前言
只为了学习和研究,不得用于非法用途,后果自负
为了巩固xss漏洞的知识点,所以就刷xss挑战。期间自然有卡住的时候,而遇到难题卡住加上思考就是最好的学习方式,当快出来的时候,突然舍友突然微信叫我易班签到,我心态都炸了,整个思路都乱了,签完到发现到那一步了都不知道,所以像我这种健康的学生就想着有没有一个可以签到的软件呢。找了半天发现没有,但找到了一篇文章,是looyeagee大佬写的。因为都是接触的是web方面的,但主要是pc端的,对安卓不是很了解,看到大佬文章出现的链接突然反应过来,都是http协议
,那不都效果一样吗?就着手准备进行学习一波,我可没想着用呀!只是学习!
注意:这个脚本是可以读到创建的所有程序,通过修改可以提交几天后的任务都可以,但前提是发布人有创建这个任务(有些任务是到点才显示出来,只有通过读取数据才能发现)
由于11月11日易班改了api的链接方式,需要加密才能获取access_token所以对代码进行修改,只对原代码进行修改,需要将encrypto.py放到和yiban.py同一目录下,如果安装crypto库报错请参考crypto这篇文章
最近发现这个秘钥已经过期了,只是为了学习才写这个脚本,所以不更新也不跟进,想学习的可以参考这一篇秘钥,将包解开其中有秘钥
原代码
encrypto.py
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
import base64
from urllib import parse
PUBLIC_KEY = '''-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxbzZk3gEsbSe7A95iCIk
59Kvhs1fHKE6zRUfOUyTaKd6Rzgh9TB/jAK2ZN7rHzZExMM9kw6lVwmlV0VabSmO
YL9OOHDCiEjOlsfinlZpMZ4VHg8gkFoOeO4GvaBs7+YjG51Am6DKuJWMG9l1pAge
96Uhx8xWuDQweIkjWFADcGLpDJJtjTcrh4fy8toE0/0zJMmg8S4RM/ub0q59+VhM
zBYAfPmCr6YnEZf0QervDcjItr5pTNlkLK9E09HdKI4ynHy7D9lgLTeVmrITdq++
mCbgsF/z5Rgzpa/tCgIQTFD+EPPB4oXlaOg6yFceu0XUQEaU0DvAlJ7Zn+VwPkkq
JEoGudklNePHcK+eLRLHcjd9MPgU6NP31dEi/QSCA7lbcU91F3gyoBpSsp5m7bf5
//OBadjWJDvl2KML7NMQZUr7YXqUQW9AvoNFrH4edn8d5jY5WAxWsCPQlOqNdybM
vKF2jhjIE1fTWOzK+AvvFyNhxer5bWGU4S5LTr7QNXnvbngXCdkQfrcSn/ydQXP0
vXfjf3NhpluFXqWe5qUFKXvjY6+PdrE/lvTmX4DdvUIu9NDa2JU9mhwAPPR1yjjp
4IhgYOTQL69ZQcvy0Ssa6S25Xi3xx2XXbdx8svYcQfHDBF1daK9vca+YRX/DzXxl
1S4uGt+FUWSwuFdZ122ZCZ0CAwEAAQ==
-----END PUBLIC KEY-----
'''
def encrypt_passwd(pwd):
cipher = PKCS1_v1_5.new(RSA.importKey(PUBLIC_KEY))
cipher_text = base64.b64encode(cipher.encrypt(bytes(pwd, encoding="utf8")))
return parse.quote(cipher_text.decode("utf-8"))
yiban.py
import re
import time
import requests
import json
import os
import urllib
from encrypto import encrypt_passwd
def get_user():
account = []
passwd = []
state = 0
name_file = 'data/username.txt';
pass_file = 'data/password.txt';
try:
f = open(name_file, mode='r');
lines = f.readlines();
for line in lines:
conn = line.strip('\n');
account.append(conn);
f.close();
except:
state = 1;
try:
f = open(pass_file, mode='r');
lines = f.readlines();
for line in lines:
conn = line.strip('\n');
passwd.append(encrypt_passwd(conn));
f.close();
except:
state = 1;
return account, passwd, state;
def get_time_stamp():
now_time = time.localtime(time.time());
if now_time[3] == 7 or now_time[3] == 8 or now_time[3] == 9:
start_time = '7:00:00';
elif now_time[3] == 11 or now_time[3] == 12 or now_time[3] == 13:
start_time = '11:00:00';
elif now_time[3] >= 17 and now_time[3] <= 22:
start_time = '17:30:00';
else:
return 1;
now_year = str(now_time[0]);
now_mouth = str(now_time[1]);
now_day = str(now_time[2]);
fixed_time = (str(now_year + '-' + now_mouth + '-' + now_day + ' ' + start_time));
fixed_time = time.strptime(fixed_time, "%Y-%m-%d %H:%M:%S");
timestamp = int(time.mktime(fixed_time));
return timestamp;
#登录页面
def login(account, passwd, csrf, csrf_cookies, header):
params = {
"account": account,
"ct": 1,
"identify": 1,
"v": "4.7.12",
"passwd": passwd
}
login_url = 'https://mobile.yiban.cn/api/v2/passport/login';
