学校外出申请报文抓包
今天突发奇想想做个一键申请外出的脚本,然后区看了申请网站的静态文件,发现request封装了几十层,每个字符都封装一次看的头都大了
抓包结果
从抓包可知请假api的域名和传输方式以json传输
data数据
在这里插入代码片
0000 00 74 9c c8 d0 07 f4 30 b9 97 58 86 08 00 45 00 .t.....0..X...E.
0010 04 1e 8e 77 40 00 80 06 00 00 0a 3d a4 63 db de ...w@......=.c..
0020 ba 4f 50 b1 00 50 74 fd f5 ff 38 59 ca f4 50 18 .OP..Pt...8Y..P.
0030 02 01 48 df 00 00 7b 22 70 61 72 61 6d 65 74 65 ..H...{"paramete
0040 72 73 22 3a 5b 7b 22 6b 65 79 22 3a 22 64 65 66 rs":[{"key":"def
0050 49 64 22 2c 22 76 61 6c 75 65 22 3a 22 37 35 38 Id","value":"758
0060 33 36 39 37 34 33 34 36 36 39 32 31 39 38 34 22 369743466921984"
0070 7d 2c 7b 22 6b 65 79 22 3a 22 76 65 72 73 69 6f },{"key":"versio
0080 6e 22 2c 22 76 61 6c 75 65 22 3a 22 30 22 7d 2c n","value":"0"},
0090 7b 22 6b 65 79 22 3a 22 64 61 74 61 22 2c 22 76 {"key":"data","v
00a0 61 6c 75 65 22 3a 22 7b 5c 22 69 64 5c 22 3a 5c alue":"{\"id\":\
00b0 22 5c 22 2c 5c 22 78 75 65 59 75 61 6e 5c 22 3a "\",\"xueYuan\":
00c0 5c 22 35 30 31 33 36 32 38 39 30 36 39 33 35 31 \"50136289069351
00d0 35 38 35 30 33 5c 22 2c 5c 22 7a 68 75 61 6e 59 58503\",\"zhuanY
00e0 65 5c 22 3a 5c 22 e7 89 a9 e8 81 94 e7 bd 91 e5 e\":\"..........
00f0 b7 a5 e7 a8 8b 5c 22 2c 5c 22 62 61 6e 4a 69 5c .....\",\"banJi\
0100 22 3a 5c 22 32 30 31 37 e7 89 a9 e8 81 94 e7 bd ":\"2017........
0110 91 31 e7 8f ad 5c 22 2c 5c 22 78 69 6e 67 4d 69 .1...\",\"xingMi
0120 6e 67 5c 22 3a 5c 22 34 32 35 39 33 39 36 31 33 ng\":\"425939613
0130 34 34 32 33 37 36 34 33 5c 22 2c 5c 22 6c 69 61 44237643\",\"lia
0140 6e 58 69 44 69 61 6e 48 75 61 5c 22 3a 5c 22 31 nXiDianHua\":\"1
0150 32 33 34 35 36 37 38 39 31 31 5c 22 2c 5c 22 6c 2345678911\",\"l
0160 69 58 69 61 6f 53 68 69 4a 69 61 6e 5c 22 3a 5c iXiaoShiJian\":\
0170 22 32 30 32 30 2d 31 31 2d 32 30 5c 22 2c 5c 22 "2020-11-20\",\"
0180 66 61 6e 58 69 61 6f 53 68 69 4a 69 61 6e 5c 22 fanXiaoShiJian\"
0190 3a 5c 22 32 30 32 30 2d 31 31 2d 32 30 5c 22 2c :\"2020-11-20\",
01a0 5c 22 71 69 6e 67 4a 69 61 54 69 61 6e 53 68 75 \"qingJiaTianShu
01b0 5c 22 3a 30 2c 5c 22 71 69 6e 67 4a 69 61 4c 65 \":0,\"qingJiaLe
01c0 69 58 69 6e 67 5c 22 3a 5c 22 e5 ae 9e e4 b9 a0 iXing\":\"......
