最新消息:

189邮箱登陆过程分析与python实现

Python admin 1699浏览 0评论

最近有任务需要实现通过用户名和口令自动登陆189邮箱,并下载189邮箱中的内容,所以通过burp研究了下189邮箱登陆的过程。幸亏189邮箱请求过程中没有参数是通过js生成的,不然就蛋疼了。

由于登陆过程设计到cookie,所以需要Cookielib模块,初始代码如下:

    mcj=cookielib.MozillaCookieJar()
    opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(mcj))
    urllib2.install_opener(opener)

在浏览器中访问mail.189.cn并登陆的详细过程与python实现如下:

20131211213807

1、可以看到第一个数据包不是mail.189.cn的,是因为访问mail.189.cn时通过js跳转了。

<html>
        <head>
        </head>
                <script language="javascript">
                        function redirect(){
                                window.location="http://webmail6.189.cn/webmail/
";
                        }
                </script>
        <body onload="redirect()">
        </body>
</html>

浏览器可以自动进行js跳转,但是python中的urllib2模块不行,所以python操作时需要通过正则表达式提取上面响应中window.location后面的地址。

    #step 1
    #get domain and url1
    data=urllib2.urlopen("http://mail.189.cn").read()
    url1=re.search('window.location="((.*?)/webmail/)"',data)
    if url1:
        domain=url1.group(2)
        url1=url1.group(1)
        print url1
        print domain
    else:
        sys.exit(1)

2、提取跳转中的url,进行访问(当然这个url并不固定,子域名是随机的,访问mail.189.cn时生成)

请求和响应的头部信息如下,可以看到此过程中没有cookie交互。

GET /webmail/ HTTP/1.1
Host: webmail16.189.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://mail.189.cn/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Tue, 10 Dec 2013 02:22:55 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; path=/
Content-Length: 16497

 

响应数据包的内容中有下一步需要访问的url:

<div>天翼帐号登录</div>
            <!--<iframe allowtransparency="true" src="ubd/ubd.html"  frameborder="0" scrolling="no"></iframe>-->

            <iframe allowtransparency="true" allowtransparency="true" src="/webmail/uniPlatformLogin.do?rd=-1252321056"  frameborder="0" scrolling="no"></iframe>

            <div></div>
            <div>
                <a href="javascript:void(0);" onclick="testbegin()"><span id="speedfn">登录太慢?点击解决</span><span></span></a>
                <a href="http://epay.21cn.com/initOrder.do?productID=P20130116121717796&packageID=S20130116121850546" target="_blank">订购VIP服务&nbsp;>></a>
            </div>
            <div>
                <div><a href="http://market.21cn.com/w/free/test/test/189HappyPerYear.html" target="_blank">中国电信天翼年欢惠双节大促销!
</a></div>
                <div>|&nbsp;&nbsp;<a href="http://help.189.cn/plus/list.php?tid=592" target="_blank">新手指南</a></div>

            </div>
        </div>

其中框架的src就是下一步需要访问的url,需要通过正则表达式来提取。

    #step 2
    #browser url1   (example:http://webmail16.189.cn/webmail/)
    data=urllib2.urlopen(url1).read()
    url2=re.search('<iframe allowtransparency="true" allowtransparency="true" src="/webmail/(.*?)"',data)
    if url2:
        url2=url1+url2.group(1)
        print url2
    else:
        sys.exit(1)

3、访问上面正则提取的url(example:http://webmail16.189.cn/webmail/uniPlatformLogin.do?rd=-816835472)

请求数据包为

GET /webmail/uniPlatformLogin.do?rd=-816835472 HTTP/1.1
Host: webmail16.189.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://webmail16.189.cn/webmail/
Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl
Connection: keep-alive

相应数据包为

HTTP/1.1 302 Found
Server: nginx/1.4.4
Date: Tue, 10 Dec 2013 02:22:55 GMT
Content-Type: text/html
Content-Length: 424
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1&paras=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect
Set-Cookie: LSID=000003061955488-20131210022255886462-022; domain=.189.cn; path=/

The URL has moved <a href="http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1&paras=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect">here</a>

可以看到url进行自动跳转,urllib2模块是可以自动跳转的,所以不用任何操作,直接访问即可。

     #step 3
    #browser url1
    data=urllib2.urlopen(url2)
    url3=data.geturl()

上面页面自动跳转到http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1&paras=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect

4、这个页面就是提交登陆信息的页面,发现和上面跳转后的地址一模一样,所以上一步需要通过geturl()来获取跳转后的url来供这一步访问。

请求包:

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1&paras=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect
Cookie: LSID=000003061955488-20131210022255886462-022; JSESSIONID=abcqG9dPjteLKg30huAlu
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 82

userName=13541295162&password=541374wang&Readed=on&ibtn_Login=%E7%99%BB++%E5%BD%95

响应包

HTTP/1.1 200 OK
Server: Tengine/1.4.6
Date: Tue, 10 Dec 2013 02:23:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
P3P: CP=CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE
Content-Language: zh-CN
Set-Cookie: SSON=57effa525080063a774c0b063df3844dde36dbf3ae12389fa35a9bc0a8f4af06242f3ebac906aae12b53a172e297961464dff7892744a04edf979e4387a75ed82e640250917828c0; domain=.e.189.cn; path=/
Content-Length: 1412

