用Ajax抓取QQ相册的相片,突破防盗链,远程导入。
时间:2008-02-03
来源:互联网
看到56.com站上有导入qq相册以及163相册照片功能,速度很快,输入qq号,立即显示相册照片,点击即可上传。这个功能不仅具有创意而且很好很强大。于是firebug分析,报错无法继续,兼容性极差。抓包分析了一下,有点眉目,可是56的php程序怎么写的不清楚。于是分析腾讯,腾讯的源代码用了模板,url都高度隐藏,代码看起来简直头昏眼花的,同样无法调试ajax,兼容性差,ff下空白。于是抓包,得到xml地址。ajax不能跨域,当然得php处理。于是写程序,得到相册,这一步我轻松实现了。突破防盗链呢,要么用php的sock改refer,要么干脆:
[ 本帖最后由 kaixin99 于 2008-2-2 22:12 编辑 ]
复制PHP内容到剪贴板
header('Expires: '.gmdate('D, d M Y H:i:s', time() + 31536000).' GMT');
header('Content-Disposition: inline; filename=avatar.gif');
die(file_get_contents($img));
第二步点击相册显示相片的时候比较郁闷,那个xml用客户端js读或者php段的simplexml_load_file都有问题,貌似里面有特殊字符。用php的DOM读远程居然什么也没有,最后只好只好正则匹配。由于本地速度也慢,测试起来也慢,file_get_contents急死人。同时测试56,发现也慢,要么是网络原因,要么是腾讯原因,cao!程序分qq.html,qq.php,有空再继续测试下,现在网络不好,郁闷!
PHP代码:
header('Cache-control: max-age=31536000');header('Expires: '.gmdate('D, d M Y H:i:s', time() + 31536000).' GMT');
header('Content-Disposition: inline; filename=avatar.gif');
die(file_get_contents($img));
复制PHP内容到剪贴板
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" c />
<title>test</title>
<script language="JavaScript" type="text/javascript">
/**
* get pictures from qq.com
* only a test!
* @author Yxw Q:156544632
*/
var $=function(id){return document.getElementById(id)};
var B={
trim:function(str){return str.replace(/^s+|s+$/g,"")},
exec:function(obj,handle){
if(window.attachEvent){
obj.attachEvent("onclick", handle);
}else{
obj.addEventListener("click", handle, false);
}
}
};
var A={
createXMLHttpRequest:function(){
var requestobj = false;
if(window.XMLHttpRequest) {
return new XMLHttpRequest();
}else if(window.ActiveXObject) {
var versions = ['Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP'];
for(var i=0; i<versions.length; i++) {
try {
requestobj = new ActiveXObject(versions);
if(requestobj) {
return requestobj;
}
} catch(e) {}
}
}
return requestobj;
},
get:function(type) {
var request=A.createXMLHttpRequest();
var num=$('qq').value;
var targetUrl='qq.php?id='+num;
if(type=='xml')targetUrl='qq.php?togo=1&go=http://sz.photo.store.qq.com/http_staload.cgi?156544632/62837042';
//alert(typeof request);
request.onreadystatechange =function(){
if(request.readyState == 4) {
if(request.status == 200) {
if(type=='xml'){
$('pic').innerHTML=request.responseXML;
return request.responseXML;
}else{
A.callback(request.responseText);
}
}
}
};
targetUrl+=(targetUrl.indexOf("?")>-1?"&":"?");
targetUrl=targetUrl+"temp="+Math.random();
request.open("GET", targetUrl, true);
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
request.send();
},
callback:function(str){
$('pic').innerHTML='';
var arr=eval(str);
for(var i=0;i <arr.length;i++) {
$('pic').innerHTML+='<li><a href="'+arr.id+'" >'+arr.name+'('+arr.desc+')</a>相片数量:'+arr.total+'<br/><img src="[url=http://127.0.0.1/qq.php?pic= +arr.pre+]http://127.0.0.1/qq.php?pic='+arr.pre+'[/url]" style="" />';
}
}
};
var G=function(){
if (window.ActiveXObject){
var cdsales = new ActiveXObject("Microsoft.XMLDOM");
}else{
if (document.implementation && document.implementation.createDocument){
var cdsales = document.implementation.createDocument("","",null);
}
}
cdsales.async=true;
cdsales.load(A.get('xml'));
//document.write(A.get('xml'));
cdsales.onreadystatechange= new function LoadedSales(){
var txt="";
if(cdsales.readyState==4){
if(cdsales.parseError.errorCode != 0){
txt="err";
}else{
