工程项目(一)——今日校园自动签到,填表

你离开我真会死。 提交于 2020-05-06 10:30:40

每天早上8点都要打开今日校园APP签到,填表。。就不能让人好好睡个觉啊!!

为了解决这个头疼的问题,想到了用python中的Request库进行发送请求

鲁迅说:人类越来越懒、发明越来越多!创造来源于我们的生活啊!

img

话不多说,开始造车!

国际惯例!打开Burp抓抓抓 在点击提交按钮后,捕获到了三个POST请求 让我们来逐条分析

1. 第一个POST的作用: 判断"wid":"422"任务是否存在,存在返回"message":"SUCCESS" ,不存在则返回"message":null  【这里提一下”422“的含义,简单的说就是老师发布这个表给同学们填,这个任务的编号是422。】

2. 第二个POST的作用: 查询"wid":"422"任务的基本信息,为啥这里说是基本信息,因为只返回了这个任务创建者是谁,什么时候发布的等等,并没有返回这条任务的详细内容

3. 第三个POST的作用: 聪明的小伙伴们应该已经猜到了,第三个POST请求返回的就是 "message":"SUCCESS" 以及"wid":”422“这个任务的详细信息, 内容是老师让我们填的一些个人状况,家庭住址什么的

数据包分析完了,很明显,重点在第三条,第三条数据的Body中的"wid":"422"是关键,我们只要找到这个"wid":"num"中的num 再构造Request请求就OK了!

怎么找呢,想到了一种穷举的思路,用指定范围的数值来构造 422~999的POST请求 ,再传到Body里 发送Request请求 完成提交


在构造Body时发现了个更好玩的地方,如果把422改成423 就会返回”您无需填写该信息收集,请勿代填“ 说明这个任务不是我们学院老师发布的,也就是说如果是其他学院发布的任务 我想提交都提交不了!! 这里是重点 我们可以利用系统这个判断机制进行不断的发包 如果返回不是SUCCESS就是没提交成功(没提交成功不代表没发包成功),则继续构造包 发送包,如果返回SUCCESS那就皆大欢喜 成功提交了,咱们的最终目的就完成了


下面看代码,可不要被这一堆代码给吓到哦,head,body部分都是复制粘贴的Burp抓的数据包

import requests
import json
import time

num = 454
rangeSet = num + 1
cookies = {'MOD_AUTH_CAS': 'YcxNA903马赛克583063221'}

global null
null=''
headers = \
    {
        "Host": "hnu马赛克y.com",
        "Connection": "close",
        "Content-Length": "3596",
        "Accept": "application/json, text/plain, */*",
        "Origin": "https:马赛克pd马赛克om",
        "X-Requested-With": "XMLHttpRequest",
        "User-Agent": "Mozilla/5.0 (Linux; Android 10; Redmi K20 Pro Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/77.0.3865.92 Mobile Safari/537.36 yiban/8.1.9 cpdaily/8.1.9 wisedu/8.1.9",
        "Sec-Fetch-Mode": "cors",
        "Content-Type": "application/json",
        "Sec-Fetch-Site": "same-origin",
        "Referer": "https://hnua马赛克wec-coun马赛克llector-马赛克x.html?collectorWid=422",
        "Accept-Encoding": "gzip,deflate",
        "Accept-Language": "zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7"
    }

