模拟浏览器-图像上传

Question

我嗅探了浏览器之间的流量(火狐Dev.Ed)。在上传图片的过程中，我希望能够使用官方的API在没有的情况下上传图片。您可以通过我的dropbox链接下载流量捕获：sniff.pcapng?dl=0。

我就是这样理解这一捕捉的：

首先，每个上传都变成一个Upload-Session ID，它通过向session发送请求来接收。来自此连接的传入响应包含包含此ID的报头属性Set-Cookie。在此之后(Wireshark中的新TCP)，调用uploads=1，其中total_uploads是一个GET-属性，它可能表示将要上载的图像数量。

以下是对上述请求的答复：

5d
...........VJI,IT..V./K-....,)V.2.Q*-..OL.O./.+Q.22..Q*.MNN-.J......%.%.@...A-.......p_..G...
0

我不知道这意味着什么，这代表一根绳子吗？下一步是请求http://imgur.com/crossdomain.xml，但我认为这是不必要的，因为只发送了多余的信息。

下一个TCP可能是最有趣的：http://imgur.com/upload是通过POST (Multipart)调用的，最后一个主体部分是应该上传的图像的OCTET-Stream。响应包含图像的链接。

下面是我的实现：

// Getting the Upload-Session
HttpWebRequest sessionRequest = (HttpWebRequest) WebRequest.Create("http://imgur.com/upload/start_session");
sessionRequest.Host = "imgur.com";
sessionRequest.UserAgent = "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0";
sessionRequest.Accept = "application/json, text/javascript, */*; q=0.01";
sessionRequest.Headers.Add("Accept-Language", "de,en-US;q=0.7,en;q=0.3");
sessionRequest.Headers.Add("Accept-Encoding", "gzip, deflate");
sessionRequest.Headers.Add("X-Requested-With", "XMLHttpRequest");
sessionRequest.Referer = "http://imgur.com/";
sessionRequest.KeepAlive = true;
sessionRequest.AllowAutoRedirect = true;
HttpWebResponse response = (HttpWebResponse) sessionRequest.GetResponse();
string imgurSession = response.Headers.Get("Set-Cookie");

MultiPartFormData formData = new MultiPartFormData();
formData.Add("Filename", imageFile.Name);
formData.Add("forceAnnonymous", "false");
formData.Add("total_uploads", "1");
formData.Add("sid", imgurSession.Split(';')[0].Split('=')[1]);
formData.Add("catify", "0");
formData.Add("current_upload", "1");
formData.Add("create_album", "0");
formData.Add("layout", "b");
formData.Add("gallery_submit", false.ToString());
formData.Add("album_title", "Optional Album Title");
formData.Add("edit", "0");
formData.AddCustomEntry("Content-Disposition: form-data; name=\"Filedata\"; filename=\"" +
                        imageFile.Name + "\"" + Environment.NewLine + "Content-Type: application/octet-stream" + Environment.NewLine
                        + Environment.NewLine);
FileStream fileStream = new FileStream(imageFile.FullName, FileMode.Open);
byte[] fileBuffer = new byte[imageFile.Length];
byte[] lastFormData = Encoding.UTF8.GetBytes(formData.CreateEntry("Upload", "Sumbit Query" + Environment.NewLine +
                                                                    "------------" + formData.Ticks + "--"));

HttpWebRequest uploadRequest = (HttpWebRequest) WebRequest.Create("http://imgur.com/upload");
uploadRequest.Method = "POST";
uploadRequest.Accept = "text/*";
uploadRequest.ContentType = "multipart/form-data; boundary=----------" + formData.Ticks;
uploadRequest.UserAgent = "Shockwave Flash";
uploadRequest.Host = "imgur.com";
uploadRequest.ContentLength = fileBuffer.Length + formData.Length + lastFormData.Length;
uploadRequest.KeepAlive = true;
uploadRequest.Headers.Add("Cache-Control", "no-cache");

Stream uploadStream = uploadRequest.GetRequestStream();
uploadStream.Write(formData.ToBytes(), 0, formData.Length);
while (fileStream.Read(fileBuffer, 0, fileBuffer.Length) != 0)
{
    uploadStream.Write(fileBuffer, 0, fileBuffer.Length);
}
uploadStream.Write(lastFormData, 0, lastFormData.Length);
StreamReader reader = new StreamReader(uploadRequest.GetResponse().GetResponseStream());

如何才能看到I to access http://imgur.com/upload/checkcaptcha?，因为我没有看到任何新的信息，我需要执行大量的请求，在Wireshark中打开相应的TCP时如何查看。我收到的答复如下：

da {"data":{"error":{"code":1003，"message":"2-bromobutan: File type false>(application/octet)“，"type":"Exception_UploadError"，"exception":{}}，”/upload“，”/upload“，”方法“：”POST“}，”成功“：false，"status":500} 0

我真的非常小心地重建了上一个上传请求，所以Wireshark告诉我，我对http://imgur.com/upload的请求与浏览器发送的reqqest完全相同。尽管如此，我还是遇到了一个错误。好的，还有一些不同之处:浏览器在标题中发送带有Cookie-Attribute的请求，如下所示：

__cfduid=df2407e2f959c4382aaf466c62265995a1418721431; __qca=P0-647698388-1419247516502; o=0.40444; m_sort=viral; m_window=day; m_section=hot; OX_plg=swf|shk|pm; __gads=ID=3bfd01a8b049d7c8:T=1419248272:S=ALNI_MZiowWAL9UL03fWOwJTV58emtv6xQ; IMGURSESSION=o8dkrlfmiufhtvga55898eceb4; _nc=1; UPSERVERID=i-362e5bdc; _ga=GA1.2.761672825.1419247517; __utmt=1; optimizelyEndUserId=oeu1419355284536r0.03670886438339949; __utma=247341212.761672825.1419247517.1419255358.1419355284.3; __utmb=247341212.3.10.1419355284; __utmc=247341212; __utmz=247341212.1419247517.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); optimizelySegments=%7B%221503675771%22%3A%22gc%22%2C%221505515733%22%3A%22false%22%2C%221506465808%22%3A%22direct%22%2C%221717910483%22%3A%22none%22%2C%221893480508%22%3A%22true%22%2C%221938330135%22%3A%22true%22%2C%222025850214%22%3A%22true%22%2C%222359290357%22%3A%22true%22%7D; optimizelyBuckets=%7B%7D

虽然我只将会话ID作为主体部分发送到上载(浏览器上传也会这样做)。你认为这次失败的原因是什么，我该如何解决呢？

注意: Wireshark-sniff不包含对 http://imgur.com/upload/start的第一个请求，我不知道为什么没有捕获它，但是我已经足够描述了TCP流.。

Answer 1

你想上传到session

检查http://imgur.com/robots.txt会得到以下结果：

# robots

User-agent: *
Disallow: /account/
Disallow: /delete/
Disallow: /download/
Disallow: /logout/
Disallow: /removalrequest/
Disallow: /upload/
Disallow: /1/
Disallow: /2/
Disallow: /3/
Sitemap: /gallery/sitemap.xml

它们非常明确地说明了不将请求自动化到/上载/。所以你不应该这么做。另外，"Mozilla/5.0 (WindowsNT6.3；WOW64；rv:36.0) Gecko/20100101 Firefox/36.0“是火狐用户代理，而不是脚本的用户代理。隐瞒你的身份是非常糟糕的形式。网站维护人员提供了远离网站的指示，你应该学会尊重网站所有者强加的条件。

现在停止使用官方API。你在这里做的事是没有借口的。