C#.NET 伪造 referer 提交数据

以下代码是对限制站外提交数据的网站,进行伪造referer以达到提交数据的目的。

 

 

 1 private string SendRequest(string account, string cardNumber, string cardPass)
 2     {
 3         string targetUrl = https://xxx.com/;//要提交数据的目标网站

            //提交的数据
 4         string postData = string.Format("ursName={0}&userName2={0}&cardNo={1}&cardPass={2}", account, cardNumber, cardPass);
 5 
 6         HttpWebRequest request = (HttpWebRequest)WebRequest.Create(targetUrl);
 7         request.Method = "POST";
 8         request.Referer = http://www.xxx.com/jsp/xxx.jsp;
 9         byte[] bytes = Encoding.UTF8.GetBytes(postData);
10         request.ContentType = "application/x-www-form-urlencoded";
11         request.ContentLength = bytes.Length;
12         Stream requestStream = request.GetRequestStream();
13         requestStream.Write(bytes, 0, bytes.Length);
14 
15         HttpWebResponse response = (HttpWebResponse)request.GetResponse();
16         StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.Default);
17         string responseText = reader.ReadToEnd();
18 
19         string res = "成功!";
20         if (responseText.Contains("errorID"))
21         {
22             string errorDetailPage = new System.Text.RegularExpressions.Regex(@"URL=(?<url>.*?)"">",
23                 System.Text.RegularExpressions.RegexOptions.IgnoreCase | System.Text.RegularExpressions.RegexOptions.Multiline
24                 ).Match(responseText).Groups["url"].Value;
25 
26             HttpWebRequest requestErrorInfo = (HttpWebRequest)WebRequest.Create(errorDetailPage);
27             requestErrorInfo.Method = "GET";
28             requestErrorInfo.Proxy = request.Proxy;
29             HttpWebResponse responseErrorInfo = (HttpWebResponse)requestErrorInfo.GetResponse();
30             StreamReader readerErrorInfo = new StreamReader(responseErrorInfo.GetResponseStream(), Encoding.Default);
31             string responseTextErrorInfo = readerErrorInfo.ReadToEnd();
32             string errorDetailMessage = new System.Text.RegularExpressions.Regex(@"<h3>(?<info>.*?)<.*?</h3>",
33                 System.Text.RegularExpressions.RegexOptions.IgnoreCase | System.Text.RegularExpressions.RegexOptions.Multiline
34                 ).Match(responseTextErrorInfo).Groups["info"].Value.Replace("&nbsp;""");
35 
36 
37             res = string.Format(@"失败!<br />错误信息:{0}<br /><a href=""{1}"" target=""_blank"">查看错误详情</a>", errorDetailMessage, errorDetailPage);
38         }
39 
40         return res;
41     }

进行测试

 

protected void Button1_Click(object sender, EventArgs e)
    {
        string text = SendRequest("zhangbao0712@163.com""2312312312321""2312312312321");
        Response.Write(text);
    }

在这里要感谢SEVEN,Gabry两位的帮助。

 

posted @ 2009-06-11 09:30  . ℡歪歪﹖  阅读(3497)  评论(10)    收藏  举报