How to write an automatic voter

*********************************************************** ***************************************

* Copyright Notice

* This article is Ocean all, copyright belongs to Ocean, any website

* And media reprint must contain this declaration, otherwise it will be considered as infringement, the author will

* Keep all power. This statement is an indispensable part of this article.

* Author's Name: Ocean

* Author Email:

Ocean@forever.net.cn

* Author website:

http://www.oceanstudio.net

*

http://sps.oceanstudio.net

* Author Blog: Bo Garden,

http://www.cnblogs.com/ocean

* This article Published: February 1, 2005

* This article source:

Http://www.cnblogs.com/ocean/archive/2005/02/01/100445.html

*********************************************************** ****************************************

I often go to the website to catch something, sometimes do something that automatically fills in the form. I have recently taken a voting task, which is to write a program automatically vote, which has also triggered topics how to write automatic voting programs and how to write voters (how to prevent automatic voting programs). It is the so-called road high, and the magic is high. Automatic voting and voting programs themselves are a kind of game state.

How to write a voter, which is roughly divided into such steps:

1: Manually vote, analyze the code of each page that appears in the middle, find out the voting law.

2: Capture the information of the POST when the submission page is submitted.

3: Programming simulation this manual process.

I have an example of this automatic voting process I just wrote. Here I will not give the URL link (confidential), nor does it give real data and screenshots.

First, please vote, it is a multi-selection vote. After clicking the voting button, you will pop up a web page. This page will ask you to confirm or give up, click confirmation, return to the invoice successful tips. When you click on the voting button, it is prompted to vote and cannot be repeated. Close all browser windows, open a new window, vote, can still vote successfully. According to the following behavior, it can be drawn as follows:

1: Votes need to have two and servers interactions, and submit a voting result to the server for the first time. The second interactive is submitted to the server to confirm this result.

2: The session between this two pages is related, that is, the same session cannot vote two tickets. When the browser is turned off, re-opening Liu Lii, because it is equivalent to the new SESSION, it will still vote successfully.

After knowing this, I started to grab the HTTP header information (HEADER information) that interacts two times.

The first interaction information is as follows (click on the voting button):

-------------------------------------------------- ------------------------ ACCEPT: Image / GIF, Image / X-Xbitmap, Image / JPEG, Image / Pjpeg, Application / VND.MS- excel, application / vnd.ms-powerpoint, application / msword, application / x-shockwave-flash, * / * Referer: http: // xxxxx / xxxxxxxxxxxxxxxxxxxxxxxx Accept-Language: zh-cn Content-Type: application / x-www -mm-urlencoded accept-encoding: Gzip, deflate user-agent: mozilla / 4.0 (compatible; msie 6.0; windows NT 5.1; sv1; myie2; .NET CLR 1.1.4322) Host: xxx.xxx.xxx.xxx content- Length: 167 Connection: Keep-Alive Cache-Control: no-cache checkvalue = 32 & bbb =% CD% B6% C6% B1 & ILC = 0 & kkk = 22 ------------------- -------------------------------------------------- ------------ From the web source code, the data is POST, POST data is "checkvalue = 32 & bbbb =% CD% B6% C6% B1 & ILC = 0 & kkk = 22", Where checkvalue = 32 is the value of the check box selected, BBB is the name of the voting button, "% CD% B6% C6% B1" is the transcoding of "voting". ILC = 0 and KKK = 22 are information in two hidden domains, and the role is not clear. From the web source code, the data is POST, the POST data is "checkvalue = 32 & bbb =% CD% B6% C6% B1 & ILC = 0 & kkk = 22", where checkvalue = 32 is a check box selected for voting The value, the name of BBB is the name of the voting button, "% CD% B6% C6% B1" is the transcodation of "voting" two Chinese characters. ILC = 0 and KKK = 22 are information in two hidden domains, and the role is not clear. The received header is then received as follows:

-------------------------------------------------- ----------- Date: WED, 05 Jan 2005 12:45:10 GMT Server: Apache / 1.3.27 (WIN32) X-POWERED-by: PHP / 4.1.2 SET-COOKIE: ILC = 22 Keep-Alive: Timeout = 15, Max = 100 Connection: Keep-alive Transfer-encoding: Chunked Content-Type: Text / HTML -------------------------------------------------------------------------------- ------------------------------------------------ can watch There is a key place to set-cookie: ILC = 22, which is also set, which is a cookie, which is 22, which is the value of the KKK on POS, guess this voting code. It can be seen that there is a key place to set-cookie: ILC = 22, which is set to set a cookie. This cookie value is 22, that is, the value of KKK on POS, guess this is the coding of this vote. From the source code returned, checkvalue = 32 This value is not written in the hidden domain of the second page, then it can only be recorded in the session. From the information of the second interaction, it can also be proven.

