1

我正在尝试模拟人类对受 SSO 保护的某个 Oracle Fusion 应用程序的日志记录。

所以我的第一直觉是做一些表单抓取来实现这一点,保存cookie然后发送它们,但是,我似乎在途中的某个地方被拒绝了。

我对如何使用篡改数据完成登录过程进行了一些分析,到目前为止,我认为一切顺利(我正在发送所有正确的 cookie 和大多数标题)所以我不知道我是什么米失踪。

请指教

这是我的代码:

//first I do a request to my report on OBIEE
java.net.URL u = new URL(null, "https://happyhost.domain/analytics/saw.dll?Go&Path=OpportunitiesReport&format=XML&jsonDataFormat=rowset&ViewName=tableView!1&rowsPerPage=9999999999&SyncOperation=1",new sun.net.www.protocol.https.Handler());
    URLConnection uc = u.openConnection();
    HttpsURLConnection connection = (HttpsURLConnection)uc;
    connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0");
    connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
    connection.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
    connection.setRequestProperty("Accept-Decoding", "gzip, deflate");

//read the response
BufferedReader in = new BufferedReader(new InputStreamReader(uc.getInputStream()));

//save the cookies to a HashMap (that's what the HttpCookies class is)
String headerName=null;
for (int i=1; (headerName = uc.getHeaderFieldKey(i))!=null; i++) {
        if (headerName.equals("Set-Cookie")) {
        HttpCookies.addCookieFromHeader(uc.getHeaderField(i));
    }
    System.out.println(headerName +": "+uc.getHeaderField(i)+"\n");
}

System.out.println("Sending the following cookies: "+HttpCookies.getCookiesString());
result = result + "Sending the following cookies: "+HttpCookies.getCookiesString()+"\n";

String fetchedContent = "";
String inputLine;
while ((inputLine = in.readLine()) != null) {
    fetchedContent = fetchedContent + inputLine;
}

System.out.println(fetchedContent);
result = result + "we downloaded"+ fetchedContent + "\n";

in.close();

String txt = fetchedContent;

HashMap<String,String> parametersMap = new HashMap<String,String>();

String re1="(<)";   // Any Single Character 1
String re2="(input)";       // Word 1
String re3="(.*?)";   // Non-greedy match on filler
String re11="(>)";  // Any Single Character 4

Pattern p = Pattern.compile(re1+re2+re3+re11,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
Matcher m = p.matcher(txt);

String parameters = "";

while (m.find())
{
    String c1=m.group(3);

    String re4="(name)";       // Word 3
    String re5="(=)";   // Any Single Character 3
    String re6="([\"']?([^'\" ]+)[\"']?)";    // Double Quote String 2

    Pattern p3 = Pattern.compile(re4+re5+re6,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
    Matcher m3 = p3.matcher(c1);

    String name = "";
    if(m3.find())
    {
        name = m3.group(3).replaceAll("\"", "");   
    }

    String re8="(VALUE)";       // Word 3
    String re9="(=)";   // Any Single Character 3
    String re10="([\"']?([^'\" ]+)[\"']?)";    // Double Quote String 2

    Pattern p2 = Pattern.compile(re8+re9+re10,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
    Matcher m2 = p2.matcher(c1);

    String value;
    if(m2.find())
    {
        value = m2.group(3).replaceAll("\"", "");
        parametersMap.put(name,value);
        if(name.equals("request_id")) {
            String[] bits = value.split(";");
            parametersMap.put(name,bits[bits.length-1]);    
        }
    }

}

for(String key : parametersMap.keySet())
{
   parameters = parameters + key+"="+parametersMap.get(key)+"&";
}

System.out.println("we are at "+uc.getURL());
result = result + "we are at "+uc.getURL() + "\n";

txt= uc.getURL().toString();

re1="(https)";       // Word 1
re2="(:)";   // Any Single Character 1
re3="(\\/)"; // Any Single Character 2
String re4="(\\/)"; // Any Single Character 3
String re5="((?:[a-z][a-z\\.\\d\\-]+)\\.(?:[a-z][a-z\\-]+))(?![\\w\\.])";   // Fully Qualified Domain Name 1
String re6="(:)";   // Any Single Character 4
String re7="(\\d+)";        // Integer Number 1
String re8="(\\/)"; // Any Single Character 5
String re9=".*?";   // Non-greedy match on filler
String re10="(b)";  // Any Single Character 6

p = Pattern.compile(re1+re2+re3+re4+re5+re6+re7+re8+re9+re10,Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
m = p.matcher(txt);

