获取MSN(HOTMAIL)邮箱好友同步更新版2011-8
本帖最后由 hudie631489527 于 2011-08-25 09:01:51 编辑 去年做的MSN(HOTMAIL), gmail, yahoo三个模拟登录,现在MSN已经失效了
在CSDN论坛关注的朋友比较多,工作上也需要这个,所以再次拿起HTTP分析工具一窥究竟
这次分析发现,MSN让人哭笑不得,他们在最后一步登录时,对COOKIE有检测,检测COOKIE是在正常不过的
只是他这次检测多余的COOKIE,如果有多余的COOKIE就直接将俺请出,无奈之下,只能在最后一步按他们的要求来筛选他们需要的COOKIE
好了,上代码了(基本上跟上次是差不多的,只是中间多了一个COOKIE的筛选)
我的博客:www.onlypo.com
<?php
define( "COOKIEJAR", tempnam( ini_get( "upload_tmp_dir" ), "cookie" ) ); //定义COOKIES存放的路径,要有操作的权限
define( "TIMEOUT", 1000 ); //超时设定
error_reporting(E_ALL);
class MSN
{
function getAddressList($username, $password)
{
//第一步:模拟抓取登入页面的数据,并记下cookies
$cookies = array();
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_URL, "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=".time()."&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2052&id=64855&mkt=zh-cn&cbcxt=mail&snsc=1");
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$str = curl_exec($ch);
curl_close($ch);
//数据文件 模拟JS生成的cookie
$CkTst = 'G'.time() * 1000;
$wlidperf = "throughput=3&latency=948&FR=L&ST=".(time() * 1000 + 1254);
$fp = fopen(COOKIEJAR, "a+");
$str_new = "login.live.com\tTRUE\t/\tFALSE\t0\tCkTst\t$CkTst\r\n";
$str_new .= "login.live.com\tTRUE\t/\tFALSE\t0\twlidperf\t$wlidperf\r\n";
fwrite($fp,$str_new);
fclose($fp);
//参数的分析
$matches = array();
preg_match('/<input\s*type="hidden"\s*name="PPFT"\s*id="(.*?)"\s*value="(.*?)"\s*\/>/i', $str, $matches);
$PPFT = $matches[2];
$type = 11;
$LoginOptions = 3;
$Newuser = 1;
$idsbho = 1;
$i2 = 1;
$i12 = 1;
$i3 = '562390';
$i14 = '868';
$i15 = '1338';
$PPSX = 'Pa';
//合并参数
$postfiles = "login=".$username."&passwd=".$password."&type=".$type."&LoginOptions=".$LoginOptions."&Newuser=".$Newuser."&idsbho=".$idsbho."&i2=".$i2."&i3=".$i3."&PPFT=".$PPFT."&PPSX=".$PPSX."&i12=1&i14=$i14&i15=$i15";
//第二步:开始登入
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR);
curl_setopt($ch, CURLOPT_URL, 'https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=11&ct='.(time()+5).'&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2052&id=64855&mkt=zh-cn&cbcxt=mail&snsc=1&bk='.(time()+715)); //此处的两个time()是为了模拟随机的时间
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postfiles);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$content = curl_exec($ch);
curl_close($ch);
if( stripos($content,'WLWorkflow') !== FALSE ) { //WLWorkflow登入页面JS
return false; //登入失败
}
//获取location链接
$matches = array();
preg_match('/window.location.replace\(\"(.*?)\"\)/i', $content, $matches);
$url_contiune_1 = $matches[1]; //接下来的链接
if(!$url_contiune_1) {
return false;
}
//除去多余的COOKIE
$arr_new = file(COOKIEJAR);
$str_new = '';
$need_arr = array(0,1,2,3,7,9,13,15,16,17,18,21,22);
foreach($arr_new as $k => $v) {
if(in_array($k, $need_arr))
$str_new .= "$v";
}
$fp = fopen(COOKIEJAR, "w+");
fwrite($fp,$str_new);
fclose($fp);
//第三步: 进入引导页面
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR);
curl_setopt($ch, CURLOPT_URL, $url_contiune_1);
curl_setopt($ch, CURLOPT_COOKIEJAR, COOKIEJAR);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$content_2 = curl_exec($ch);
//echo $postfiles;
curl_close($ch);
//获取redicturl链接
$matches = array();
preg_match('/<a\s*href=\"(.*?)\"\s*>/i', $content_2, $matches);
$url_contiune_2 = $matches[1]; //接下来的链接
if(!$url_contiune_2) {
return false;
}
//获取邮箱请求基址 读取host
$matches = array();
preg_match('/(.*?)\/\/(.*?)\/(.*?)/i', $url_contiune_2, $matches);
$url_contiune_3 = trim($matches[1]).'//'.trim($matches[2]); //首页定义的站点基址
$url_4 = $url_contiune_3.'/mail/ContactMainLight.aspx?n=435707983'; //n后面的数字是随机数
if(!$url_contiune_3) {
return false;
}
//第四步: 开始获取邮箱联系人
//base $url_4
$ch = curl_init();
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIEJAR);
curl_setopt($ch, CURLOPT_URL, $url_4);
curl_setopt($ch, CURLOPT_TIMEOUT, TIMEOUT);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$str = curl_exec($ch);
curl_close($ch);
//分析数据 (此处的数据因为hotmail的JS处理机制,所以在页面上看不出来,源码上可以看到数据)
return $this->hanlde_date($str);
}
function hanlde_date($data) {
$new_str = array();
if(!empty($data)) {
$ops_start = stripos($data,'ic_control_data');
$ops_end = stripos($data,';',$ops_start);
$new_str = substr($data, $ops_start + strlen('ic_control_data = '), $ops_end - $ops_start - strlen('ic_control_data = ') );
return $new_str; //返回JSON对象
} else {
return array();
}
}
}
$msn = new MSN();
$res = $msn->getAddressList('usrname@hotmail.com','111111');
?>
<script>
var resCont = <?php echo $res;?>
alert(resCont['ic1'][3]); //打印名字
</script>
[解决办法]
不好意思,那天我拿了一个没有联系人的账号测试来着,账号多记混了。不过还是想说一下自己的一地想法,感觉hotmail获取的联系人信息不好抓取,json对象的标记全都是数字,一个用户的相关信息从0排到20,icn(n是数字,2就表示第二个联系人),ic2[3、6]分别表示名和邮箱,哪天一高兴7就改成邮箱了。看了好久才知道那个是表示用户名,邮箱。而且只显示主要邮箱,一般联系人的邮箱可能会有很多,比如个人、公司等,电话信息也都没有,最主要microsoft人多(不像国内网易、qq邮箱等),一段时间就闲的蛋疼该一下登录方式,一旦改了就又不好使了。所以我觉得大公司的邮箱最好用API来进行登录,gmail和hotmail我都是用的他们提供的API来登录,一直都非常稳定,国内的邮箱curl还可以。仅仅个人观点,有错的地方别喷哈,可以讨论。