xx环境
Ubuntu20.04
iphone
部署环境
Linux (ubuntu && Centos)
前言
讲的是思路 !!!
安装xx工具&&报文分析
- 安装
Charle
wget -q -O - https://www.charlesproxy.com/packages/apt/PublicKey | sudo apt-key add sudo sh -c 'echo deb https://www.charlesproxy.com/packages/apt/ charles-proxy main > /etc/apt/sources.list.d/charles.list' sudo apt update sudo apt install charles-proxy -y - xx激活
Charle
Registered Name:https://zhile.io License Key: 48891cf209c6d32bf4 打开软件在手机上安装证书
- 前提准备
- 保证手机和电脑在一个局域网中
- 保证手机链接同一个局域网并配置
Http代理为你电脑的ip:8888 (找不见自己电脑中的IP可以在第三张图查看)
- 使用的是Iphone 如果是安卓手机就需要Root (这里只是教大家分析报文 真实部署不需要)
依次点击help->SSL Proxying->Install Charle Root Certificate on a Mobile device or Romote Browser
- 在手机上输入如图上的域名
chls.pro/ssl下载安装证书 - 依次点击
Proxy->SSL Proxying Settings点击Add添加所有需要抓的Https请求
- 当看到Charle中抓到很多请求后 说明初始配置成功
清除历史包并在手机上打开x信和xxxx
-清除手机后台所有应用 并打开 x信 -> xxxx
- 根据要抓的应用名称判断出需要的域名
- 显然这个域名是放小程序h5以及用户信息的域名路径
- 显然这个域名是放小程序js 以及css文件的路径
- 选择清除小程序数据信息 然后进入后会跳转到登陆页面
- 后期会发现
post一个定位打卡签到的报文 会需要Session信息故 要发登陆的报文取到session信息 - 随变在用户名密码填一下让手机将报文发出去
- charle下查看到发送了一个带username passwd的post报文
- 查看报文信息
usernamepasswd为我在校园用户名秘密openidunionid为小程序的信息phoneinfo字面意思
- 把链接复制出来拉到postman下测试一下 发现刚才的 其他三个Requests headers 字段可以不需要
Response headers中的Set-Cookie和JwsSESSION是后期发送打卡请求需要的字段
- 手机点击我的可以发现抓到了个人数据 分析请求头发现是带这cookie请求的
-同样复制出Requests headers拉到postman测试一波
- 最后点到打卡的界面 因为 今天我已经打过卡了所以出现的是 gettoday.json
- 没有打过卡可以直接提交 发现就是在这个路径下发了一个 名为
save.json的Post包 将参数拿到postman 同样测试一遍
- 发现打卡成功 然后开始写代码
Code
- 这里放一个没有添加每日短信提示的版本
- home_data 的需要更改为你自己家的数据
- 前两个字段为家的经度和伟度
‘latitude’: ‘34.’,
‘longitude’: ‘107.62972’, - city填你所在的市
‘country’: ‘中国’,
‘city’: ‘宝鸡市’, - 后面的数据填你所在的镇
‘district’: ‘xx县’,
‘province’: ‘xx省’,
‘township’: ‘xx镇’,
‘street’: ‘xx街’, - areacode 你的地域号 通过高德/百度 地图的API可以查到 不知到写你身份证前6位
‘areacode’: ‘’,
import datetime import json import os import random import requests FileLog=os.path.basename(__file__).replace('.py','.log') class WZXY_Fuck(object): def __init__(self,username,passwd): self.username=username self.passwd=passwd self.JWSESSION='' def get_student_data(self): student_info_url="https://gw.wozaixiaoyuan.com/basicinfo/mobile/my/index" student_info_headers={ 'method':'POST', 'scheme':'https', 'path':'/basicinfo/mobile/my/index', 'authority':'gw.wozaixiaoyuan.com', 'content-type':'application/json;charset=UTF-8', 'accept':'application/json, text/plain, */*', 'accept-encoding':'gzip, deflate, br', 'accept-language':'zh-CN,zh-Hans;q=0.9', 'origin':'https://gw.wozaixiaoyuan.com', 'user-agent':'Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.18(0x) NetType/WIFI Language/zh_CN miniProgram/wxce6d08fd91', 'referer':'https://gw.wozaixiaoyuan.com/h5/mobile/basicinfo/index/home/my', 'cookie':'JWSESSION={}'.format(self.JWSESSION), } student_info_response=requests.post(student_info_url,headers=student_info_headers) print(student_info_response.text, file=open(FileLog, 'a')) def login(self): login_headers={ 'user-agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.18(0x) NetType/WIFI Language/zh_CN miniProgram/wxce6d08fd91', } login_url = 'https://gw.wozaixiaoyuan.com/basicinfo/mobile/login/username' login_params={ "username": self.username, 'password': self.passwd, # phoneInfo 手机信息 可要可不要 # "phoneInfo":'3____iphone%3B+cpu+iphone+os+15_3+like+mac+os+x' } response = requests.get(login_url, params=login_params, headers=login_headers) status_code=int(response.status_code) if status_code!