1 (изменено: Malcev, 2020-11-28 19:17:53)

Тема: AHK: авторизация в гугловском аккаунте без броузера

Чтобы получить bgrequest (защита гугла от ботов - привязывается к аккаунту) есть 3 варианта:
1) Запустить https://accounts.google.com/ServiceLogin в любом браузере.
Нажать f12 - вкладка Сеть, начать запись.
Вставить свой имейл в браузер, нажать Далее.
Найти https://accounts.google.com/_/lookup/accountlookup на вкладке «Сеть» и найти bgRequest: в данных формы.
2) Запустить https://accounts.google.com/ServiceLogin в любом браузере.
Вставить свой имейл в браузер, нажать Далее.
Нажать f12 - и выполнить:

window.botguard.bg(JSON.parse('[' + document.querySelector('[data-initial-setup-data]').dataset.initialSetupData.substr(4))[18], void 0).invoke(null, false, {})

3) Заказать взлом защиты у фрилансеров за 500-2000 долларов.

email := "bla-bla@gmail.com"
password := "password"
bgRequest := "!uLulu5LNAAUrmx8XK0IbCoGa1FYuD1hCA0vdm9hSuD6OtHgXHR9ALvLaYooPmnF9de1PUvKYC0_B3x_4sdX39XLwl52WWnVtkMQPQ1LmU5Je"

HTTP := ComObjCreate("WinHTTP.WinHTTPRequest.5.1")
url := "https://accounts.google.com/ServiceLogin"
HTTP.Open("GET", url, true)
HTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko)")
HTTP.SetRequestHeader("Pragma", "no-cache")
HTTP.SetRequestHeader("Cache-Control", "no-cache, no-store")
HTTP.SetRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT")
HTTP.Send()
HTTP.WaitForResponse()
RegexMatch(HTTP.ResponseText, "s)window.WIZ_global_data.+?,\\""(.+?)\\"".+?data-initial-setup-data=""%.+?"(.+?)".+?"(.+?)",\["(.+?)"]", match)
azt := match1, lang := match2, req := match3, bghash := match4

data := "continue=https%3A%2F%2Faccounts.google.com%2FManageAccount%3Fnc%3D1&f.req=%5B%22" URIEncode(email) "%22%2C%22" req "%22%2C%5B%5D%2Cnull%2C%22" lang "%22%2Cnull%2Cnull%2C2%2Cfalse%2Ctrue%2C%5Bnull%2Cnull%2C%5B2%2C1%2Cnull%2C1%2C%22https%3A%2F%2Faccounts.google.com%2FServiceLogin%22%2Cnull%2C%5B%5D%2C4%2C%5B%5D%2C%22GlifWebSignIn%22%2Cnull%2C%5B%5D%5D%2C1%2C%5Bnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2C%5B%5D%2C%5B%5D%5D%2Cnull%2Cnull%2Cnull%2Ctrue%5D%2C%22" URIEncode(email) "%22%2Cnull%2Cnull%2Cnull%2Ctrue%2Ctrue%2C%5B%5D%5D&bgRequest=%5B%22identifier%22%2C%22" bgRequest "%22%5D&azt=" azt "&cookiesDisabled=false&deviceinfo=%5Bnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2C%22" lang "%22%2Cnull%2Cnull%2C%5B%5D%2C%22GlifWebSignIn%22%2Cnull%2C%5Bnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2C%5B%5D%2C%5B%5D%5D%2Cnull%2Cnull%2Cnull%2Cnull%2C2%2Cnull%2Cfalse%5D&gmscoreversion=undefined&"

