用HttpClient模拟登陆OpenID.org.cn
在模拟登陆之前做的准备工作就是利用抓包工具分析数据,推荐用wireshark。本次抓openid.org.cn,纯属演示,没实际意义,切勿搞破坏或者偷数据。
抓包下来的数据如下:
看来OpenID没做什么安全机制方面的考虑,就单纯的讲文本域username,password post到www.openid.org.cn/login上。
OK。万事俱备只欠东风,开始模拟登陆吧。
package test;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.BasicResponseHandler;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HTTP;
public class SimulateLogin {
private HttpClient httpClient;
public SimulateLogin(String loginURL,String userName, String password) {
this.httpClient = new DefaultHttpClient();
// 构造一个POST请求
HttpPost httpPost = new HttpPost(loginURL);
//httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"); //如果对方系统没做特殊限制,可不用
// 将要POST的数据封包
List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("username", userName));
params.add(new BasicNameValuePair("password", password));
// 封包添加到Post请求
try {
httpPost.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8));
} catch (UnsupportedEncodingException e1) {
e1.printStackTrace();
}
HttpResponse response = postMethod(httpPost);
}
/**
* 嗅探指定的GET页面
* @param url
* @return String txt
*/
public String notifyGetPage(String url) {
HttpGet get = new HttpGet(url);
ResponseHandler<String> responseHandler = new BasicResponseHandler();
String txt = null;
try {
txt = httpClient.execute(get, responseHandler);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
get.abort();
}
return txt;
}
/**
* 嗅探指定的POST页面,,因为post方法要封装参数,因此在函数外部封装好传参
* @param post
* @return String txt
*/
public String notifyPostPage(HttpPost post) {
ResponseHandler<String> responseHandler = new BasicResponseHandler();
String txt = null;
try {
txt = httpClient.execute(post,responseHandler);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
post.abort();
}
return txt;
}
// 用post方法向服务器请求 并获得响应,因为post方法要封装参数,因此在函数外部封装好传参
public HttpResponse postMethod(HttpPost post) {
HttpResponse resp = null;
try {
resp = httpClient.execute(post);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
post.abort();
}
return resp;
}
// 用get方法向服务器请求 并获得响应
public HttpResponse getMethod(String url) {
HttpGet get = new HttpGet(url);
HttpResponse resp = null;
try {
resp = httpClient.execute(get);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
get.abort();
}
return resp;
}
public static void main(String[] args) {
SimulateLogin simulateLogin = new SimulateLogin("http://www.openid.org.cn/login","【用户名】", "【密码】");
System.out.println(simulateLogin.notifyGetPage("http://www.openid.org.cn/sites")); //获得我访问过的站点信息
}
}
很简单吧..这是最简单的登陆,如果站点用到验证码,或者用JS加密字符串,SSL的话,肯定会让你折腾大半天的。。