用wget实现cookie欺骗

用wget实现cookie欺骗

1. 分析登录界面的html代码
页面在 http://bbs.linuxeden.com/
<form. id="loginform" method="post" name="login" action="logging.php?action=login&amp;loginsubmit=true">
      <input type="hidden" name="formhash" value="45fab143" />
      <input type="hidden" name="cookietime" value="2592000" />
      <input type="hidden" name="loginfield" value="username" />
      <input type="text" id="username" name="username" size="15" maxlength="40" tabindex="1" value="用户名" nclick="this.value = ‘‘" />
      <input type="password" id="password" name="password" size="10" tabindex="2" nkeypress="if((event.keyCode ? event.keyCode : event.charCode) == 13) $(‘loginform‘).submit()" />
      <button name="userlogin" type="submit" value="true">登录</button>
</form>

2. 获得cookie
$ wget --post-data="username=c-aries&password=密码不告诉你" --save-cookies=cookie --keep-session-cookies "http://bbs.linuxeden.com/logging.php?action=login&loginsubmit=true"
 
3. 验证登录成功
$ grep "c-aries" logging.php\?action\=login\&loginsubmit\=true | iconv -f gbk -t utf-8
                                                            <cite><a class="dropmenu" id="viewpro" nmouseover="showMenu(this.id)">c-aries</a></cite>
                                             <p>欢迎您回来，c-aries。现在将转入登录前页面。 <script. type="text/javascript" src="http://blog.linuxeden.com/api/uc.php?time=1256145729&code=3e38P7X9b27U9nQJww7e1ElcCyAzq4hDonc6EPuvh2YJuYqoWzUfFgDz1JYzQ9ukp%2FUmDCutMldepLzKZx0kAk%2B9oRW0kUFZpYYXEuBKU8ViTxTOFFxPRDzlvjwMEoY9y7%2F7GGWoD5%2BgRQWUSCJlprX8OT1V8bIJMj6%2Bk4avBbE5bQ" reload="1"></script><script. type="text/javascript" src="http://www.linuxeden.com/api/uc.php?time=1256145729&code=d10c1TJ78cXAgwCG%2FqxNcOx0jQ6D28pJVZAK1TWlg%2F6rA5u7q1umj7qJBcRFsBMJm0G2%2BKKvHdywyln3st%2BF0fdk%2BZkm5CvJMO96PM2qgj0hUmEWLyh36QuK4N6pXIAMPrA7t7zA%2Bga8nY9%2Fm3h%2BbGxu2fLBwU5Y1pfquaL%2Bugp9qQ" reload="1"></script><script. type="text/javascript" src="http://www.linuxeden.com/shop262/api/uc.php?time=1256145729&code=189bKZ7YjDwgJbwzrsVeoP1%2FS0xJffhnsISJhfSgRAv2x%2BSDXawMqosAbmKgloQQLeqSXlDLxYPQGnn%2F%2BlRjb1xEGQsPzxSL0suJGgKx1aFODwOGIsuskusFlXcGL5zTeQSXLU7vEAwyl2MREmEhfaKVbVWQebSCDywBo%2Fq9042clQ" reload="1"></script> <script>setTimeout("window.location.href =‘index.php‘;", 3000);</script></p>
$

4. 用cookie进行帐户登录后的爬虫
$ wget -r -x --load-cookies=cookie --keep-session-cookies "http://bbs.linuxeden.com/forum-89-1.html"

后记：
这个方法是在wget的邮件列表发现的