我尝试使用curl登录亚马逊,但是当我发送POST数据时,我没有得到任何东西,我只想使用卷曲,我不想使用任何API。这是我试过的代码:
<?php
$curl_crack = curl_init();
CURL_SETOPT($curl_crack,CURLOPT_URL,"https://www.amazon.com/ap/signin?_encoding=UTF8&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2F%3Fref_%3Dnav_custrec_signin");
CURL_SETOPT($curl_crack,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
//CURL_SETOPT($curl_crack,CURLOPT_PROXY,trim($socks[$sockscount]));
//CURL_SETOPT($curl_crack,CURLOPT_PROXYTYPE,CURLPROXY_SOCKS5);
CURL_SETOPT($curl_crack,CURLOPT_POST,True);
CURL_SETOPT($curl_crack,CURLOPT_POSTFIELDS,"appAction=SIGNIN&email=test@hotmail.com&create=0&password=test123");
CURL_SETOPT($curl_crack,CURLOPT_RETURNTRANSFER,True);
CURL_SETOPT($curl_crack,CURLOPT_COOKIEFILE,"cookie.txt");
curl_setopt($curl_crack, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl_crack, CURLOPT_FOLLOWLOCATION, 1);
CURL_SETOPT($curl_crack,CURLOPT_TIMEOUT,30);
echo $check = curl_exec($curl_crack);
?>
答案 0 :(得分:9)
你走了。经过测试和测试工作击>
编辑:此代码在2016年6月之前的某个时间停止工作。亚马逊已添加客户端Javascript浏览器指纹识别功能,可打破下面的自动登录。它实际上并没有那么难以绕过,但我没有花时间设计PHP代码来做到这一点,这些代码很容易通过微小的改变而破坏。
相反,我在使用CasperJS登录的旧PHP代码下面发布了一个示例。也可以使用PhatomJS或Selenium。
为了提供一些背景,一个名为metaData1
的额外表单字段由Jaavascript填充,其中包含base64编码的混淆浏览器信息字符串。其中一些可能与服务器端收集的数据进行比较。
这是一个示例字符串(在编码之前):
9E0AC647#{“version”:“2.3.6-AUI”,“start”:1466184997409,“elapsed”:5,“userAgent”:“Mozilla / 5.0(X11; Linux x86_64)AppleWebKit / 537.36(KHTML,像Gecko)Chrome / 51.0.2704.84 Safari / 537.36“,”插件“:”Chrome PDF Viewer Shockwave Flash 2100Widevine内容解密模块148885Native客户端|| 1600-1200-1150-24- - - “,”dupedPlugins“:”Chrome PDF Viewer Shockwave Flash 2100Widevine内容解密模块148885Native客户端Chrome PDF查看器|| 1600-1200-1150-24 - - - “,”flashVersion“ “21.0.0” - “时区”: - 8日, “lsUbid”: “X69-8317848-6241674:1466184997”, “汞”:{ “版本”: “2.1.0”, “开始”:1467231996334” ubid “:” X69-8317848-6241674:1466184997" , “trueIp”: “1020304”, “echoLatency”:831}, “timeToSubmit”:57868, “相互作用”:{ “钥匙”:47, “拷贝”:0 “切口”:0, “糊剂”:0, “点击”:6}}
正如您所看到的,该字符串包含一些令人毛骨悚然的信息,加载了哪些浏览器插件,页面上的键和鼠标点击计数,trueIp
是您计算机的32位长IP地址,您的时间区域,屏幕分辨率和视口分辨率,以及您在登录页面上的时间。它可以收集更多信息,但这是我浏览器的一个示例。
值9E0AC647
是#
之后字符串的crc32校验和 - 它不匹配,因为我更改了trueIp和其他数据。然后,这些数据使用Javascript中的一些值进行一些转换(编码),进行base64编码,然后添加到登录表单中。
这是JS代码的永久paste,负责所有这些。
步骤:
PHP代码(不再有效 - 请参阅下面的示例):
<?php
// amazon username & password
$username = 'you@example.com';
$password = 'yourpassword';
// http headers for requests
$headers = array(
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language: en-US,en;q=0.5',
'Connection: keep-alive',
'DNT: 1', // :)
);
// initialize curl
$ch = curl_init('https://www.amazon.com/');
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0');
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_COOKIEFILE, '');
curl_setopt($ch, CURLOPT_ENCODING, 'gzip, deflate');
// fetch homepage to establish cookies
$result = curl_exec($ch);
// parse HTML looking for login URL
libxml_use_internal_errors(true);
$dom = new DOMDocument();
$dom->loadHTML($result);
// find link to login page
$xpath = new DOMXPath($dom);
$elements = $xpath->query('//*[@id="nav-link-yourAccount"]');
if ($elements->length == 0) {
die('Did not find "sign-in" link!');
}
// get login url
$url = $elements->item(0)->attributes->getNamedItem('href')->nodeValue;
if (strpos($url, 'http') !== 0) {
$url = 'https://www.amazon.com' . $url;
}
// fetch login page
curl_setopt($ch, CURLOPT_URL, $url);
$result = curl_exec($ch);
// parse html to get form inputs
$dom->loadHTML($result);
$xpath = new DOMXPath($dom);
// find sign in form inputs
$inputs = $xpath->query('//form[@name="signIn"]//input');
if ($inputs->length == 0) {
die('Failed to find login form fields!');
}
// get login post url
$url = $xpath->query('//form[@name="signIn"]');
$url = $url->item(0)->attributes->getNamedItem('action')->nodeValue; // form action (login URL)
// array of form fields to submit
$fields = array();
// build list of form inputs and values
for ($i = 0; $i < $inputs->length; ++$i) {
$attribs = $inputs->item($i)->attributes;
if ($attribs->getNamedItem('name') !== null) {
$val = (null !== $attribs->getNamedItem('value')) ? $attribs->getNamedItem('value')->nodeValue : '';
$fields[$attribs->getNamedItem('name')->nodeValue] = $val;
}
}
// populate login form fields
$fields['email'] = $username;
$fields['password'] = $password;
// prepare for login
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
// execute login post
$result = curl_exec($ch);
$info = curl_getinfo($ch);
// if login failed, url should be the same as the login url
if ($info['url'] == $url) {
echo "There was a problem logging in.<br>\n";
var_dump($result);
} else {
// if successful, we are redirected to homepage so URL is different than login url
echo "Should be logged in!<br>\n";
var_dump($result);
}
使用CasperJS代码:
var casper = require('casper').create();
casper.userAgent('Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0');
phantom.cookiesEnabled = true;
var AMAZON_USER = 'you@yoursite.com';
var AMAZON_PASS = 'some crazy password';
casper.start('https://www.amazon.com/').thenClick('a#nav-link-yourAccount', function() {
this.echo('Title: ' + this.getTitle());
var emailInput = 'input#ap_email';
var passInput = 'input#ap_password';
this.mouseEvent('click', emailInput, '15%', '48%');
this.sendKeys('input#ap_email', AMAZON_USER);
this.wait(3000, function() {
this.mouseEvent('click', passInput, '12%', '67%');
this.sendKeys('input#ap_password', AMAZON_PASS);
this.mouseEvent('click', 'input#signInSubmit', '50%', '50%');
});
});
casper.then(function(e) {
this.wait(5000, function() {
this.echo('Capping');
this.capture('amazon.png');
});
});
casper.run(function() {
console.log('Done');
casper.done();
});
你应该真的扩展此代码,使其更像人类!