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="http://open.e.189.cn:80/api/">

    <title>重定向中</title>

    <meta http-equiv="pragma" content="no-cache">
    <meta http-equiv="cache-control" content="no-cache">
    <meta http-equiv="expires" content="0">    
    <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
    <meta http-equiv="description" content="This is my page">
    <!--
    <link rel="stylesheet" type="text/css" href="styles.css">
    -->

    <script type="text/javascript">
             document.domain = "189.cn";
        function redirect() {
            //window.parent.location.href = 'http://webmail16.189.cn/webmail/uniPlatformLoginReturn.do?appId=189mail&paras=735B84CA0128CC47A9607CC19EF8C8FBE21CF6CCABAE6CDA9DF1154D3C9602348D6CD6F894A0C062F5DD8EF4B75CDF9AE27F6234F342D891CBE54AA48D5784D3872902682F4AF44F7F13A4A51B13D1C76B50B0929B0031E5E3F1E92D&sign=355E65D6D9EC521B996F5A5CE19A6E107EA9A3B6';
            window.open ('http://webmail16.189.cn/webmail/uniPlatformLoginReturn.do?appId=189mail&paras=735B84CA0128CC47A9607CC19EF8C8FBE21CF6CCABAE6CDA9DF1154D3C9602348D6CD6F894A0C062F5DD8EF4B75CDF9AE27F6234F342D891CBE54AA48D5784D3872902682F4AF44F7F13A4A51B13D1C76B50B0929B0031E5E3F1E92D&sign=355E65D6D9EC521B996F5A5CE19A6E107EA9A3B6','_parent');
        }
    </script>

  </head>

  <body onLoad="redirect()">

  </body>
</html>

其中响应中包含着下一步需要访问的页面,需要通过正则表达式提取。

    #step4
    #login
    post_data="userName="+username+"&password="+password+"&Readed=on&ibtn_Login=%E7%99%BB++%E5%BD%95"
    print post_data
    data=urllib2.urlopen(url3,post_data).read()
    url4=re.search(r"window.parent.location.href = '(.*?)';",data)
    if url4:
        url4=url4.group(1)
        print url4
    else:
        print "invalid username or password"
        sys.exit(1)

5、提取上面的js中的地址,进行访问

请求头:

GET /webmail/uniPlatformLoginReturn.do?appId=189mail&paras=735B84CA0128CC47A9607CC19EF8C8FBE21CF6CCABAE6CDA9DF1154D3C9602348D6CD6F894A0C062F5DD8EF4B75CDF9AE27F6234F342D891CBE54AA48D5784D3872902682F4AF44F7F13A4A51B13D1C76B50B0929B0031E5E3F1E92D&sign=355E65D6D9EC521B996F5A5CE19A6E107EA9A3B6 HTTP/1.1
Host: webmail16.189.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1&paras=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect
Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; LSID=000003061955488-20131210022255886462-022
Connection: keep-alive

响应:

HTTP/1.1 302 Found
Server: nginx/1.4.4
Date: Tue, 10 Dec 2013 02:23:21 GMT
Content-Type: text/html
Content-Length: 86
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://webmail16.189.cn/webmail/forwardlogin.jsp
Set-Cookie: LSID=000003061955488-20131210022255886462-022; domain=.189.cn; path=/; expires=Thu, 01-Dec-1994 16:00:00 GMT
Set-Cookie: SESSION_ID=000000084761504-20131210022321330526-022; domain=.189.cn; path=/
Set-Cookie: ACCOUNT=13541295162@189.cn; domain=.189.cn; path=/
Set-Cookie: SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074; domain=.189.cn; path=/

The URL has moved <a href="http://webmail16.189.cn/webmail/forwardlogin.jsp">here</a>

可以看到页面又自动跳转了,所以不用管,继续看跳转后的包。

GET /webmail/forwardlogin.jsp HTTP/1.1
Host: webmail16.189.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://open.e.189.cn/api/account/unifyAccountLogin.do?appId=189mail&version=v1.0&clientType=1&paras=E4857EB05149040E829A4825684FEE7CE4C2739F2CC6DBA9D7B5B3D558ABD6E16B214A4092E454F908A70340C7730DAEB0B679C37DF353870EEAB3C4A3B9436823EF128F56EC0B1A81C2B1BBB830E7B0ECB35439B53C399C50E593262F001991A80C52348CC1E479E5F88C8EDC1B6ACC&sign=FAF04CAC7832F1701814EAA1A4A000C5A23525B9&format=redirect
Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; SESSION_ID=000000084761504-20131210022321330526-022; ACCOUNT=13541295162@189.cn; SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Tue, 10 Dec 2013 02:23:22 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 347

<html>
    <head>
        <title></title>
    </head>
    <body>
        <table width="100%" height="100%" align="center" cellpadding="0"
            cellspacing="0">
            <tr>
                <td valign="middle" align="center">
                    åŠ è½½ä¸­...
                </td>
            </tr>
        </table>
<script>

        window.location.href="/webmail/logon.do?uud=1";

</script>
    </body>
</html>

这次虽然也是跳转,不过是通过js跳转的,urllib2模块不会自动跳转的,所以需要提取其中的url供下一步访问。

    #step 5
    #browser url4
    data=urllib2.urlopen(url4).read()
    url5=re.search(r'window.location.href="(.*?)"',data)
    if url5:
        url5=domain+url5.group(1)
        print url5
    else:
        sys.exit(1)

6、访问上一步提取的url

GET /webmail/logon.do?uud=1 HTTP/1.1
Host: webmail16.189.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://webmail16.189.cn/webmail/forwardlogin.jsp
Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; SESSION_ID=000000084761504-20131210022321330526-022; ACCOUNT=13541295162@189.cn; SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074
Connection: keep-alive

HTTP/1.1 302 Found
Server: nginx/1.4.4
Date: Tue, 10 Dec 2013 02:23:23 GMT
Content-Type: text/html
Content-Length: 79
Connection: keep-alive
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://webmail16.189.cn/webmail/signOn.do
Set-Cookie: VERIFY_LOGON=7e0763f479ce9f4a98cba921d38659c2; domain=.189.cn; path=/

The URL has moved <a href="http://webmail16.189.cn/webmail/signOn.do">here</a>

可以看到又是自动跳转,不用管,看看跳转后的数据包,如下

GET /webmail/signOn.do HTTP/1.1
Host: webmail16.189.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://webmail16.189.cn/webmail/forwardlogin.jsp
Cookie: JSESSIONID=abg9J7Y5ayNhSphuAl; SESSION_ID=000000084761504-20131210022321330526-022; ACCOUNT=13541295162@189.cn; SSONKEY=76add719b0af7a2fc80b95bb436bfb4a0ae869f6171d2177f438366a951d3b9b60ca45e15c71143eea4c7d9f72a1d911f33c466662972fa3d97f83956627e79438911703cc2f9d09badeece1dd73ec606b85e040bb1c0d19753f22f49fbb4761505319fa67c68ca7e590582dda831d648a7d51f669902c7583f83bedf730e9fb2d49dc363122a48485dfa19af45d8f6af076d7fba9922c4dcd6e20cdeb23817ed712e89f318fe1e74128095f6d948e892b104d5cd22db8411af0f5dfebfc250b985a53a429f293e9f909b8c80611b03b7c86aa847930a074; VERIFY_LOGON=7e0763f479ce9f4a98cba921d38659c2
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx/1.4.4
Date: Tue, 10 Dec 2013 02:23:24 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 52201

 

ok,到现在获取的cookie信息已经足够了。后面就不用管了。

详细的代码如下:

#coding=utf-8
import urllib2
import urllib
import cookielib
import sys
import re

def mail189_login(username,password):
    mcj=cookielib.MozillaCookieJar()
    opener=urllib2.build_opener(urllib2.HTTPCookieProcessor(mcj))
    urllib2.install_opener(opener)
    headers ={"User-agent":"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1"}
    #step 1
    #get domain and url1
    data=urllib2.urlopen("http://mail.189.cn").read()
    url1=re.search('window.location="((.*?)/webmail/)"',data)
    if url1:
        domain=url1.group(2)
        url1=url1.group(1)
        print url1
        print domain
    else:
        sys.exit(1)
    #step 2
    #browser url1
    data=urllib2.urlopen(url1).read()
    url2=re.search('<iframe allowtransparency="true" allowtransparency="true" src="/webmail/(.*?)"',data)
    if url2:
        url2=url1+url2.group(1)
        print url2
    else:
        sys.exit(1)

    #step 3
    #browser url1
    data=urllib2.urlopen(url2)
    url3=data.geturl()

    #step4
    #login
    post_data="userName="+username+"&password="+password+"&Readed=on&ibtn_Login=%E7%99%BB++%E5%BD%95"
    print post_data
    data=urllib2.urlopen(url3,post_data).read()
    url4=re.search(r"window.parent.location.href = '(.*?)';",data)
    if url4:
        url4=url4.group(1)
        print url4
    else:
        print "invalid username or password"
        sys.exit(1)

    #step 5
    #browser url4
    data=urllib2.urlopen(url4).read()
    url5=re.search(r'window.location.href="(.*?)"',data)
    if url5:
        url5=domain+url5.group(1)
        print url5
    else:
        sys.exit(1)
    #step 6
    #browser url5
    data=urllib2.urlopen(url5)
    print data.geturl()
    #print mcj._cookies.values()
    cookie_str=""
    for cookie in mcj:
        cookie_str=cookie_str+cookie.name+"="+cookie.value+"; "
    cookie_str=cookie_str[:-2]
    print cookie_str

转载请注明:jinglingshu的博客 » 189邮箱登陆过程分析与python实现


Warning: Use of undefined constant PRC - assumed 'PRC' (this will throw an Error in a future version of PHP) in /usr/share/nginx/html/wp-content/themes/d8/comments.php on line 17
发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址