Engineering project - campus automatic sign in today, fill in the form

Open today's campus APP at 8 o'clock every morning to sign in and fill in the form.. Can't let people sleep well!!

In order to solve this headache, I think of using the Request Library in python to send requests

Lu Xun said: people are more and more lazy, more and more inventions! Creation comes from our life!

Don't say much, start building a car!

 

International practice! Open the Burp grab and click the submit button to capture three POST requests. Let's analyze them one by one

1. The function of the first POST: judge whether the "wid":"422" task exists, return "message":"SUCCESS" if it exists, and return "message":null if it doesn't exist [here's the meaning of "422", in short, the teacher issues this form to students to fill in, and the number of this task is 422. ]

2. The function of the second POST: query "wid":"422" task's basic information. Why is it the basic information here? Because it only returns the creator of the task, when it was published, and so on. It does not return the details of the task

3. The role of the third POST: the smart guys should have guessed that the third POST request returns "message":"SUCCESS" and "wid": "422" details of this task, including some personal conditions and home addresses that the teacher asked us to fill in

After analyzing the data package, it is obvious that the focus is on the third item, "wid":"422" in the Body of the third item of data is the key. As long as we find the "wid":"num" in the "num" and then construct the Request, it is OK!

How to find it? I came up with an exhaustive idea. I used the value of the specified range to construct a POST Request of 422-999, and then sent it to the Body to send the Request to complete the submission

We found a more interesting place when building the Body. If you change 422 to 423, it will return. "You don't need to fill in this information collection, please don't fill in it for you." it means that this task is not released by our college teachers, that is to say, if it is released by other colleges, I can't submit it if I want to!! Here is the key point. We can make use of the judgment mechanism of the system to carry out continuous contract awarding. If the return is either SUCCESS or failure to submit (failure to submit does not mean failure to contract successfully), we can continue to construct the package sending package. If the return is SUCCESS, everyone will be happy to submit successfully, and our final goal will be completed

Look at the code below. Don't be surprised by this pile of code. The head and body parts are all the data packets that are copied and pasted by Burp

import requests
import json
import time

num = 454
rangeSet = num + 1
cookies = {'MOD_AUTH_CAS': 'YcxNA903 Mosaic 583063221'}

global null
null=''
headers = \
    {
        "Host": "hnu Mosaic y.com",
        "Connection": "close",
        "Content-Length": "3596",
        "Accept": "application/json, text/plain, */*",
        "Origin": "https:Mosaic pd Mosaic om",
        "X-Requested-With": "XMLHttpRequest",
        "User-Agent": "Mozilla/5.0 (Linux; Android 10; Redmi K20 Pro Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/77.0.3865.92 Mobile Safari/537.36 yiban/8.1.9 cpdaily/8.1.9 wisedu/8.1.9",
        "Sec-Fetch-Mode": "cors",
        "Content-Type": "application/json",
        "Sec-Fetch-Site": "same-origin",
        "Referer": "https://hnua mosaic WEC count mosaic lector mosaic x.html? Co llector wid = 422 ",
        "Accept-Encoding": "gzip,deflate",
        "Accept-Language": "zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7"
    }

