最近需要一批邮箱，找到了zoho提供商，手动注册根本不可能，只有程序自动注册了，因此，需要一个注册机，在此记录一下分析的过程。

注册机，简单来说，模拟用户进行数据提交，如何模拟呢？
在我的分类中，大概有两种：

• 直接操作浏览器，进行注册数据提交，不用关心其他的一些数据。
• 分析提交接口，进行参数分析，构造数据进行提交。

第一种：简单粗暴，但是浏览器需要渲染，时间成本比较高。zoho注册通过这种方式，单线程的情况下，注册大概一分多钟。

第二种：这个的难易程度说不准，不同的网站提交的参数有多有少，参数值得获取有难有易。但是这个注册的速度，炒鸡炒鸡快，单线程大概10几秒。

本文，就用第二种来进行注册，参数值的获取大概有这些：

• respose中的body html+js
• respose中的header cookie
• js 生成的参数值
• 魔法值

注册

我们首先需要的是抓包，没有使用内置的抓包工具，而是使用的Fidder,只所以放弃内置的，因为注册的时候，回跳转页面，来不及查看，包就被清除了。
如果用Fidder抓包没有抓到，你看下浏览器是否安装了Fidder的证书。

我们先看一下，注册界面

https://www.zoho.com/mail/

QQ截图20180724102756.png

数据随便填一些，然后注册，

QQ截图20180724092446.png

注册之后会跳转到一个输入验证码的界面，随便输入，先把流程走完。

QQ截图20180724092534.png

好了，开始分析，首先去找包，

首先，会看到一个验证的包，一般的网站都有这个，在注册之前就会验证，用户信息是否合法，这个可以记录下来，后面注册的时候，也可以先进行验证，看看随机生成的字符是否合法。

QQ截图20180724092921.png

验证用户名接口信息：

POST https://accounts.zoho.com/accounts/validate/register.ac HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Content-Length: 66
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://www.zoho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://www.zoho.com/mail/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: a8c61fa0dc=412d04ceb86ecaf57aa7a1d4903c681d; iamcsr=fc9bf3dc-c45d-478e-b254-4e72cbb8d7d6; JSESSIONID=C93CE925E543B7ADE7007592AE4A67BD; ZohoMarkRef="https://www.zoho.com/mail/"; ZohoMarkSrc="direct:mail|direct:mail|direct:mail"; zohocares-_zldp=YfEOFpfOAG8%2FiEhtvcF4pPiwjMXjDOF5FTpWXURtLOYOw5%2FCxL6cm6FKGK8Fsn2h; zohocares-_zldt=6fabde9b-4dc8-4198-ad6c-bbeb4ece026d

username=kadjfkjkanfjdnaf&servicename=VirtualOffice&serviceurl=%2F

验证手机接口信息：

POST https://accounts.zoho.com/accounts/validate/register.ac HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Content-Length: 75
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://www.zoho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://www.zoho.com/mail/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: a8c61fa0dc=412d04ceb86ecaf57aa7a1d4903c681d; iamcsr=fc9bf3dc-c45d-478e-b254-4e72cbb8d7d6; JSESSIONID=C93CE925E543B7ADE7007592AE4A67BD; ZohoMarkRef="https://www.zoho.com/mail/"; ZohoMarkSrc="direct:mail|direct:mail|direct:mail"; zohocares-_zldp=YfEOFpfOAG8%2FiEhtvcF4pPiwjMXjDOF5FTpWXURtLOYOw5%2FCxL6cm6FKGK8Fsn2h; zohocares-_zldt=6fabde9b-4dc8-4198-ad6c-bbeb4ece026d

country_code=CN&mobile=15198177585&servicename=VirtualOffice&serviceurl=%2F

验证成功会返回：

{"t":"json"}

验证失败，里面就有一个error的字段。

往下找，就会有一个注册提交的包，看一下：

QQ截图20180724093356.png

注册接口信息：

POST https://accounts.zoho.com/accounts/register.ac HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Content-Length: 268
Accept: */*
Origin: https://www.zoho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://www.zoho.com/mail/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: a8c61fa0dc=412d04ceb86ecaf57aa7a1d4903c681d; iamcsr=fc9bf3dc-c45d-478e-b254-4e72cbb8d7d6; JSESSIONID=C93CE925E543B7ADE7007592AE4A67BD; ZohoMarkRef="https://www.zoho.com/mail/"; ZohoMarkSrc="direct:mail|direct:mail|direct:mail"; zohocares-_zldp=YfEOFpfOAG8%2FiEhtvcF4pPiwjMXjDOF5FTpWXURtLOYOw5%2FCxL6cm6FKGK8Fsn2h; zohocares-_zldt=6fabde9b-4dc8-4198-ad6c-bbeb4ece026d

username=kadjfkjkanfjdnaf&password=euioafmdkm&firstname=fgk&lastname=fsyhrt&country_code=CN&mobile=15198177585&confirm_country_code=CN&confirmMobile=15198177585&country=CN&newsletter=true&tos=false&mobile_only=true&serviceurl=%2F&servicename=VirtualOffice&is_ajax=true

