Grain MB)
|
Posted on 2/12/2015 1:41:06 PM
|
|
|
|
