當前位置：首頁 > 运维知识 > windows >内容正文

windows

通过腾讯网页快捷登录协议截取 QQ邮箱的 QQClientkey / QQKey 教程

發布時間：2024/1/16 windows 27 coder

生活随笔收集整理的這篇文章主要介紹了通过腾讯网页快捷登录协议截取 QQ邮箱的 QQClientkey / QQKey 教程小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

最近發現之前的老代碼已經不能獲取QQ郵箱的Clientkey，經過一番調試后發現QQ郵箱更新了獲取的流程，所以決定重新發布一篇文章，廢話不多，直接上教程，喜歡的朋友記得點贊加關注。

step 1

首先需要獲取到 Qrsig 的值（流程已更改）

Request URL:

https://ssl.ptlogin2.qq.com/ptqrshow?appid=716027609&e=2&l=M&s=3&d=72&v=4&t=0.1957881457063695&daid=383&pt_3rd_aid=102013353&u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump

返回數據在瀏覽器 Set-Cookie 中。

實現代碼：

		// 初始化URL
		URL_COMPONENTSA crackedURL = { 0 };
 
		char URL_STRING[] = "https://ssl.ptlogin2.qq.com/ptqrshow?appid=716027609&e=2&l=M&s=3&d=72&v=4&t=0.7009436033346066&daid=383&pt_3rd_aid=102013353&u1=https://graph.qq.com/oauth2.0/login_jump";
 
		char szHostName[128] = { 0 };
		char szUrlPath[256] = { 0 };
 
		crackedURL.dwStructSize = sizeof(URL_COMPONENTSA);
		crackedURL.lpszHostName = szHostName;
		crackedURL.dwHostNameLength = ARRAYSIZE(szHostName);
		crackedURL.lpszUrlPath = szUrlPath;
		crackedURL.dwUrlPathLength = ARRAYSIZE(szUrlPath);
		InternetCrackUrlA(URL_STRING, (DWORD)strlen(URL_STRING), 0, &crackedURL);
 
		// 初始化首次會話
		HINTERNET hInternet = InternetOpenA("Microsoft Internet Explorer", INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0);
		if (hInternet != NULL){
			HINTERNET hHttpSession = InternetConnectA(hInternet, crackedURL.lpszHostName, INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
			if (hHttpSession != NULL){
				HINTERNET hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", crackedURL.lpszUrlPath, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);
				if (hHttpRequest != NULL){
					BOOL bRet = FALSE;
					// 發送HTTP請求
					bRet = HttpSendRequest(hHttpRequest, NULL, 0, NULL, 0);
					if (bRet){
						// 查詢HTTP請求狀態
						DWORD dwRetCode = 0;
						DWORD dwSizeOfRq = sizeof(DWORD);
						bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);
						if (bRet){
							// 讀取整個Headers
							char lpHeaderBuffer[1024] = { 0 };
							dwSizeOfRq = 1024;
							HttpQueryInfo(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);
							// 從Cookie中提取qrsig的值
							char* qrsig = lpHeaderBuffer + dwSizeOfRq;
							while (qrsig != lpHeaderBuffer){
								if (strstr(qrsig, "qrsig=")){
									// 退出之前，修正偏移
									qrsig += sizeof("qrsig");
									char* pEndBuffer = strstr(qrsig, ";");
									*pEndBuffer = 0;
									break;
								}
								qrsig--;
							}
 
							// 關閉句柄
							InternetCloseHandle(hHttpRequest);
							InternetCloseHandle(hHttpSession);
 
							cout << "[+] qrsig:" << qrsig << "\r\n" << endl;
					}
				}
			}
		}

效果演示：

step 2

利用 Qrsig 獲取 pt_local_token

Request URL:

https://xui.ptlogin2.qq.com/cgi-bin/xlogin?target=self&appid=522005705&daid=4&s_url=https%3A%2F%2Fwx.mail.qq.com%2Flist%2Freadtemplate%3Fname%3Dlogin_jump.html%26target%3D&style=25&low_login=1&proxy_url=https://mail.qq.com/proxy.html&need_qr=0&hide_border=1&border_radius=0&self_regurl=https%3A%2F%2Freg.mail.qq.com&app_id=11005?t=regist&pt_feedback_link=http://support.qq.com/discuss/350_1.shtml&css=https://res.mail.qq.com/zh_CN/htmledition/style/ptlogin_input_for_xmail.css&enable_qlogin=0

