MOOC网课爬虫逆向(三)
burpsuite开起来
在测验按下提交按钮后
右键送到repeater,然后send
啥玩意,看不懂,跳啊
到proxy里把这个请求drop掉,然后把下一个请求右键到repeater
这个参数就有点意思了,send下看看它想干嘛
豁然开朗!!!!第二个请求就是用来获取题目的!!
还记得我们之前找到的次元突破方法吗?为什么不尝试一下,复制下aid
和burpsuite里的response一模一样!!
再一次验证了aid和测验的关联性!那么问题的关键就是怎么获取答案了
还记得之前分析的时候那个objectiveQList列表里的数据吗?这里分析下:
{
"id": 3321780599,
"gmtCreate": null,
"gmtModified": null,
"stdAnswer": null,
"examId": null,
"testId": null,
"type": 1,
"fillblankType": null,
"score": 1,
"options": null,
"position": 1,
"allowUpload": null,
"title": "<p>‎<span style=\"font-family:宋体;\" >齐次线性方程组</span><img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_6e5cb362-e158-481a-8744-46083c6e756b.png\" /><span style=\"font-family:宋体;\" ></span><span style=\"font-family:宋体;\" >有非零解的充分必要条件是( ).</span></p>‌<p>‎<br ></p>‌",
"plainTextTitle": "齐次线性方程组【图片】有非零解的充分必要条件是( ).",
"titleAttachment": null,
"description": null,
"sampleAnswerJson": null,
"judgerules": null,
"analyse": null,
"optionDtos": [{
"id": 84162913447,
"content": "<p><img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_ff50a986-ff0f-46bb-8005-d1db463201ec.png\" /></p>",
"answer": null,
"analyse": null,
"selectCount": null
}, {
"id": 384162913447,
"content": "<p><span style=\"font-size:14px;font-family:'Calibri',sans-serif;\" ><img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_c22b0038-1854-42fb-adf5-efe53204123a.png\" /></span><span style=\"font-size:14px;font-family:宋体;\" >且<img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_643d5964-4b87-4a74-ac56-ae5c0dc743d9.png\" /></span></p>",
"answer": null,
"analyse": null,
"selectCount": null
}, {
"id": 284162913447,
"content": "<p><span style=\"font-size:14px;font-family:'Calibri',sans-serif;\" ><img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_8f1c6639-4bc2-4b4d-abff-1f7fab7650c3.png\" /></span><span style=\"font-size:14px;font-family: 宋体;\" >或<img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_d606e641-5697-44ae-af49-8fb25fc35ce6.png\" /></span></p>",
"answer": null,
"analyse": null,
"selectCount": null
}, {
"id": 184162913447,
"content": "<p><img src=\"https://edu-image.nosdn.127.net/_PhotoUploadUtils_dcd83fd2-b610-454a-91a1-56c7a2938555.png\" /></p>",
"answer": null,
"analyse": null,
"selectCount": null
}],
"judgeDtos": null,
"sampleAnswers": null,
"titleAttachmentDtos": null,
"ojTimeLimit": null,
"ojMemLimit": null,
"ojSupportedLanguage": null,
"ojNeedInput": null,
"ojSupportedLanguageList": null,
"ojTryTime": null,
"ojCases": null,
"correctNumber": null,
"totalScore": null,
"correctRate": null,
"avgScore": null,
"mocQuestionTagDto": null,
"canEdit": null,
"edsQuestionId": null,
"isOptionRandom": null,
"optionNumber": null,
"submitCount": null
}
不难发现,每一个题目都唯一对应一个id,id和题目一一映射
title就是html版本的题目,plainTextTitle就是普通的文本版本题目
这个optionDtos就是一个选项的列表,id和每一个选项一一对应
content就是选项的html版本的呈现,answer就是答案,analyse就是分析
那么自然而然地,我们就要想办法得到答案也就是answer!可是我们怎么知道answer是从哪里返回的呢?返回的形式是怎么样的呢?显然,单纯的线代测验根本不能告诉我们。