[心缘地方]同学录
首页 | 功能说明 | 站长通知 | 最近更新 | 编码查看转换 | 代码下载 | 常见问题及讨论 | 《深入解析ASP核心技术》 | 王小鸭自动发工资条VBA版
登录系统:用户名: 密码: 如果要讨论问题,请先注册。

[备忘]某网站的geetest极验滑条的http交互过程

上一篇:[备忘]游戏编程,帧控制
下一篇:没有了

添加日期:2020-11-17 20:51:47 快速返回   返回列表 阅读21次

gt值是商家id吧,是固定的。
challenge每次认证都不同,用来区分每个验证过程。
HTTP的Referer值可能有用,或许会检查,建议写好。
------------------------------
初始化,获取gt和challenge值:
Request URL: https://passport.xxxxx.com/cesso/xxxxInit.shtml
Request Method: POST
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
X-Requested-With: XMLHttpRequest

{
    "checkType": "geek",
    "challenge": "0bbe8d43dc96d6b0d41a0c4e3fc47b9d",
    "gt": "f7de111111111111111111111111142",
    "language": "zh_CN",
    "new_captcha": "false",
    "offline": "true"
}
主要返回了gt和challenge,供前端js使用
-------------------------
商家登录页,检查是否已经登录了,返回的是json信息,告知是否已登录。
Request URL: https://passport.xxxxx.com/cesso/login-xxxx.shtml
Request Method: POST

Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Content-Length: 11
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

local=zh_CN
------------------------------------
根据商家ID,获取极验JS文件信息
Request URL: https://api.geetest.com/gettype.php?gt=f7de111111111111111111111111142&callback=geetest_1605614743172
Request Method: GET

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Host: api.geetest.com
Referer: https://passport.xxxxx.com/

gt=f7de111111111111111111111111142&callback=geetest_1605614743172

返回
Set-Cookie: GeeTestUser=a1b63e6b697d72d80033ca41cd563f40; expires=Wed, 17 Nov 2021 12:05:42 GMT; Path=/

geetest_1605614743172(
{
    "status": "success",
    "data": {
        "pencil": "/static/js/pencil.1.0.3.js",
        "click": "/static/js/click.2.9.4.js",
        "voice": "/static/js/voice.1.2.0.js",
        "static_servers": [
            "static.geetest.com/",
            "dn-staticdown.qbox.me/"
        ],
        "fullpage": "/static/js/fullpage.9.0.1.js",
        "slide": "/static/js/slide.7.7.5.js",
        "geetest": "/static/js/geetest.6.0.9.js",
        "type": "fullpage",
        "aspect_radio": {
            "slide": 103,
            "voice": 128,
            "click": 128,
            "pencil": 128,
            "beeline": 50
        },
        "beeline": "/static/js/beeline.1.0.1.js",
        "maze": "/static/js/maze.1.0.1.js"
    }
}
)
------------------------------------------
获取验证码界面的皮肤,文字和api服务器地址
https://api.geetest.com/get.php?gt=f7de111111111111111111111111142&challenge=0bbe8d43dc96d6b0d41a0c4e3fc47b9d&lang=zh-cn&pt=0&client_type=web&w=<......一大堆.....>&callback=geetest_1605614743417
Request Method: GET

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Host: api.geetest.com
Referer: https://passport.xxxxx.com/

Set-Cookie: GeeTestUser=4993835570099fd8bc2c7e17ae6cd36e; expires=Wed, 17 Nov 2021 12:05:43 GMT; Path=/

