.net 获取浏览器Cookie(包括HttpOnly)实例分享

  

对于获取浏览器Cookie,我们需要了解浏览器的机制。浏览器的Cookie可以通过JavaScript代码进行读取,但是有些Cookie被设置为HttpOnly属性,此时JavaScript将无法读取该Cookie。因此我们需要通过服务端代码获取HttpOnly的Cookie。

在.NET中,我们可以通过以下步骤获取浏览器的Cookie,包括HttpOnly:

1.发送请求时将Cookie保存到CookieContainer

在发送请求时我们可以通过HttpWebRequest和HttpWebResponse类来处理请求和响应。其中,我们可以新建一个CookieContainer实例来保存Cookie。我们可以使用CookieContainer.Add()方法将Cookie添加到容器中。

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://example.com");
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
CookieContainer cookieContainer = new CookieContainer();
cookieContainer.Add(response.Cookies); //将响应中的Cookie保存到容器中

2.在下次请求时将Cookie从CookieContainer中读取

在下一次请求时,我们可以使用保存Cookie的CookieContainer实例向服务器发送请求并从响应中获取Cookie。

HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://example.com");
request.CookieContainer = cookieContainer; //设置请求的CookieContainer为上一步中保存Cookie的容器
HttpWebResponse response = (HttpWebResponse)request.GetResponse();

同时,如果想要获取HttpOnly的Cookie,我们可以使用Reflection API的相关方法。

示例1:获取HttpOnly的Cookie

private static CookieCollection GetAllCookiesFromHeader(string header, string domain)
{
    CookieCollection cookies = new CookieCollection();
    Regex cookieRegex = new Regex(@"(?<cookie>\S+);?\s+HttpOnly");
    Match cookieMatch = cookieRegex.Match(header);
    while (cookieMatch.Success)
    {
        Cookie cookie = new Cookie();
        cookie.Domain = domain;
        string rawCookie = cookieMatch.Groups["cookie"].Value;
        cookie.Name = rawCookie.Substring(0, rawCookie.IndexOf('=')).Trim();
        cookie.Value = rawCookie.Substring(rawCookie.IndexOf('=') + 1).Trim();
        cookies.Add(cookie);
        cookieMatch = cookieMatch.NextMatch();
    }
    return cookies;
}

示例2:使用HttpWebRequest和Reflection API获取HttpOnly的Cookie

public static CookieCollection GetCookies(string url)
{
    var req = (HttpWebRequest)WebRequest.Create(url);
    req.Method = "GET";
    CookieContainer container = new CookieContainer();
    req.CookieContainer = container;
    var res = (HttpWebResponse)req.GetResponse();
    res.Close();
    var cookies = GetAllCookies(container);
    return cookies;
}

private static CookieCollection GetAllCookies(CookieContainer container)
{
    var allCookies = new CookieCollection();
    Hashtable table = (Hashtable)container.GetType().InvokeMember("m_domainTable", BindingFlags.NonPublic | BindingFlags.GetField | BindingFlags.Instance, null, container, new object[] { });
    foreach (var key in table.Keys)
    {
        Uri uri = null;
        var strkey = key.ToString();
        if (strkey.StartsWith("."))
        {
            strkey = strkey.Substring(1);
        }
        string url = $"http://{strkey}/";
        if (Uri.TryCreate(url, UriKind.RelativeOrAbsolute, out uri))
        {
            var lstCookies = (SortedList)table[key].GetType().InvokeMember("m_list", BindingFlags.NonPublic | BindingFlags.GetField | BindingFlags.Instance, null, table[key], new object[] { });
            foreach (CookieCollection colCookies in lstCookies)
            {
                allCookies.Add(colCookies);
            }
        }
    }

    return allCookies;
}

通过上述方法,我们可以获取到浏览器中的Cookie,包括HttpOnly的Cookie。

相关文章