2. 科技
    3. 易班APP健康状态自动打卡

    易班APP健康状态自动打卡

    科技2024-05-08  115

    前言

    为了巩固xss漏洞的知识点,所以就刷xss挑战。期间自然有卡住的时候,而遇到难题卡住加上思考就是最好的学习方式,当快出来的时候,突然舍友突然微信叫我易班签到,我心态都炸了,整个思路都乱了,签完到发现到那一步了都不知道,所以像我这种健康的学生就想着有没有一个可以自动签到的软件呢。找了半天发现没有,但找到了一篇文章,是looyeagee大佬写的。因为都是接触的是web方面的,但主要是pc端的,对安卓不是很了解,看到大佬文章出现的链接突然反应过来,都是http协议,那不都效果一样吗?就着手准备进行学习一波,我可没想着用呀!只是学习!

    这个只适合江门职业技术学院,而且国庆后可能没有定位,需要重新抓包修改 注意:这个脚本是可以读到创建的所有程序,通过修改可以提交几天后的任务都可以,但前提是发布人有创建这个任务(有些任务是到点才显示出来,只有通过读取数据才能发现)

    由于11月11日易班改了api的链接方式,需要加密才能获取access_token所以对代码进行修改,只对原代码进行修改,需要将encrypto.py放到和yiban.py同一目录下,如果安装crypto库报错请参考crypto这篇文章

    原代码

    encrypto.py

    from Crypto.PublicKey import RSA from Crypto.Cipher import PKCS1_v1_5 import base64 from urllib import parse PUBLIC_KEY = '''-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxbzZk3gEsbSe7A95iCIk 59Kvhs1fHKE6zRUfOUyTaKd6Rzgh9TB/jAK2ZN7rHzZExMM9kw6lVwmlV0VabSmO YL9OOHDCiEjOlsfinlZpMZ4VHg8gkFoOeO4GvaBs7+YjG51Am6DKuJWMG9l1pAge 96Uhx8xWuDQweIkjWFADcGLpDJJtjTcrh4fy8toE0/0zJMmg8S4RM/ub0q59+VhM zBYAfPmCr6YnEZf0QervDcjItr5pTNlkLK9E09HdKI4ynHy7D9lgLTeVmrITdq++ mCbgsF/z5Rgzpa/tCgIQTFD+EPPB4oXlaOg6yFceu0XUQEaU0DvAlJ7Zn+VwPkkq JEoGudklNePHcK+eLRLHcjd9MPgU6NP31dEi/QSCA7lbcU91F3gyoBpSsp5m7bf5 //OBadjWJDvl2KML7NMQZUr7YXqUQW9AvoNFrH4edn8d5jY5WAxWsCPQlOqNdybM vKF2jhjIE1fTWOzK+AvvFyNhxer5bWGU4S5LTr7QNXnvbngXCdkQfrcSn/ydQXP0 vXfjf3NhpluFXqWe5qUFKXvjY6+PdrE/lvTmX4DdvUIu9NDa2JU9mhwAPPR1yjjp 4IhgYOTQL69ZQcvy0Ssa6S25Xi3xx2XXbdx8svYcQfHDBF1daK9vca+YRX/DzXxl 1S4uGt+FUWSwuFdZ122ZCZ0CAwEAAQ== -----END PUBLIC KEY----- ''' def encrypt_passwd(pwd): cipher = PKCS1_v1_5.new(RSA.importKey(PUBLIC_KEY)) cipher_text = base64.b64encode(cipher.encrypt(bytes(pwd, encoding="utf8"))) return parse.quote(cipher_text.decode("utf-8"))

