1. 概述
通过opencv和训练完成旋转验证码的图片识别,逆向验证码接口的加密解密算法,通过纯http请求的方式完成验证码过检测,只需要一个cookie,识别成功率95%,协议成功率100%(因为识别失败再循环调用直到成功就完事了)
2.演示
2.1 运行
传参cookie直接运行,cookie不需要这么多参数,最重要的几个参数生成正确就行
2.2 查看日志,校验成功
如图可见,发送了两个请求
2.3 日志解析
- 获取验证码
复制代码 隐藏代码
2024-12-04 11:42:58.517 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Request URL = [POST] /api/redcaptcha/v2/captcha/register?null
2024-12-04 11:42:58.517 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Request Body = {"biz":"sns_web","captchaVersion":"1.3.0","secretId":"000","sourceSite":"https://www.xiaohongshu.com/explore/6723abae000000001b010864?xsec_token=AB7hDVsc1NzO_BUDZvLMwC4xgHr31y6Km3N9lpT-LfYhI=&xsec_source=pc_search&source=web_search_result_notes","verifyBiz":"461","verifyType":"102","verifyUuid":"75872c0a-168a-46c5-8053-f043f56534a8"}
2024-12-04 11:42:58.604 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Response : 200 OK OK
2024-12-04 11:42:58.604 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Response Body: {"code":0,"success":true,"msg":"成功","data":{"rid":"bc1e7efee196497f9c557e95b3219250","captchaInfo":"n44i7BEo28u0rn2O3JqlAImvGIqJb/iKSwGM/o1GVXaqxUlM441t088d3OQugfqJbiPttTYS4SPk0jFM8FjbYwDsk28qO2QTNpnO4BxptMC4liCcyCG+h4mvGIqJb/iKSwGM/o1GVXaqxUlM441t088d3OQugfqJbiPttTYS4SM+xToqvifskc6NTodSBg1H9FLfg0Ruv8zSeZGeKytssQ=="}}
返回captchaInfo是加密的(解密算法下面有讲解),解密后得到两张图片
- 通过opencv图片识别算出鼠标轨迹和距离(图片识别大概逻辑下面有讲)
复制代码 隐藏代码
2024-12-04 11:43:00.179 INFO 17052 --- [ main] c.x.i.s.impl.XHSCaptchaServiceImpl : 距离 mouseEnd = 249
2024-12-04 11:43:00.179 INFO 17052 --- [ main] c.x.i.s.impl.XHSCaptchaServiceImpl : 时间 time = 3884
2024-12-04 11:43:00.179 INFO 17052 --- [ main] c.x.i.s.impl.XHSCaptchaServiceImpl : 鼠标轨迹 track = [[0,0,0],[5,1,99],[10,1,112],[15,1,124],[21,1,135],[29,2,152],[36,2,171],[43,2,190],[51,2,210],[57,2,223],[65,3,242],[72,3,261],[78,3,281],[83,4,292],[89,4,304],[95,4,323],[103,4,340],[108,4,358],[116,4,378],[121,4,392],[129,4,403],[136,4,421],[144,4,435],[150,4,455],[158,4,473],[164,4,493],[169,4,511],[177,4,530],[183,4,550],[189,4,565],[197,4,583],[203,4,595],[209,4,609],[217,4,628],[223,4,645],[228,4,659],[235,4,670],[243,4,686],[250,4,704],[255,4,717],[262,4,736],[268,4,752],[286,4,770],[284,4,1671],[280,3,1789],[276,3,1904],[273,3,2023],[269,4,2150],[266,4,2266],[262,4,2384],[259,3,2501],[255,3,2621],[251,3,2753],[249,2,2772]]
2024-12-04 11:43:00.179 INFO 17052 --- [ main] c.x.i.s.impl.XHSCaptchaServiceImpl : 高度 width = 286
- 请求校验接口
复制代码 隐藏代码
2024-12-04 11:43:01.789 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Request URL = [POST] /api/redcaptcha/v2/captcha/check?null
