httpclient怎样自动登陆__VIEWSTATE验证的系统
我在做取一个网站的内容时,知道用户名和密码,用户httpclient自动登陆,但对方是__VIEWSTATE验证,怎样破解?
付上ieHTTPHeaders取到的信息:
POST /PersonLogin.aspx?jtr=950193440&jtrr=824786467 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://127.0.0.1/PersonLogin.aspx?jtr=950193440&jtrr=824786467
Accept-Language: zh-cn
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 127.0.0.1
Content-Length: 258
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: JTCookieID=52c5be77-5c65-4403-a620-a0dc75c446f8; UserTracker=uid=dc186c6c-7729-4a7e-9df3-53767f17d89e&initFrom=http://127.0.0.1/redir.htm?t=t&curPage=%2findex.htm%3fjtr%3d330233109%26jtrr%3d; JTSessionID=21c5cdde-b89d-4d95-b4e3-c35f60d28358; JTSessionFrom=; SessionTracker=sessionID=94c3a0d7-e785-42bb-9a18-229031b37f13&fromUrl=http://127.0.0.1/redir.htm?t=t&curPage=%2fPersonIndex.aspx%3fjtr%3d824786467%26jtrr%3d
__EVENTTARGET=btnLogon&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTkxNzExODcwOGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFCmNiUmVtZW1iZXIZJBZ%2F0mskvF7ey7qCe7imK%2B87Mg%3D%3D&tbUserName=kingseo@163.com&tbPassword=123456&hidRnd=623532004&hidRRnd=950193440
HTTP/1.0 302 Moved Temporarily
Date: Wed, 21 May 2008 06:18:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: /PersonIndex.aspx
Set-Cookie: loginname=; expires=Sun, 20-May-2007 16:00:00 GMT; path=/
Set-Cookie: .LOCALHOST_AUTH=1115C9845B54D00629786654CE4B598A40D65CA2383EB7A0AEFC8654DAF6298AB0B2D711F0ADF8A3A0439335B4638EC3908363630659FE1804F7BE00E04997F7CE4237D9A1F65FF762210CA64AFF41ACD54A7767988A88C3; path=/; HttpOnly
Set-Cookie: user=UserID=400000009367213&SeekerId=400000009367213&UserName=kingseo%40163.com&NickName=&Email=kingseo%40163.com&Role=%3banonymous%3b&LoginStatus=HasLogin&OrgPath=&LoginSessionGuid=d55484b4-8510-4e40-a217-ee6e037936a7&Lang=zh-cn&DisplayDate=; domain=127.0.0.1; path=/
Set-Cookie: user_last_login=2008-5-20 15:34:16; path=/
Set-Cookie: ImportResumes=; domain=127.0.0.1; expires=Tue, 20-May-2008 06:18:25 GMT; path=/
Set-Cookie: KAVIPRoles=; domain=127.0.0.1; expires=Tue, 20-May-2008 06:18:25 GMT; path=/
Set-Cookie: KAVIPRoles=; domain=127.0.0.1; expires=Tue, 20-May-2008 06:18:25 GMT; path=/
Set-Cookie: dd_change_finish=true; path=/
Set-Cookie: KAVIPRoles=89BF0A4BB34BD815BD759C6CE3DB3E4E33469E7A05143E1984404ED5C15C7DC53F58C6A4AFA6681CED3BE93E442CDD8D86740AE3A2D8FF33E7FC233881676179; domain=127.0.0.1; path=/
Cache-Control: private
Content-Type: text/html; charset=gb2312
Content-Length: 128
X-Cache: MISS from gw01
Via: 1.0 gw01:3128 (squid/2.6.STABLE16)
Connection: close
GET /PersonIndex.aspx HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://127.0.0.1/PersonLogin.aspx?jtr=950193440&jtrr=824786467
------解决方案--------------------那你就把 那个传过去啊!
我看到一般的表单,只要你传一个空的VIEWSTATE 过去都行,不过必须得有。
------解决方案--------------------asp.net自动生成的,估计是保存页面状态的吧,传过去就可以了
------解决方案--------------------