=200 : raise "request login error" self.JWSESSION=str(response.cookies.get('JWSESSION')).strip() print("JWSESSION is ",self.JWSESSION, file=open(FileLog, 'a')) def dk(self): c_number = ['36.4', '36.5', '36.6', '36.7'] answers = '["0","1","{}"]'.format(random.choice(c_number)) dk_headers = { 'Host': 'student.wozaixiaoyuan.com', 'Connection': 'keep-alive', 'charset': 'utf-8', # 'token': json_data['wzxy_token'], 'content-type': 'application/x-www-form-urlencoded', 'user-agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.18(0x) NetType/WIFI Language/zh_CN miniProgram/wxce6d08fd91', 'Accept-Encoding': 'gzip,compress,br,deflate', 'Referer': 'https://servicewechat.com/wxce6d08f781975d91/130/page-frame.html', 'Content-Length': '312', "JWSESSION": self.JWSESSION } home_data = { 'answers': answers, 'latitude': 'xxxxx', 'longitude': 'xxxxxx', 'country': '中国', 'city': 'xx市', 'district': 'xx县', 'province': 'xx省', 'township': 'xx镇', 'street': 'xxx街', 'areacode': '', } school_data={ 'answers': answers, 'latitude': '34.', 'longitude': '108.90548', 'country': '中国', "city": "西安市", "district": "长安区", "province": "陕西省", "township": "韦曲街道", "street": "西长安街", 'areacode': '', } url = 'https://student.wozaixiaoyuan.com/health/save.json' response = requests.post(url, data=home_data, headers=dk_headers).json() response_dict = { } for key, value in response.items(): response_dict[key] = value if int(response['code'])==0: print("dk success", file=open(FileLog, 'a')) msg_dict={ 'message':"打卡成功", "time":str(datetime.datetime.now().strftime("%Y-%m-%d, %H:%M:%S")) } else: msg_dict = { 'message': "打卡失败", "time": str(datetime.datetime.now().strftime("%Y-%m-%d, %H:%M:%S")) } # {'code': -10, 'message': '未登录'} # {'code': 0} def start(self): self.login() self.get_student_data() self.dk() if __name__ == '__main__': username="you_wzxy_username" passwd="you_wzxy_passwd" wxzy=WZXY_Fuck(username,passwd) wxzy.start() 版本2 加入阿里云短信通知
import datetime import json import os import random import requests from aliyunsdkcore.client import AcsClient from aliyunsdkcore.request import CommonRequest FileLog=os.path.basename(__file__).replace('.py','.log') class WZXY_Fuck(object): def __init__(self,username,passwd): self.username=username self.passwd=passwd self.JWSESSION='' def get_student_data(self): student_info_url="https://gw.wozaixiaoyuan.com/basicinfo/mobile/my/index" student_info_headers={ 'method':'POST', 'scheme':'https', 'path':'/basicinfo/mobile/my/index', 'authority':'gw.wozaixiaoyuan.com', 'content-type':'application/json;charset=UTF-8', 'accept':'application/json, text/plain, */*', 'accept-encoding':'gzip, deflate, br', 'accept-language':'zh-CN,zh-Hans;q=0.9', 'origin':'https://gw.wozaixiaoyuan.com', 'user-agent':'Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.18(0x) NetType/WIFI Language/zh_CN miniProgram/wxce6d08fd91', 'referer':'https://gw.wozaixiaoyuan.com/h5/mobile/basicinfo/index/home/my', 'cookie':'JWSESSION={}'.format(self.JWSESSION), } student_info_response=requests.post(student_info_url,headers=student_info_headers) print(student_info_response.text, file=open(FileLog, 'a')) def login(self): login_headers={ 'user-agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.18(0x) NetType/WIFI Language/zh_CN miniProgram/wxce6d08fd91', } login_url = 'https://gw.wozaixiaoyuan.com/basicinfo/mobile/login/username' login_params={ "username": self.username, 'password': self.passwd, # phoneInfo 手机信息 可要可不要 "phoneInfo":'3____iphone%3B+cpu+iphone+os+15_3+like+mac+os+x' } response = requests.get(login_url, params=login_params, headers=login_headers) status_code=int(response.status_code) if status_code!