var bi=cdsales.documentElement.selectNodes("pic");
if(bi!=null&&bi.length>0){
for(var i=0;i<bi.length;i++){
txt+="<li><a href="+bi.childNodes[1].text+" style=color:"+bi.childNodes[2].text+">"+bi.childNodes[0].text+"</a></li>";
}
}else{
txt="LoadingErr...";
}
}
}else{
txt="Loading....";
}
$('pic').innerHTML='';
$('pic').innerHTML=txt;
}
};
var init={
init_main:function(){
var div=document.createElement("div");
div.setAttribute('id','main');
div.style.margin="100px auto";
div.style.marginBottom="10px";
div.style.width="300px";
document.body.appendChild(div);
var qq=document.createElement("input");
qq.setAttribute('name',"qq");
qq.setAttribute('type','text');
qq.setAttribute('id','qq');
qq.setAttribute('value','156544632');
qq.style.marginBottom="20px";
div.appendChild(qq);
var bottom=document.createElement("input");
bottom.setAttribute('type','button');
bottom.setAttribute('id','submit');
bottom.setAttribute('value','开始行动');
bottom.style.margin="0 0 20px 20px";
div.appendChild(bottom);
var span=document.createElement("span");
div.appendChild(span);
span.innerHTML="<br />输入任意一个qq号码,本程序能抓取其qq相册内所有未加密图片,并保存到本地硬盘!"
span.style.f;
span.style.color="#333333";
B.exec(bottom,A.get);
var showPic=document.createElement("div");
showPic.setAttribute('id','pic');
showPic.style.margin="10px auto";
document.body.appendChild(showPic);
}
};
</script>
</head>
<body >
</body>
</html>
---------------------------
PHP代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" c />
<title>test</title>
<script language="JavaScript" type="text/javascript">
/**
* get pictures from qq.com
* only a test!
* @author Yxw Q:156544632
*/
var $=function(id){return document.getElementById(id)};
var B={
trim:function(str){return str.replace(/^s+|s+$/g,"")},
exec:function(obj,handle){
if(window.attachEvent){
obj.attachEvent("onclick", handle);
}else{
obj.addEventListener("click", handle, false);
}
}
};
var A={
createXMLHttpRequest:function(){
var requestobj = false;
if(window.XMLHttpRequest) {
return new XMLHttpRequest();
}else if(window.ActiveXObject) {
var versions = ['Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP'];
for(var i=0; i<versions.length; i++) {
try {
requestobj = new ActiveXObject(versions);
if(requestobj) {
return requestobj;
}
} catch(e) {}
}
}
return requestobj;
},
get:function(type) {
var request=A.createXMLHttpRequest();
var num=$('qq').value;
var targetUrl='qq.php?id='+num;
if(type=='xml')targetUrl='qq.php?togo=1&go=http://sz.photo.store.qq.com/http_staload.cgi?156544632/62837042';
//alert(typeof request);
request.onreadystatechange =function(){
if(request.readyState == 4) {
if(request.status == 200) {
if(type=='xml'){
$('pic').innerHTML=request.responseXML;
return request.responseXML;
}else{
A.callback(request.responseText);
}
}
}
};
targetUrl+=(targetUrl.indexOf("?")>-1?"&":"?");
targetUrl=targetUrl+"temp="+Math.random();
request.open("GET", targetUrl, true);
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
request.send();
},
callback:function(str){
$('pic').innerHTML='';
var arr=eval(str);
for(var i=0;i <arr.length;i++) {
$('pic').innerHTML+='<li><a href="'+arr.id+'" >'+arr.name+'('+arr.desc+')</a>相片数量:'+arr.total+'<br/><img src="[url=http://127.0.0.1/qq.php?pic= +arr.pre+]http://127.0.0.1/qq.php?pic='+arr.pre+'[/url]" style="" />';
}
}
};
var G=function(){
if (window.ActiveXObject){
