我想做一个支付宝自动支付的程序,我用PHP的pfsockopen的方式将我登陆支付宝时产生的cookie写入进去,从而绕开了登陆界面,以合法的身份进入支付宝的个人帐户管理界面,下面就是通过抓取HTTP的包获取的cookie
Cookie: flag=20080826; ali_apache_id=172.17.198.20.1222221718826.2; iw.userid=K1iSL1mlXoyit02EYD3TAC==; alipay=K1iSL1mlXoyit02EYD3TAPTABchpjYIzrK5Nhv5o6/Q0fcFL8ptHdL==; ali_apache_sid=172.17.198.18.1222393963296.8|1222396011; JSESSIONID=C927A020318D61A58F49F1F6290AF0CB; ali_apache_tracktmp=uid=2088002048459523
其中“ali_apache_sid”是动态的,每发送一次请求都会产生一个新的cookie,我把最后一次请求所产生的COOKIE拿下来,写入了数据流,没有得到正确的数据,页面出现了
HTTP/1.1 302 Moved Temporarily Date: Fri, 26 Sep 2008 06:23:22 GMT Server: Apache Set-Cookie: ali_apache_sid=172.17.198.18.1222410202258.0|1222412002; path=/; domain=.alipay.com Set-Cookie: JSESSIONID=752E4FE3AAE53DA75911C9ECBBB44081; Path=/ Set-Cookie: ali_apache_tracktmp=uid=; Domain=www.alipay.com; Path=/ Location: https://www.alipay.com/user/login.htm?goto=https%3A%2F%2Fwww.alipay.com%2Fuser%2Faccount_balance.htm Content-Language: zh-CN Vary: Accept-Encoding Content-Encoding: gzip Cache-Control: max-age=0,no-cache Expires: Thu, 05 Jan 1995 22:00:00 GMT Pragma: no-cache Keep-Alive: timeout=360, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html;charset=GBK
我百思不得其解,支付究竟用的是什么验证机制,我把我的代码搬出来,大家帮帮忙吧,分数虽少,够用就行!
function get_cookie($body){
$data = $body;
preg_match_all ("/Set-Cookie: (.+?)=(.+?);/", $data, $_matches,PREG_SET_ORDER);
$tmp=array();
for($i=0;$i<count($_matches);$i++){
$tmp[]=$_matches[$i][1]."=".$_matches[$i][2];
}
$cookie=implode(';',$tmp);
return $cookie;
}
function GetWebContent($host, $method, $str, $sessid = '')
{
$ip = gethostbyname($host);
$fp = fsockopen("ssl://".$ip, 443);
if (!$fp) {
echo "$errstr ($errno)<br/>\n";
echo $fp;
return;
}
fputs($fp, "$method\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp,"Referer: https://www.alipay.com/user/account_balance.htm\r\n");
fputs($fp,"Accept-Language: ja\r\n");
fputs($fp,"Accept-Encoding: gzip, deflate\r\n");
fputs($fp,"Cookie: flag=20080826; ali_apache_id=172.17.198.20.1222221718826.2; iw.userid=K1iSL1mlXoyit02EYD3TAA==; alipay=K1iSL1mlXoyit02EYD3TAPTABchpjYIzrK5Nhv5o6/Q0fcFL8ptHdL==; ali_apache_sid=172.17.198.18.1222393963296.8|1222396011; JSESSIONID=C927A020318D61A58F49F1F6290AF0CB; ali_apache_tracktmp=uid=2088002048459523\r\n");
fputs($fp, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\r\n");
if (!empty($sessid))
{
fputs($fp, "Cookie: $sessid;\r\n");
}
if ( substr(trim($method),0, 4) == "POST")
{
fputs($fp, "Content-Length: ". strlen($str) . "\r\n");
}
if ( substr(trim($method),0, 4) == "POST")
{
fputs($fp, $str."\r\n");
}
fputs($fp, "Connection: close\r\n\r\n");
while(!feof($fp))
{
$response .= fgets($fp, 1024);
}
echo $response;
$a['cookie']=get_cookie($response);
fclose($fp);
return $a;
}
$response = GetWebContent("www.alipay.com","GET /user/account_balance.htm HTTP/1.1", "")
Cookie: flag=20080826; ali_apache_id=172.17.198.20.1222221718826.2; iw.userid=K1iSL1mlXoyit02EYD3TAC==; alipay=K1iSL1mlXoyit02EYD3TAPTABchpjYIzrK5Nhv5o6/Q0fcFL8ptHdL==; ali_apache_sid=172.17.198.18.1222393963296.8|1222396011; JSESSIONID=C927A020318D61A58F49F1F6290AF0CB; ali_apache_tracktmp=uid=2088002048459523
其中“ali_apache_sid”是动态的,每发送一次请求都会产生一个新的cookie,我把最后一次请求所产生的COOKIE拿下来,写入了数据流,没有得到正确的数据,页面出现了
HTTP/1.1 302 Moved Temporarily Date: Fri, 26 Sep 2008 06:23:22 GMT Server: Apache Set-Cookie: ali_apache_sid=172.17.198.18.1222410202258.0|1222412002; path=/; domain=.alipay.com Set-Cookie: JSESSIONID=752E4FE3AAE53DA75911C9ECBBB44081; Path=/ Set-Cookie: ali_apache_tracktmp=uid=; Domain=www.alipay.com; Path=/ Location: https://www.alipay.com/user/login.htm?goto=https%3A%2F%2Fwww.alipay.com%2Fuser%2Faccount_balance.htm Content-Language: zh-CN Vary: Accept-Encoding Content-Encoding: gzip Cache-Control: max-age=0,no-cache Expires: Thu, 05 Jan 1995 22:00:00 GMT Pragma: no-cache Keep-Alive: timeout=360, max=98 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html;charset=GBK
我百思不得其解,支付究竟用的是什么验证机制,我把我的代码搬出来,大家帮帮忙吧,分数虽少,够用就行!
