拼多多出现巨大漏洞

作者:手机购彩网站编程

从1月20日凌晨开始,拼多多出现巨大漏洞,用户可以领取100元无门槛券。

有大批用户开启“薅羊毛”的节奏,利用无门槛券来充值话费、Q币。拼多多回应称,有黑灰产团伙通过一个过期的优惠券漏洞盗取数千万元平台优惠券,进行不正当牟利。

 号:960410445 群里有志同道合的小伙伴,互帮互助, 群里有不错的视频学习教程和PDF!

今天介绍的“羊毛”主是指来自京东平台的虚拟货币:京豆,如果按每天能薅一波计算,少则有几十京豆,多则一两百也是有可能的。

基本环境配置

版本:Python3.6

系统:Windows

相关模块:

  • Requests

  • BeautifulSoup4

  • Selenium (配置好Chrome Driver、Firefox Driver或是PhantomJS环境)

京东账号得关联QQ,且当前QQ在线 (用于QQ授权登录京东,可自行扩展登录方式)

实现效果展示

图片 1image图片 2image

实现代码

Python写的代码已经很简洁了,注释也完善了很多,有兴趣的继续往下看。

wx_turing.py

<pre style="margin: 0px; padding: 0px; max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important; background-image: none; background-color: initial;">

import timefrom urllib.parse import parse_qs

import requestsfrom bs4 import BeautifulSoupfrom selenium import webdriverfrom selenium.common.exceptions import *from selenium.webdriver.support.wait import WebDriverWait

from utils import auth

class QMM:"""借助券妈妈平台褥京东京豆"""

def init(self, sleep=3, months=None, days=None):self.timeout, self.months, self.days = sleep, None, None# 爬取规则if months:month_interval = months.splitstart_month, end_month = int(month_interval[0]), int(month_interval[-1])self.months = list(map(lambda m: '{}月'.format, range(start_month, end_month + 1)))if days:day_interval = days.splitstart_day, end_day = int(day_interval[0]), int(day_interval[-1])self.days = list(map(lambda d: '{}日'.format, range(start_day, end_day + 1)))# 手机店铺(用作提醒输出,可复制链接到手机端领取)self.m_shop = []# 统计京豆总数self.jing_dou = 0

def _crawl_url:""" 抓取京豆更新页, 获得店铺京豆领取地址"""

 # 日期更新页 qmm_collect = 'http://www.quanmama.com/zhidemai/2459063.html' bs = BeautifulSoup(requests.get(qmm_collect).text, 'html.parser') for link in bs.tbody.find_all: text = link.text if self.months: if not list(filter(lambda m: m in text, self.months)): continue if self.days: if not list(filter(lambda d: d in text, self.days)): continue qmm_detail = link.get # 店铺领取页 resp = requests.get(qmm_detail) bs = BeautifulSoup(resp.text, 'html.parser') for body in bs.find_all: for mall in body.find_all: url = self._parse_url(mall.get if 'shop.m.jd.com' in url: self.m_shop.append else: yield url

@staticmethoddef _parse_url:"""提取URL中的url参数"""

 mall_url = parse_qs.get return mall_url.pop() if mall_url else url

def start:""" 登录京东,领取店铺羊毛"""

