1。首先调用:http://ptlogin2.qq.com/check?appid=1002101&uin=qq号码&js_ver=10034&js_type=0&login_sig=g3W6wI0s*Da9mp6xHYdgm7iP-D7LBMId01umPiT0WTQQShsmCdWxgBD8vtI6Gltq&u1=http%3A%2F%2Fweb.qq.com%2Fmain.shtml%3Fdirect_13_13&r=
获取该qq号码验证码之类的信息。看返回结果决定是不是要输入验证码登陆。
如果返回:ptui_checkVC('1','95ab7db15e5ab17f50f25d33598259e83ccc098c4af2f8a4');需要输入验证码,这里需要记住这个长字符串(获取验证码图片用)以及cookie2。开始登陆,在登陆之前,需要将密码进行hash,hash方法很复杂,但是研究其登录js文件,发现:
function getSubmitUrl(K) { var E = true; var C = document.forms[0]; var A = (pt.isHttps ? "https://ssl.": "http://") + "ptlogin2." + g_domain + "/" + K + "?"; var B = document.getElementById("login2qq"); if (pt.regmaster == 2) { A = "http://ptlogin2.function.qq.com/" + K + "?regmaster=2&" } else { if (pt.regmaster == 3) { A = "http://ptlogin2.crm2.qq.com/" + K + "?regmaster=3&" } } for (var J = 0; J < C.length; J++) { if (K == "ptqrlogin" && (C[J].name == "u" || C[J].name == "p" || C[J].name == "verifycode" || C[J].name == "h")) { continue } if (C[J].name == "ipFlag" && !C[J].checked) { A += C[J].name + "=-1&"; continue } if (C[J].name == "fp" || C[J].type == "submit") { continue } if (C[J].name == "ptredirect") { g_ptredirect = C[J].value } if (C[J].name == "low_login_enable" && (!C[J].checked)) { E = false; continue } if (C[J].name == "low_login_hour" && (!E)) { continue } if (C[J].name == "webqq_type" && !B && (!C[J].checked)) { continue } A += C[J].name; A += "="; if (C[J].name == "u" && pt.needAt) { A += pt.needAt + "&"; continue } if (C[J].name == "p") { var M = C.p.value; var I = hexchar2bin(md5(M)); var H = md5(I + pt.uin); var G = md5(H + C.verifycode.value.toUpperCase()); A += G } else { if (C[J].name == "u1" || C[J].name == "ep") { var D = C[J].value; var L = ""; if (g_appid == "1003903" && B) { L = /\?/g.test(D) ? "&": "?"; var F = document.getElementById("webqq_type").value; L += "login2qq=" + B.value + "&webqq_type=" + F } A += encodeURIComponent(D + L) } else { A += C[J].value } } A += "&" } A += "fp=loginerroralert&action=" + pt.action.join("-") + "-" + (new Date() - g_begTime) + "&mibao_css=" + pt.mibao_css + "&t=" + pt.submitN[pt.uin] + "&g=1"; A += "&js_type=" + pt.js_type + "&js_ver=" + window.g_pt_version + "&login_sig=" + window.g_login_sig; return A }其中的:
if (C[J].name == "p") { var M = C.p.value; var I = hexchar2bin(md5(M)); var H = md5(I + pt.uin); var G = md5(H + C.verifycode.value.toUpperCase()); A += G便是其hash方法,研究发现其md5与python md5是一致的(对于c#貌似两者计算的md5有区别)
对于hexchar2bin函数,可以使用参考其js代码写出相应的python版本:
def hexchar2bin(self,str): arr = [] for i in range(0, len(str) , 2): arr.append("\\x" + str[i:i+2]) arr="".join(arr) exec("temp = '" + arr + "'"); return temp3、正式登录:
url = self.scheme + "ptlogin2.qq.com/login?u=" + self.qq + "&p=" + p + "&verifycode=" + VERIFYCODE + "&webqq_type=1&remember_uin=1&aid=1002101&u1=http%3A%2F%2Fweb.qq.com%2Fmain.shtml%3Fdirect_13_13&h=1&ptredirect=1&ptlang=2052&from_ui=1&pttype=1&dumy=&fp=loginerroralert&action=7-31-419619&mibao_css=&t=2&g=1&js_type=0&js_ver=10034"
登陆成功后,要记住返回的cookie值(其中的ptwebqq在之后需要使用)
正式登录web QQ:
url = 'http://d.web2.qq.com/channel/login2' header={'Referer':'http://d.web2.qq.com/proxy.html?v=20110331002&callback=1&id=2'}POST的data包含:ptwebqq,clientid等参数