請求標頭帶入 Cookie（Qrsig 的值），返回數據在瀏覽器 Set-Cookie 中。

**實現代碼： **

							/* 第二次建立會話 */
 
							// 初始化URL參數
							char lpszUrlPath_2[1024] = { 0 };
							strcpy(lpszUrlPath_2, "/cgi-bin/xlogin?target=self&appid=522005705&daid=4&s_url=https://wx.mail.qq.com/list/readtemplate?name=login_jump.html&target=&style=25&low_login=1&proxy_url=https://mail.qq.com/proxy.html&need_qr=0&hide_border=1&border_radius=0&self_regurl=https://reg.mail.qq.com&app_id=11005?t=regist&pt_feedback_link=http://support.qq.com/discuss/350_1.shtml&css=https://res.mail.qq.com/zh_CN/htmledition/style/ptlogin_input_for_xmail.css&enable_qlogin=0");
 
							// 初始化會話
							hHttpSession = InternetConnectA(hInternet, "xui.ptlogin2.qq.com", 443, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
							if (NULL != hHttpSession)
							{
								hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath_2, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);
								if (NULL != hHttpRequest)
								{
									// 請求標頭添加 Cookie 
									char lpCookie[256] = { 0 };
									strcpy(lpCookie, "Cookie: qrsig=");
									strcat(lpCookie, qrsig);
									strcat(lpCookie, "\r\n");
 
									HttpAddRequestHeaders(hHttpRequest, lpCookie, -1L, HTTP_ADDREQ_FLAG_ADD);
 
									bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);
									if (bRet)
									{
										// 查詢HTTP請求狀態
										dwRetCode = 0;
										dwSizeOfRq = sizeof(DWORD);
										bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);
										if (bRet)
										{
											// 讀取整個Headers
											ZeroMemory(lpHeaderBuffer, 1024);
											dwSizeOfRq = 1024;
											HttpQueryInfo(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);
											// 從Cookie中提取pt_local_token的值
											char* pt_local_token = lpHeaderBuffer + dwSizeOfRq;
											while (pt_local_token != lpHeaderBuffer) {
												if (strstr(pt_local_token, "pt_local_token=")) {
													// 退出之前，修正偏移
													pt_local_token += sizeof("pt_local_token");
													char* pEndBuffer = strstr(pt_local_token, ";");
													*pEndBuffer = 0;
													break;
												}
												pt_local_token--;
											}
 
											// 釋放資源,注意關閉句柄時按相反的順序
											InternetCloseHandle(hHttpRequest);
											InternetCloseHandle(hHttpSession);
 
											cout << "[+] pt_local_token:" << pt_local_token << "\r\n" << endl;
 
											
										}
									}
								}
							}

效果演示：

step 3

利用 pt_local_token 獲取本地已登錄的 QQ Uin。

Request URL:

https://localhost.ptlogin2.qq.com:4301/pt_get_uins?callback=ptui_getuins_CB&r=0.7544340024793896&pt_local_tk=pt_local_tk

返回在瀏覽器中的 Response （網頁數據），請求標頭帶入 Referer。

Referer: https://xui.ptlogin2.qq.com/

實現代碼：

                                            /* 第三次建立會話 */
 
											// 初始化URL參數
											char lpszUrlPath_3[1024] = { 0 };
											strcpy(lpszUrlPath_3, "/pt_get_uins?callback=ptui_getuins_CB&r=0.");
											strcat(lpszUrlPath_3, szRandNum);			// 追加16位隨機數
											strcat(lpszUrlPath_3, "&pt_local_tk=");
											strcat(lpszUrlPath_3, pt_local_token);	// 追加pt_local_token
 
											//cout << "[+] lpszUrlPath_3:" << lpszUrlPath_3 << "\r\n" << endl;
 
											// 初始化會話
											hHttpSession = InternetConnectA(hInternet, "localhost.ptlogin2.qq.com", 4301, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
											if (NULL != hHttpSession)
											{
												hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath_3, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);
												if (NULL != hHttpRequest)
												{
													// 請求標頭添加 Referer 
													char lpReferer[256] = { 0 };
													strcpy(lpReferer, "Referer: https://xui.ptlogin2.qq.com/");
													strcat(lpReferer, "\r\n");
 