var cdsales = new ActiveXObject("Microsoft.XMLDOM");
}else{
if (document.implementation && document.implementation.createDocument){
var cdsales = document.implementation.createDocument("","",null);
}
}
cdsales.async=true;
cdsales.load(A.get('xml'));
//document.write(A.get('xml'));
cdsales.onreadystatechange= new function LoadedSales(){
var txt="";
if(cdsales.readyState==4){
if(cdsales.parseError.errorCode != 0){
txt="err";
}else{
var bi=cdsales.documentElement.selectNodes("pic");
if(bi!=null&&bi.length>0){
for(var i=0;i<bi.length;i++){
txt+="<li><a href="+bi.childNodes[1].text+" style=color:"+bi.childNodes[2].text+">"+bi.childNodes[0].text+"</a></li>";
}
}else{
txt="LoadingErr...";
}
}
}else{
txt="Loading....";
}
$('pic').innerHTML='';
$('pic').innerHTML=txt;
}
};
var init={
init_main:function(){
var div=document.createElement("div");
div.setAttribute('id','main');
div.style.margin="100px auto";
div.style.marginBottom="10px";
div.style.width="300px";
document.body.appendChild(div);
var qq=document.createElement("input");
qq.setAttribute('name',"qq");
qq.setAttribute('type','text');
qq.setAttribute('id','qq');
qq.setAttribute('value','156544632');
qq.style.marginBottom="20px";
div.appendChild(qq);
var bottom=document.createElement("input");
bottom.setAttribute('type','button');
bottom.setAttribute('id','submit');
bottom.setAttribute('value','开始行动');
bottom.style.margin="0 0 20px 20px";
div.appendChild(bottom);
var span=document.createElement("span");
div.appendChild(span);
span.innerHTML="<br />输入任意一个qq号码,本程序能抓取其qq相册内所有未加密图片,并保存到本地硬盘!"
span.style.f;
span.style.color="#333333";
B.exec(bottom,A.get);
var showPic=document.createElement("div");
showPic.setAttribute('id','pic');
showPic.style.margin="10px auto";
document.body.appendChild(showPic);
}
};
</script>
</head>
<body >
</body>
</html>
复制PHP内容到剪贴板
<?php
set_time_limit(0);
ini_set("memory_limit","200M");
if($_GET['togo']==1)die(iconv("gb2312", "UTF-8", file_get_contents($_GET['go'])));
if($_GET['pic']){
$img=$_GET['pic'];
header('Cache-control: max-age=31536000');
header('Expires: '.gmdate('D, d M Y H:i:s', time() + 31536000).' GMT');
header('Content-Disposition: inline; filename=avatar.gif');
die(file_get_contents($img));
}
header('Content-Type:text/html;charset=utf-8');
if($_GET['list']==1){
$u="http://sz.photo.store.qq.com/http_staload.cgi?".$_GET['id']."/".$_GET['aid'];
$str=iconv("gb2312", "UTF-8", file_get_contents($u));
$data=array();
if(preg_match_all("/<pic>(.+?)<\/pic>/sim",$str,$r)){
foreach($r[0] as $key=>$reply){
preg_match("/<name>(.+?)<\/name>/id",$reply,$name);
preg_match("/<desc>(.+?)<\/desc>/id",$reply,$desc);
preg_match("/\<\!\[CDATA \[(.*)\]\]\>/U", $$name[1], $na);
preg_match("/\<\!\[CDATA \[(.*)\]\]\>/U", $dsec[1], $de);
preg_match("/<id>(.+?)<\/pic>/id",$reply,$id);
preg_match("/<pre>(.+?)<\/pre>/id",$reply,$pre);
preg_match("/<url>(.+?)<\/pic>/id",$reply,$url);
preg_match("/<uploadtime>(.+?)<\/uploadtime>/id",$reply,$time);
$data[]=array($na[1],$de[1],$id[1],$pre[1],$url[1],$time[1]);
}
}
die(json_encode($data));
}
$url="http://p11.photo.qq.com/".$_GET['id']."/16";
$xml = simplexml_load_file($url);
$qq = $xml->album;
$data=$temp=array();
foreach ($qq as $content ){
$temp['priv']=(string)$content->priv;
$temp['pre']=(string)$content->pre;
$temp['total']=(string)$content->total;
