城堡

前言

很早之前用别的语言写过一次微博登陆，现在改成java版，主要是为了验证jsoup的强大，一款完全可胜任http请求和html解析的工具。抓包，抽取js的方法这里就不在赘述。

工具

• jsoup-1.11.2（使用最新）
• 打码账号及官方提供的java类（市面上很多，这里用若快）

开始

1. 首先是分析登录过程，常登陆的没有验证码，新的会有验证码，保险起见这里都采用有验证码的方式登录。
2. Base64编码用户名后，get请求获取servertime，nonce，pubkey，pcid，及返回的cookie

       //Base64编码用户名
       su = new BASE64Encoder().encode(usename.getBytes());
       String url = "http://login.sina.com.cn/sso/prelogin.php?entry=weibo&callback=sinaSSOController.preloginCallBack&su=" + su + "&rsakt=mod&checkpin=1&client=ssologin.js(v1.4.18)&_=" +
               getTimestamp();
       Connection.Response execute = Jsoup.connect(url).ignoreContentType(true).execute();
       //获取返回数据
       String body = execute.body();
       //获取返回cookie
       Map<String, String> photocookie = execute.cookies();
       JSONObject jsonObject = JSONObject.parseObject(StringUtils.substringBetween(body, "(", ")"));
       servertime = jsonObject.getString("servertime");
       nonce = jsonObject.getString("nonce");
       pubkey = jsonObject.getString("pubkey");
       pcid = jsonObject.getString("pcid");
   

3. 带着返回的cookie及pcid，get请求获取验证码

       url = "http://login.sina.com.cn/cgi/pin.php?r=54474015&s=0&p=" + pcid;
       byte[] bytes = Jsoup.connect(url).ignoreContentType(true).cookies(photocookie).execute().bodyAsBytes();
   

4. 调用打码平台的类实现打码，返回结果

   public static String createByPost(String username, String password, String typeid, String timeout, String softid, String softkey,byte[] byteArr) {
       String result = "";
       String param = String
               .format(
                       "username=%s&password=%s&typeid=%s&timeout=%s&softid=%s&softkey=%s",
                       username, password, typeid, timeout, softid, softkey);
       try {
           result = RuoKuai.httpPostImage("http://api.ruokuai.com/create.xml", param, byteArr);
           // jsoup去解析xml （略坑，加了好多参数进去）
           result = Jsoup.parse(result).select("body > root > result").text();
       } catch(Exception e) {
           result = "未知问题";
       }
       return result;
   }
   

5. 调用js，对密码动态加密，返回参数sp

   private boolean encodePwd() {
       ScriptEngineManager sem = new ScriptEngineManager();
       ScriptEngine se = sem.getEngineByName("javascript");
       try {
           // FileReader fr = new FileReader("");
           se.eval(LOGIN_JS);
           Invocable invocableEngine = (Invocable) se;
           sp = (String) invocableEngine.invokeFunction("getPW", password, servertime, nonce, pubkey);
           return true;
       } catch (ScriptException e) {
       } catch (NoSuchMethodException e) {
       }
       return false;
   }
   

6. 带着参数pcid，code，sp，su，servertime，nonce，sp及cookie，post请求返回cookies及下一个url，此时可从返回的body中判断登录成功与否

       //retcode=101 账号密码错误
       //retcode=80 请输入正确的密码
       //retcode=4049 输入验证码
       //retcode=2070 验证码错误
       url = "http://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.18)";
       String post = "entry=weibo&gateway=1&from=&savestate=7&useticket=1&pagerefer=http%3A%2F%2Fpassport.weibo" +
               ".com%2Fvisitor%2Fvisitor%3Fentry%3Dminiblog%26a%3Denter%26url%3Dhttp%253A%252F%252Fweibo.com%252F%26domain%3D.weibo" +
               ".com%26ua%3Dphp-sso_sdk_client-0.6.14%26_rand%3D1441434306.495&pcid=" + pcid + "&door=" + code + "&vsnf=1&su=" + su + "&service=miniblog&servertime=" + servertime + "&nonce=" + nonce
               + "&pwencode=rsa2&rsakv=1330428213&sp=" + sp + "&sr=1366*768&encoding=UTF-8&url=http%3A%2F%2Fweibo.com%2Fajaxlogin.php%3Fframelogin%3D1%26callback%3Dparent.sinaSSOController.feedBackUrlCallBack&returntype=META";
   
       Connection.Response execute1 = Jsoup.connect(url).method(Connection.Method.POST).requestBody(post).cookies(photocookie).ignoreContentType(true).execute().charset("GBK");
       String body1 = execute1.body();
       Map<String, String> cookies = execute1.cookies();
       System.out.println(body1);
       System.out.println(body1.indexOf("正在登录") != -1 ? "登录成功" : "登录失败");
   
       url = StringUtils.substringBetween(body1, "location.replace('", "'");
   
   

7. 带着上次返回的cookie，get请求（禁止重定向）获取最终的cookie

       Connection.Response execute2 = Jsoup.connect(url).cookies(cookies).followRedirects(false).ignoreContentType(true).execute();
       Map<String, String> cookies1 = execute2.cookies();
       //从返回协议头中获取location，重定向地址，一般是固定
       Map<String, String> headers = execute2.headers();
   

结束

获取到cookie，基本之后的操作都可以，那就简单的发条微博，发微博其实只带post数据和cookie就能提交，协议头完全可以不带，偏偏jsoup默认带个UA，结果要多带个refrere头才可以。

1. 通过步骤7，获取的重定向地址，get请求获取refrere参数uniqueid

     url = "http://weibo.com/ajaxlogin.php?framelogin=1&callback=parent.sinaSSOController.feedBackUrlCallBack&sudaref=login.sina.com.cn";
     String body2 = Jsoup.connect(url).cookies(cookies1).ignoreContentType(true).execute().body();
     String uid = StringUtils.substringBetween(body2, "uniqueid\":\"", "\",\"userid");
     String referer = "https://weibo.com/u/" + uid + "/home";
   

2. 带着cookie，及协议头referer，post请求，发一条微博吧

     url = "https://weibo.com/aj/mblog/add?ajwvr=6&__rnd=" + getTimestamp();
     post = "location=v6_content_home&appkey=&style_type=1&pic_id=&text=" + text + "&pdetail=&rank=0&rankid=&module=stissue&pub_source=main_&pub_type=dialog&_t=0";
   
     Connection.Response execute3 = Jsoup.connect(url).method(Connection.Method.POST).requestBody(post).cookies(cookies1).referrer(referer).ignoreContentType(true).execute().charset("GBK");
     System.out.println(execute3.body());
   

Success