提交通过，会返回下面这个

{
    "t": "message",
    "data": {
        "timeTaken": 1488,
        "responseHeader": [{
            "headerName": "Location",
            "headerValue": "http://accounts.zoho.com/accounts/resource/accounts/register"
        }],
        "httpResponseCode": 200,
        "invitation_signup": false,
        "representation": [{
            "zaid": "671758531",
            "redirect_uri": "https://accounts.zoho.com/ui/settings/verifyMobileSignup.jsp?serviceurl=https://mail.zoho.com/&servicename=VirtualOffice",
            "token_type": "example",
            "email": "15198177585",
            "zuid": "671758532"
        }],
        "resourceType": "register"
    }
}

提交失败，里面会显示错误信息的，继续分析，提交成功后，会跳转到输入验证码的界面，也就是redirect_uri 这个链接的页面，去找一找里面验证接口，

眼睛都看瞎了，没有找到，重新发了一个包，这次就有了，估计我第一次输入的有英文字符，本地就做了验证。

QQ截图20180724095040.png

QQ截图20180724095514.png

提交信息间隔时间太久了，返回的错误信息，没关系，只要能拿到这个接口。

验证接口信息：

POST https://accounts.zoho.com/u/verifyotp HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Content-Length: 128
Origin: https://accounts.zoho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Accept: */*
Referer: https://accounts.zoho.com/ui/settings/verifyMobileSignup.jsp?serviceurl=https%3A%2F%2Fmail.zoho.com%2F&servicename=VirtualOffice
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: a8c61fa0dc=412d04ceb86ecaf57aa7a1d4903c681d; iamcsr=fc9bf3dc-c45d-478e-b254-4e72cbb8d7d6; JSESSIONID=C93CE925E543B7ADE7007592AE4A67BD; ZohoMarkRef="https://www.zoho.com/mail/"; ZohoMarkSrc="direct:mail|direct:mail|direct:mail"; zohocares-_zldp=YfEOFpfOAG8%2FiEhtvcF4pPiwjMXjDOF5FTpWXURtLOYOw5%2FCxL6cm6FKGK8Fsn2h; zohocares-_zldt=6fabde9b-4dc8-4198-ad6c-bbeb4ece026d; _iamtt=671758531.671758532.e5ee2562f14a82731d1d310c35ceafadf1a67018a3ccd9a1ecddfcf085144d902550c60726e37037b484837f7d03826673235992ef988f5581a1599d743d8cd9

otpcode=55418&iamcsrcoo=fc9bf3dc-c45d-478e-b254-4e72cbb8d7d6&servicename=VirtualOffice&serviceurl=https%3A%2F%2Fmail.zoho.com%2F

成功返回：

showsuccess('https\x3A\x2F\x2Faccounts.zoho.com\x2Faccounts\x2Fannouncement\x2Ftimezone\x2Dupdate\x3Fserviceurl\x3Dhttps\x253A\x252F\x252Fmail.zoho.com\x252F\x26servicename\x3DVirtualOffice',"",'', '', '-1', 'dXM\x3D');