=200 : raise "request login error" self.JWSESSION=str(response.cookies.get('JWSESSION')).strip() print("JWSESSION is ",self.JWSESSION, file=open(FileLog, 'a')) def dk(self): c_number = ['36.4', '36.5', '36.6', '36.7'] answers = '["0","1","{}"]'.format(random.choice(c_number)) dk_headers = { 'Host': 'student.wozaixiaoyuan.com', 'Connection': 'keep-alive', 'charset': 'utf-8', # 'token': json_data['wzxy_token'], 'content-type': 'application/x-www-form-urlencoded', 'user-agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/8.0.18(0x) NetType/WIFI Language/zh_CN miniProgram/wxce6d08fd91', 'Accept-Encoding': 'gzip,compress,br,deflate', 'Referer': 'https://servicewechat.com/wxce6d08f781975d91/130/page-frame.html', 'Content-Length': '312', "JWSESSION": self.JWSESSION } home_data = { 'answers': answers, 'latitude': 'xxx', 'longitude': 'xxxx', 'country': '中国', 'city': 'xxx市', 'district': 'xx县', 'province': 'xxx省', 'township': 'xxx镇', 'street': 'xx街', 'areacode': '', } school_data={ 'answers': answers, 'latitude': '34.', 'longitude': '108.90548', 'country': '中国', "city": "西安市", "district": "长安区", "province": "陕西省", "township": "韦曲街道", "street": "西长安街", 'areacode': '', } url = 'https://student.wozaixiaoyuan.com/health/save.json' response = requests.post(url, data=home_data, headers=dk_headers).json() response_dict = { } for key, value in response.items(): response_dict[key] = value if int(response['code'])==0: print("dk success", file=open(FileLog, 'a')) msg_dict={ 'message':"打卡成功", "time":str(datetime.datetime.now().strftime("%Y-%m-%d, %H:%M:%S")) } else: msg_dict = { 'message': "打卡失败", "time": str(datetime.datetime.now().strftime("%Y-%m-%d, %H:%M:%S")) } client = AcsClient('xxxx', 'xxxx', 'cn-hangzhou') request = CommonRequest() request.set_accept_format('json') request.set_domain('dysmsapi.aliyuncs.com') request.set_method('POST') request.set_protocol_type('https') # https | http request.set_version('2017-05-25') request.set_action_name('SendSms') request.add_query_param('RegionId', "cn-hangzhou") request.add_query_param('PhoneNumbers', "you phone number") request.add_query_param('SignName', "我在校园ABC") request.add_query_param('TemplateCode', "SMS_") request.add_query_param('TemplateParam', json.dumps({ "code": msg_dict})) response = client.do_action(request) print(str(response, encoding='utf-8'), file=open(FileLog, 'a')) # {'code': -10, 'message': '未登录'} # {'code': 0} def start(self): self.login() self.get_student_data() self.dk() if __name__ == '__main__': username="xxxxxxxxxxxxx" passwd="xxxxxx" wxzy=WZXY_Fuck(username,passwd) wxzy.start() pip install requests 写一个定时脚本放在crontab 里
wzxy.sh
python wxzy.py 加入crontab -e
代码放在gitee 上了 自己部署
https://github.com/betteryjs/WZXY
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请联系我们举报,一经查实,本站将立刻删除。
发布者:全栈程序员-站长,转载请注明出处:https://javaforall.net/203487.html原文链接:https://javaforall.net