    yiban.py

    import re import time import requests import json import os import urllib from encrypto import encrypt_passwd def get_user(): account = [] passwd = [] state = 0 name_file = 'data/username.txt'; pass_file = 'data/password.txt'; try: f = open(name_file, mode='r'); lines = f.readlines(); for line in lines: conn = line.strip('\n'); account.append(conn); f.close(); except: state = 1; try: f = open(pass_file, mode='r'); lines = f.readlines(); for line in lines: conn = line.strip('\n'); passwd.append(encrypt_passwd(conn)); f.close(); except: state = 1; return account, passwd, state; def get_time_stamp(): now_time = time.localtime(time.time()); if now_time[3] == 7 or now_time[3] == 8 or now_time[3] == 9: start_time = '7:00:00'; elif now_time[3] == 11 or now_time[3] == 12 or now_time[3] == 13: start_time = '11:00:00'; elif now_time[3] >= 17 and now_time[3] <= 22: start_time = '17:30:00'; else: return 1; now_year = str(now_time[0]); now_mouth = str(now_time[1]); now_day = str(now_time[2]); fixed_time = (str(now_year + '-' + now_mouth + '-' + now_day + ' ' + start_time)); fixed_time = time.strptime(fixed_time, "%Y-%m-%d %H:%M:%S"); timestamp = int(time.mktime(fixed_time)); return timestamp; #登录页面 def login(account, passwd, csrf, csrf_cookies, header): params = { "account": account, "ct": 1, "identify": 1, "v": "4.7.12", "passwd": passwd } login_url = 'https://mobile.yiban.cn/api/v2/passport/login'; login_r = requests.get(login_url, params=params); login_json = login_r.json(); user_name = login_json['data']['user']['name']; access_token = login_json['data']['access_token']; return user_name, access_token; #二次认证 def auth(access_token, csrf, csrf_cookies, header): auth_first_url = 'http://f.yiban.cn/iapp/index?act=iapp7463&v=' + access_token + ''; auth_first_r = requests.get(auth_first_url, timeout=10, headers=header, allow_redirects=False).headers['Location']; verify_request = re.findall(r"verify_request=(.*?)&", auth_first_r)[0]; auth_second_url = 'https://api.uyiban.com/base/c/auth/yiban?verifyRequest=' + verify_request + '&CSRF=' + csrf; auth_result = requests.get(auth_second_url, timeout=10, headers=header, cookies=csrf_cookies); auth_cookie = auth_result.cookies; auth_json = auth_result.json(); return auth_cookie; ''' def get_complete_list(csrf,csrf_cookies,auth_cookie,header): complete_url = 'https://api.uyiban.com/officeTask/client/index/completedList?CSRF={}'.format(csrf); result_cookie = { 'csrf_token': csrf, 'PHPSESSID': auth_cookie['PHPSESSID'], 'cpi': auth_cookie['cpi'] } complete_r = requests.get(complete_url, timeout = 10, headers = header, cookies = result_cookie); task_num = len(complete_r.json()['data']); time = get_time_stamp(); for i in range(0, task_num): task_time = complete_r.json()['data'][i]['StartTime']; if time == task_time: task_id = complete_r.json()['data'][i]['TaskId']; get_task_detail(task_id, csrf, result_cookie, header); break; ''' #未完成的任务 def get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header): uncomplete_url = 