while num<rangeSet:
    body = {"formWid": "194", "collectWid": "422", "schoolTaskWid": "17174", "form": [
        {"wid": "1004", "formWid": "194", "fieldType": 2, "title": "Your campus",
         "description": "If your school has only one campus, please select [this campus]; if there are multiple campuses, please select [other], and fill in the campus name", "minLength": 0, "sort": "1",
         "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 1, "colName": "field001",
         "value": "Other", "fieldItems": [
            {"itemWid": "4035", "content": "Other", "isOtherItems": 1, "contendExtend": "Mosaic Campus", "isSelected": 1}]},
        {"wid": "1005", "formWid": "194", "fieldType": 1, "title": "Your ID number", "description": "Please fill in the complete 18 digit ID card number",
         "minLength": 18, "sort": "2", "maxLength": 18, "isRequired": 1, "imageCount": null, "hasOtherItems": 0,
         "colName": "field002", "value": "4128012001 Mosaic 0", "fieldItems": []},
        {"wid": "1006", "formWid": "194", "fieldType": 1, "title": "Your current region",
         "description": "Please select the province, city, district (county) where you are currently. If you are not in the mainland, please select a specific overseas region.", "minLength": 1, "sort": "3", "maxLength": 300,
         "isRequired": 1, "imageCount": -2, "hasOtherItems": 0, "colName": "field003", "value": "Mosaic Province/Mosaic City/Mosaic area",
         "fieldItems": [], "area1": "Mosaic Province", "area2": "Mosaic City", "area3": "Mosaic area"},
        {"wid": "1007", "formWid": "194", "fieldType": 2, "title": "Is there any definite diagnosis in your community (Village)?", "description": "",
         "minLength": 0, "sort": "4", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0,
         "colName": "field004", "value": "no",
         "fieldItems": [{"itemWid": "4037", "content": "no", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1008", "formWid": "194", "fieldType": 2, "title": "Do CO residents have confirmed cases?", "description": "", "minLength": 0,
         "sort": "5", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field005",
         "value": "no",
         "fieldItems": [{"itemWid": "4039", "content": "no", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1009", "formWid": "194", "fieldType": 2, "title": "Have you ever been to Hubei epidemic area?", "description": "", "minLength": 0,
         "sort": "6", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field006",
         "value": "no",
         "fieldItems": [{"itemWid": "4041", "content": "no", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1010", "formWid": "194", "fieldType": 2, "title": "Is there any contact with the personnel in the epidemic area?", "description": "", "minLength": 0,
         "sort": "7", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field007",
         "value": "no",
         "fieldItems": [{"itemWid": "4043", "content": "no", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1011", "formWid": "194", "fieldType": 2, "title": "Is observation retained?", "description": "", "minLength": 0,
         "sort": "8", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field008",
         "value": "no",
         "fieldItems": [{"itemWid": "4045", "content": "no", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1012", "formWid": "194", "fieldType": 2, "title": "Have you ever been diagnosed?", "description": "", "minLength": 0,
         "sort": "9", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0, "colName": "field009",
         "value": "no",
         "fieldItems": [{"itemWid": "4047", "content": "no", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]},
        {"wid": "1013", "formWid": "194", "fieldType": 2, "title": "Are you in good health?", "description": "", "minLength": 0,
         "sort": "10", "maxLength": null, "isRequired": 1, "imageCount": null, "hasOtherItems": 0,
         "colName": "field010", "value": "yes",
         "fieldItems": [{"itemWid": "4048", "content": "yes", "isOtherItems": 0, "contendExtend": "", "isSelected": 1}]}]}
    body["collectWid"] = num
    body1 = json.dumps(body)
    r = requests.post("https://hnu mosaic co m / WEC count mosaic collector apps / STU / CO mosaic or/sub mosaic m ",
                      headers=headers, data=body1, cookies=cookies)

    check = r.text.split("\",\"")[1].split("\"")[2]
    checkNO1 = "The collection has ended!"
    checkNO2 = "You do not need to fill in this information collection, please do not fill in"
    checkNO3 = "Data exception, the collection does not exist, please contact the administrator!"
    checkYES = "SUCCESS"
    if check == checkNO2:
     print("Not this class,Ignore automatically, the program will judge the number after one minute:",num)
     time.sleep(60)
    else:
        pass

    if check == checkNO1:
        print("This collection has ended,Unable to submit, the program will judge the number:",num)
    else:
        pass

    if check == checkNO3:
     print("This message does not exist yet. The program will sleep for 30 minutes. Next time, it will judge the number:",num)
     time.sleep(1800)
    else:
        pass

    if check == checkYES:
        print("Submitted successfully today! Eight hours later, the program starts again")
        time.sleep(28800)
    else:
        pass
    num+=1

After reading the code, some friends should ask: "Hey, what's the meaning of sleep you added later! Code is going to sleep, too?? (#`O′)”

NONONO, this is to deal with the security mechanism of the server, a defense Replay attack Security mechanism of

If we send a large number of packets to the server in a short period of time, it is more or less a harm to the server. In order to protect itself, the server must find out the source of the attack, and then shield it from receiving the packets sent by this person

Generally speaking, you are the bad boy who has been bidding.

In order to let the program indirectly send data packets to the server, we use the time library in Python, and use the sleep() function to let the program run for a while, walking and stopping along the trail of teenagers' drifting~

The operation effect of the final deployment on the server is shown as follows:

finish

Tags: JSON Python Linux Android

Posted on Tue, 05 May 2020 22:43:38 -0400 by felodiaz