打印

搜索工具教程之(一). 模拟之家allen73（转贴）

BEFREE

管理员

发短消息
加为好友
当前离线

1^# 大中小发表于 2003-11-25 21:10 只看该作者

搜索工具教程之(一). 模拟之家allen73（转贴）

做网赚有几年了..从点击,lotto,注册,搜索..什么都做.自己写工具玩也有两三年了.今天我写个教程,
也许对一些想自己学写工具的人会有点提示 :)

自动控制网页数据可以用webbrowser,这也是学写作弊工具的人入门时常常用的方法.这儿我
不介召了.这次我以SearchandShop这个公司的搜索为实例简单讲解发包的方法写EMU.

大家知道当我们填入关键字按Search按钮时.会有一些数据发送给服务器.用截包工具就可以记录这些数据.
如 SearchandShop 中按搜索后得到的数据就是:

POST http://www.searchandshop.com/cgi-bin/smartsearch/smartsearch.cgi HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.xxxx.com/
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.0.3705)
Host: www.searchandshop.com
Content-Length: 55
Pragma: no-cache

username=myid01&keywords=shopping&search=Search

Referer:       表明这次数据从你的www.xxxx.com网址转出.也就是你放搜索代码的网址.
Accept-Language:  表明你的浏览器是用E文的语言
Proxy-Connection: 表明你用了代理
User-Agent:    表明你的机器操作系统和浏览器的版本

username=myid01&keywords=shopping&search=Search  就是POST给对方的搜索请求.表明你的ID和你要搜索的关健字shopping.

当对方收到这个请求..会返回

HTTP/1.1 200 OK
Date: Wed, 29 Oct 2003 07:53:09 GMT
Server: Apache/1.3.28 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.2 PHP/4.3.3 FrontPage/5.0.2.2634 mod_ssl/2.8.15 OpenSSL/0.9.6b
Set-Cookie: referrer=myid01; path=/; expires=Thu, 28-Oct-2004 07:53:14 GMT
Content-Type: text/html; charset=ISO-8859-1
X-Cache: MISS from eweb.plumtree.com
Connection: close

<html>
<head>
<title>SearchandShop.com - online gambling</title>
....略
Showing 1-8 of 29 results:
<ol>

<li value="1">
<a href="http://www.SearchandShop.com/cgi-bin/smartsearch/sf.cgi?t=ah&keys=dsdfzhdpacfmhacvzcspsodxhddfhnxzaihhzcdvfmaxdyfdzixazzsadisosnaodkzcazxpsmsssksndafpadcncxfvhysihdafhixpcmcifhzmszdfaxapzycyckhsfahpzodzfczazkcodafmsishfyhnxahncnfchkahdmachiamxhxdazfhzchhacsvsixahchsdifcdvsmfkaaxvzyhahxzofxzmanchaxaafifkzchdhodshdadachsfvzofcdaapzzazcahdaszohffnsacxcvhvdxdkshddsyhyxhzoazfihkdpfyahfzhxzfczszdfdxassihsxzchzkhdhsdpddfzsyaazxzysczmahhzdifpczxdznffayfzhpfxaoxnhzanaxfdasfvhadvcccyzfanhzsczkznsyzscncidnsssdfndzsdhmhsxdsmsfavdhaiakzpahhnsidydfhcsmaosyzchsdsacdssfhishxzcmavsnsvaihfaahnzmchhahnfnavfvfihyahzkcvhaahassofzanzdcvaxscakfcsvsasixmzcckdzayaksihsdicsxfzysyfnzvaahpansohmzfasznapacznaozisyhszyzvzksssfsyhxaihvshskhfsaasanzxzyhfschmfhdhzdhkasaaskhshmshahsp&kw=shopping">Shop PacSun</a>

Get free shipping and handling on all orders $99 or more at PacSun.com. Find a great selection of swimwear, shorts, sandals and more from Roxy, Quiksilver, Billabong, etc.

www.pacsun.com<a href="signup.cgi?referrer=searcho"></a
</li></p>
<li value="2">

...略

其中要注意的就是 Set-Cookie: referrer=myid01 也说是我们常说的cook了..如果用IE浏览器.
这个cookie会记录在你的机器上.这也就是为什么用浏览器不能同时玩多帐号的原因.如果自己写工具时当然要提取cook

而 a href="http://www.SearchandShop.com/cgi-bin/smartsearch/sf.cgi?t=ah&keys=dsdfzhdpacfmhacvzcsp....
这个就是搜索结果页中的一些列表链接了..写工具时提取这些链接. 一些文本处理.