Information about the second interaction:

send:

-------------------------------------------------- ---------- Accept: image / gif, image / x-xbitmap, image / jpeg, image / pjpeg, application / vnd.ms-excel, application / vnd.ms-powerpoint, application / msword, SMED, APPLICATION / MSWORD, application / x-shockwave-flash, * / * Referer: http: // xxxxx / xxxxxxxxxxxxxxxxxxxxxxxx Accept-Language: zh-cn Content-Type: application / x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent : Mozilla / 4.0 (Compatible; Msie 6.0; Windows NT 5.1; SV1; Myie2; .NET CLR 1.1.4322) Host: XXX.XXX.XXX.XXX Content-Length: 22 Connection: Keep-Alive Cache-Control: No- Cache cookie: ILC = 22 INBTN =% C8% B7% C8% CF ---------------------------------- ------------------------------ You can see the information on the second POST is just a button information. INBTN is the name of the "confirm" button. "% C8% B7% C8% CF" is "confirming" the transcoding of the two words. CheckValue = 32 This voting information is not included in the second interaction, which can only describe this information into the session in the first interaction. It can be seen that the information on the second POST is just a button information. INBTN is the name of the "confirm" button. "% C8% B7% C8% CF" is "confirming" the transcoding of the two words. CheckValue = 32 This voting information is not included in the second interaction, which can only describe this information into the session in the first interaction.

You can't repeated voting may be recorded in the session, or there may be records in cookies. The possibility of cookie is large. So how to simulate this process, I used the WebClient class, this class is very good. The headers attribute can set the header information. The UPLOADATA function can go POST data. And the two connections to the same WebClient are in the same session. This way, completing two interactions is once, you can re-NEW a WebClient, which is equivalent to reopening a session. code show as below:

Static

Void

POST ()

{String uriString = "http: // xxxxx / xxxxxxxxxxxxxxxxxxxxxxxx"; WebClient myWebClient = new WebClient (); string postData = null; byte [] byteArray; byte [] responseArray; WebHeaderCollection myWebHeaderCollection; postData = "checkvalue = 32 & bbb =% CD% B6% C6% B1 & ILC = 0 & KKK = 22 "; MyWebClient.Headers.Add (" Content-Type "," Application / X-WWW-FORM-URLENCODED "); MyWebClient.Headers.Add (" Referer "," http: / / xxxxx / xxxxxxxxxxxxxxxxxxxxxxxx "); myWebClient.Headers.Add (" Accept-Language "," zh-cn "); myWebHeaderCollection = myWebClient.Headers; // first interaction Console.WriteLine (" HTTP header "sent) ; for (int i = 0; i

Accept-language, "zh-cn"); MyWebClient.Headers.Add ("cookie", "ILC = 126"); MyWebHeaderCollection = mywebclient.headers; console.writeline ("Send HTTP header information"); for int i = 0; i

Then you can run an infinite loop

int

i

=

0

;

While

(

True

)

{Try {POST (); i ; console.writeline ("This is your" No. I "Ticket");} Catch (Exception E) {Console.WriteLine ("There is an error occurred:" E.Message);} console.writeline ("---------------------------");

I do the command line program to capture the error to avoid the program. When the program is stopped, I will drop the window directly. Another benefit of using the command line is not a multi-thread, and the instance of running a few EXEs directly can reach the purpose of multi-threading (actually multi-process).

Then we are doing voting (including other forms) how to prevent others automatically vote or automatically fill in the table? The method of session restriction is obviously not an effective way. The IP limit is not practical, because many users do not have IP addresses, are NAT mappings made from network operators, and an IP address is equivalent to sealing a batch of machines. So it is generally not used. So how do you most effective? Two methods can be used:

1: Verification code, the verification code directly leads to unable to fill in the form, because the verification code is a picture, the verification code of the text is not meaningful. The image verification code is determined. If you want to automatically, you must identify the numbers and letters of the verification code. At least ordinary people can't do it, this is the problem of pattern identification. Of course, I also have friends to do model identification, you can identify the scribbled handwriting slip from the complex background, and there is no way to meet such people. But pictures of the verification code of some forms of Microsoft have been very complicated. In addition to the background, there are many shaded patterns, numbers and pictures are also sputum, and the angle is different, there is vertical, oblique, so it is difficult to identify. The verification code is basically guaranteed to be automatically voted. 2: IP limited time or number of votes: limit IP's number of votes in a period of time or interval between two votes. For example, the same IP address will not exceed 100 votes. Or two voting intervals for at least 5 minutes. This makes it greatly reduced even if there is an automatic voting program. Can't get a quick vote.

If you combine these two methods at the same time, it is basically difficult to do automatic voting.

In addition, how is the header information I have provided above, this is a plug in IE IE, you can see from this http://www.oceanstudio.net/oceanstudy/download/iehttpheaderssetup.rar can be convenient To submit the header information and post data submitted when the web page is submitted.

Hei, I just did one for two days, and I used to vote for ZOL's smartphone. . . .

However, I use the timer plus the asynchronous request method of httpRequest, so efficiency is slightly better ~~~

With httprequest, I don't have to be asynchronously mainly because I am console program, and you can reach multi-threaded effects at the same time.