'https://api.uyiban.com/officeTask/client/index/uncompletedList?CSRF={}'.format(csrf); result_cookie = { 'csrf_token': csrf, 'PHPSESSID': auth_cookie['PHPSESSID'], 'cpi': auth_cookie['cpi'] } uncomplete_r = requests.get(uncomplete_url, timeout=10, headers=header, cookies=result_cookie); task_num = len(uncomplete_r.json()['data']); for i in range(0, task_num): task_time = uncomplete_r.json()['data'][i]['StartTime']; time = get_time_stamp(); if time == task_time: task_id = uncomplete_r.json()['data'][i]['TaskId']; user_state = 0; return task_id, result_cookie, user_state; break; #获取表单信息 def get_task_detail(task_id, csrf, result_cookie, header): task_detail_url = 'https://api.uyiban.com/officeTask/client/index/detail?TaskId={0}&CSRF={1}'.format(task_id, csrf); task_detail_r = requests.get(task_detail_url, timeout=10, headers=header, cookies=result_cookie); task_result = task_detail_r.json(); task_wfid = task_result['data']['WFId']; return task_result, task_wfid; #提交表单 def task_submit(task_wfid, csrf, result_cookie, header, task_result): extend = {"TaskId": task_result['data']['Id'], "title": "任务信息", "content": [{"label": "任务名称", "value": task_result['data']['Title']}, {"label": "发布机构", "value": task_result['data']['PubOrgName']}, {"label": "发布人", "value": task_result['data']['PubPersonName']}]} data = {"0caddc48d709afde9cc4986b3a85155e": "36.5", "a4f42d8428d2d4ca3f4562ff86305eb0": {"name": "菜鸟驿站", "location": "113.109408,22.629419", "address": "潮连街道潮连大道6号江门职业技术学院"}} params = { 'data': json.dumps(data), 'extend': json.dumps(extend) } task_submit_url = 'https://api.uyiban.com/workFlow/c/my/apply/{0}?CSRF={1}'.format(task_wfid, csrf); task_submit_r = requests.post(task_submit_url, timeout=10, headers=header, cookies=result_cookie, data=params); #运行程序 def start(): csrf = "365a9bc7c77897e40b0c7ecdb87806d9" csrf_cookies = {"csrf_token": csrf} header = {"Origin": "https://c.uyiban.com", "User-Agent": "yiban"} get_time_stamp(); account, passwd, state = get_user(); if state == 1: print('账号或者密码文件打开有误'); exit(); if len(account) != len(passwd): print('账号和密码数量不一致'); exit(); for i in range(0, len(account)): print(account[i]); try: user_name, access_token = login(account[i], passwd[i], csrf, csrf_cookies, header); try: auth_cookie = auth(access_token, csrf, csrf_cookies, header); try: task_id, result_cookie, user_state = get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header); try: task_result, task_wfid = get_task_detail(task_id, csrf, result_cookie, header); conncet = task_submit(task_wfid, csrf, result_cookie, header, task_result); print(user_name + '完成签到'); except: print(''); except: print(user_name + '没有获取到未完成的任务'); continue; except: print(user_name + '没有获取到cookie'); continue; except: print(user_name + '账号或者密码错误'); continue; #脚本自动跑 if __name__ == '__main__': def time_sleep(n): while True: a = get_time_stamp(); now_time = time.localtime(time.time()); print( str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + ':' + str( now_time[5])); start(); if (now_time[3] >= 7 and now_time[3] <= 21): time.sleep(1800); else: time.sleep(3600); time_sleep(5);