login_r = requests.get(login_url, params=params);
login_json = login_r.json();
user_name = login_json['data']['user']['name'];
access_token = login_json['data']['access_token'];
return user_name, access_token;
#二次认证
def auth(access_token, csrf, csrf_cookies, header):
auth_first_url = 'http://f.yiban.cn/iapp/index?act=iapp7463&v=' + access_token + '';
auth_first_r = requests.get(auth_first_url, timeout=10, headers=header, allow_redirects=False).headers['Location'];
verify_request = re.findall(r"verify_request=(.*?)&", auth_first_r)[0];
auth_second_url = 'https://api.uyiban.com/base/c/auth/yiban?verifyRequest=' + verify_request + '&CSRF=' + csrf;
auth_result = requests.get(auth_second_url, timeout=10, headers=header, cookies=csrf_cookies);
auth_cookie = auth_result.cookies;
auth_json = auth_result.json();
return auth_cookie;
'''
def get_complete_list(csrf,csrf_cookies,auth_cookie,header):
complete_url = 'https://api.uyiban.com/officeTask/client/index/completedList?CSRF={}'.format(csrf);
result_cookie = {
'csrf_token': csrf,
'PHPSESSID': auth_cookie['PHPSESSID'],
'cpi': auth_cookie['cpi']
}
complete_r = requests.get(complete_url, timeout = 10, headers = header, cookies = result_cookie);
task_num = len(complete_r.json()['data']);
time = get_time_stamp();
for i in range(0, task_num):
task_time = complete_r.json()['data'][i]['StartTime'];
if time == task_time:
task_id = complete_r.json()['data'][i]['TaskId'];
get_task_detail(task_id, csrf, result_cookie, header);
break;
'''
#未完成的任务
def get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header):
uncomplete_url = 'https://api.uyiban.com/officeTask/client/index/uncompletedList?CSRF={}'.format(csrf);
result_cookie = {
'csrf_token': csrf,
'PHPSESSID': auth_cookie['PHPSESSID'],
'cpi': auth_cookie['cpi']
}
uncomplete_r = requests.get(uncomplete_url, timeout=10, headers=header, cookies=result_cookie);
task_num = len(uncomplete_r.json()['data']);
for i in range(0, task_num):
task_time = uncomplete_r.json()['data'][i]['StartTime'];
time = get_time_stamp();
if time == task_time:
task_id = uncomplete_r.json()['data'][i]['TaskId'];
user_state = 0;
return task_id, result_cookie, user_state;
break;
#获取表单信息
def get_task_detail(task_id, csrf, result_cookie, header):
task_detail_url = 'https://api.uyiban.com/officeTask/client/index/detail?TaskId={0}&CSRF={1}'.format(task_id, csrf);
task_detail_r = requests.get(task_detail_url, timeout=10, headers=header, cookies=result_cookie);
task_result = task_detail_r.json();
task_wfid = task_result['data']['WFId'];
return task_result, task_wfid;
#提交表单
def task_submit(task_wfid, csrf, result_cookie, header, task_result):
extend = {"TaskId": task_result['data']['Id'],
"title": "任务信息",
"content": [{"label": "任务名称", "value": task_result['data']['Title']},
{"label": "发布机构", "value": task_result['data']['PubOrgName']},
{"label": "发布人", "value": task_result['data']['PubPersonName']}]}
data = {"0caddc48d709afde9cc4986b3a85155e": "36.5",
"a4f42d8428d2d4ca3f4562ff86305eb0": {"name": "菜鸟驿站",
"location": "111.111111,11.111111",
"address": "xxxxxxx学院"}}
params = {
'data': json.dumps(data),
'extend': json.dumps(extend)