													HttpAddRequestHeaders(hHttpRequest, lpReferer, -1L, HTTP_ADDREQ_FLAG_ADD);
 
													bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);
													if (bRet)
													{
														// 查詢HTTP請求狀態
														dwRetCode = 0;
														dwSizeOfRq = sizeof(DWORD);
														bRet = HttpQueryInfo(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);
														if (bRet)
														{
															// 獲取返回數據的大小
															DWORD dwNumberOfBytesAvailable = 0;
															bRet = InternetQueryDataAvailable(hHttpRequest, &dwNumberOfBytesAvailable, NULL, NULL);
															if (bRet)
															{
																// 讀取網頁內容
																char* lpBuffer = new char[dwNumberOfBytesAvailable + 1]();
																bRet = InternetReadFile(hHttpRequest, lpBuffer, dwNumberOfBytesAvailable, &dwNumberOfBytesAvailable);
																if (bRet)
																{
																	// 從內容中提取已登陸QQ賬號
																	char* uin = lpBuffer + dwNumberOfBytesAvailable;
																	while (uin != lpBuffer)
																	{
																		if (strstr(uin, "\"account\":"))
																		{
																			// 退出之前，修正偏移
																			uin += sizeof("\"account\":") - 1;
																			char* pEndBuffer = strstr(uin, "}");
																			*pEndBuffer = 0;
																			break;
																		}
																		uin--;
																	}
 
																	// 釋放資源,注意關閉句柄時按相反的順序
																	InternetCloseHandle(hHttpRequest);
																	InternetCloseHandle(hHttpSession);
 
																	cout << "[+] uin:" << uin << "\r\n" << endl;
 
																	
																}
															}
														}
													}
												}
											}

效果演示：

step 4

利用 QQuin 與 pt_local_token 獲取 QQClientkey。

Request URL:

https://localhost.ptlogin2.qq.com:4301/pt_get_st?clientuin=QQUin&r=0.8134579633763475&pt_local_tk=pt_local_token&callback=__jp0

請求標頭帶上 Referer

Referer: https://xui.ptlogin2.qq.com/

返回數據在瀏覽器 Set-cookie 中。

實現代碼：

/* 第四次會話 */
 
																	// 初始化URL參數
																	char lpszUrlPath_4[1024] = { 0 };
																	strcpy(lpszUrlPath_4, "/pt_get_st?clientuin=");
																	strcat(lpszUrlPath_4, uin);
																	strcat(lpszUrlPath_4, "&r=0.");
																	strcat(lpszUrlPath_4, szRandNum);
																	strcat(lpszUrlPath_4, "&pt_local_tk=");
																	strcat(lpszUrlPath_4, pt_local_token);
																	strcat(lpszUrlPath_4, "&callback=__jp0");
 
																	cout << "[+] lpszUrlPath_4:" << lpszUrlPath_4 << "\r\n" << endl;
 
																	// 發送HTTPS請求
																	hHttpSession = InternetConnectA(hInternet, "localhost.ptlogin2.qq.com", 4301, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
																	if (NULL != hHttpSession)
																	{
																		hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath_4, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);
																		if (NULL != hHttpRequest)
																		{
																			// 請求標頭添加 Referer 
																			char lpReferer_2[256] = { 0 };
																			strcpy(lpReferer_2, "Referer: https://xui.ptlogin2.qq.com/");
																			strcat(lpReferer_2, "\r\n");
 
																			HttpAddRequestHeaders(hHttpRequest, lpReferer_2, -1L, HTTP_ADDREQ_FLAG_ADD);
 
																			bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);
																			if (bRet)
																			{
																				// 查詢HTTP請求狀態
																				dwRetCode = 0;
																				dwSizeOfRq = sizeof(DWORD);
																				bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);
																				if (bRet)
																				{
																					// 讀取整個Headers
																					ZeroMemory(lpHeaderBuffer, 1024);
																					dwSizeOfRq = 1024;
																					bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_RAW_HEADERS, lpHeaderBuffer, &dwSizeOfRq, NULL);
																					if (bRet)
																					{
																						// 從Cookie中提取ClientKey的值
																						char* clientkey = lpHeaderBuffer + dwSizeOfRq;
																						while (clientkey != lpHeaderBuffer)
																						{
																							if (strstr(clientkey, "clientkey="))
																							{
																								// 退出之前，修正偏移
																								clientkey += sizeof("clientkey");
																								char* pEndBuffer = strstr(clientkey, ";");
																								*pEndBuffer = 0;
																								break;
																							}
																							clientkey--;
																						}
 