当我们点击这些广告列表时..会看到这样的数据流从你的机器发出去:

GET http://www.searchandshop.com/cgi-bin/smartsearch/sf.cgi?t=ah&keys=dsdfzhdpacfmhacvzcspsodxhddfhnxzaihhzcdvfmaxdyfdzixazzsadisosnaodkzcazxpsmsssksndafpadcncxfvhysihdafhixpcmcifhzmszdfaxapzycyckhsfahpzodzfczazkcodafmsishfyhnxahncnfchkahdmachiamxhxdazfhzchhacsvsixahchsdifcdvsmfkaaxvzyhahxzofxzmanchaxaafifkzchdhodshdadachsfvzofcdaapzzazcahdaszohffnsacxcvhvdxdkshddsyhyxhzoazfihkdpfyahfzhxzfczszdfdxassihsxzchzkhdhsdpddfzsyaazxzysczmahhzdifpczxdznffayfzhpfxaoxnhzanaxfdasfvhadvcccyzfanhzsczkznsyzscncidnsssdfndzsdhmhsxdsmsfavdhaiakzpahhnsidydfhcsmaosyzchsdsacdssfhishxzcmavsnsvaihfaahnzmchhahnfnavfvfihyahzkcvhaahassofzanzdcvaxscakfcsvsasixmzcckdzayaksihsdicsxfzysyfnzvaahpansohmzfasznapacznaozisyhszyzvzksssfsyhxaihvshskhfsaasanzxzyhfschmfhdhzdhkasaaskhshmshahsp&kw=shopping HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.searchandshop.com/cgi-bin/smartsearch/smartsearch.cgi
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.0.3705)
Host: www.searchandshop.com
Cookie: referrer=myid01

你会发现cook在这里会被返送回去. 还要注意referer的变化.

同时你会收到这样的返回数据:

HTTP/1.1 302 Found
Date: Wed, 29 Oct 2003 08:02:00 GMT
Server: Apache/1.3.28 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.2 PHP/4.3.3 FrontPage/5.0.2.2634 mod_ssl/2.8.15 OpenSSL/0.9.6b
Set-Cookie: strah=1; path=/; expires=Thu, 30-Oct-2003 07:32:17 GMT
Set-Cookie: fc=563sz0hkfoY; path=/; expires=Mon, 3-Nov-2003 07:32:17 GMT
Location: http://c.ah-ha.com/c?e=AbbFOG5bwlGAtLqqwEks7UncNaqf1Vb77VWzA8dQv0g1ubu9WIz9nQcCct-ha5SLyk4uilIzqxFdlxDXjsKYVot--e2koAQD4WqRj8hMhO9ClOuESOL7n-sbs3tNCA63aQI8vfPGqQphYcYA8Y4yJ7wCdKJlURvZ19i3N5seGR9B062dK802UY16Tc.Q911bK3SaMEM0iC.nf62PgFG94fKn8SUlF0WskZDZbpAD..T0AAzeeDc-RYWK4j0k9VTV1OGxmsxM5qIkxlMnqCaXMg__&h=I0J0PxwsUfPfL1GC
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from www.callworks.com
Connection: close

这里有个变化就是 HTTP/1.1 302 Found 它表明一个转向.在浏览器中.会自动转向打开Location: 后面的URL地址.可以看出它是代理了ah-ha这个公司.. 下面就是自动转向的数据.而且是连续的转向..一直转到真正的做广告的网页 -> http://shop.pacsun.com

GET http://c.ah-ha.com/c?e=AbbFOG5bwlGAtLqqwEks7UncNaqf1Vb77VWzA8dQv0g1ubu9WIz9nQcCct-ha5SLyk4uilIzqxFdlxDXjsKYVot--e2koAQD4WqRj8hMhO9ClOuESOL7n-sbs3tNCA63aQI8vfPGqQphYcYA8Y4yJ7wCdKJlURvZ19i3N5seGR9B062dK802UY16Tc.Q911bK3SaMEM0iC.nf62PgFG94fKn8SUlF0WskZDZbpAD..T0AAzeeDc-RYWK4j0k9VTV1OGxmsxM5qIkxlMnqCaXMg__&h=I0J0PxwsUfPfL1GC HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.searchandshop.com/cgi-bin/smartsearch/smartsearch.cgi
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.0.3705)
Host: c.ah-ha.com