String authServer = "";

if (m.find())
{
    String word1=m.group(1);
    String c1=m.group(2);
    String c2=m.group(3);
    String c3=m.group(4);
    String fqdn1=m.group(5);
    String c4=m.group(6);
    String int1=m.group(7);
    String c5=m.group(8);
    String c6=m.group(9);
    System.out.print("matched redirect "+word1.toString()+c1.toString()+c2.toString()+c3.toString()+fqdn1.toString()+c4.toString()+int1.toString());
    authServer = word1.toString()+c1.toString()+c2.toString()+c3.toString()+fqdn1.toString();
}


parameters = parameters + "&userid="+username+"&password="+password; 

System.out.println("\n\nSending paramenters:" + parameters+"\n\n");
System.out.println("\nSending to:" + authServer+"/oam/server/auth_cred_submit");


u = new URL(null, authServer+"/oam/server/auth_cred_submit",new sun.net.www.protocol.https.Handler());
uc = u.openConnection();
connection = (HttpsURLConnection)uc;
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setInstanceFollowRedirects(true); 
connection.setRequestProperty("Cookie", HttpCookies.getCookiesString());
connection.setRequestMethod("POST"); 
//connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); 
//connection.setRequestProperty("charset", "utf-8");
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0");
//connection.setRequestProperty("Content-Length", "" + Integer.toString(parameters.getBytes().length));
connection.setUseCaches (false);

DataOutputStream wr = new DataOutputStream(connection.getOutputStream ());
wr.writeBytes(parameters);
wr.flush();
wr.close();
connection.disconnect();

in = new BufferedReader(new InputStreamReader(uc.getInputStream()));


headerName=null;
for (int i=1; (headerName = uc.getHeaderFieldKey(i))!=null; i++) {
        if (headerName.equals("Set-Cookie")) {                  
            HttpCookies.addCookieFromHeader(uc.getHeaderField(i));

    }
}

fetchedContent = "";
while ((inputLine = in.readLine()) != null) {
    fetchedContent = fetchedContent + inputLine;
}

System.out.println(fetchedContent);

in.close();

result = result + fetchedContent + "\n";


System.out.println("------------------------------");


u = new URL(null, "https://" + Settings.getInstance().getCrmHost()+"/analytics/saw.dll?Go&Path=%2Fshared%2FMobilytics%2FOpportunities&format=XML&jsonDataFormat=rowset&ViewName=tableView!1&rowsPerPage=9999999999&SyncOperation=1",new sun.net.www.protocol.https.Handler());
uc = u.openConnection();
connection = (HttpsURLConnection)uc;
connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:20.0) Gecko/20100101 Firefox/20.0");
connection.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
connection.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
connection.setRequestProperty("Accept-Decoding", "gzip, deflate");


in = new BufferedReader(new InputStreamReader(uc.getInputStream()));


headerName=null;
for (int i=1; (headerName = uc.getHeaderFieldKey(i))!=null; i++) {
        if (headerName.equals("Set-Cookie")) {
        HttpCookies.addCookieFromHeader(uc.getHeaderField(i));
    }
    System.out.println(headerName +": "+uc.getHeaderField(i)+"\n");
}

System.out.println("Sending the following cookies: "+HttpCookies.getCookiesString());
result = result + "Sending the following cookies: "+HttpCookies.getCookiesString()+"\n";

fetchedContent = "";
inputLine = "";
while ((inputLine = in.readLine()) != null) {
    fetchedContent = fetchedContent + inputLine;
}

System.out.println(fetchedContent);
result = result + "we downloaded"+ fetchedContent + "\n";
4

1 回答 1

1

我强烈建议不要保存 cookie 并重放请求响应,而是模拟人工登录。我想你知道用户名和密码。您将能够使用 Apache Http 客户端模拟登录。请看下面的例子如何做到这一点: http: //hc.apache.org/httpcomponents-client-ga/examples.html

于 2013-04-04T06:01:25.500 回答