2024-12-04 11:43:01.789 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Request Body = {"rid":"bc1e7efee196497f9c557e95b3219250","verifyType":"102","verifyBiz":"461","verifyUuid":"75872c0a-168a-46c5-8053-f043f56534a8","biz":"sns_web","sourceSite":"https://www.xiaohongshu.com/explore/6723abae000000001b010864?xsec_token=AB7hDVsc1NzO_BUDZvLMwC4xgHr31y6Km3N9lpT-LfYhI=&xsec_source=pc_search&source=web_search_result_notes","captchaVersion":"1.3.0","checkCount":1,"captchaInfo":"{\"mouseEnd\":\"zDNgUTR7s6Y=\",\"time\":\"RaPM3iB5s0M=\",\"track\":\"JS68ffFcGna7DbviNHxP/7Iv0l9MVJ8++JGYgWk1qt7PSkvU3r30Lw3wRD4BCBtcXAY5moRdQCh/G7B0AI+wbHP77y2YxuqHm3qAGv8HczaL815DsnUXMPRIvcMYZlhHVgGAucW4HBUGqj093K9QidjG4CGN6rXy/+S+S03hdiN5Y1SM7DSLNMXtIJvNp0oG6vbCTRafM8QNEEj9rNqwXOtxn4WaTT7RNwj4quK7t5pWFk4+nSVKxx/1jCtGvBWlIbnFQx93ugXBn2x+o5qONbOxR8btKp8DhKVU28s7Da5VBwau/DRavyp/UcZD/awVWPhLfgJysFX5nhNFJv3+0AniBh+h+Fre0dBZJOehkV3f0nAI/S1OutWHBLbZYQ1Qek0N3siHCSPoMZgJW7lLnsNP0QkuIgzosPEVU2O8+F5g+yaGtmMuRinrOCVv94qFybEWsuoK1rNPVROmtpy+FGlPN5EYrxpefQ/9DWkQy+BR66ikFMv6YxMpdh+qeAVV1qtduESlGw0qfnSXeGUllQxHWFJLaom9Ow/KwRluCsDpawhU5Oe3yEKhovKe09d0PzWsBuOyIryMMEmzLpJjXBYoW/eGE1E4hq5xlPEJ12lNq/Slae/eH0reAofAYr6tBD4x2Nlx/09LQgcxVyvAvW0MEcwxQnxurBLqh3/ruDh+AjTvHObkohGno5myngLnB7Gm8TeRoCmdi2zh/SKmehzAhc9Bh7uqf55z+Tzpz8v0MBg8lRevO0HcARBZVZRGoly5/rbruOloi0PWxJVjIpcgipPBRzYGRbyxiPP4l3ndiCqqBSNaBbi24US1gucyi8AWEOvg0PEUuzOV4sa1Sg==\",\"width\":\"Yv/ZbBx9c9k=\"}"}
2024-12-04 11:43:01.898 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Response : 200 OK OK
2024-12-04 11:43:01.898 INFO 17052 --- [ main] c.x.i.config.RestTemplateConfigurator : Response Body: {"code":0,"success":true,"msg":"成功","data":{"result":{"success":true}}}
{"result":{"success":true}}
入参主要是captchaInfo中的mouseEnd、time、track和width,算出来后需要加密(加密算法下面有讲),然后校验成功,验证码就校验通过了。
3.大概流程
需要的东西
- 抓包到获取验证码接口
- 抓包到校验验证码接口
- 逆向出加密和解密算法
- opencv和训练旋转验证码的图片识别
3.1 获取验证码接口
- F12 刷新发现有个register接口,这个就是获取图片的其他参数的。
- 入参比较简单没啥好说的,直接看反参,captchaInfo参数被加密的,其实就是后面请求的验证码图片
复制代码 隐藏代码
n44i7BEo28u0rn2O3JqlAImvGIqJb/iKSwGM/o1GVXaqxUlM441t088d3OQugfqJbiPttTYS4SNDCtFm1zw3Edahne+Ulr4iNpnO4BxptMC4liCcyCG+h4mvGIqJb/iKSwGM/o1GVXaqxUlM441t088d3OQugfqJbiPttTYS4SM+xToqvifskQ+J39UQKEQRpCkmeqSTL3fSeZGeKytssQ==
captchaInfo的值,下面逆向出解密算法解出图片。
3.2 解密算法
- 定位到算法的位置,这行代码返回的u就是解密的数据,那么我们就进去找
- ok这个就是解密的方法,拿到本地运行
- 好的解密成功
3.3 过图片识别
- 把两张图片合再一起,小图旋转360°,360张图片
- 人工找到正确的度数,然后校验的时候通过opencv对比,算出正确的距离、鼠标轨迹等
3.4 校验验证码
抓到校验验证码接口,主要的是captchaInfo参数,里面的鼠标轨迹和距离我们已经算出来了加密一下就行,rid就是获取验证码哪个接口返回的
3.5 加密算法
跟解密是一样的,在同一个地方,我们直接运行
nn
111