在微软的Ajax假__EVENTVALIDATION [英] Fake __EVENTVALIDATION in Microsoft Ajax
问题描述
我在做一个移动应用程序的网站上查看您的日程安排的进度。它们不提供任何API和无意使一个
该网站只能与阿贾克斯的功能,然而,这些假冒的请求,并刮去网站,我需要假冒 __ EVENTVALIDATION 后场。
我在网站上没有任何控制,我从来没有建成使用ASP.NET或Microsoft Ajax的东西。
有没有人这样做呢?
我发现, __ EVENTVALIDATION 字段有这种模式( ... 字节更改根据请求象征,的BASE64德$ C $光盘版hexdump都可以):
D8 01 16 13 02 4F 0A
...
F6 E0 84 05 D4 02 A0 3F
E2 3F 03 02 3F D8 D1 D5 0℃02 BB 82 CF EC 08 02
B4 B5 99 F8 0B 02 3F 89 3F EB 04 02 83 D5 90 88
0A 02分贝8A 94 90 03 02 8B CF 3F 85 08 02 93 3F
B1 3F 06 02 9B 3F 8F A5 02 02 B5 B4 AF 85 01 02
D1 FC AE 9C 0E 02 B4 E2 94 9E 0A 02 3F E2 94 9E
0A 02 3F E2 94 9E 0A 02 92 BB 80 A5 06
...
我已经处理了这个问题,在建筑刮土机ASP.NET网站之前。您需要请求初始页面,浏览器用户通常会登陆,提取 __ VIEWSTATE 和 __ EVENTVALIDATION 哈希值,然后使用这些在做为其实际需要的数据的第二请求。
例如,如果你从刮表单提交的响应:
- 请为表单上的页面一个AJAX请求
- 从响应中提取的视图状态和事件验证哈希
- 请模拟表单提交一个新的AJAX请求,传递哈希值作为参数
如果你正在寻找的JavaScript函数来提取标记的哈希值,我发表我的 MS-ViewState中使用的那些的在GitHub上。
I am in the progress of making a mobile App for a website to view your schedule. They don't provide any API and has no intention to make one.
The website can only function with Ajax, however to fake these requests and scrape the website I need to fake the __EVENTVALIDATION post field.
I have no control whatsoever over the website and I have never built anything using ASP.NET or Microsoft Ajax.
Has anyone done this?
I have found that the __EVENTVALIDATION field has this pattern (... symbolises bytes changed depending on the request, hexdump of the base64 decoded version):
d8 01 16 13 02 4f 0a ... f6 e0 84 d4 05 02 a0 3f e2 3f 03 02 3f d8 d1 d5 0c 02 bb 82 cf ec 08 02 b4 b5 99 f8 0b 02 3f 89 3f eb 04 02 d5 83 90 88 0a 02 8a db 94 90 03 02 8b cf 3f 85 08 02 93 3f b1 3f 06 02 9b 3f 8f a5 02 02 b5 b4 af 85 01 02 d1 fc ae 9c 0e 02 b4 e2 94 9e 0a 02 3f e2 94 9e 0a 02 3f e2 94 9e 0a 02 bb 92 80 a5 06 ...
I've dealt with this problem before in building scrapers for ASP.NET sites. You need to request the initial page that the browser user would ordinarily land on, extract the __VIEWSTATE and __EVENTVALIDATION hashes then use these in making the second request for the data which you actually need.
For example, if you're scraping the response from a form submission:
- make an AJAX request for the page that the form is on
- extract the viewstate and event validation hashes from the response
- make a new AJAX request that simulates form submission, passing the hashes as parameters
If you're looking for JavaScript functions to extract the hashes from markup, I've published the ones I use as ms-viewstate on GitHub.
这篇关于在微软的Ajax假__EVENTVALIDATION的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