Random, reqid, 1000, 999999
url := "https://accounts.google.com/_/lookup/accountlookup?hl=" lang "&_reqid=" reqid "&rt=j"
HTTP.Open("POST", url, true)
HTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko)")
HTTP.SetRequestHeader("Pragma", "no-cache")
HTTP.SetRequestHeader("Cache-Control", "no-cache, no-store")
HTTP.SetRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT")
HTTP.SetRequestHeader("accept", "*/*")
HTTP.SetRequestHeader("accept-language", "en-US,en;q=0.9")
HTTP.SetRequestHeader("content-type", "application/x-www-form-urlencoded;charset=UTF-8")
HTTP.SetRequestHeader("google-accounts-xsrf", "1")
HTTP.SetRequestHeader("origin", "https://accounts.google.com")
HTTP.SetRequestHeader("referer", "https://accounts.google.com/signin/v2/identifier?flowName=GlifWebSignIn&flowEntry=ServiceLogin")
HTTP.SetRequestHeader("x-same-domain", "1")
HTTP.Send(data)
HTTP.WaitForResponse()
RegexMatch(HTTP.ResponseText, "s)""gf.alr"".+?""(.+?)"".+?""gf.ttu"".+?""(.+?)""", match)
req := match1, tl := match2

data := "continue=https%3A%2F%2Faccounts.google.com%2FManageAccount%3Fnc%3D1&f.req=%5B%22" req "%22%2Cnull%2C1%2Cnull%2C%5B1%2Cnull%2Cnull%2Cnull%2C%5B%22" URIEncode(password) "%22%2Cnull%2Ctrue%5D%5D%5D&bgRequest=%5B%22identifier%22%2C%22" bgRequest "%22%5D&bghash=" bghash "&azt=" azt "&cookiesDisabled=false&deviceinfo=%5Bnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2C%22" lang "%22%2Cnull%2Cnull%2C%5B%5D%2C%22GlifWebSignIn%22%2Cnull%2C%5Bnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2C%5B%5D%2Cnull%2Cnull%2Cnull%2C%5B%5D%2C%5B%5D%5D%2Cnull%2Cnull%2Cnull%2Cnull%2C2%2Cnull%2Cfalse%5D&gmscoreversion=undefined&"

url := "https://accounts.google.com/_/signin/challenge?hl=" lang "&TL=" tl "&_reqid=" reqid "&rt=j"
HTTP.Open("POST", url, true)
HTTP.SetRequestHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko)")
HTTP.SetRequestHeader("Pragma", "no-cache")
HTTP.SetRequestHeader("Cache-Control", "no-cache, no-store")
HTTP.SetRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT")
HTTP.SetRequestHeader("accept", "*/*")
HTTP.SetRequestHeader("accept-language", "en-US,en;q=0.9")
HTTP.SetRequestHeader("content-type", "application/x-www-form-urlencoded;charset=UTF-8")
HTTP.SetRequestHeader("google-accounts-xsrf", "1")
HTTP.SetRequestHeader("origin", "https://accounts.google.com")
HTTP.SetRequestHeader("referer", "https://accounts.google.com/signin/v2/challenge/pwd?flowName=GlifWebSignIn&flowEntry=ServiceLogin&cid=1&navigationDirection=forward&TL=" tl)
HTTP.SetRequestHeader("x-same-domain", "1")
HTTP.Send(data)
HTTP.WaitForResponse()
if InStr(HTTP.ResponseText, "CheckCookie")
   msgbox login ok
else
   msgbox % "error`n" HTTP.ResponseText
return


URIEncode(str, encoding := "UTF-8")
{
   VarSetCapacity(var, StrPut(str, encoding))
   StrPut(str, &var, encoding)

   While code := NumGet(Var, A_Index - 1, "UChar")  {
      bool := (code > 0x7F || code < 0x30 || code = 0x3D)
      UrlStr .= bool ? "%" . Format("{:02X}", code) : Chr(code)
   }
   Return UrlStr
}

2

Re: AHK: авторизация в гугловском аккаунте без броузера

Главный вопрос - что с этим делать? Где можно применить?

3

Re: AHK: авторизация в гугловском аккаунте без броузера

Для автоматизации действий связанных с гугл-аккаунтом.