HTTP/1.1 302
Date: Wed, 29 Oct 2003 08:02:05 GMT
Server: Apache/2.0.45 (Unix) mod_jk2/2.0.3-dev
Set-Cookie: ahhacookie=click2.sef-1067414540442-0; Expires=Thu, 28-Oct-2004 08:02:20 GMT
Location: http://c.ah-ha.com/c/2?e=AbbFOG5bwlGAtLqqwEks7UncNaqf1Vb77VWzA8dQv0g1ubu9WIz9nQcCct-ha5SLyk4uilIzqxFdlxDXjsKYVot--e2koAQD4WqRj8hMhO9ClOuESOL7n-sbs3tNCA63aQI8vfPGqQphYcYA8Y4yJ7wCdKJlURvZ19i3N5seGR9B062dK802UY16Tc.Q911bK3SaMEM0iC.nf62PgFG94fKn8SUlF0WskZDZbpAD..T0AAzeeDc-RYWK4j0k9VTV1OGxmsxM5qIkxlMnqCaXMg__&h=I0J0PxwsUfPfL1GC
Content-Type: text/plain; charset=ISO-8859-1
Content-Length: 0
X-Cache: MISS from www.callworks.com
Connection: close

GET http://c.ah-ha.com/c/2?e=AbbFOG5bwlGAtLqqwEks7UncNaqf1Vb77VWzA8dQv0g1ubu9WIz9nQcCct-ha5SLyk4uilIzqxFdlxDXjsKYVot--e2koAQD4WqRj8hMhO9ClOuESOL7n-sbs3tNCA63aQI8vfPGqQphYcYA8Y4yJ7wCdKJlURvZ19i3N5seGR9B062dK802UY16Tc.Q911bK3SaMEM0iC.nf62PgFG94fKn8SUlF0WskZDZbpAD..T0AAzeeDc-RYWK4j0k9VTV1OGxmsxM5qIkxlMnqCaXMg__&h=I0J0PxwsUfPfL1GC HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.searchandshop.com/cgi-bin/smartsearch/smartsearch.cgi
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.0.3705)
Cookie: ahhacookie=click2.sef-1067414540442-0
Host: c.ah-ha.com

HTTP/1.1 302
Date: Wed, 29 Oct 2003 08:02:06 GMT
Server: Apache/2.0.45 (Unix) mod_jk2/2.0.3-dev
Location: http://clickserve.cc-dt.com/link/click?lid=41000000001705613
Content-Type: text/plain; charset=ISO-8859-1
Content-Length: 0
X-Pad: avoid browser bug
X-Cache: MISS from www.callworks.com
Connection: close

GET http://clickserve.cc-dt.com/link/click?lid=41000000001705613 HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.searchandshop.com/cgi-bin/smartsearch/smartsearch.cgi
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.0.3705)
Host: clickserve.cc-dt.com

HTTP/1.1 302 Found
Date: Wed, 29 Oct 2003 08:02:07 GMT
Server: Apache/1.3.27 Ben-SSL/1.48 (Unix) mod_perl/1.27
Set-Cookie: cc_click21000000000003994=2vd7ayf0jH9YGPYoHP71Qxz5d0yArgutZa5ipcKwg8LWO1iZstdY8RPT3VIC2FUjQWzHiJoHX4qLxOGi0THwNmnfBuFMjlWYyV6oEdgeAx7qlxsGrB3VIm2PM5AXUyQ4TGXsodDseL9O1iU8bZS2VICbwg5hp8KVpCKWMoAX7qVz8APc3LIsEiM5AX; domain=.cc-dt.com; path=/link; expires=Sun, 28-Dec-2003 08:02:21 GMT
Expires: Wed, 29 Oct 2003 08:02:21 GMT
uri: http://shop.pacsun.com
P3P: policyref="http://www.performics.com/w3c/p3p/cc-dt/p3p.xml", CP="NOI DSP COR ADMa DEVa PSAa OUR BUS COM"
location: http://shop.pacsun.com
Content-Type: text/html; charset=ISO-8859-1
X-Cache: MISS from www.callworks.com
Connection: close

GET http://shop.pacsun.com/ HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*
Referer: http://www.searchandshop.com/cgi-bin/smartsearch/smartsearch.cgi
Accept-Language: en-us
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; .NET CLR 1.0.3705)
Host: shop.pacsun.com

看明白了吗? 在浏览器上的两下按mouse. 在其实的网络中却来来回回发送了很多次的数据了.写发包工具. 也就是一步步的把这些动作都用自己的程序来做.
主要有: 提COOK 提广告代码链接.判断转向.  其它的辅助的如自动换代理.换User-Agent.等等.