while num<rangeSet:
    body = {"formWid": "194", "collectWid": "422", "schoolTaskWid": "17174", "form": [
        {"wid": "1004", "formWid": "194", "fieldType": 2, "title": "你所在的校区",
         "description": "如果你所在的学校只有一个校区,请选择【本校区】;如果有多个校区的,请选择【其他】,并填写校区名称", "minLength": 0, "sort": "1",
         "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 1, "colName": "field001",
         "value": "其他", "fieldItems": [
            {"itemWid": "4035", "content": "其他", "isOtherItems": 1, "contendExtend": "马赛克校区", "isSelected": 1}]},
        {"wid": "1005", "formWid": "194", "fieldType": 1, "title": "你的身份证号", "description": "请填入完整18位身份证号",
         "minLength": 18, "sort": "2", "maxLength": 18, "isRequired": 1, "imageCount": null, "hasOtherItems": 0,
         "colName": "field002", "value": "4128012001马赛克0", "fieldItems": []},
        {"wid": "1006", "formWid": "194", "fieldType": 1, "title": "你的当前所在地区",
         "description": "请选择你目前所在的省、市、区(县),不在大陆地区的,请选择海外具体地区。", "minLength": 1, "sort": "3", "maxLength": 300,
         "isRequired": 1, "imageCount": -2, "hasOtherItems": 0, "colName": "field003", "value": "马赛克省/马赛克市/马赛克区",
         "fieldItems": [], "area1": "马赛克省", "area2": "马赛克市", "area3": "马赛克区"},
        {"wid": "1007", "formWid": "194", "fieldType": 2, "title": "你所在的小区(村)是否有确诊情况?", "description": "",
         "minLength": 0, "sort": "4", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0,
         "colName": "field004", "value": "否",
         "fieldItems": [{"itemWid": "4037", "content": "否", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1008", "formWid": "194", "fieldType": 2, "title": "共同居住人是否有确诊病例?", "description": "", "minLength": 0,
         "sort": "5", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field005",
         "value": "否",
         "fieldItems": [{"itemWid": "4039", "content": "否", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1009", "formWid": "194", "fieldType": 2, "title": "是否去过湖北疫区?", "description": "", "minLength": 0,
         "sort": "6", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field006",
         "value": "否",
         "fieldItems": [{"itemWid": "4041", "content": "否", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1010", "formWid": "194", "fieldType": 2, "title": "与疫区人员是否有接触?", "description": "", "minLength": 0,
         "sort": "7", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field007",
         "value": "否",
         "fieldItems": [{"itemWid": "4043", "content": "否", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1011", "formWid": "194", "fieldType": 2, "title": "是否留置观察?", "description": "", "minLength": 0,
         "sort": "8", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field008",
         "value": "否",
         "fieldItems": [{"itemWid": "4045", "content": "否", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1012", "formWid": "194", "fieldType": 2, "title": "是否曾经确诊?", "description": "", "minLength": 0,
         "sort": "9", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field009",
         "value": "否",
         "fieldItems": [{"itemWid": "4047", "content": "否", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1013", "formWid": "194", "fieldType": 2, "title": "健康状况是否良好?", "description": "", "minLength": 0,
         "sort": "10", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0,
         "colName": "field010", "value": "是",
         "fieldItems": [{"itemWid": "4048", "content": "是", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]}]}
    body["collectWid"] = num
    body1 = json.dumps(body)
    r = requests.post("https://hnu马赛克com/wec-coun马赛克lector-apps/stu/co马赛克or/sub马赛克m",
                      headers=headers, data=body1, cookies=cookies)

    check = r.text.split("\",\"")[1].split("\"")[2]
    checkNO1 = "该收集已结束!"
    checkNO2 = "您无需填写该信息收集,请勿代填"
    checkNO3 = "数据异常,该收集不存在,请联系管理员!"
    checkYES = "SUCCESS"
    if check == checkNO2:
     print("不是本班,自动忽略,一分钟后程序将判断编号:",num)
     time.sleep(60)
    else:
        pass

    if check == checkNO1:
        print("该次收集已结束,无法提交,程序将判断编号:",num)
    else:
        pass

    if check == checkNO3:
     print("这条信息还不存在 程序将休眠30分钟,下次将判断编号:",num)
     time.sleep(1800)
    else:
        pass

    if check == checkYES:
        print("今日成功提交! 八小时后程序再次启动")
        time.sleep(28800)
    else:
        pass
    num+=1

看完代码有的小伙伴应该会问了 :“喂,你后面加的休眠是什么意思啊! 代码也要睡觉咧??(#`O′)”

NONONO,这是为了应对服务器的安全机制,一种抵御重放攻击的安全机制

如果我们在短时间内大量向服务器发送数据包,这对服务器多多少少也是一种伤害,服务器为了保护自己就得把这个攻击的源头找出来,然后把他屏蔽掉,不接收来自这个人发送的数据包.

通俗的讲就是禁了你这个一直发包的坏小子。

为了让程序间接性的向服务器发送数据包,我们用到了Python中的time库 ,使用sleep()函数让程序运行一会歇一会,这一路上走走停停 顺着少年漂流的痕迹 ~

最终部署在服务器上的运行效果展示:

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!