python自动化,小程序fiddler抓包

我在校园吗?

科技日新月异的当下,时刻需要我们,,,校园激起了我的学习欲望
行动代号SchoolDays

我在校园吗?

工具Python,Fiddler

下载安卓Fiddler,并完成基本设置。

打开fiddler的Captuer Traffic 开始抓包
1,在电脑上打开小程序我校园
无干预情况下,小程序会自动调用微信认证,但我们本地控制本地断网(此步骤有点扯淡)可以卡出一个经由账号密码登录的界面。
在fiddler界面会有有一个url为https://gw.wozaixiaoyuan.com/basicinfo/mobile/login/username 的请求。在insperctors界面可看见自己本人无加密的明文登录请求。
2,设置fiddler短点automatic breakpoints before requests
手动进行数据提交,会在fiddler看见url为https://student.wozaixiaoyuan.com/health/save.json 的请求 数据无加密 这里以健康打卡为例
可在inspectors 下的webforms下看见data数据
3,编写python代码

# -*- coding =utf-8 -*-
# @time : 2022.7.8 9:47
# @software: PyCharm
# Author:Xiao_yu
import json
import logging
import requests, time, random
import smtplib
import time
from email.mime.text import MIMEText
from email.utils import formataddr

logger = logging.getLogger()
logger.setLevel(logging.INFO)
def get_status(self):
    if self['code'] == 0:
        return "Sucessful"
    elif self['code'] == 1:
        return "Time Wrong"
    elif self['code'] == -10:
        return "···Token已失效"
    else:
        return "!!!发生未知错误"
class answer:
    def __init__(self):
        self.my_sender = 'XX'
        self.my_pass = 'XX'
        self.my_user = 'XX'
        username='XX'
        password='XX'
        # print(self.get_seq())
        header = {
            "Host": "student.wozaixiaoyuan.com",
            "Content-Type": "application/x-www-form-urlencoded",
            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
            "Accept-Encoding": "gzip, deflate, br",
            "Accept-Language": "en-us,en",
            "Connection": "keep-alive",
            "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 MicroMessenger/7.0.9.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat",   # 修改3 抓包获取/从旧版代码复制
            "Content-Length": "360",
        }
        loginUrl = "https://gw.wozaixiaoyuan.com/basicinfo/mobile/login/username"
        data = "{}"
        session = requests.session()
        url = loginUrl + "?username=" + username + "&password=" + password
        respt = session.post(url, data=data, headers=header)
        res = json.loads(respt.text)
        if res["code"] == 0:
            print("登陆成功")
            jwsession = respt.headers['JWSESSION']  #获取JWESSION 十分重要为下面提交数据做铺垫
        else:
            print(res)
            print('登录失败')
        self.api = "https://student.wozaixiaoyuan.com/health/save.json"
        self.headers = {
            "Host": "student.wozaixiaoyuan.com",
            "Content-Type": "application/x-www-form-urlencoded",
            "Accept-Encoding": "gzip, deflate, br",
            "Connection": "keep-alive",
            "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 MicroMessenger/7.0.9.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat",  # 修改8 抓包获取/从旧版代码复制
            "Referer": "https://servicewechat.com/wxce6d08f781975d91/186/page-frame.html",  # 修改9 抓包获取/从旧版代码复制
            "Content-Length": "360",
            "JWSESSION": str(jwsession),
        }
        temperature=self.get_random_temprature()
        self.data = {
            "answers":["0","XXX","XXX","XXX",temperature,"没有","1","1","2"],
            "latitude":'XXX',
            "longitude":'XXX',
            "country":'中国',
            "city":'XXX',
            "district":'XXX',
            "province":'XXX',
            "township":'XXX',
            "street":"XXX",
            "areacode":'XXX',
            "towncode":'XXX',
            "citycode":'XXX',
        }

    def get_random_temprature(self):
        random.seed(time.ctime())
        return "{:.1f}".format(random.uniform(36.2, 36.7))

    # def get_seq(self):
    #     current_hour = datetime.datetime.now()
    #     current_hour = current_hour.hour + 1
    #     if 6 <= current_hour <= 13:
    #         return "1"
    #     elif 14 <= current_hour < 19:
    #         return "2"
    #     elif 19 <= current_hour < 22:
    #         return "3"
    #     else:
    #         return 1

    def run(self):
        datatime=time.time()
        self.data["timestampHeader"]=int(datatime)
        res = requests.post(self.api, headers=self.headers, data=self.data, ).json() # 打卡提交
        print(res)
        try:
            msg = MIMEText(get_status(res), 'plain', 'utf-8')  # 填写邮件内容
            msg['From'] = formataddr(["schooldays", self.my_sender])  # 括号里的对应发件人邮箱昵称、发件人邮箱账号
            msg['To'] = formataddr(["tset", self.my_user])  # 括号里的对应收件人邮箱昵称、收件人邮箱账号,此处xxx可选择性修改
            msg['Subject'] = get_status(res)  # 邮件的主题,也可以说是标题
            server = smtplib.SMTP_SSL("smtp.qq.com", 465)  # 发件人邮箱中的SMTP服务器
            server.login(self.my_sender, self.my_pass)  # 括号中对应的是发件人邮箱账号、邮箱授权码
            server.sendmail(self.my_sender, [self.my_user, ], msg.as_string())  # 括号中对应的是发件人邮箱账号、收件人邮箱账号、发送邮件
            server.quit()  # 关闭连接
        except Exception:  # 如果 try 中的语句没有执行,则会执行下面的 ret=False
            res = False
        return True

if __name__ == "__main__":

    answer().run()
def main_handler(event, context):
    logger.info('got event{}'.format(event))
    return answer().run()

中间有行代码是在以账号密码登录后,在获取JWEssion,为下面数据提交做铺垫

登录代码来源于https://gitee.com/DominicKK/autocheck#4errorcode
学习了一下大佬的代码,自己用fiddler抓了抓健,,卡的包。
本贴仅供学习参考,代码请与24h后删除。

  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值