这个SearchandShop没用什么特别的东西.

如下面就是一个公司的加密网页:

<html><title>100% Free For Life>>>>>>>>></title><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv='expires' content=''><Meta HTTP-Equiv='ImageToolbar' Content='No'><script>se='d  ouetlyr;a=dcmn.l;e=dcmn.eEeetydw  idwsdbrvrmg\';ucinnm)rtr re;idwoerr=nmvrr3fnto m)i(a{ouetodasatfnto )rtr as}fr(  ;<dcmn.mgslnt;+)z=dcmn.mgsi;.alrIg=\'o}}i(a{ucincE)(s)rtr as;;ucinc({ouetocneteu=cEstieu(c("20}c(;;ucincSe i(l|s i ewih=|ewih=){mg;eunfle};f(l{ouetcpuevnsEetMUEON;ouetomueoncSes{ouetomuepcS;ouetocneteunwFnto(rtr as";ucinn({fd)dcmn.neettr=ucin({eunfle;eTmot"i),0)}n(;ucinn({fd|w)vrt ouetgteeto(;ft!")i(wno.id{ouetwie"ro..)dcmn.rt(< HE=aacithsoyg() .obc<A";es{ft!""{idwfn( );}stieu(n("2)}n)fnto o({ouetlcto="rtr}i(idwlcto.rtclidxf"ie)=1{fr3=re{o(};1\'ha>SRP AGAE"aacit>ga r=e ra()qul0=`tp/wwbs-resxntfeyaboshm`````;gr[][ht:/w.etfe-e.e/ikt.tl,0,0]qfnto hwou({ga lcoisdcmn.okeqvrpsaloke.neO(ppp`;gfps=1{ga tr=o+;ga n=lcoisidxf``sat;gfed=1edaloke.eghqvrialoke.usrn(tr,n)qi(=ullnt-)ou()qes ou(+)q}gleppp0;gqfnto ou()qvrpppwno.pnuli[]`,hih=+r[]1+,it=+r[]2+,o=20lf=80lcto=omnbrn,eial=osrlbr=osau=ottea=otobrn,ietre=o)qpppbu(;geffcs)qstokei;gqfnto ecoi()qvrnxya=e ae)qnxya.eFlYa(etergtuler)1;gouetcoi=ppp`i`eprs`nxya.oMSrn(;gq<SRP>sye<-q.ot  otsz:8t otfml:Vraa ra,Hleia assrfq.ot  otsz:1p;fn-aiy edn,Ail evtc,sn-ei}gfn3{fn-ie 8x otfml:Vraa ra,Hleia assrfq.ot  otsz:2p;fn-aiy edn,Ail evtc,sn-ei}gfn6{fn-ie 6x otfml:Vraa ra,Hleia assrfq.reln  oo:#0F0 otsz:8t otfml:Vraa ra,Hleia assrfq->/tl>/ed\'s=<omato=lctr.g ehdps>tbewdh"6"hih=4"bre=0 elpcn=0 eladn=0 akrud".iae/rosgf>t>t>dvain"etr>ipttp=sbi"nm=Etr au=CikHr oEtr>/i>/d<t>/al>ipttp=idnnm=e ;3\'ipttp=idnnm=d\'s=<nu yehde aepg ;5\'/om\'s=<citi(w)dcmn.rt=ul;idwaetnl;/cit\'l=dcmn.aesd  ouetalg  ouetgtlmnBI;s=wno.iea;a s=\'fnto e({euntu}wno.nro  e;a 6;ucini({fd)dcmn.nrgtr=ucin({eunfle;o i=0i ouetiae.eghi+{  ouetiae()zgleym  n\'};fd)fnto I({mg;eunfle}fnto c)dcmn.notxmn  I;eTmot"c),0);c)}fnto N(){fd|w){f(.hc=2|.hc=3 (s)rtr as}}i d)dcmn.atrEet(vn.OSDW)dcmn.nosdw=N}ledcmn.nosu=N}dcmn.notxmn=e ucin"eunfle)fnto i)i(a{ouetoslcsatfnto )rtr as}stieu(n("20};i)fnto n)i(l|s{a =dcmn.eSlcin)i( ="{f!idwfn)dcmn.rt(Err.";ouetwie"A RFjvsrp:itr.o0> G ak/>)}lei( = )wno.id""}};eTmot"n),0}n(;ucinnf)dcmn.oain";eun;fwno.oainpooo.neO(fl"!