function get_cookie($body){
$data = $body;
preg_match_all ("/Set-Cookie: (.+?)=(.+?);/", $data, $_matches,PREG_SET_ORDER);
$tmp=array();
for($i=0;$i<count($_matches);$i++){
$tmp[]=$_matches[$i][1]."=".$_matches[$i][2];
}
$cookie=implode(';',$tmp);
return $cookie;
}
function GetWebContent($host, $method, $str, $sessid = '')
{
$ip = gethostbyname($host);
$fp = fsockopen("ssl://".$ip, 443);
if (!$fp) {
echo "$errstr ($errno)<br/>\n";
echo $fp;
return;
}
fputs($fp, "$method\r\n");
fputs($fp, "Host: $host\r\n");
fputs($fp,"Referer: https://www.alipay.com/user/account_balance.htm\r\n");
fputs($fp,"Accept-Language: ja\r\n");
fputs($fp,"Accept-Encoding: gzip, deflate\r\n");
fputs($fp,"Cookie: flag=20080826; ali_apache_id=172.17.198.20.1222221718826.2; iw.userid=K1iSL1mlXoyit02EYD3TAA==; alipay=K1iSL1mlXoyit02EYD3TAPTABchpjYIzrK5Nhv5o6/Q0fcFL8ptHdL==; ali_apache_sid=172.17.198.18.1222393963296.8|1222396011; JSESSIONID=C927A020318D61A58F49F1F6290AF0CB; ali_apache_tracktmp=uid=2088002048459523\r\n");
fputs($fp, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)\r\n");
if (!empty($sessid))
{
fputs($fp, "Cookie: $sessid;\r\n");
}
if ( substr(trim($method),0, 4) == "POST")
{
fputs($fp, "Content-Length: ". strlen($str) . "\r\n");
}
if ( substr(trim($method),0, 4) == "POST")
{
fputs($fp, $str."\r\n");
}
fputs($fp, "Connection: close\r\n\r\n");
while(!feof($fp))
{
$response .= fgets($fp, 1024);
}
echo $response;
$a['cookie']=get_cookie($response);
fclose($fp);
return $a;
}
$response = GetWebContent("www.alipay.com","GET /user/account_balance.htm HTTP/1.1", "")
解决方案 »
- <select>数据传递的问题
- 装上zend studio,系统进程多了好多。。进来看看图...
- 不是说安装zend optimizer 速度能提上去嘛?
- PHP处理网页表单GET和POST方法
- 请问如何得到上周星期一和星期天的日期呀
- 将查询结果作为变量咋弄?
- 求:php+mysql 生成心理测试问卷的前后台源码
- 特菜的问题:怎么用php编译程序
- 我所知道的一个人,那可能是真正的高手吧
- php tp5 提交form表单
- PHP DOM XML 错误 'DOMException' with message 'Not Found Error'
- 為什么在ie運行正常,在fixfox運行出錯呢?evt is undefined
参考支付宝接口文档 http://club.alipay.com/show_thread-117---6241351-.htm
楼主发送的内容需要做 安全套接层 的处理吧
那个https可不是白写的
这里打开的模式已经是安全套接层了,我之前用的是腾讯的拍拍做的试验,已经成功了。支付宝一定还存在其他的验证机制。
那楼主为啥要抓http包获取cookie
而不是从登录就开始程序实现呢,程序获取cookie,然后在发送
是怕那个验证码么?