The battle of Baidu network disk triggered by pornography

War for honor

The cause of the incident is this. Since I want to find some classic movies to enjoy, I seek resources from an old driver (I note that I need a regular video, definitely not the kind of resources he wants), then he threw it to me. A video resource website is said to be a relatively famous video resource website. I believe it is true, then excited to open a search for classic movies, so it led to a classic Baidu network disk battle.

Disclaimer: The tools in the article are for personal testing and research. Please delete it within 24 hours after downloading. It should not be used for commercial or illegal purposes. Otherwise, the consequences will be at your own risk. The screenshots of the article will only be used for sample demonstration. Please do not use it illegally.

I have to say that this is a formal website, a regular video, just looking at the title, I think more.
With full curiosity, I clicked on the link and saw a link to the video resource at the bottom of the page.

There are 2 kinds of resources here, one is Baidu network disk, the other is Thunder seed, I have to say that this website is still relatively conscience, compared to some websites that only send pictures without leaving seeds. According to the normal logic, at this point I should open the resource address and quietly appreciate it (not right, I am not such a person), so I chose to silently add resources to the network collection. I saw a few more excellent works on the network disk, and I suddenly felt a lot better, but just adding a few works did not satisfy my desire to collect, so I began to explore how to quickly add video resources to Baidu network disk, also by This triggered a series of struggles against Baidu’s network disk.

The prologue of war

First, by observing the url composition of the website and the source code of the web page, I decided to use the crawling method to collect the resource link address.
webpage Screenshot:

The process did not encounter a big problem, I used python + coroutine to collect, and soon got a part of the resource address:
Baidu network disk resource address:

After writing the data collection script, it was 11 o’clock at night, and it should have been washed and slept. However, the power of technical exploration encouraged me to move on. At present, the resource address is available. However, for Baidu network disk resources, it still needs to be opened a bit and then added to my network disk. This step is too expensive, so I decided to continue to explore the method of automatically adding resources to Baidu network disk.

Note: The following content is the key technical content of this article, which is related to the final outcome of my battle with Baidu’s network disk. Please do not go away and continue wonderfully.

Ultimate Battle

First of all, I analyzed the characteristics of Baidu’s shared page by capturing the package, viewing the source code, reviewing the elements, etc., and judging whether it is suitable for crawling.

After a series of tests, I found that although the process is a bit tortuous, you can still use the crawler to automate the process of adding resources to the network disk.

To implement this technology, I have summarized the following processes:

  • Get user cookies (you can log in manually and get captured)
  • First crawl like: http://pan.baidu.com/s/1o8LkaPc share the page, get the source code.
  • Parse the source code and filter out the name of the shared resource on the page, shareid, from(uk), bdstoken, appid(app_id).
  • Construct post package (used to add resources to the network disk), the package needs to use the above 4 parameters + cookies.

I can use a lot of tools to grab cookies. I used Firefox’s Tamper plugin. The effect is as follows:
Get the login packet:

Check the request packet sent by the login and find the account password. Of course, we need the cookie here, which can be viewed in the response.

The format of the cookie is as follows:

1
2
3
4
5
6
7
BAIDUID=52C3FE49FD82573C4ABCEAC5E77800F6:FG=1;
BIDUPSID=52C11E49FD82573C4ABCEAC5E778F0F6;
BST = 1421697115; Bnop = 1; Hm_lvt_7a3960b6f067eb0085b7196ff5e660b0 = 1491987412; Hm_lpvt_7a3960b6f067eb0085b7f96ff5e6260b0 = 1491988544;
STOKEN = 3f84d8b8338c58f127c29e3eb305ad41f7c68cefafae166af20cfd26f18011e8;
SCRC=4abe70b0f9a8d0ca15a5b9d2dca40cd6;
PANPSC=16444630683646003772%3AWaz2A%2F7j1vWLfEj2viX%2BHun90oj%2BY%2FIsAxoXP3kWK6VuJ5936qezF2bVph1S8bONssvn6mlYdRuXIXUCPSJ19ROAD5r1J1nbhw55AZBrQZejhilfAWCWdkJfIbGeUDFmg5zwpdg9WqRKWDBCT3FjnL6jsjP%2FyZiBX26YfN4HZ4D76jyG3uDkPYshZ7OchQK1KQDQpg%2B6XCV%2BSJWX9%2F9F%2FIkt7vMgzc%2BT;
BDUSS VJxajNlVHdXS2pVbHZwaGNIeWdFYnZvc3RMby1JdFo5YTdOblkydkdTWlVmUlZaSVFBQUFBJCQAAAAAAAAAAAEAAAA = ~ cQc40NLUy7XEwbm359PwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTw7VhU8O1Yb

