date: 2024-09-24 20:42:15 title: 西交统一身份认证 author: zaqai tags:
- 爬虫
- http
- requests
- python
公共部分
分析登录页面, js将密码加密
加密逻辑在这里
接着是一个login请求, 携带用户名和加密过的密码, 获取tokenKey
拿到tokenKey之后, 放入getRedirectUrl请求里, 获取oauth_code
拿到oauth_code之后, 就可以对目标网站发起login请求
整体流程代码
import datetime
import random
import time
import json
from urllib.parse import urlparse, parse_qs
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import base64
import requests
def get_public_key(pwd):
public_key = '0725@pwdorgopenp'
pwd_val = pwd # You may replace this with your input mechanism
# PKCS7 Padding
padder = padding.PKCS7(algorithms.AES.block_size).padder()
padded_data = padder.update(pwd_val.encode('utf-8')) + padder.finalize()
cipher = Cipher(
algorithms.AES(public_key.encode('utf-8')),
modes.ECB(),
backend=default_backend()
)
encryptor = cipher.encryptor()
encrypted_pwd = encryptor.update(padded_data) + encryptor.finalize()
encrypted_pwd_base64 = base64.b64encode(encrypted_pwd).decode('utf-8')
return encrypted_pwd_base64
def get_tokenKey(userName, pwd):
# 请求头信息
headers = {
'Host': 'org.xjtu.edu.cn',
'Proxy-Connection': 'keep-alive',
'Accept': '*/*',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36',
'Content-Type': 'application/json;charset=UTF-8',
'Origin': 'http://org.xjtu.edu.cn/openplatform',
'Referer': 'http://org.xjtu.edu.cn/openplatform/login.html',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
'Cookie': 'cur_appId_=kUO8wVrniFw=;',
}
data = {
'loginType': 1,
'username': userName,
'pwd': get_public_key(pwd),
'jcaptchaCode': ''
}
url = 'http://org.xjtu.edu.cn/openplatform/g/admin/login'
response = requests.post(url, json=data, headers=headers)
result = json.loads(response.text)
return result['data']['tokenKey']
def getOriginUrl(userName, pwd):
tokenKey = get_tokenKey(userName, pwd)
current_timestamp_seconds = time.time()
current_timestamp_milliseconds = int(current_timestamp_seconds * 1000)
url = 'http://org.xjtu.edu.cn/openplatform/oauth/auth/getRedirectUrl?userType=1&personNo='+ userName +'&_=' + str(
current_timestamp_milliseconds)
headers = {
'Host': 'org.xjtu.edu.cn',
'Proxy-Connection': 'keep-alive',
'Accept': '*/*',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36',
'Content-Type': 'application/json;charset=utf-8',
'Referer': 'http://org.xjtu.edu.cn/openplatform/login.html',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
'Cookie': 'state=xjdCas; memberId=879790; usertypekey=1; employeenokey=' + userName +'; cur_appId_=N43pA2kWCxo=; open_Platform_User=' + tokenKey,
}
response = requests.get(url, headers=headers)
result = json.loads(response.text)
return result['data']
在getOriginUrl函数里获取到oauth_code就可以对目标网站发起登录请求了
教务
教务网站是在cookie里放入JSESSIONID来识别登录用户的
所以只要获取JSESSIONID就可以
比如获取教务网站上的个人照片
curl 'http://gmis.xjtu.edu.cn/pyxx/grxx/xszphd/zp/xj/{stu_id}' \
-H 'Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8' \
-H 'Accept-Language: zh-CN,zh;q=0.9' \
-H 'Connection: keep-alive' \
-H 'Cookie: JSESSIONID=E6C7C167DB22CAF6E2378DE925089E94.pyxx_server1.pyxx_server1' \
-H 'Referer: http://gmis.xjtu.edu.cn/pyxx/pygl/xscjcx/index' \
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36' \
--insecure --output a.png
获取JSESSIONID的代码
originUrl = getOriginUrl(userName, pwd)
parsed_url = urlparse(originUrl)
query_params = parse_qs(parsed_url.query)
user_type = query_params.get('userType', [None])[0]
code = query_params.get('code', [None])[0]
employee_no = query_params.get('employeeNo', [None])[0]
url = 'http://gmis.xjtu.edu.cn/pyxx/sso/login'
params = {
'userType': user_type,
'code': code,
'employeeNo': employee_no,
'state': 'abcd1234'
}
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36',
'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': 'Windows',
'content-type': 'application/x-www-form-urlencoded',
'Accept': '*/*',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Dest': 'empty',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
}
session = requests.Session()
response = session.get(url, params=params, headers=headers)
session.cookies.get_dict() # 打印JSESSIONID
体美劳平台
体美劳平台是在headers里放入token来认证
比如体育打卡签到
cookies = {
'JSESSIONID': '542705a7-d2af--b4cb-822d244d4164',
}
headers = {
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,pt;q=0.5',
'Connection': 'keep-alive',
# 'Cookie': 'JSESSIONID=542705a7-d2af--b4cb-822d244d4164',
'Origin': 'https://ipahw.xjtu.edu.cn',
'Referer': 'https://ipahw.xjtu.edu.cn/pages/index/hdgl/hdgl_run?courseType=7&signType=1&activityAddress=&courseInfoId=1759468647346147329',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Edg/125.0.0.0',
'content-type': 'application/json',
'sec-ch-ua': '"Microsoft Edge";v="125", "Chromium";v="125", "Not.A/Brand";v="24"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'token': token,
}
json_data = {
'sportType': 2,
'longitude': longitude,
'latitude': latitude,
'courseInfoId': '1759468647346147329',
}
response_dao = requests.post(
'https://ipahw.xjtu.edu.cn/szjy-boot/api/v1/sportActa/signRun',
cookies=cookies,
headers=headers,
json=json_data,
)
获取token的代码
originUrl = getOriginUrl(userName, pwd)
parsed_url = urlparse(originUrl)
query_params = parse_qs(parsed_url.query)
user_type = query_params.get('userType', [None])[0]
code = query_params.get('code', [None])[0]
employee_no = query_params.get('employeeNo', [None])[0]
url = 'https://ipahw.xjtu.edu.cn/szjy-boot/sso/codeLogin'
params = {
'userType': user_type,
'code': code,
'employeeNo': employee_no
}
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36',
'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': 'Windows',
'content-type': 'application/x-www-form-urlencoded',
'Accept': '*/*',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Dest': 'empty',
'Referer': 'https://ipahw.xjtu.edu.cn/sso/callback?code=' + code + '&state=1234&' + 'userType=' + user_type + '&employeeNo=' + employee_no,
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6',
}
response = requests.get(url, params=params, headers=headers)
courses = response.json()
print(courses)
result = json.loads(response.text)
return result['data']['token']
回复