我尝试使用requests
登录https://appleid.apple.com/cn(/ us应该相同,但返回400 Bad请求。
session = requests.Session()
productURL = <the URL above>
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, sdch, br",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Upgrade-Insecure-Requests":"1",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
}
session.headers = headers
r = session.get(productURL)
url = "//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1"
r = session.get(url)
url = "//idmsa.apple.com/appleauth/auth/signin"
headers = {
"Accept":"application/json, text/javascript, */*; q=0.01",
"Accept-Encoding":"gzip, deflate, br",
"Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Connection":"keep-alive",
"Content-Length":"77",
"Content-Type":"application/json",
"Host":"idmsa.apple.com",
"Origin":"https://idmsa.apple.com",
"Referer":"//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1",
"User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36",
"X-Apple-Domain-Id":1,
"X-Apple-I-FD-Client-Info":{"U":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36","L":"en-US","Z":"GMT+08:00","V":"1.1","F":"7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn"},
"X-Apple-Locale":"zh_CN",
"X-Apple-Widget-Key":"af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3",
"X-Requested-With":"XMLHttpRequest"
}
session.headers = headers
payload = {
"accountName" : "accountName",
"password" : "password",
"rememberMe" : False
}
r = session.post(url, params=payload)
{
'Content-Length': '77',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4',
'Accept-Encoding': 'gzip, deflate, br',
'X-Apple-I-FD-Client-Info': {
'F': '7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn',
'Z': 'GMT+08:00',
'U': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36',
'L': 'en-US',
'V': '1.1',
},
'Connection': 'keep-alive',
'X-Apple-Widget-Key': 'af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3',
'Origin': '//idmsa.apple.com',
'Accept': 'application/json, text/javascript, */*; q=0.01',
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36',
'Host': 'idmsa.apple.com',
'X-Apple-Domain-Id': 1,
'Referer': '//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1',
'X-Apple-Locale': 'zh_CN',
'X-Requested-With': 'XMLHttpRequest',
'Content-Type': 'application/json',
}
响应标头
{
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': "default-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apple.com https://*.cdn-apple.com; style-src 'unsafe-inline' https://*.apple.com https://*.cdn-apple.com; connect-src 'self'; img-src 'self' data: https://*.apple.com https://*.cdn-apple.com https://*.icloud.com https://*.mzstatic.com; media-src * data:;",
'Content-Encoding': 'gzip',
'Transfer-Encoding': 'chunked',
'Set-Cookie': 'dslang=CN-ZH; Domain=.apple.com; Path=/; Secure; HttpOnly, site=CHN; Domain=.apple.com; Path=/; Secure; HttpOnly',
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
'Vary': 'Accept-Encoding',
'Expires': 'Thu, 01 Jan 1970 00:00:00 GMT',
'Server': 'Apple',
'Connection': 'close',
'X-BuildVersion': 'R15',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache, no-store',
'Date': 'Sat, 01 Oct 2016 04:23:19 GMT',
'X-FRAME-OPTIONS': 'DENY',
}
我使用实际请求标头检查了所有标头字段,&#34; X-Apple-I-FD-Client-Info&#34;是唯一一个不正确的人。挖一点,它是用javascript计算的。 &#39; Z&#39;&#39; U&#39;&#39; L&#39;&#39; V&#39;是不变的,取决于你的浏览器信息和时区等。但是&#39; F&#39;是一个非常长的随机字符串
答案 0 :(得分:1)
当您发布JSON时,您应该使用以下请求:
List<string> ancestors = treeView1.SelectedNode.Ancestors().Select(x=>x.Text).ToList();
另外,不需要对r = requests.post(url, json=payload)
和Content-Length
请求包进行硬编码处理。
答案 1 :(得分:0)
由于我是新的,无法评论(我还不太了解声誉系统),我必须写一个答案。
我知道Google最近通过脚本阻止了登录(好吧,通过大多数脚本),因为对帐户进行暴力攻击相当容易。
我认为Apple做了非常相似的事情,因此很难登录到AppleId。您是否确定可以以这种方式登录?
问候, Narusan