																						// 釋放資源,注意關閉句柄時按相反的順序
																						InternetCloseHandle(hHttpRequest);
																						InternetCloseHandle(hHttpSession);
 
																						cout << "[+] clientkey:" << clientkey << "\r\n" << endl;
																					}
																				}
																			}
																		}
																	}

效果演示：

step 5

獲取 ptsigx

Request URL:

https://ssl.ptlogin2.qq.com/jump?clientuin=QQUin&keyindex=9&pt_aid=716027609&daid=383&u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&pt_local_tk=633103212&pt_3rd_aid=102013353&ptopt=1&style=40

請求標頭帶上 Referer 與 Cookie（QQClientkey）

Referer: https://xui.ptlogin2.qq.com/
Cookie: QQClientkey

返回數據在瀏覽器 Response 中（網頁數據）。

實現代碼：

/* 第五次會話 */
 
// 初始化URL參數
																						char lpszUrlPath_5[1024] = { 0 };
																						strcat(lpszUrlPath_5, "/jump?clientuin=");
																						strcat(lpszUrlPath_5, u_Uin);
																						strcat(lpszUrlPath_5, "&keyindex=9&pt_aid=716027609&daid=383&u1=https%3A%2F%2Fgraph.qq.com%2Foauth2.0%2Flogin_jump&pt_local_tk=");
																						strcat(lpszUrlPath_5, u_Token);
																						strcat(lpszUrlPath_5, "&pt_3rd_aid=102013353&ptopt=1&style=40");
 
// 發送HTTPS請求
																						hHttpSession = InternetConnectA(hInternet, "ssl.ptlogin2.qq.com", INTERNET_DEFAULT_HTTPS_PORT, NULL, NULL, INTERNET_SERVICE_HTTP, 0, 0);
																						if (NULL != hHttpSession)
																						{
																							hHttpRequest = HttpOpenRequestA(hHttpSession, "GET", lpszUrlPath_5, NULL, "", NULL, INTERNET_FLAG_SECURE, 0);
																							if (NULL != hHttpRequest)
																							{
																								// 請求標頭添加 Referer & Cookie 
																								char lpCookie_2[1024] = { 0 };
																								strcpy(lpCookie_2, "Referer: https://xui.ptlogin2.qq.com/");
																								strcat(lpCookie_2, "\r\n");
																								strcat(lpCookie_2, "Cookie: clientkey=");
																								strcat(lpCookie_2, u_Ckey);
																								strcat(lpCookie_2, "\r\n");
 
																								HttpAddRequestHeaders(hHttpRequest, lpCookie_2, -1L, HTTP_ADDREQ_FLAG_ADD);
 
																								bRet = HttpSendRequestA(hHttpRequest, NULL, NULL, NULL, 0);
																								if (bRet)
																								{
																									// 查詢HTTP請求狀態
																									dwRetCode = 0;
																									dwSizeOfRq = sizeof(DWORD);
																									bRet = HttpQueryInfoA(hHttpRequest, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &dwRetCode, &dwSizeOfRq, NULL);
																									if (bRet)
																									{
																										// 獲取返回數據的大小
																										DWORD dwNumberOfBytesAvailablex = 0;
																										InternetQueryDataAvailable(hHttpRequest, &dwNumberOfBytesAvailablex, NULL, NULL);
 
																										// 讀取網頁內容
																										char* lpBufferx = new char[dwNumberOfBytesAvailablex + 1]();
																										InternetReadFile(hHttpRequest, lpBufferx, dwNumberOfBytesAvailablex, &dwNumberOfBytesAvailablex);
 
																										// 返回的數據
																										cout << "[+] Response Data:" << lpBufferx << "\r\n" << endl;
 
																										delete[] lpBufferx;
 
																										
																									}
																								}
																							}
																						}

效果演示：

完整工具下載

【藍奏云下載】（提取碼：eh9v）

【百度云下載】（提取碼：wqau）

官方網站

【www.CHWM.vip】

總結

以上是生活随笔為你收集整理的通过腾讯网页快捷登录协议截取 QQ邮箱的 QQClientkey / QQKey 教程的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。

上一篇：深入剖析 Linux Cgroups 子
下一篇： java信息管理系统总结_java实现科

windows

通过腾讯网页快捷登录协议截取 QQ邮箱 的 QQClientkey / QQKey 教程

總結

通过腾讯网页快捷登录协议截取 QQ邮箱的 QQClientkey / QQKey 教程