01d0 5c 22 2c 5c 22 6c 69 58 69 61 6f 4d 75 44 69 44 \",\"liXiaoMuDiD
01e0 69 5c 22 3a 5c 22 7b 5c 5c 5c 22 73 74 72 65 65 i\":\"{\\\"stree
01f0 74 5c 5c 5c 22 3a 5c 5c 5c 22 31 5c 5c 5c 22 2c t\\\":\\\"1\\\",
0200 5c 5c 5c 22 70 72 6f 76 69 6e 63 65 5c 5c 5c 22 \\\"province\\\"
0210 3a 5c 5c 5c 22 34 34 5c 5c 5c 22 2c 5c 5c 5c 22 :\\\"44\\\",\\\"
0220 63 69 74 79 5c 5c 5c 22 3a 5c 5c 5c 22 34 34 31 city\\\":\\\"441
0230 39 5c 5c 5c 22 2c 5c 5c 5c 22 64 69 73 74 72 69 9\\\",\\\"distri
0240 63 74 5c 5c 5c 22 3a 5c 5c 5c 22 5c 5c 5c 22 7d ct\\\":\\\"\\\"}
0250 5c 22 2c 5c 22 71 69 6e 67 4a 69 61 59 75 61 6e \",\"qingJiaYuan
0260 59 69 6e 5c 22 3a 5c 22 61 61 61 73 61 73 61 73 Yin\":\"aaasasas
0270 5c 22 2c 5c 22 6a 69 61 43 68 61 6e 67 44 69 61 \",\"jiaChangDia
0280 6e 48 75 61 5c 22 3a 5c 22 31 32 33 34 35 36 37 nHua\":\"1234567
0290 38 39 31 31 5c 22 2c 5c 22 6a 69 61 54 69 6e 67 8911\",\"jiaTing
02a0 5a 68 75 5a 68 69 5c 22 3a 5c 22 7b 5c 5c 5c 22 ZhuZhi\":\"{\\\"
02b0 73 74 72 65 65 74 5c 5c 5c 22 3a 5c 5c 5c 22 31 street\\\":\\\"1
02c0 5c 5c 5c 22 2c 5c 5c 5c 22 70 72 6f 76 69 6e 63 \\\",\\\"provinc
02d0 65 5c 5c 5c 22 3a 5c 5c 5c 22 34 34 5c 5c 5c 22 e\\\":\\\"44\\\"
02e0 2c 5c 5c 5c 22 63 69 74 79 5c 5c 5c 22 3a 5c 5c ,\\\"city\\\":\\
02f0 5c 22 34 34 31 39 5c 5c 5c 22 2c 5c 5c 5c 22 64 \"4420\\\",\\\"d
0300 69 73 74 72 69 63 74 5c 5c 5c 22 3a 5c 5c 5c 22 istrict\\\":\\\"
0310 5c 5c 5c 22 7d 5c 22 2c 5c 22 6c 69 58 69 61 6f \\\"}\",\"liXiao
0320 43 68 65 6e 67 5a 75 6f 4a 54 47 4a 5c 22 3a 5c ChengZuoJTGJ\":\
0330 22 31 5c 22 2c 5c 22 6c 69 58 69 61 6f 4c 75 58 "1\",\"liXiaoLuX
0340 69 61 6e 5c 22 3a 5c 22 31 5c 22 2c 5c 22 66 61 ian\":\"1\",\"fa
0350 6e 58 69 61 6f 43 68 65 6e 67 5a 75 6f 4a 54 47 nXiaoChengZuoJTG
0360 4a 5c 22 3a 5c 22 31 5c 22 2c 5c 22 66 61 6e 58 J\":\"1\",\"fanX
0370 69 61 6f 4c 75 58 69 61 6e 5c 22 3a 5c 22 31 5c iaoLuXian\":\"1\
0380 22 2c 5c 22 62 61 69 4d 69 6e 67 44 61 6e 51 75 ",\"baiMingDanQu
0390 61 6e 58 69 61 6e 5c 22 3a 5c 22 43 5c 22 2c 5c anXian\":\"C\",\
03a0 22 73 68 65 6e 50 69 52 65 6e 5c 22 3a 5c 22 34 "shenPiRen\":\"4
03b0 32 35 39 33 39 36 31 32 37 37 31 32 38 37 37 30 2593961277128770
03c0 2c 34 32 35 39 33 39 36 31 35 38 33 33 31 33 30 ,425939615833130
03d0 37 31 2c 34 32 35 39 33 39 36 30 31 36 39 38 33 71,4259396016983