$temp['name']=(string)$content->name;
$temp['id']=(string)$content->id;
$temp['desc']=(string)$content->desc;
$data[]=$temp;
}
die(json_encode($data));
function pr($array,$str=0){
if($str){
$do=$_GET['die'];
if($do==$str){
echo "<pre>";print_r($array);echo "</pre>";die();
}
}else{
echo "<pre>";print_r($array);echo "</pre>";die();
}
}
?>
抓取的效果如图所示(截图不完整),程序为全部完成^_^PHP代码:
<?php
set_time_limit(0);
ini_set("memory_limit","200M");
if($_GET['togo']==1)die(iconv("gb2312", "UTF-8", file_get_contents($_GET['go'])));
if($_GET['pic']){
$img=$_GET['pic'];
header('Cache-control: max-age=31536000');
header('Expires: '.gmdate('D, d M Y H:i:s', time() + 31536000).' GMT');
header('Content-Disposition: inline; filename=avatar.gif');
die(file_get_contents($img));
}
header('Content-Type:text/html;charset=utf-8');
if($_GET['list']==1){
$u="http://sz.photo.store.qq.com/http_staload.cgi?".$_GET['id']."/".$_GET['aid'];
$str=iconv("gb2312", "UTF-8", file_get_contents($u));
$data=array();
if(preg_match_all("/<pic>(.+?)<\/pic>/sim",$str,$r)){
foreach($r[0] as $key=>$reply){
preg_match("/<name>(.+?)<\/name>/id",$reply,$name);
preg_match("/<desc>(.+?)<\/desc>/id",$reply,$desc);
preg_match("/\<\!\[CDATA \[(.*)\]\]\>/U", $$name[1], $na);
preg_match("/\<\!\[CDATA \[(.*)\]\]\>/U", $dsec[1], $de);
preg_match("/<id>(.+?)<\/pic>/id",$reply,$id);
preg_match("/<pre>(.+?)<\/pre>/id",$reply,$pre);
preg_match("/<url>(.+?)<\/pic>/id",$reply,$url);
preg_match("/<uploadtime>(.+?)<\/uploadtime>/id",$reply,$time);
$data[]=array($na[1],$de[1],$id[1],$pre[1],$url[1],$time[1]);
}
}
die(json_encode($data));
}
$url="http://p11.photo.qq.com/".$_GET['id']."/16";
$xml = simplexml_load_file($url);
$qq = $xml->album;
$data=$temp=array();
foreach ($qq as $content ){
$temp['priv']=(string)$content->priv;
$temp['pre']=(string)$content->pre;
$temp['total']=(string)$content->total;
$temp['name']=(string)$content->name;
$temp['id']=(string)$content->id;
$temp['desc']=(string)$content->desc;
$data[]=$temp;
}
die(json_encode($data));
function pr($array,$str=0){
if($str){
$do=$_GET['die'];
if($do==$str){
echo "<pre>";print_r($array);echo "</pre>";die();
}
}else{
echo "<pre>";print_r($array);echo "</pre>";die();
}
}
?>
46ea7d2db22b503b349bf7a0.jpg (17.15 KB)[ 本帖最后由 kaixin99 于 2008-2-2 22:12 编辑 ]
作者: kaixin99 发布时间: 2008-02-02
强人,有空测试下,我坐沙发了,嘿嘿
作者: wangbaoming 发布时间: 2008-02-03
作者: kaixin99 发布时间: 2008-02-03
I 服了 you
作者: entermaster 发布时间: 2008-02-03
yun
作者: kaixin99 发布时间: 2008-02-03
终于认识了,以后多了交流的朋友
作者: omcmc 发布时间: 2008-02-03
支持楼主 真厉害
作者: php? 发布时间: 2008-02-04
作者: kaixin99 发布时间: 2008-02-13
测试了,qq.html 打开一片空白。
document.createElement
创建DIV不管用,增加一句:
div.style.background="blue";
或者是追加不管用
$('global').appendChild(div);
改成这句,并在BODY下增加 <div id="global"></div>
也不行,搞不懂是什么原因了。
[ 本帖最后由 smallwl 于 2008-2-13 22:35 编辑 ]
document.createElement
创建DIV不管用,增加一句:
div.style.background="blue";
或者是追加不管用
$('global').appendChild(div);
改成这句,并在BODY下增加 <div id="global"></div>
也不行,搞不懂是什么原因了。
[ 本帖最后由 smallwl 于 2008-2-13 22:35 编辑 ]
作者: smallwl 发布时间: 2008-02-13
但IE和FIREFOX 的DEBUG模式下没有JS报错。
作者: smallwl 发布时间: 2008-02-13
好东西 先收藏!
作者: kth007 发布时间: 2008-03-12
LZ的头像比文章更强大。 哈哈!
作者: ct_174880859 发布时间: 2008-03-12
mark
作者: Loster 发布时间: 2008-03-13
作者: diego 发布时间: 2008-04-02
完全看不明白在说啥! 作者: thaiki 发布时间: 2008-04-03
为什么不打包呢?
作者: lxydyx 发布时间: 2008-05-14
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