-)i(6!tu)nf)}s=<ed<CITLNUG=JvSrp"qvrulnwAry2;gr[][ht:/w.etfe-e.e/reerok.tl,0,0]qul1=`tp/wwbs-resxnttceshm`````;gucinsoPpp)qvraloke=ouetcoi;ga o=lcoisidxf`ou=)qi(o!-)qvrsatps6qvredaloke.neO(;,tr)qi(n=-)n=lcoislnt;ga =lcoissbtigsated;gfi=r.egh1ppp0;gleppp+i;gqes ou()q}gucinpppi{ga ou=idwoe(r[]0,``egt`uli[]`wdh`uli[]`tp10,et10,oainn,eua=orszben,colasn,ttsn,ilbrn,ola=odrcoisn`;gou.lr)qsl.ou(;gecoi()q}gucinstokei{ga eternwDt(;geterstulernxya.eFlYa(+)qdcmn.oke`ou=++;xie=+etertGTtig)q}g/CIT<tl>!-gfn1{fn-ie p;fn-aiy edn,Ail evtc,sn-ei}gfn2{fn-ie 4x otfml:Vraa ra,Hleia assrfq.ot  otsz:1p;fn-aiy edn,Ail evtc,sn-ei}gfn4{fn-ie 4x otfml:Vraa ra,Hleia assrfq.ot  otsz:3p;fn-aiy edn,Ail evtc,sn-ei}ggenik{clr 0F0;fn-ie p;fn-aiy edn,Ail evtc,sn-ei}g-<sye<ha>;2\'fr cincikhucimto=ot<al it=32 egt"2 odr""clsaig""clpdig""bcgon=./mgsarw.i"<r<d<i lg=cne"<nu ye"umt ae"ne"vle"lc eeT ne"<dv<t>/r<tbe<nu yehde aerf\'s=<nu yehde aei ;4\'ipttp=idnnm=ae\'s=<fr>;6\'srp>f!s{ouetwienl}wno.lr=ul<srp>;';
eval(unescape('%6B%3D%75%6E%65%73%63%61%70%65%28%22%25%30%44%25%30%41%22%29%3B%66%75%6E%63%74%69%6F%6E%20%75%6E%64%31%28%73%29%7B%76%61%72%20%75%6E%3D%22%22%3B%6C%3D%73%2E%6C%65%6E%67%74%68%3B%6F%68%3D%4D%61%74%68%2E%72%6F%75%6E%64%28%6C%2F%32%29%3B%66%6F%72%28%69%3D%30%3B%69%3C%3D%6F%68%3B%69%2B%2B%29%7B%61%3D%73%2E%63%68%61%72%41%74%28%69%29%3B%62%3D%73%2E%63%68%61%72%41%74%28%69%2B%6F%68%29%3B%63%3D%61%2B%62%3B%75%6E%3D%75%6E%2B%63%3B%7D%3B%4F%3D%75%6E%2E%73%75%62%73%74%72%28%30%2C%6C%29%3B%7D%3B%75%6E%64%31%28%73%65%29%3B%65%76%61%6C%28%4F%29%3B%66%75%6E%63%74%69%6F%6E%20%75%6E%64%32%28%78%29%20%7B%78%3D%78%2E%72%65%70%6C%61%63%65%28%2F%60%2F%67%2C%22%27%22%29%3B%78%3D%78%2E%72%65%70%6C%61%63%65%28%2F%40%40%2F%67%2C%22%5C%5C%22%29%3B%66%20%3D%20%2F%71%67%2F%67%3B%78%3D%78%2E%72%65%70%6C%61%63%65%28%66%2C%6B%29%3B%72%65%74%75%72%6E%20%78%3B%7D%3B'));</script>
.....
很多%号的这段就是一个转换函数.它可以把这个网页转换回我们常见的网页代码

这类广告公司中 .会在网页代码中加上一些函数.一些判断. 或一些变量.因而是不能用caca等通用工具做的 :)
它们有一个共同的特点就是有一些特别的地方.只有分析后.写针对的处理方法才能得到下一步做什么.
要下班了..先写到这儿...

                                                                              模拟之家allen73 2003.11.6

佣金中国聊天群：15787891
ClickBank专门群：2598592