`
wangking717
  • 浏览: 257561 次
  • 性别: Icon_minigender_2
  • 来自: 成都
社区版块
存档分类
最新评论

用HttpClient模拟登陆OpenID.org.cn

ApacheChromeSafariWindows工作 
阅读更多

在模拟登陆之前做的准备工作就是利用抓包工具分析数据,推荐用wireshark。本次抓openid.org.cn,纯属演示,没实际意义,切勿搞破坏或者偷数据。

 

抓包下来的数据如下:


看来OpenID没做什么安全机制方面的考虑,就单纯的讲文本域username,password post到www.openid.org.cn/login上。

 

OK。万事俱备只欠东风,开始模拟登陆吧。

 

 

package test;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;

import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.BasicResponseHandler;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HTTP;

public class SimulateLogin {

	    private HttpClient httpClient;  
	  
	    public SimulateLogin(String loginURL,String userName, String password) {  
	        this.httpClient = new DefaultHttpClient();  
	        // 构造一个POST请求
	        HttpPost httpPost = new HttpPost(loginURL);  
	        //httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3");    //如果对方系统没做特殊限制,可不用
	        // 将要POST的数据封包  
	        List<NameValuePair> params = new ArrayList<NameValuePair>();  
	        params.add(new BasicNameValuePair("username", userName));  
	        params.add(new BasicNameValuePair("password", password));  
	  
	        // 封包添加到Post请求  
	        try {  
	            httpPost.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8));  
	        } catch (UnsupportedEncodingException e1) {  
	            e1.printStackTrace();  
	        }
	        HttpResponse response = postMethod(httpPost); 
	    }  
	  
	    /**
	     * 嗅探指定的GET页面
	     * @param url
	     * @return String txt
	     */
	    public String notifyGetPage(String url) {  
	        HttpGet get = new HttpGet(url);  
	        ResponseHandler<String> responseHandler = new BasicResponseHandler();  
	        String txt = null;  
	        try {  
	            txt = httpClient.execute(get, responseHandler);  
	        } catch (ClientProtocolException e) {  
	            e.printStackTrace();  
	        } catch (IOException e) {  
	            e.printStackTrace();  
	        } finally {  
	            get.abort();  
	        }  
	        return txt;  
	    }  
	    
	    /**
	     * 嗅探指定的POST页面,,因为post方法要封装参数,因此在函数外部封装好传参  
	     * @param post
	     * @return String txt
	     */ 
	    public String notifyPostPage(HttpPost post) {  
	        ResponseHandler<String> responseHandler = new BasicResponseHandler();  
	        String txt = null;
	        try {  
	        	txt = httpClient.execute(post,responseHandler);  
	        } catch (ClientProtocolException e) {  
	            e.printStackTrace();  
	        } catch (IOException e) {  
	            e.printStackTrace();  
	        } finally {  
	            post.abort();  
	        }  
	        return txt;  
	    }
	  
	    // 用post方法向服务器请求 并获得响应,因为post方法要封装参数,因此在函数外部封装好传参  
	    public HttpResponse postMethod(HttpPost post) {  
	        HttpResponse resp = null;  
	        try {  
	            resp = httpClient.execute(post);  
	        } catch (ClientProtocolException e) {  
	            e.printStackTrace();  
	        } catch (IOException e) {  
	            e.printStackTrace();  
	        } finally {  
	            post.abort();  
	        }  
	        return resp;  
	    }
	  
	    // 用get方法向服务器请求 并获得响应  
	    public HttpResponse getMethod(String url) {  
	        HttpGet get = new HttpGet(url);  
	        HttpResponse resp = null;  
	        try {  
	            resp = httpClient.execute(get);  
	        } catch (ClientProtocolException e) {  
	            e.printStackTrace();  
	        } catch (IOException e) {  
	            e.printStackTrace();  
	        } finally {  
	            get.abort();  
	        }  
	        return resp;  
	    }  
	  
	    public static void main(String[] args) {  
	    	SimulateLogin simulateLogin = new SimulateLogin("http://www.openid.org.cn/login","【用户名】", "【密码】");  
	        System.out.println(simulateLogin.notifyGetPage("http://www.openid.org.cn/sites"));  //获得我访问过的站点信息
	    }  
	
}
 

 

很简单吧..这是最简单的登陆,如果站点用到验证码,或者用JS加密字符串,SSL的话,肯定会让你折腾大半天的。。

  • 大小: 52.7 KB
分享到:
| JAVA设计模式之代理模式:Proxy
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics