Simulating a Landing on Weibo: A Step-by-Step Guide

Web Technologies
1

Simulating a Landing on Weibo: A Step-by-Step Guide

Recent studies have highlighted the importance of microblogging platforms, leading to the development of simulated landing techniques. In this article, we will delve into the implementation of a Python microblogging simulated landing, providing a detailed analysis of the process and code involved.

Normal Account Login

To begin, we will examine the normal account login process, specifically focusing on the requests made to the server. Using an Http Analyzer packet capture tool (such as Filders), we can see the server’s response to a user’s input.

Pre-Landing Process

The pre-landing process involves encoding or encryption of user data. When a user enters their username, the server returns a string that can be captured using a packet capture tool. This step is the pre-landing process, and students can try it themselves.

Required Fields for Landing

During the landing process, the server requires the following fields:

  • servertime
  • nonce
  • pubkey

These fields are not simply guessed, but rather obtained through a series of steps that will be explained in detail.

Pre-Landing URL

The pre-landing URL is obtained by base64 encoding the su username. However, the question remains: how did we obtain this value? This will be addressed later in the article.

First JS Request

The first JS request is made to http://i.sso.sina.com.cn/js/ssologin.js. Students can see the point of this request by examining the code, which involves encrypting user names and passwords.

Encryption of User Names and Passwords

The encryption of user names and passwords involves a series of steps, including:

  1. Capturing the encrypted file using a packet capture tool.
  2. Opening the encrypted file and searching for the nonce, servertime, and rsakey data.
  3. Using the username and password fields to construct the encrypted values su and sp.
  4. Using the servertime and nonce fields to construct the encrypted values servertime and nonce.

RSA Encryption

The encryption process involves RSA encryption, which can be seen by examining the code. Python has a corresponding RSA encryption library available, but we will assume that we did not see it or do not know how to use it.

Simulated Landing Scenarios

There are three simulated landing scenarios:

  1. The simplest violence, which involves directly converting the source JS code to Python and simulating the encryption process.
  2. The use of Selenium + PhantomJS/programs to directly simulate human operation and fill out a form to submit data.
  3. The use of pyv8/pyexecjs to render JS code.

Encrypted Passwords

To test our guess, we can bring our own user name and password to the encrypted file and see if it matches the expected output. We can define a function to handle the encryption process and use it to test our guess.

PhantomJS

PhantomJS is a non-ui browser that natively supports navigator and window attributes. We can use PhantomJS as a runtime environment to run the encrypted file and see the results.

PyexecJS

PyexecJS is a Python library that allows us to execute JS code. We can use PyexecJS to render the JS code and see the results.

Successful Landing

The final step involves using the get method to obtain the request URL, which will undergo a redirect and return the login information. This marks the successful landing.

Conclusion

Simulating a landing on Weibo requires a deep understanding of the encryption process and the use of various tools and libraries. By following this step-by-step guide, students can gain a better understanding of the process and implement their own simulated landing techniques.

Code

Here is the code used in this article:

import base64
import rsa
from pyexecjs import execute_js

# Define the function to handle encrypted passwords
def handle_encrypted_passwords(username, password):
    # Encrypt the username and password
    encrypted_username = rsa.encrypt(username.encode(), rsa.PublicKey.load_pkcs1())
    encrypted_password = rsa.encrypt(password.encode(), rsa.PublicKey.load_pkcs1())

    # Return the encrypted values
    return encrypted_username, encrypted_password

# Test the function
username = "your_username"
password = "your_password"
encrypted_username, encrypted_password = handle_encrypted_passwords(username, password)

# Print the encrypted values
print(encrypted_username)
print(encrypted_password)

Note: This code is for illustration purposes only and should not be used in production.