geetest_1605614743417(
{"status": "success", 
"data": {"theme": "wind", 
"api_server": "api.geetest.com", 
"c": [12, 58, 98, 36, 43, 95, 62, 15, 12], 
"i18n_labels": {
"refresh_page": "\u9875\u9762\u51fa\u73b0\u9519\u8bef\u5566\uff01\u8981\u7ee7\u7eed\u64cd\u4f5c\uff0c\u8bf7\u5237\u65b0\u6b64\u9875\u9762", 
"copyright": "\u7531\u6781\u9a8c\u63d0\u4f9b\u6280\u672f\u652f\u6301", 
"goto_cancel": "\u53d6\u6d88", 
"loading_content": "\u667a\u80fd\u9a8c\u8bc1\u68c0\u6d4b\u4e2d", 
"goto_homepage": "\u662f\u5426\u524d\u5f80\u9a8c\u8bc1\u670d\u52a1Geetest\u5b98\u7f51", 
"error_title": "\u7f51\u7edc\u8d85\u65f6", 
"error_content": "\u8bf7\u70b9\u51fb\u6b64\u5904\u91cd\u8bd5", 
"fullpage": "\u667a\u80fd\u68c0\u6d4b\u4e2d", 
"success_title": "\u901a\u8fc7\u9a8c\u8bc1", 
"error": "\u7f51\u7edc\u4e0d\u7ed9\u529b", 
"success": "\u9a8c\u8bc1\u6210\u529f", 
"goto_confirm": "\u524d\u5f80", 
"next_ready": "\u8bf7\u5b8c\u6210\u9a8c\u8bc1", 
"reset": "\u8bf7\u70b9\u51fb\u91cd\u8bd5", 
"ready": "\u70b9\u51fb\u6309\u94ae\u8fdb\u884c\u9a8c\u8bc1", 
"next": "\u6b63\u5728\u52a0\u8f7d\u9a8c\u8bc1", 
"read_reversed": false}, 
"static_servers": ["static.geetest.com", "dn-staticdown.qbox.me"], 
"theme_version": "1.5.8", 
"logo": true, 
"s": "6b584256", 
"feedback": "https://www.geetest.com/contact#report"}})
-----------------------------------
1分钟没滑,就给失效,然后返回新的challenge
https://api.geetest.com/reset.php?gt=f7de111111111111111111111111142&challenge=0bbe8d43dc96d6b0d41a0c4e3fc47b9d&lang=zh-cn&w=....大一堆....&pt=0&client_type=web&callback=geetest_1605615286019
Request Method: GET

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Host: api.geetest.com
Referer: https://passport.xxxxx.com/

Set-Cookie: GeeTestUser=70a737e7fab481d4a319611203befb97; expires=Wed, 17 Nov 2021 12:14:43 GMT; Path=/

geetest_1605615286019(
{"status": "success", 
"data": {
"s": "6f2c342a", 
"c": [12, 58, 98, 36, 43, 95, 62, 15, 12], 
"challenge": "e9e85fc32fedf6abd82e4d387deae40d"}})
-----------------------------------
点击登录按钮后,弹出验证码
https://api.geetest.com/ajax.php?gt=f7de111111111111111111111111142&challenge=e9e85fc32fedf6abd82e4d387deae40d&lang=zh-cn&pt=0&client_type=web&w=....一大堆....&callback=geetest_1605615532090
GET
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Host: api.geetest.com
Referer: https://passport.xxxxx.com/

Set-Cookie: GeeTestAjaxUser=a5a5628cbe38607a08d5c44a8f1fbe34; expires=Wed, 17 Nov 2021 12:18:54 GMT; Path=/

返回验证码的类型
geetest_1605615532090({"status": "success", "data": {"result": "slide"}})
-----------------------------------
然后载入slide7.7.5.js
------------------------------------
获取滑动图片等信息
Request URL: https://api.geetest.com/get.php?is_next=true&type=slide3>=f7de111111111111111111111111142&challenge=e9e85fc32fedf6abd82e4d387deae40d&lang=zh-cn&https=false&protocol=https%3A%2F%2F&offline=false&product=embed&api_server=api.geetest.com&isPC=true&width=100%25&callback=geetest_1605615541742
Request Method: GET