}
task_submit_url = 'https://api.uyiban.com/workFlow/c/my/apply/{0}?CSRF={1}'.format(task_wfid, csrf);
task_submit_r = requests.post(task_submit_url, timeout=10, headers=header, cookies=result_cookie, data=params);
#运行程序
def start():
csrf = "365a9bc7c77897e40b0c7ecdb87806d9"
csrf_cookies = {"csrf_token": csrf}
header = {"Origin": "https://c.uyiban.com", "User-Agent": "yiban"}
get_time_stamp();
account, passwd, state = get_user();
if state == 1:
print('账号或者密码文件打开有误');
exit();
if len(account) != len(passwd):
print('账号和密码数量不一致');
exit();
for i in range(0, len(account)):
print(account[i]);
try:
user_name, access_token = login(account[i], passwd[i], csrf, csrf_cookies, header);
try:
auth_cookie = auth(access_token, csrf, csrf_cookies, header);
try:
task_id, result_cookie, user_state = get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header);
try:
task_result, task_wfid = get_task_detail(task_id, csrf, result_cookie, header);
conncet = task_submit(task_wfid, csrf, result_cookie, header, task_result);
print(user_name + '完成签到');
except:
print('');
except:
print(user_name + '没有获取到未完成的任务');
continue;
except:
print(user_name + '没有获取到cookie');
continue;
except:
print(user_name + '账号或者密码错误');
continue;
#脚本跑
if __name__ == '__main__':
def time_sleep(n):
while True:
a = get_time_stamp();
now_time = time.localtime(time.time());
print(
str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + ':' + str(
now_time[5]));
start();
if (now_time[3] >= 7 and now_time[3] <= 21):
time.sleep(1800);
else:
time.sleep(3600);
time_sleep(5);
需要修改的地方
登录和二次认证那块可以不修改
get_uncomplete_list
获取信息后每个学校是不一样的,像我们学校有测评信息可以查看的,但有些学校是没有的,所以需要修改一下获取的信息
get_task_detail
获取的是任务表单的信息,也需要修改,比如发布人、任务名字之类的。
task_submit
是提交数据,这里需要提交data
和extend
,这两个数据是不同的,需要自己抓包来看进行修改。
最后那个跑的time_sleep()是我懒得好好写,让他提交就好了,懒得去理他几点提交了
以下是一个大佬对作者代码完善结果
添加了邮箱提醒,随机温度和定时启动
import re
import time
import requests
import json
import os
import urllib
import smtplib
from email.mime.text import MIMEText
from email.utils import formataddr
def get_user():
account = []
passwd = []
state = 0
name_file = 'data/username.txt';
pass_file = 'data/password.txt';
try:
f = open(name_file, mode='r');
lines = f.readlines();
for line in lines:
conn = line.strip('\n');
account.append(conn);
f.close();
except:
state = 1;
try:
f = open(pass_file, mode='r');
lines = f.readlines();
for line in lines:
conn = line.strip('\n');
passwd.append(conn);
f.close();
except:
state = 1;
return account,passwd,state;
def get_time_stamp():
now_time = time.localtime(time.time());
if now_time[3] >=6 and now_time[3] <= 10:
start_time = '7:00:00';
elif now_time[3] >=11 and now_time[3] <= 16:
start_time = '11:00:00';
elif now_time[3] >= 17 and now_time[3] <= 22:
start_time = '17:30:00';
else:
return 1;
now_year = str(now_time[0]);
now_mouth = str(now_time[1]);
now_day = str(now_time[2]);
fixed_time = (str(now_year + '-' + now_mouth + '-' + now_day + ' ' + start_time));
fixed_time = time.strptime(fixed_time,"%Y-%m-%d %H:%M:%S");
timestamp = int(time.mktime(fixed_time));
return timestamp;
def login(account,passwd,csrf,csrf_cookies,header):
params = {
"account": account,
