一、准备工作:
1、本机环境:Windows XP SP3、ADSL 10M光纤
2、开发工具:WildPackets OmniPeek V5.1.4
Visual C++ 6.0
FlexEdit V2.3.1871 (临时保持文本)
3、网页程序: LBS Version 2.0.313
二、分析数据包:
1、打开LBS V2.0.313博客程序,可以看到如下评论处(先找找没有验证码的吧!)
2、设置OmniPeek 过滤类型:
3、点击开始抓包后,先手动评论一次即可捕获到数据包,有用的实际只有如下红色两条:
4、 实际原始数据包内容:
5、被OmniPeek解析后,查看如下内容:
6、只看前三个与后三个字段,我们可以分析得到,该评论实际上就是
POST /blog/comment/asp?act=save&logid=3567 HTTP/1.1
e_ubb=true&e_autourl=true&e_smilies=true&comm_username=%E5%A4%A9%E4%BD%
BF&comm_password=&message=www.******.net.cn
分析完毕,于是就开始准备用SOCKET套接字POST数据包啦!
/************************************************************************/
/* 利用SOCKET套接字,实现自动POST表单及评论留言
/*
/* by Koma 2009.9.6 0:30
/* http://blog.csdn.net/wangningyu
/************************************************************************/
#include "stdafx.h"
#include "stdio.h"
#include "winsock2.h"
#pragma comment(lib,"ws2_32.lib")
int main(int argc, char* argv[])
{
SOCKADDR_IN saServer;
LPHOSTENT lphostent;
WSADATA wsadata;
SOCKET hsocket;
int nRet;
char* host_name="www.******.com";
char* req=
"POST /blog/comment.asp?act=save&logid=3560 HTTP/1.0\r\n"
"Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/QVOD, application/QVOD, */*\r\n"
"Referer: http://www.******.com/blog/article.asp?id=3560\r\n"
"Accept-Language: zh-cn\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Accept-Encoding: gzip, deflate\r\n"
"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; POTU(RR:28031409:0:5497353); SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; CIBA)\r\n"
"Host: www.******.com\r\n"
"Content-Length: 114\r\n"
"Connection: Keep-Alive\r\n"
"Cookie: babyhashkey=; babyuserid=; ASPSESSIONIDACBRSQBC=AFHPMPGBBCGPDDDNEDKGJHEJ\r\n\r\n"
"e_ubb=true&e_autourl=true&e_smilies=true&comm_username=%E5%A4%A9%E4%BD%BF&comm_password=&message=www.******.net.cn";
// 初始化套接字
if(WSAStartup(MAKEWORD(2,2),&wsadata))
printf("初始化SOCKET出错!");
lphostent=gethostbyname(host_name);
if(lphostent==NULL)
printf("lphostent为空!");
hsocket = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
saServer.sin_family = AF_INET;
saServer.sin_port = htons(80);
saServer.sin_addr = *((LPIN_ADDR)*lphostent->h_addr_list);
// 利用SOCKET连接
nRet = connect(hsocket,(LPSOCKADDR)&saServer,sizeof(SOCKADDR_IN));
if(nRet == SOCKET_ERROR)
{
printf("建立连接时出错!");
closesocket(hsocket);
return 0;
}
// 利用SOCKET发送
nRet = send(hsocket,req,strlen(req),0);
if(nRet==SOCKET_ERROR)
{
printf("发送数据包时出错!");
closesocket(hsocket);
}
char Dest[3000];
nRet=1;
while(nRet>0)
{
// 接收返回数据包
nRet=recv(hsocket,(LPSTR)Dest,sizeof(Dest),0);
if(nRet>0)
Dest[nRet]=0;
else
Dest[0]=0;
// 显示返回数据包的大小、内容
printf("\nReceived bytes:%d\n",nRet);
printf("Result:\n%s",Dest);
}
return 0;
}