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Host: api.geetest.com
Referer: https://passport.xxxxx.com/

is_next=true&type=slide3>=f7de111111111111111111111111142&challenge=e9e85fc32fedf6abd82e4d387deae40d&lang=zh-cn&https=false&protocol=https%3A%2F%2F&offline=false&product=embed&api_server=api.geetest.com&isPC=true&width=100%25&callback=geetest_1605615541742

is_next: true
type: slide3
gt: f7de111111111111111111111111142
challenge: e9e85fc32fedf6abd82e4d387deae40d
lang: zh-cn
https: false
protocol: https://
offline: false
product: embed
api_server: api.geetest.com
isPC: true
width: 100%
callback: geetest_1605615541742

Set-Cookie: GeeTestUser=2f2202f846d372eed7a19fa3ad1ecbf7; expires=Wed, 17 Nov 2021 12:18:54 GMT; Path=/

geetest_1605615541742(
{"gt": "f7de111111111111111111111111142", 
"c": [12, 58, 98, 36, 43, 95, 62, 15, 12], 
"height": 160, 
"api_server": "https://api.geetest.com/", 
"feedback": "https://www.geetest.com/contact#report", 
"xpos": 0, 
"challenge": "e9e85fc32fedf6abd82e4d387deae40dks", 
"show_delay": 250, 
"s": "41334e57", 
"clean": false, 
"theme_version": "1.2.4", 
"id": "ae9e85fc32fedf6abd82e4d387deae40d", 
"type": "multilink", 
"theme": "ant", 
"mobile": true, 
"bg": "pictures/gt/d401d55fc/bg/860e0d01d.jpg", 
"logo": true, "hide_delay": 800, 
"fullbg": "pictures/gt/d401d55fc/d401d55fc.jpg", 
"ypos": 62, "product": "embed", 
"static_servers": ["static.geetest.com/", "dn-staticdown.qbox.me/"], 
"width": "100%", "link": "", "version": "6.0.9", "so": 0, 
"fullpage": false, "template": "", 
"benchmark": false, 
"i18n_labels": {"forbidden": "\u602a\u7269\u5403\u4e86\u62fc\u56fe\uff0c\u8bf7\u91cd\u8bd5", 
"success": "sec \u79d2\u7684\u901f\u5ea6\u8d85\u8fc7 score% \u7684\u7528\u6237", 
"cancel": "\u53d6\u6d88", "logo": "\u7531\u6781\u9a8c\u63d0\u4f9b\u6280\u672f\u652f\u6301", 
"read_reversed": false, "feedback": "\u5e2e\u52a9\u53cd\u9988", 
"slide": "\u62d6\u52a8\u6ed1\u5757\u5b8c\u6210\u62fc\u56fe", 
"tip": "\u8bf7\u5b8c\u6210\u4e0b\u65b9\u9a8c\u8bc1", 
"voice": "\u89c6\u89c9\u969c\u788d", "close": 
"\u5173\u95ed\u9a8c\u8bc1", "error": "\u8bf7\u91cd\u8bd5", 
"loading": "\u52a0\u8f7d\u4e2d...", "refresh": "\u5237\u65b0\u9a8c\u8bc1", 
"fail": "\u8bf7\u6b63\u786e\u62fc\u5408\u56fe\u50cf"}, 
"https": true, "slice": "pictures/gt/d401d55fc/slice/860e0d01d.png"})
--------------------------------------
尝试滑动一下(前面又无效了一次,所以challenge变了)
https://api.geetest.com/ajax.php?gt=f7de111111111111111111111111142&challenge=e9e85fc32fedf6abd82e4d387deae40dks&lang=zh-cn&pt=0&client_type=web&w=a2t6fR8O(BveHh9wPowYWRgFnn3dJ25hu4HXgPgk5rtkBhQUuuSht9qJvbjUQPyWc6SMO6j((EYLwW(Q7lCQzGB40n0bHPntAibe4tiXjgSUqkX62m5C(S4ZaUzmJfCDageDqqDoizDq)IkvTDxzuz)8pK5tDQtXS7UphPGN)iLx8LPtDrItV9LH5(YNg4GSRQPZTUxQhslpOE8AWotygSnSWwUZ(gBVdfBvS(mUxsdCnEMMmsHKSzIH5SI(H5qTGyycTOUty4cgUkb97ezihggykCmbGr5zEnYAR4QUqR1Y3dOdxjUP06gM8besCOyNDsfIk1y57IMKM3MR5LAGqdJy3ZG35IScEmqDGRkU9Itc5kJJ7wuHDYQlGXBhLStlCoK62G7uJ7VlVGH2qaQUjnBGrNuX3JgjZNqteMGNep9foerxjaUYFEZ7w)PWzOkwkOguppSgSwGpeHXbis6lQ7Mg4GIWcF0k9XXetiFRpqxin5e8RnHAtLkjm4lNSSAnvd2BYtgT1c9X31CRannqRDWkh043TuCNIimGTp6T)RPLM2vVuJnBx5Z5fzTyhaQdYtxBZadDuATswrNfGJVBlIFaxpORNDQncmkYQDnuZox2lI083aWtcJoTQg(V4r2L(dlT3RR7qwbkX0wps8sFV1hYE2aVepcTLmqOBwpH5q)oWuOOe5YNGaDaLTITT)Qqnijdc7ej73mzgTZW2DUO2xY3cEl7tFTSgtF5Lfe3BBWFL5DBHAtGDCQqqrvdRnB6QTy7DZsT9Ffb6ZgzR22UGw..558022423bfda0f734e9132ff404ee56343221b4f26712c3e66c9c1fac8b6935de1601fc9e39beed686d2703ec9931503fe4c5d24ecb598e6a573e085ac4e098d9f11e9f666da8790e2e65077ba5a8a580f942167cc2e9d46d5acb57df746e895bbbd520ba32b4cbb712314bbd73e604188fa8525fb7471f3816616798227a9e&callback=geetest_1605615941686
GET

Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Host: api.geetest.com
Referer: https://passport.xxxxx.com/

gt=f7de111111111111111111111111142&challenge=e9e85fc32fedf6abd82e4d387deae40dks&lang=zh-cn&pt=0&client_type=web&w=a2t6fR8O(BveHh9wPowYWRgFnn3dJ25hu4HXgPgk5rtkBhQUuuSht9qJvbjUQPyWc6SMO6j((EYLwW(Q7lCQzGB40n0bHPntAibe4tiXjgSUqkX62m5C(S4ZaUzmJfCDageDqqDoizDq)IkvTDxzuz)8pK5tDQtXS7UphPGN)iLx8LPtDrItV9LH5(YNg4GSRQPZTUxQhslpOE8AWotygSnSWwUZ(gBVdfBvS(mUxsdCnEMMmsHKSzIH5SI(H5qTGyycTOUty4cgUkb97ezihggykCmbGr5zEnYAR4QUqR1Y3dOdxjUP06gM8besCOyNDsfIk1y57IMKM3MR5LAGqdJy3ZG35IScEmqDGRkU9Itc5kJJ7wuHDYQlGXBhLStlCoK62G7uJ7VlVGH2qaQUjnBGrNuX3JgjZNqteMGNep9foerxjaUYFEZ7w)PWzOkwkOguppSgSwGpeHXbis6lQ7Mg4GIWcF0k9XXetiFRpqxin5e8RnHAtLkjm4lNSSAnvd2BYtgT1c9X31CRannqRDWkh043TuCNIimGTp6T)RPLM2vVuJnBx5Z5fzTyhaQdYtxBZadDuATswrNfGJVBlIFaxpORNDQncmkYQDnuZox2lI083aWtcJoTQg(V4r2L(dlT3RR7qwbkX0wps8sFV1hYE2aVepcTLmqOBwpH5q)oWuOOe5YNGaDaLTITT)Qqnijdc7ej73mzgTZW2DUO2xY3cEl7tFTSgtF5Lfe3BBWFL5DBHAtGDCQqqrvdRnB6QTy7DZsT9Ffb6ZgzR22UGw..558022423bfda0f734e9132ff404ee56343221b4f26712c3e66c9c1fac8b6935de1601fc9e39beed686d2703ec9931503fe4c5d24ecb598e6a573e085ac4e098d9f11e9f666da8790e2e65077ba5a8a580f942167cc2e9d46d5acb57df746e895bbbd520ba32b4cbb712314bbd73e604188fa8525fb7471f3816616798227a9e&callback=geetest_1605615941686