03e0 32 34 39 37 2c 34 32 35 39 33 39 36 30 32 35 37 2497,42593960257
03f0 39 31 32 38 37 39 2c 31 33 33 38 37 30 30 39 37 912879,133870097
0400 36 35 34 36 31 31 39 36 38 5c 22 2c 5c 22 78 75 654611968\",\"xu
0410 65 48 61 6f 5c 22 3a 5c 22 32 30 31 37 34 31 34 eHao\":\"2017414
0420 31 34 31 31 36 5c 22 7d 22 7d 5d 7d 14116\"}"}]}
可得知接收json内的对象和数据类型
Json格式
defid : “75836974346621984”,
version : “0”,
data :{
id:""
xueYuan:“5013628906935158503”
zhuanYe:"…(eth无法转译,大概是中文)"
banJi:“2017…1…(大概率是中文)”
xingMing:“42593961344237643”
lianXiDianHua : “12345678911”
liXiaoShiJian : “2020-11-20”
fanXiaoShiJian : “2020-11-20”
qingJiaTianShu : 0
liXiaoMuDiDi : {
street: “”,
province :"",
city:"",
district:""
}
qingJiaYuanYin:"",
jiaChangDianHua:“12345678911”,
jiaTingZhuZhi:"",
liXiaoChengZuoJTGJ :"",
liXiaoLuXian:"",
fanXiaoChengZuoJTGJ:"",
fanXiaoLuXian:"",
baiMingDanQuanXian:“C”
shenPiRen:“42593961277128770,42593961583313071,42593960169832497,42593960257912879,133870097654611968”(大概率是辅导员名字或编号)
xueHao:“20174141418”
}
大概是这样的json格式
文件传输报文16进制转换unicode
{"parameters":[{"key":"defId","value":"758369743466921984"},{"key":"version","value":"0"},{"key":"data","value":"{\"id\":\"\",\"xueYuan\":\"5013628906935158503\",\"zhuanYe\":\"物联网工程\",\"banJi\":\"2017物联网1班\",\"xingMing\":\"42593961344237643\",\"lianXiDianHua\":\"12345678911\",\"liXiaoShiJian\":\"2020-11-20\",\"fanXiaoShiJian\":\"2020-11-20\",\"qingJiaTianShu\":0,\"qingJiaLeiXing\":\"实习\",\"liXiaoMuDiDi\":\"{\\\"street\\\":\\\"1\\\",\\\"province\\\":\\\"44\\\",\\\"city\\\":\\\"4420\\\",\\\"district\\\":\\\"\\\"}\",\"qingJiaYuanYin\":\"aaasasas\",\"jiaChangDianHua\":\"12345678911\",\"jiaTingZhuZhi\":\"{\\\"street\\\":\\\"1\\\",\\\"province\\\":\\\"44\\\",\\\"city\\\":\\\"4420\\\",\\\"district\\\":\\\"\\\"}\",\"liXiaoChengZuoJTGJ\":\"1\",\"liXiaoLuXian\":\"1\",\"fanXiaoChengZuoJTGJ\":\"1\",\"fanXiaoLuXian\":\"1\",\"baiMingDanQuanXian\":\"C\",\"shenPiRen\":\"42593961277128770,42593961583313071,42593960169832497,42593960257912879,133870097654611968\",\"xueHao\":\"201741414116\"}"}]}
从报文可得
在json里学生姓名和学院名和审批人名都是用数据库里面设定的id来代替的,刚好查看前端从请求页的接口访问可得知向tranfer接口get了id
从者不平常的用法,可以推断后端从学院id和学生id从数据库获取学生对象然后进行白名单操作,而审批人属性里列表的id则是放到审批端消息管道中分发的标识,那么说如果我向后台post一个包含了这几个重要属性的报文,是否就能直接一键申请出校(学校规定当天来回可自动通过),不用再填那么多没用的信息浪费时间呢。