 malls = set(self._crawl_url print('共有 %d 个可褥羊毛PC端店铺页面' % len m_malls = self.m_shop print('共有 %d 个可褥羊毛手机端店铺页面' % len for m_mall in m_malls: print if malls: # 登陆京东(Chrome、PhantomJS or FireFox) driver = webdriver.Chrome() # driver = webdriver.PhantomJS() jd_login = 'https://passport.jd.com/new/login.aspx' driver.get # 窗口最大化 driver.maximize_window() # QQ授权登录 driver.find_element_by_xpath('//*[@]/ul/li[1]/a').click() auth.qq time.sleep(self.timeout) # 开始褥羊毛 for i, detail in enumerate: driver.get print('%d.店铺: %s' % (i + 1, detail), end='') try: # 查找"领取"按钮 btn = WebDriverWait(driver, self.timeout).until( lambda d: d.find_element_by_css_selector("[class='J_drawGift d-btn']")) except TimeoutException: # 失败大多数情况下是无羊毛可褥(券妈妈平台只是简单汇总但不一定就有羊毛) print(' 领取失败, TimeoutException ') else: try: # 输出羊毛战绩 items = WebDriverWait(driver, self.timeout).until( lambda d: d.find_elements_by_css_selector("[class='d-item']")) for item in items: item_type = item.find_element_by_css_selector("[class='d-type']").text item_num = item.find_element_by_css_selector("[class='d-num']").text if item_type == '京豆': self.jing_dou += item_num print(' {}{} '.format(item_type, item_num), end='') except: # 此处异常不太重要, 忽略 pass finally: btn.click() print # 以下附加功能可选 self._print_jing_dou() self._un_subscribe self._finance_sign

def print_jing_dou:print('OO哈哈~, 共褥到了{}个京豆,相当于RMB{}元', self.jing_dou, self.jing_dou / 100)

def _un_subscribe(self, driver):"""批量取消店铺关注"""

 # 进入关注店铺 subscribe_shop = 'https://t.jd.com/vender/followVenderList.action' driver.get(subscribe_shop) try: # 批量操作 batch_btn = WebDriverWait(driver, self.timeout).until( lambda d: d.find_element_by_xpath('//*[@]/div/div[2]/div[1]/div[2]/div[2]/div/a')) batch_btn.click() # 全选店铺 all_btn = WebDriverWait(driver, self.timeout).until( lambda d: d.find_element_by_xpath('//*[@]/div/div[2]/div[1]/div[2]/div[2]/div/div/span[1]')) all_btn.click() # 取消关注 cancel_btn = WebDriverWait(driver, self.timeout).until( lambda d: d.find_element_by_xpath('//*[@]/div/div[2]/div[1]/div[2]/div[2]/div/div/span[2]')) cancel_btn.click() # 弹框确认 confirm_btn = WebDriverWait(driver, self.timeout).until( lambda d: d.find_element_by_xpath("/html/body/div[7]/div[3]/a[1]")) except TimeoutException: print(' 批量取关店铺失败, TimeoutException ') else: confirm_btn.click() print(' 已批量取消关注店铺')

def _finance_sign(self, driver):"""京东金融签到领钢镚"""

 # 进入京东金融 jr_login = 'https://jr.jd.com/' driver.get try: # 点击签到按钮 sign_btn = WebDriverWait(driver, self.timeout).until( lambda d: d.find_element_by_xpath('//*[@]/div[1]/div[3]/div[1]/a')) except TimeoutException: print(' 京东金融签到失败, TimeoutException ') else: sign_btn.click() print(' 京东金融签到成功')

if name == 'main':qmm = QMM(sleep=3, months='7-8', days='16-31')qmm.start()(左右滑动即可查看完整代码)

auth.py

from selenium.webdriver.support.wait import WebDriverWait

def qq(driver, timeout=3):

window_handles = driver.window_handlesdriver.switch_to.window(window_handles[-1])

print('Auth QQ: ', driver.title)

i_frame = WebDriverWait(driver, timeout).until(lambda d: d.find_element_by_id('ptlogin_iframe'))driver.switch_to.frame

login = WebDriverWait(driver, timeout).until(lambda d: d.find_element_by_xpath('//*[@]/a[1]'))login.click()

(左右滑动即可查看完整代码)

小小的总结

该功能还能继续完善一下的:

  1. 加入每日定时功能

  2. 扩展登录京东方式

  3. 多线程褥羊毛

  4. Appium抓取手机店铺主页

本文由手机购彩网站发布,转载请注明来源

关键词: