思路的实现:

首先 FeiYoung客户端会对账号和密码进行加密。

但是FeiYoung客户端使用的是PPPOE拨号,由于PPPOE是明文密码,这就有迹可循。

1.对数据链路层的数据包进行分析,截取明文账号和密码。

Python里面使用scapy模块进行实现。

代码实现:

def feiyoung_user_pass(self, WLAN):
    # 监听网卡读取数据包
    listen_WLAN = sniff(filter='pppoes', count=12, iface=WLAN)
    # 字符串转化
    list_2 = [str(i) for i in listen_WLAN]
    list_3 = "\n".join(list_2)
    # 正则表达式匹配用户名密码
    feiyoung_user_pass_re = re.findall(r"\\x17(.*?)\\x10(.*?)\'", list_3)
    feiyoung_user = feiyoung_user_pass_re[0][0]
    feiyoung_pass = feiyoung_user_pass_re[0][1]
    # 输出拦截的用户名密码
    # print("用户名:%s 密码:%s"%(feiyoung_user, feiyoung_pass))
    feiyoung_user_pass = [feiyoung_user, feiyoung_pass]
    return feiyoung_user_pass

说明:

count拦截数据包的数量,FeiYoung使用PPPOE拨号会用发送12个数据包。

2.利用路由器PPPOE拨号(爬虫相关实现)

代码如下:

class LoginTpLink(object):
     def init(self, password=None, login_url=None):
         self.password = password
         self.login_url = login_url

# 加密密码的方法
def encrypt_pwd(self, password):
    input1 = "RDpbLfCPsJZ7fiv"
    input3 = "yLwVl0zKqws7LgKPRQ84Mdt708T1qQ3Ha7xv3H7NyU84p21BriUWBU43odz3iP4rBL3cD02KZciXTysVXiV8ngg6vL48rPJyAUw0HurW20xqxv9aYb4M9wK1Ae0wlro510qXeU07kV57fQMc8L6aLgMLwygtc0F10a0Dg70TOoouyFhdysuRMO51yY5ZlOZZLEal1h0t9YQW0Ko7oBwmCAHoic4HYbUyVeU3sfQ1xtXcPcf1aT303wAQhv66qzW"
    len1 = len(input1)
    len2 = len(password)
    dictionary = input3
    lenDict = len(dictionary)
    output = ''
    if len1 > len2:
        length = len1
    else:
        length = len2
    index = 0
    while index < length:
        # 十六进制数 0xBB 的十进制为 187
        cl = 187
        cr = 187
        if index >= len1:
            # ord() 函数返回字符的整数表示
            cr = ord(password[index])
        elif index >= len2:
            cl = ord(input1[index])
        else:
            cl = ord(input1[index])
            cr = ord(password[index])
        index += 1
        # chr() 函数返回整数对应的字符
        output = output + chr(ord(dictionary[cl ^ cr]) % lenDict)
    return output

# 登录方法
def login(self, password=None, login_url=None):
    encryptPwd = self.encrypt_pwd(password)
    headers = {'Content-Type': 'application/json; charset=UTF-8'}
    payload = '{"method":"do","login":{"password":"%s"}}' % encryptPwd
    response = requests.post(login_url, data=payload, headers=headers)
    stok = json.loads(response.text)['stok']
    return stok

# 为了通用,封装的post方法
def post_tp_link(self, payload):
    stok = self.login(self.password, self.login_url)  # 获取到stok(动态key),每次调用获取新的
    headers = {'Content-Type': 'application/json; charset=UTF-8'}
    url = '%sstok=%s/ds' % (self.login_url, stok)
    response = requests.post(url, data=json.dumps(payload), headers=headers)
    return response

# 设置DHCP
def set_dhcp(self):
    payload = {"protocol": {"wan": {"wan_type": "dhcp"}}, "method": "set"}
    response = self.post_tp_link(payload)
    return response.text

# 重启路由器的方法
def reboot(self):
    payload = {"system": {"reboot": 'null'}, "method": "do"}
    response = self.post_tp_link(payload)
    return response.text

# DHCP更新
def dhcp_renew(self):
    payload = {"network": {"change_wan_status": {"proto": "dhcp", "operate": "renew"}}, "method": "do"}
    response = self.post_tp_link(payload)
    return response.text

# 获取WAN口状态
def wan_status(self):
    payload = {"network": {"name": ["wan_status"]}, "method": "get"}
    response = self.post_tp_link(payload)
    return response.text

# 设置pppoes用户名密码
def set_pppoes(self, user, password):
    payload = {"protocol": {"wan": {"wan_type": "pppoe"}, "pppoe": {"username": user, "password": password}}, "method": "set"}
    response = self.post_tp_link(payload)
    return response.text

# 启动pppoes连接
def start_pppoes(self):
    payload = {"network": {"change_wan_status": {"proto": "pppoe", "operate": "connect"}}, "method": "do"}
    response = self.post_tp_link(payload)
    return response.text
分类: Main

0 条评论

发表评论

电子邮件地址不会被公开。 必填项已用*标注