"ct": 1,
"identify": 1,
"v": "4.7.12",
"passwd": passwd
}
login_url = 'https://mobile.yiban.cn/api/v2/passport/login';
login_r = requests.get(login_url,params = params);
login_json = login_r.json();
user_name = login_json['data']['user']['name'];
access_token = login_json['data']['access_token'];
return user_name,access_token;
def auth(access_token,csrf,csrf_cookies,header):
auth_first_url = 'http://f.yiban.cn/iapp/index?act=iapp7463&v=' + access_token + '';
auth_first_r = requests.get(auth_first_url,timeout = 10,headers = header,allow_redirects = False).headers['Location'];
verify_request = re.findall(r"verify_request=(.*?)&",auth_first_r)[0];
auth_second_url = 'https://api.uyiban.com/base/c/auth/yiban?verifyRequest=' + verify_request + '&CSRF=' + csrf;
auth_result = requests.get(auth_second_url,timeout = 10,headers = header,cookies = csrf_cookies);
auth_cookie = auth_result.cookies;
auth_json = auth_result.json();
return auth_cookie;
def get_uncomplete_list(csrf,csrf_cookies,auth_cookie,header):
uncomplete_url = 'https://api.uyiban.com/officeTask/client/index/uncompletedList?CSRF={}'.format(csrf);
result_cookie = {
'csrf_token' : csrf,
'PHPSESSID' : auth_cookie['PHPSESSID'],
'cpi' : auth_cookie['cpi']
}
uncomplete_r = requests.get(uncomplete_url, timeout = 10, headers = header, cookies = result_cookie);
task_num = len(uncomplete_r.json()['data']);
for i in range(0,task_num):
task_time = uncomplete_r.json()['data'][i]['StartTime'];
time = get_time_stamp();
if time == task_time:
task_id = uncomplete_r.json()['data'][i]['TaskId'];
user_state = 0;
return task_id,result_cookie,user_state;
break;
def get_task_detail(task_id,csrf,result_cookie,header):
task_detail_url = 'https://api.uyiban.com/officeTask/client/index/detail?TaskId={0}&CSRF={1}'.format(task_id,csrf);
task_detail_r = requests.get(task_detail_url, timeout = 10, headers = header, cookies = result_cookie);
task_result = task_detail_r.json();
task_wfid = task_result['data']['WFId'];
return task_result,task_wfid;
def task_submit(task_wfid,csrf,result_cookie,header,task_result,temperature):
extend={"TaskId":task_result['data']['Id'],
"title":"任务信息",
"content":[{"label":"任务名称","value":task_result['data']['Title']},
{"label":"发布机构","value":task_result['data']['PubOrgName']},
{"label":"发布人","value":task_result['data']['PubPersonName']}]}
data = {"0caddc48d709afde9cc4986b3a85155e":temperature,
"a4f42d8428d2d4ca3f4562ff86305eb0":{"name":"菜鸟驿站",
"location": "111.111111,11.111111",
"address": "xxxxxxx学院"}}
params = {
'data' : json.dumps(data),
'extend' : json.dumps(extend)
}
task_submit_url = 'https://api.uyiban.com/workFlow/c/my/apply/{0}?CSRF={1}'.format(task_wfid,csrf);
task_submit_r = requests.post(task_submit_url, timeout = 10, headers = header, cookies = result_cookie,data = params);
def start(log):
csrf = "365a9bc7c77897e40b0c7ecdb87806d9"
csrf_cookies = {"csrf_token": csrf}
header = {"Origin": "https://c.uyiban.com", "User-Agent": "yiban"}
get_time_stamp();
account, passwd, state = get_user();
if state == 1:
print('账号或者密码文件打开有误');
exit();
if len(account) != len(passwd):
print('账号和密码数量不一致');