Since this cookie involves a personal account, I made changes, but the format should be the same.

Visit Baidu Resource Sharing Page

The request page is: http://pan.baidu.com/s/1o8LkaPc
After obtaining the cookie, you can write the cookie value in the headers when you visit the Baidu resource sharing page, and use the cookie to log in. During this period, I also failed several times. The reason is that other header parameters need to be added (if the cookie parameter is not added, The result returned will be “Page does not exist”).
After the request is successful, we can find some of the content we need in the source code, such as the name of the page sharing resource, shareid, from(uk), bdstoken, appid(app_id).

Constructing a resource POST package

First look at the construction of the post package:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
POST https://pan.baidu.com/share/transfer?shareid=2337815987&from=1612775008&bdstoken=6e05f8ea7dcb04fb73aa975a4eb8ae6c&channel=chunlei&clienttype=0&web=1&app_id=250528&logid= HTTP/1.1
Host: pan.baidu.com
Connection: keep-alive
Content-Length: 169
Accept: */*
Origin: https://pan.baidu.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://pan.baidu.com/s/1kUOxT0V?errno=0&errmsg=Auth%20Login%20Sucess&&bduss=&ssnerror=0
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie:
filelist=["/test.rar"]&path=/

There are some parameters in the url of the post package, fill in the content we get, there is a logid parameter, the content can be written casually, it should be a random value and then do base64 encryption.
In the post package payload, filelist is the resource name, format filelist=[“/name.mp4”], path is saved to that directory, format path=/pathname
The cookie must be filled in, which is the cookie value we obtained earlier.

Final return content

1
{"errno":0,"task_id":0,"info":[{"path":"\/\u5a31\u4e50\u6e38\u620f\/\u4e09\u56fd\u5168\u6218\u6218\u68cb1.4\u516d\u53f7\u7248\u672c.rar","errno":0}],"extra":{"list":[{"from":"\/\u5a31\u4e50\u6e38\u620f\/\u4e09\u56fd\u5168\u6218\u6218\u68cb1.4\u516d\u53f7\u7248\u672c.rar","to":"\/\u4e09\u56fd\u5168\u6218\u6218\u68cb1.4\u516d\u53f7\u7248\u672c.rar"}]}}

Finally, if you see the above, the resource has been successfully added to the network disk. If errno is another value, it indicates that an error has occurred, and 12 indicates that the resource already exists.

Record

After spending nearly an hour, I wrote the code, most of which was spent on debugging and researching the data package. I encountered a lot of pits, but it was finally solved.
Enjoy the thrill of running the program:

Baidu network disk’s results:

After finishing this, writing this article is almost 12 o’clock in the middle of the night, I only ran a small part of the video resources, and the rest will continue tomorrow. (Is it easy to watch videos??)

I will release the source code tomorrow. I will share my network disk today: https://pan.baidu.com/s/1nvz74Vn

Project GitHub address: https://github.com/tengzhangchao/BaiDuPan

本文标题:The battle of Baidu network disk triggered by pornography

文章作者:nmask

发布时间:2017年04月12日 - 22:04

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2017/04/12/02/en/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: