利用post去自动登录并发起请求

yjjdick

最近学了POST的课程想做一个自动登录彩票网自动买彩票的玩玩，随便找了个网站https://sdftu.com/
登录是成功的，包体为

登录包体

1. POST https://sdftu.com/api/auth/login HTTP/1.1
   
2. Host: sdftu.com
   
3. Connection: keep-alive
   
4. Content-Length: 313
   
5. Accept: */*
   
6. Origin: https://sdftu.com
   
7. X-Requested-With: XMLHttpRequest
   
8. User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2970.0 Safari/537.36
   
9. Content-Type: application/vnd.sc-api.v1.json
   
10. Referer: https://sdftu.com/user/login
    
11. Accept-Encoding: gzip, deflate, br
    
12. Accept-Language: zh-CN,zh;q=0.8
    
13. Cookie: isLogin=true; pmode_selected_value=2; u=yjjdick; _sessionHandler=62bd4afe8d6e01c064fff4cf093fdca2358586af; order_index=index; order_cqssc=cqssc; sound=on; __utmt=1; __utma=221961050.299333369.1535695515.1535889828.1535894227.5; __utmb=221961050.8.10.1535894227; __utmc=221961050; __utmz=221961050.1535695515.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=221961050.|1=version=2.0=1
    
14. 
    
15. {"username":"yjjdick","password":"xxx","validcode":"","loginpass":"xxx","nonce":"b6799f77a363779bb12eb5f99b12c68c"}
    

复制代码

买彩票的包体

1. POST https://sdftu.com/lottery/?controller=game&action=play HTTP/1.1
   
2. Host: sdftu.com
   
3. Connection: keep-alive
   
4. Content-Length: 690
   
5. Accept: */*
   
6. Origin: https://sdftu.com
   
7. X-Requested-With: XMLHttpRequest
   
8. User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2970.0 Safari/537.36
   
9. Content-Type: application/x-www-form-urlencoded
   
10. Referer: https://sdftu.com/lottery/cqssc
    
11. Accept-Encoding: gzip, deflate, br
    
12. Accept-Language: zh-CN,zh;q=0.8
    
13. Cookie: isLogin=true; pmode_selected_value=2; u=yjjdick; _sessionHandler=62bd4afe8d6e01c064fff4cf093fdca2358586af; order_index=index; __utma=221961050.299333369.1535695515.1535889828.1535894227.5; __utmb=221961050.7.10.1535894227; __utmc=221961050; __utmz=221961050.1535695515.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=221961050.|1=version=2.0=1; order_cqssc=cqssc; sound=on; modes=3
    
14. 
    
15. lotteryid=1&curmid=50&poschoose=&flag=save&play_source=&pmode=2&lt_project_modes=3&lt_project%5B%5D=%7B'type'%3A'digital'%2C'methodid'%3A30%2C'codes'%3A'%7C%7C%7C%7C5%266%267%268%269'%2C'menuid'%3A78%2C'nums'%3A5%2C'omodel'%3A2%2C'times'%3A1%2C'money'%3A0.1%2C'mode'%3A3%2C'desc'%3A'%5B%E5%AE%9A%E4%BD%8D%E8%83%86_%E5%AE%9A%E4%BD%8D%E8%83%86%5D+%5B%E5%AE%9A%E4%BD%8D%E8%83%86_%E5%AE%9A%E4%BD%8D%E8%83%86%5D+-%2C-%2C-%2C-%2C56789'%7D&lt_trace_assert=no&lt_issue_start=20180902-093&lt_total_nums=5&lt_total_money=0.1&lt_trace_times_margin=1&lt_trace_margin=50&lt_trace_times_same=1&lt_trace_diff=1&lt_trace_times_diff=2&lt_trace_count_input=10&lt_trace_money=0&randomNum=1628&username=yjjdick
    

复制代码

代码

1. 
   
2. // TODO: 在此添加控件通知处理程序代码
   
3.         CoInitialize(NULL);
   
4.        
   
5.         HRESULT hr = pHttpReq.CreateInstance(__uuidof(WinHttpRequest));
   
6.         if (FAILED(hr)) return;
   
7.        
   
8.         hr = pHttpReq->Open(_T("POST"), _T("https://sdftu.com/api/auth/login"));
   
9.         if (FAILED(hr)) {
   
10.                 CoUninitialize();
    
11.                 return;
    
12.         }
    
13.         pHttpReq->SetRequestHeader(_T("Content-Type"), _T("application/json"));
    
14.         CString strBody;
    
15.         strBody.Format(_T("{"username":"yjjdick","password":"xxx","validcode":"","loginpass":"xxx ","nonce":"7a1721ff4b0d91ea15a289091c411443"}"));
    
16.         //
    
17.         COleVariant varBody;
    
18.         varBody = strBody;
    
19. 
    
20.         // pHttpReq->Option[WinHttpRequestOption_EnableRedirects] = VARIANT_FALSE;
    
21.         hr = pHttpReq->Send(varBody);
    
22.         if (FAILED(hr)) {
    
23.                 CoUninitialize();
    
24.                 return;
    
25.         }
    
26.        
    
27. 
    
28.         //CString strRsp = pHttpReq->ResponseText;
    
29. 
    
30.         //CString strCntBuffer;
    
31.         //Get_WinHttp_RspString(pHttpReq, strCntBuffer);
    
32. 
    
33. 
    
34.         //_bstr_t bstrAllHeader = pHttpReq->GetAllResponseHeaders();
    
35. 
    
36.         hr = pHttpReq->Open(_T("POST"), _T("https://sdftu.com/lottery/?controller=game&action=play"));
    
37.         if (FAILED(hr)) {
    
38.                 CoUninitialize();
    
39.                 return;
    
40.         }
    
41.         pHttpReq->SetRequestHeader(_T("Content-Type"), _T("application/x-www-form-urlencoded"));
    
42.         //CString cstr = _T("isLogin=true; pmode_selected_value=2; u=yjjdick; _sessionHandler=62bd4afe8d6e01c064fff4cf093fdca2358586af; order_index=index; __utma=221961050.299333369.1535695515.1535889828.1535894227.5; __utmb=221961050.7.10.1535894227; __utmc=221961050; __utmz=221961050.1535695515.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=221961050.|1=version=2.0=1; order_cqssc=cqssc; sound=on; modes=3");
    
43.         //pHttpReq->SetRequestHeader(_T("Cookie"), cstr.AllocSysString());
    
44.         CString strBody1=_T("lotteryid=1&curmid=50&poschoose=&flag=save&play_source=&pmode=2&lt_project_modes=3&lt_project%5B%5D=%7B'type'%3A'digital'%2C'methodid'%3A30%2C'codes'%3A'%7C%7C%7C%7C5%266%267%268%269'%2C'menuid'%3A78%2C'nums'%3A5%2C'omodel'%3A2%2C'times'%3A1%2C'money'%3A0.1%2C'mode'%3A3%2C'desc'%3A'%5B%E5%AE%9A%E4%BD%8D%E8%83%86_%E5%AE%9A%E4%BD%8D%E8%83%86%5D+%5B%E5%AE%9A%E4%BD%8D%E8%83%86_%E5%AE%9A%E4%BD%8D%E8%83%86%5D+-%2C-%2C-%2C-%2C56789'%7D&lt_trace_assert=no&lt_issue_start=20180902-093&lt_total_nums=5&lt_total_money=0.1&lt_trace_times_margin=1&lt_trace_margin=50&lt_trace_times_same=1&lt_trace_diff=1&lt_trace_times_diff=2&lt_trace_count_input=10&lt_trace_money=0&randomNum=4512&username=yjjdick");
    
45. 
    
46.         varBody = strBody1;
    
47. 
    
48.         hr = pHttpReq->Send(varBody);
    
49.         if (FAILED(hr)) {
    
50.                 CoUninitialize();
    
51.                 return;
    
52.         }
    
53.        
    
54.         CString strRsp1 = pHttpReq->ResponseText;
    
55.         MessageBox(strRsp1);
    
56.         //CWinHttpRequest *pHttpReq = new CWinHttpRequest();
    
57.         //BOOL bRet = pHttpReq->CreateDispatch(_T("WinHttp.WinHttpRequest.5.1"));
    
58.         //if (!bRet) return;
    
59.         //COleVariant Async = VARIANT_FALSE;
    
60.         //pHttpReq->Open(_T("GET"), _T("http://www.baidu.com"), Async);
    
61.         //pHttpReq->Send(vtMissing);
    
62.         //CString strRsp = pHttpReq->get_ResponseText();
    
63.         //MessageBox(strRsp);
    
64. 
    
65.         //pHttpReq->ReleaseDispatch();
    
66.         //delete pHttpReq;
    
67. 
    
68. 
    
69.         CoUninitialize();
    

复制代码

最后结果一直返回我长时间未登录，需要重新登录，感觉session要不没传过去，要不就是他根本不是用session传的
如果session没传过的话我之后又实验了直接去set cookie 也没用，如果不是session去验证登录状态的话，我看了包体内容也没发现类似于带了token的方式，请问这种情况怎么解决？

Syc

session 也是通过http协议中的 cookie 来进行传递的，所以应该还是楼主没设置正确。
抓包对比下浏览器的，看看你们的有什么不同？应该还是有什么 cookie 没设置上，可能需要分析 js 逻辑了。
总之，先抓包对比下浏览器的吧

yjjdick

Syc 发表于 2018-9-3 00:05
session 也是通过http协议中的 cookie 来进行传递的，所以应该还是楼主没设置正确。
抓包对比下浏览器的， ...

不知道老大还上QQ吗，我QQ给你留了言，名字叫软贱工程狮，QQ406123228，老大有空看见了能回一下吗

Syc

yjjdick 发表于 2018-9-3 09:19
不知道老大还上QQ吗，我QQ给你留了言，名字叫软贱工程狮，QQ406123228，老大有空看见了能回一下吗

已回复喽~