Python realizes automatic login to campus network

Below I will share with you an example explanation of how to implement automatic login on the campus network using Python. It has a good reference value and I hope it will be helpful to everyone. Let’s come and take a look

Because I recently wanted to use a Raspberry Pi to build a remote monitoring system, and because the school network requires logging in from the web page and it is inconvenient to bring a monitor with the Raspberry Pi, I thought about it. A script program that can automatically log in to the campus network, eliminating the trouble of opening the browser and entering the account and password every time.

1. Tool

Firefox browser firedebug plug-in, debug plug-in can be added to the browser add-on, other browsers can also be used as long as they can monitor the browser's network behavior.

python requests package

2. Steps

1) First open the login interface, and then press f12 to open the firedebug plug-in. At this time, there is no debug function. Record the behavior, then click the refresh button, then click the login button, call up debug again and click the console tab. At this time, you will find many get methods plus the final POST method generated by login, as shown in the figure

2) Click on the small arrow of the POST method and you will find the browser's request header information, which we need to save (not the response header),

3) View the content in the POST tab. The variables and parameters need to be saved. You can see that the password is encrypted. .If you just log in with your own account and password, the program can end here. Replace the data with the data you captured and use the following code to log in to the campus network.

import requests
#登录地址
post_addr="http://a.nuist.edu.cn/index.php/index/login"
#构造头部信息
post_header={
 'Host': 'a.nuist.edu.cn',
 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0',
 'Accept': 'application/json, text/javascript, */*; q=0.01',
 'Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
 'Accept-Encoding': 'gzip, deflate',
 'Content-Type': 'application/x-www-form-urlencoded',
 'X-Requested-With':'XMLHttpRequest',
 'Referer':'http://a.nuist.edu.cn/index.php?url=aHR0cDovL2RldGVjdHBvcnRhbC5maXJlZm94LmNvbS9zdWNjZXNzLnR4dA==',
 'Content-Length': '67',
 'Cookie':'_gscu_1147341576=059821653286gq10; sunriseUsername=123441534;\
 sunriseDomain=NUIST;sunriseRememberPassword=true; sunrisePassword=123456;\
 PHPSESSID=hb0o9bkct2f6ge164oj3vj0me5;think_language=zh-CN',
 'Connection':'keep-alive',
}
#构造登录数据
post_data={'domain':'NUIST',
   'enablemacauth':'0',
   'password':'MTgzMzEw',
   'username':'xxxxxxx'
   } 
#发送post请求登录网页
z=requests.post(post_addr,data=post_data,headers=post_header)

4) But I found a problem is that the above program can only be used by yourself. If you change the account and password to log in, you have to use the browser to capture the data packets. , annoying... After carefully reviewing the above steps, I found that the difficulty in writing a program that allows other accounts to log in without packet capture is that the password in the post_data program is encrypted. If you can know its encryption method, write a general one (in this article On-campus) program is very easy.

In fact, if you know more about the commonly used encryption methods in this step, then it is easier to check the source code (js) of the web page to figure out its encryption method. Unfortunately, I don’t understand. , I only know one md5 encryption, so I tried to use the hashlib package in python to encrypt the password and then see if it is the same as the captured data. Unfortunately, not even one character is the same..., then I thought since the data is The encryption process that is sent from the local server to the server must be completed on the client side, most likely through a js script (I don’t know much about web page programming, I only know that js can be executed on the client side, so I guess it is the js script that completes the passward encoding). Then check the captured js code through debug.

Open the debugger and you can see a row of js code on the left. You can roughly guess the role of js through the js file name.

5) Looking at the file name on the left, you can directly guess that the functions include login.js, md5.js, client.js, usercss.js. Since md5 is not a password encryption method, check it out Other js codes. Fortunately, I clicked on the first base64 code and found out that this code is an encoding method. I hurried to Baidu and found that base64 is indeed an encoding method. I struck while the iron was hot by using Baidu python's base64 encoding implementation and found that python had already Integrate the base64 package and use this package to encode the password again... It is found that the result is exactly the same as the captured postdata. At this point, writing a general program is just around the corner!!

The complete code is as follows (Rough version):

#!/usr/bin/python3
# -*- coding: utf-8 -*-
'''
 FileName:conNet.py
 Author:shenhuixiang
 Copyright(c)2017,shenhuixiang
'''
import base64
import requests
'''
输入账号密码和登录的网络
网络参数为如果是移动的则填写CMCC
如果是学号则填NUIST
'''
USER_ACCOUNT='110'
DOMAIN_SELECTION='CMCC'
USER_PASSWATD='123456'
#登录地址
post_addr="http://a.nuist.edu.cn/index.php/index/login"
#构造头部信息
post_header={
 'Host': 'a.nuist.edu.cn',
 'User-Agent':'Mozilla/5.0 (X11; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0',
 'Accept': 'application/json, text/javascript, */*; q=0.01',
 'Accept-Language':'zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3',
 'Accept-Encoding': 'gzip, deflate',
 'Content-Type': 'application/x-www-form-urlencoded',
 'X-Requested-With':'XMLHttpRequest',
 'Referer':'http://a.nuist.edu.cn/index.php?url=aHR0cDovL2RldGVjdHBvcnRhbC5maXJlZm94LmNvbS9zdWNjZXNzLnR4dA==',
 'Content-Length': '67',
 'Cookie':'_gscu_1147341576=059821653286gq10; sunriseUsername='+USER_ACCOUNT+';\
 sunriseDomain='+DOMAIN_SELECTION+';sunriseRememberPassword=true; sunrisePassword='+USER_PASSWATD+';\
 PHPSESSID=hb0o9bkct2f6ge164oj3vj0me5;think_language=zh-CN',
 'Connection':'keep-alive',
}
'''
password在post的参数中经过base64编码,
为了查找password加密方式...吐血三升.
'''
post_data={'domain':DOMAIN_SELECTION,
   'enablemacauth':'0',
   'password':base64.b64encode(USER_PASSWATD.encode()),
   'username':USER_ACCOUNT
   }
#发送post请求登录网页
z=requests.post(post_addr,data=post_data,headers=post_header)
#z.text为str类型的json数据因此先编码成byte类型在解码成unicode型这样就可以正常输出中文
s=z.text.encode('utf-8').decode('unicode-escape')
print(s)

Related recommendations:

Python implements a random call Open the webpage in the browser

The above is the detailed content of Python realizes automatic login to campus network. For more information, please follow other related articles on the PHP Chinese website!