exit();
a = get_time_stamp();
for i in range(0, len(account)):
now_time = time.localtime(time.time());
temperature = '36.' + str((now_time[5]%10)//2+4)
print(account[i]);
print(account[i] , file=log);
try:
user_name, access_token = login(account[i], passwd[i], csrf, csrf_cookies, header);
try:
auth_cookie = auth(access_token, csrf, csrf_cookies, header);
try:
task_id, result_cookie, user_state = get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header);
try:
task_result, task_wfid = get_task_detail(task_id, csrf, result_cookie, header);
conncet = task_submit(task_wfid, csrf, result_cookie, header, task_result,temperature);
print(user_name + '完成签到,随机温度为:'+ temperature + '。本程序于' + str(now_time[5]%10) + '秒后继续运行!');
print(user_name + '完成签到,随机温度为:'+ temperature + '。本程序于' + str(now_time[5]%10) + '秒后继续运行!' , file=log);
except:
print('');
except:
print(user_name + '没有获取到未完成的任务');
print(user_name + '没有获取到未完成的任务' , file=log);
continue;
except:
print(user_name + '没有获取到cookie');
print(user_name + '没有获取到cookie' , file=log);
continue;
except:
print(user_name + '账号或者密码错误');
print(user_name + '账号或者密码错误' , file=log);
continue;
time.sleep(now_time[5]%10)
def email(now_time):
log = open('log/' + str(now_time[0]) + '.' + str(now_time[1]) + '.' + str(now_time[2]) + '-' + str(now_time[3]) + '.' + str(now_time[4]) + '.txt','r')
my_sender='123456789@qq.com' # 发件人邮箱账号
my_pass = '123456789' # 发件人邮箱密码(当时申请smtp给的口令)
my_user='123456789@qq.com' # 收件人邮箱账号,我这边发送给自己
def mail():
ret=True
try:
msg=MIMEText(log.read(),'plain','utf-8')
msg['From']=formataddr(["Hogan",my_sender]) # 括号里的对应发件人邮箱昵称、发件人邮箱账号
msg['To']=formataddr(["易班签到提醒",my_user]) # 括号里的对应收件人邮箱昵称、收件人邮箱账号
msg['Subject']="已经完成"+ str(now_time[0]) + '-' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + "点的签到任务" # 邮件的主题,也可以说是标题
server=smtplib.SMTP_SSL("smtp.qq.com", 465) # 发件人邮箱中的SMTP服务器,端口是465
server.login(my_sender, my_pass) # 括号中对应的是发件人邮箱账号、邮箱密码
server.sendmail(my_sender,[my_user,],msg.as_string()) # 括号中对应的是发件人邮箱账号、收件人邮箱账号、发送邮件
server.quit()# 关闭连接
except Exception:# 如果 try 中的语句没有执行,则会执行下面的 ret=False
ret=False
return ret
ret=mail()
if ret:
print("邮件发送成功")
else:
print("邮件发送失败")
log.close()
if __name__ == '__main__':
while True:
now_time = time.localtime(time.time());
if (now_time[3] == 7 or now_time[3] == 12 or now_time[3] == 18):
log = open('log/' + str(now_time[0]) + '.' + str(now_time[1]) + '.' + str(now_time[2]) + '-' + str(now_time[3]) + '.' + str(now_time[4]) + '.txt','w')
print('---------------------------------------------------');
print('目前时间:' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + '。签到开始!!!')
print('目前时间:' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + '。签到开始!!!' , file=log)
start(log);
log.close()
print('---------------------------------------------------');
email(now_time);
print('---------------------------------------------------');
print('已经完成'+ str(now_time[3]) + '点的签到任务,本程序于1小时后重新检测。')
print('---------------------------------------------------');
time.sleep(6000);
else:
print('目前时间:' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + '。不在签到时间!本程序于10分钟后重新检测。')
time.sleep(600);