Contents

中国联通工单系统登录

:::tip 联通内网工单登录系统破解流程 :::

记录使用tkinter + python完成中国联通工单系统的抓取程序。使用VPN + fiddler + postman分析系统单点登录的流程。

单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一。SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统。

步骤

  1. 获取加密后的密码
  2. 获取appid,socp,tokenApi参数
  3. 获取token,soap,ltpa参数
  4. 完成认证,获取ut,pid
  5. 获取数据

流程

程序开始直接请求要抓取的数据URL,抓取失败说明未登录,走登录方法,然后重新抓取。

登录

def login():
    username = 'miaoxn3'
    password = pwd.get()
    # 如果未获取到密码,使用默认的加密密码
    if not password:
        password = '090620mxnMXN!'
    # 第一步 获取加密密码
    try:
        url0 = "http://sso.portal.unicom.local/eip_sso/rest/authentication/login"
        payload0 = 'success=http%3A//service.aiportal.unicom.local/ssoclient/ssologin%3Faction%3Dlogin&error=http%' \
                   '3A//sso.portal.unicom.local/eip_sso/aiportalLogin.html&return=http%3A//sso.portal.unicom.local/' \
                   'eip_sso/aiportalLogin.html&appid=na186&login=miaoxn3&password={}'.format(password)
        headers0 = {
            'Host': 'sso.portal.unicom.local',
            'Connection': 'keep-alive',
            'Origin': 'http://sso.portal.unicom.local',
            'Content-Type': 'application/x-www-form-urlencoded',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36',
            'Content-Type': 'application/x-www-form-urlencoded'
        }
        response = session.post(url=url0, headers=headers0, data=payload0)
        password = re_search(r'id="password" value="(.*?)"/>', response.text).group(1)
    except Exception as e:
        set_message(msg='登陆失败')
        return False
    print(password)

    # 第二步 获取appid,socp,tokenApi参数
    try:
        url1 = "http://uac.sso.chinaunicom.cn:8282/uac-sso/login"
        payload1 = 'fromAppID=20F9390D5D40ED95E552109364458DC1&success=http%3A//service.aiportal.unicom.local/ssoclient/ssologin' \
                   '%3Faction%3Dlogin&error=http%3A//sso.portal.unicom.local/eip_sso/aiportalLogin.html&return=http%3A//' \
                   'sso.portal.unicom.local/eip_sso/aiportalLogin.html&eipsuccess=http%3A//sso.portal.unicom.local%3A80/' \
                   'eip_sso/rest/authentication/portalLogin&login={}&appid=na186&password={}'.format(username, password)
        headers1 = {
            'Host': 'uac.sso.chinaunicom.cn:8282',
            'Origin': 'http://sso.portal.unicom.local',
            'Content-Type': 'application/x-www-form-urlencoded',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
            'Referer': 'http://sso.portal.unicom.local/eip_sso/rest/authentication/login',
            'Cookie': 'UC_SSO_SESSIONID_WEB=0519B25947E84F4D83FF939CFE91457A',
            'Content-Type': 'application/x-www-form-urlencoded'
        }
        response = session.post(url=url1, headers=headers1, data=payload1)
        soap = re_search(r'id="soap" value=\'(.*?)\'>', response.text).group(1)
        tokenApi = re_search(r'id="tokenApi" value="(.*?)">', response.text).group(1)
    except Exception as e:
        set_message(msg='登陆失败')
        return False