gt: f7de111111111111111111111111142
challenge: e9e85fc32fedf6abd82e4d387deae40dks
lang: zh-cn
pt: 0
client_type: web
w: a2t6fR8O(BveHh9wPowYWRgFnn3dJ25hu4HXgPgk5rtkBhQUuuSht9qJvbjUQPyWc6SMO6j((EYLwW(Q7lCQzGB40n0bHPntAibe4tiXjgSUqkX62m5C(S4ZaUzmJfCDageDqqDoizDq)IkvTDxzuz)8pK5tDQtXS7UphPGN)iLx8LPtDrItV9LH5(YNg4GSRQPZTUxQhslpOE8AWotygSnSWwUZ(gBVdfBvS(mUxsdCnEMMmsHKSzIH5SI(H5qTGyycTOUty4cgUkb97ezihggykCmbGr5zEnYAR4QUqR1Y3dOdxjUP06gM8besCOyNDsfIk1y57IMKM3MR5LAGqdJy3ZG35IScEmqDGRkU9Itc5kJJ7wuHDYQlGXBhLStlCoK62G7uJ7VlVGH2qaQUjnBGrNuX3JgjZNqteMGNep9foerxjaUYFEZ7w)PWzOkwkOguppSgSwGpeHXbis6lQ7Mg4GIWcF0k9XXetiFRpqxin5e8RnHAtLkjm4lNSSAnvd2BYtgT1c9X31CRannqRDWkh043TuCNIimGTp6T)RPLM2vVuJnBx5Z5fzTyhaQdYtxBZadDuATswrNfGJVBlIFaxpORNDQncmkYQDnuZox2lI083aWtcJoTQg(V4r2L(dlT3RR7qwbkX0wps8sFV1hYE2aVepcTLmqOBwpH5q)oWuOOe5YNGaDaLTITT)Qqnijdc7ej73mzgTZW2DUO2xY3cEl7tFTSgtF5Lfe3BBWFL5DBHAtGDCQqqrvdRnB6QTy7DZsT9Ffb6ZgzR22UGw..558022423bfda0f734e9132ff404ee56343221b4f26712c3e66c9c1fac8b6935de1601fc9e39beed686d2703ec9931503fe4c5d24ecb598e6a573e085ac4e098d9f11e9f666da8790e2e65077ba5a8a580f942167cc2e9d46d5acb57df746e895bbbd520ba32b4cbb712314bbd73e604188fa8525fb7471f3816616798227a9e
callback: geetest_1605615941686

Set-Cookie: GeeTestAjaxUser=3c3eef93db6817656aa0062b210e9319; expires=Wed, 17 Nov 2021 12:25:41 GMT; Path=/

滑动失败了
geetest_1605615941686({"message": "fail", "success": 0})

滑动成功应该会返回geetest_validate值。
--------------------------
把gt,challenge和geetest_validate值提交到商家网站后台,执行后台验证即可。
====================================================
难点在于w值,是如何搞出来的。
js文件都是混淆过的,完全反人类,大神估计能看懂吧。
整体流程倒不复杂。

 

评论 COMMENTS
没有评论 No Comments.

添加评论 Add new comment.
昵称 Name:
评论内容 Comment:
验证码(不区分大小写)
Validation Code:
(not case sensitive)
看不清?点这里换一张!(Change it here!)
 
评论由管理员查看后才能显示。the comment will be showed after it is checked by admin.
CopyRight © 心缘地方 2005-2999. All Rights Reserved