失败返回：

{
    "message": "服务器出错。请稍后重试",
    "status": "error"
}

这个里面有个参数值fc9bf3dc-c45d-478e-b254-4e72cbb8d7d6，看看怎么来的。

Fidder ctrl+f搜索一下，

QQ截图20180724095905.png

高亮黄色，了解一下，

QQ截图20180724100056.png

可以看到，这个参数值是通过cookie传递过来的。

QQ截图20180724100239.png

注册大概可能就是这个样子的，就可以进行编码了。
编码的时候注意一下：

• 请求头信息 以及 cookie的继续持有
• 代理，这个就要你自己找了
• 验证码，emmmmmm，这个也要自己找

QQ截图20180724103628.png

邮件内容

邮件内容实际可以通过Zoho提供的协议进行获取，比如IMAP、POP3
先登录把所有包抓到

QQ截图20180724112215.png

QQ截图20180724112508.png

先通过邮件内容搜索：

QQ截图20180724112616.png

找到的是这个接口：

QQ截图20180724113448.png

这个接口就是获取邮件信息的：

POST https://mail.zoho.com/zm/md.do HTTP/1.1
Host: mail.zoho.com
Connection: keep-alive
Content-Length: 353
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://mail.zoho.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://mail.zoho.com/zm/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: stk=9ce87c4f59ca20d51ff11dbd4cad07ef; dcl_pfx_lcnt=0; dcl_pfx=us; dcl_bd=zoho.com; is_pfx=false; _iamadt=cbfda255cbe760c5ffe043fc623e74bcb8d65402da66696fe15533575b21a34cd5bd19d139d6880c17e907cbca307b979e2f4d4415b334404cbac046540d3775; _iambdt=fefaf22b843328f2383164b8a8f514232a8f42b9341a0164e7596910d55d75de13236015dc496893a5eb738a257961ca579e9c8b60c220c521fa53d263abf2d4; _z_identity=true; 9c8984d0f9=8c6ef617941ffe79dfd31e8331d08c71; zmcsr=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6; zmuac=NjcxNzYwMzY0; zmirc=-1; 3a707640b4=7c9316ce580880c35519e829fe0919c9; 880a182d33=d9c6cabcfd1a3bb727324e91fcd07c17; aprmjrnpkcrkks=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6; 5779efe0b5=e411c920cc41a00bcf62b6879cea5a2c; concsr=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6; b315c52c8b=4b5f8dd690d7d975312d1efa7f82d4cf; baeab91238=3dba424f32372ca524533b2a64247e58; 9c2a003733=cd84221cf3746c74746075d4fd6675c9; CT_CSRF_TOKEN=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6; com_chat_owner=1532402670115; zcalirc=-1; JSESSIONID=AB2C47825C88B729E6AEFEFAAB2DBA73

accId=4295414000000008002&split=true&summary=true&getUnread=oldest&msgId=1532401680648120002&folId=4295414000000008014&thId=1532401680472120001&markread=true&entityId=1532401680472120001&groupId=671760364&entityType=1&zmrcsr=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6

然后分析参数值从何而来，

QQ截图20180724113731.png

QQ截图20180724113910.png

QQ截图20180724114008.png

QQ截图20180724114116.png

上面分析有三个请求来源：

• mail.zoho.com/
• mail.zoho.com/zm/
• mail.zoho.com/zm/ml.do

mail.zoho.com/

zmrcsr 值得来源，在cookie中

mail.zoho.com/zm/

groupId，folId，msgId 值在body里面

mail.zoho.com/zm/ml.do

thId ，entityId 值在body里面

QQ截图20180724114842.png

POST https://mail.zoho.com/zm/ml.do HTTP/1.1
Host: mail.zoho.com
Connection: keep-alive
Content-Length: 268
Accept: application/json, text/javascript, */*; q=0.01
Origin: https://mail.zoho.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://mail.zoho.com/zm/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: stk=9ce87c4f59ca20d51ff11dbd4cad07ef; dcl_pfx_lcnt=0; dcl_pfx=us; dcl_bd=zoho.com; is_pfx=false; _iamadt=cbfda255cbe760c5ffe043fc623e74bcb8d65402da66696fe15533575b21a34cd5bd19d139d6880c17e907cbca307b979e2f4d4415b334404cbac046540d3775; _iambdt=fefaf22b843328f2383164b8a8f514232a8f42b9341a0164e7596910d55d75de13236015dc496893a5eb738a257961ca579e9c8b60c220c521fa53d263abf2d4; _z_identity=true; 9c8984d0f9=8c6ef617941ffe79dfd31e8331d08c71; zmcsr=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6; zmuac=NjcxNzYwMzY0; zmirc=-1; 3a707640b4=7c9316ce580880c35519e829fe0919c9; 880a182d33=d9c6cabcfd1a3bb727324e91fcd07c17; JSESSIONID=9849A3594BA32AE9AAD907E0D03DB00A; aprmjrnpkcrkks=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6; 5779efe0b5=e411c920cc41a00bcf62b6879cea5a2c

mode=listing&accId=4295414000000008002&from=1&to=50&summary=false&sortBy=date&sortOrder=false&folderSpec=2&folId=4295414000000008014&zmrcsr=350b22730355532d5a1ff99ea55442392f879a1f49193c36951f5e9fdbfa40a5c308622cf9758550fa173f6c2b353e892720f8f6616d46155c12e61b27334de6

ml,应该是mail list的简写，获取邮件的列表。参数值已经是已知的了。

登录接口

QQ截图20180724115224.png

POST https://accounts.zoho.com/signin/auth HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Content-Length: 178
Origin: https://accounts.zoho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Accept: */*
Referer: https://accounts.zoho.com/signin?servicename=VirtualOffice&signupurl=https://workplace.zoho.com/orgsignup.do
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: a8c61fa0dc=4d6e62173a764ac5410d1192f41034cd; iamcsr=07f49a6f-6adc-403c-9915-52c9ccda1cb1; JSESSIONID=8D018BE166223A4588311B1AA923B53F; stk=9ce87c4f59ca20d51ff11dbd4cad07ef; dcl_pfx_lcnt=0

LOGIN_ID=xxxxxx&PASSWORD=xxxxx&cli_time=1532402648759&iamcsrcoo=07f49a6f-6adc-403c-9915-52c9ccda1cb1&servicename=VirtualOffice&serviceurl=https%3A%2F%2Fmail.zoho.com

iamcsrcoo的参数值搜索一下：

QQ截图20180724115318.png

上面的参数已经分析完了，来看下结果

QQ截图20180724125534.png