    # 第三步 获取token,soap,ltpa参数
    try:
        url2 = "http://sso.portal.unicom.local/eip_sso/rest/authentication/portalLogin"
        payload2 = 'appid=na186&error=http%3A//sso.portal.unicom.local/eip_sso/aiportalLogin.html&errorCode=0&' \
                   'errorMessage=%u64CD%u4F5C%u6210%u529F&return=http%3A//sso.portal.unicom.local/eip_sso/aiportalLogin.html&' \
                   'soap={soap}&tokenApi={tokenApi}&userId='.format(soap=soap, tokenApi=tokenApi)
        headers2 = {
            'Host': 'sso.portal.unicom.local',
            'Connection': 'keep-alive',
            'Origin': 'http://uac.sso.chinaunicom.cn:8282',
            'Content-Type': 'application/x-www-form-urlencoded',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36',
            'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
            'Referer': 'http://uac.sso.chinaunicom.cn:8282/uac-sso/login',
            'Cookie': 'JSESSIONID=CC8A69435BD9EF8060E5F43DBEB4B402; lastUid=miaoxn3; miaoxn3=hY2C5VeHiX%2FgFpM9bYQK%2Bg%3D%3D; LtpaToken=tQX78YHEEn1YBvIwIQdNNzNwQ8Sv9jiP4SReDet6rrVTfbwZ/SMsBKSL+VTC0boqM8qSZgnoRfi6veIJIWih+WySFrZAlaLmU58CgKe1WkT+kMos3jFFwr5jrCPPuDY4li2K8HVM9f1OB9mAQoselXjyw2AM3jGEeG+CdKLQh7dU7hmICoRl6OlNGJBxU1UKVwX1TqyevMX9pIwYb1ql+U7RFeVkoJYIH5ClZmezz3fYzNIckiuwlk8HxtjJyTfr3/5GJDfRRRNOgGrF/QjqQeX2LkfVm9x3FzJSSf5B3JSbyUgoOhr0EQ==; aiportalut=',
            'Content-Type': 'application/x-www-form-urlencoded',
            'Cookie': 'JSESSIONID=59703BB2816D0AE16249AD9ADE0C5F72'
        }
        response = session.post(url=url2, headers=headers2, data=payload2)
        # print(response.text)
        # token = re_search(r'name="token" value=\'(.*?)\'>', response.text, re_S).group(1)
        soap = re_search(r'name="soap" value="(.*?)">', response.text, re_S).group(1)
        ltpa = re_search(r'name="ltpa" value=\'(.*?)\';document', response.text, re_S).group(1)
        # print(token)
        # print(soap)
        # print(ltpa)
    except Exception as e:
        set_message(msg='登陆失败')
        return False

    # 第四步 完成认证,获取ut,pid
    try:
        url3 = "http://service.aiportal.unicom.local/ssoclient/ssologin?action=login"
        # payload3 = 'return=http%3A//sso.portal.unicom.local/eip_sso/aiportalLogin.html&soap={soap}&ltpa={ltpa}'.format(soap=soap, ltpa=ltpa)
        payload3 = {
            # 'return': 'http://sso.portal.unicom.local/eip_sso/aiportalLogin.html',
            'soap': soap,
            'ltpa': ltpa
        }
        headers3 = {
            'Host': 'service.aiportal.unicom.local',
            'Origin': 'http://sso.portal.unicom.local',
            'Content-Type': 'application/x-www-form-urlencoded',
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36',
            'Content-Type': 'application/x-www-form-urlencoded'
        }
        response = session.post(url=url3, headers=headers3, data=payload3)
        result = re_findall(r'pid=(.*?)&token=(.*?)&', response.text, re_S)
        global pid
        global ut
        pid = result[0][0]
        ut = result[0][1]
    except Exception as e:
        # print('3', e)
        set_message(msg='登陆失败')
        return False
    else:
        set_message(msg='登陆成功')
        set_message(msg='pid {}'.format(pid))
        set_message(msg='ut {}'.format(ut))
        return True

抓取

ut, pid是登录成功获得的参数,抓取时带上

def get_current_data():
    global page
    url = "http://service.aiportal.unicom.local/taskquery/taskpend/v1/list//0/{page}/10/all/?pendingTitle=&startTime=&endTime=&sort=DESC".format(
        page=page)
    headers = {
        'Host': 'service.aiportal.unicom.local',
        'Origin': 'http://aiportal.unicom.local',
        'Referer': 'http://aiportal.unicom.local/modules/readyto/manageIndex.html?pendingState=daiban&type=all&version=20200304',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36',
        'ut': ut,
        'pid': pid
    }
    try:
        response = session.get(url=url, headers=headers)
        data = json_loads(response.text)
    except:
        messagebox.showerror(title='无权访问', message='无权限正常访问内网!')
    else:
        ...

效果图

  • 首页列表 https://gitee.com/chen-zq/bgimages/raw/master/img/20200909172927.png?imgslim
  • 详情页 https://gitee.com/chen-zq/bgimages/raw/master/img/20200909173221.png?imgslim
  • 数据导出 https://gitee.com/chen-zq/bgimages/raw/master/img/20200909172741.png?imgslim