    需要修改的地方

    登录和二次认证那块可以不修改 get_uncomplete_list获取信息后每个学校是不一样的,像我们学校有测评信息可以查看的,但有些学校是没有的,所以需要修改一下获取的信息 get_task_detail获取的是任务表单的信息,也需要修改,比如发布人、任务名字之类的。 task_submit是提交数据,这里需要提交data和extend,这两个数据是不同的,需要自己抓包来看进行修改。 最后那个自动跑的time_sleep()是我懒得好好写,让他自动提交就好了,懒得去理他几点提交了

    以下是一个大佬对作者代码完善结果

    添加了邮箱提醒,随机温度和定时启动

    import re import time import requests import json import os import urllib import smtplib from email.mime.text import MIMEText from email.utils import formataddr def get_user(): account = [] passwd = [] state = 0 name_file = 'data/username.txt'; pass_file = 'data/password.txt'; try: f = open(name_file, mode='r'); lines = f.readlines(); for line in lines: conn = line.strip('\n'); account.append(conn); f.close(); except: state = 1; try: f = open(pass_file, mode='r'); lines = f.readlines(); for line in lines: conn = line.strip('\n'); passwd.append(conn); f.close(); except: state = 1; return account,passwd,state; def get_time_stamp(): now_time = time.localtime(time.time()); if now_time[3] >=6 and now_time[3] <= 10: start_time = '7:00:00'; elif now_time[3] >=11 and now_time[3] <= 16: start_time = '11:00:00'; elif now_time[3] >= 17 and now_time[3] <= 22: start_time = '17:30:00'; else: return 1; now_year = str(now_time[0]); now_mouth = str(now_time[1]); now_day = str(now_time[2]); fixed_time = (str(now_year + '-' + now_mouth + '-' + now_day + ' ' + start_time)); fixed_time = time.strptime(fixed_time,"%Y-%m-%d %H:%M:%S"); timestamp = int(time.mktime(fixed_time)); return timestamp; def login(account,passwd,csrf,csrf_cookies,header): params = { "account": account, "ct": 1, "identify": 1, "v": "4.7.12", "passwd": passwd } login_url = 'https://mobile.yiban.cn/api/v2/passport/login'; login_r = requests.get(login_url,params = params); login_json = login_r.json(); user_name = login_json['data']['user']['name']; access_token = login_json['data']['access_token']; return user_name,access_token; def auth(access_token,csrf,csrf_cookies,header): auth_first_url = 'http://f.yiban.cn/iapp/index?act=iapp7463&v=' + access_token + ''; auth_first_r = requests.get(auth_first_url,timeout = 10,headers = header,allow_redirects = False).headers['Location']; verify_request = re.findall(r"verify_request=(.*?)&",auth_first_r)[0]; auth_second_url = 'https://api.uyiban.com/base/c/auth/yiban?verifyRequest=' + verify_request + '&CSRF=' + csrf; auth_result = requests.get(auth_second_url,timeout = 10,headers = header,cookies = csrf_cookies); auth_cookie = auth_result.cookies; auth_json = auth_result.json(); return auth_cookie; def get_uncomplete_list(csrf,csrf_cookies,auth_cookie,header): uncomplete_url = 'https://api.uyiban.com/officeTask/client/index/uncompletedList?CSRF={}'.format(csrf); result_cookie = { 'csrf_token' : csrf, 'PHPSESSID' : auth_cookie['PHPSESSID'], 'cpi' : auth_cookie['cpi'] } uncomplete_r = requests.get(uncomplete_url, timeout = 10, headers = header, cookies = result_cookie); task_num = len(uncomplete_r.json()['data']); for i in range(0,task_num): task_time = uncomplete_r.json()['data'][i]['StartTime']; time = get_time_stamp(); if time == task_time: task_id = uncomplete_r.json()['data'][i]['TaskId']; user_state = 0; return task_id,result_cookie,user_state; break; def get_task_detail(task_id,csrf,result_cookie,header): task_detail_url = 'https://api.uyiban.com/officeTask/client/index/detail?TaskId={0}&CSRF={1}'.format(task_id,csrf); task_detail_r = requests.get(task_detail_url, timeout = 10, headers = header, cookies = result_cookie); task_result = task_detail_r.json(); task_wfid = task_result['data']['WFId']; return task_result,task_wfid; def task_submit(task_wfid,csrf,result_cookie,header,task_result,temperature): extend={"TaskId":task_result['data']['Id'], "title":"任务信息", "content":[{"label":"任务名称","value":task_result['data']['Title']}, {"label":"发布机构","value":task_result['data']['PubOrgName']}, {"label":"发布人","value":task_result['data']['PubPersonName']}]} data = {"0caddc48d709afde9cc4986b3a85155e":temperature, "a4f42d8428d2d4ca3f4562ff86305eb0":{"name":"菜鸟驿站", "location":"113.109408,22.629419", "address":"潮连街道潮连大道6号江门职业技术学院"}} params = { 'data' : json.dumps(data), 'extend' : json.dumps(extend) } task_submit_url = 'https://api.uyiban.com/workFlow/c/my/apply/{0}?CSRF={1}'.format(task_wfid,csrf); task_submit_r = requests.post(task_submit_url, timeout = 10, headers = header, cookies = result_cookie,data = params); def start(log): csrf = "365a9bc7c77897e40b0c7ecdb87806d9" csrf_cookies = {"csrf_token": csrf} header = {"Origin": "https://c.uyiban.com", "User-Agent": "yiban"} get_time_stamp(); account, passwd, state = get_user(); if state == 1: print('账号或者密码文件打开有误'); exit(); if len(account) != len(passwd): print('账号和密码数量不一致'); exit(); a = get_time_stamp(); for i in range(0, len(account)): now_time = time.localtime(time.time()); temperature = '36.' + str((now_time[5]%10)//2+4) print(account[i]); print(account[i] , file=log); try: user_name, access_token = login(account[i], passwd[i], csrf, csrf_cookies, header); try: auth_cookie = auth(access_token, csrf, csrf_cookies, header); try: task_id, result_cookie, user_state = get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header); try: task_result, task_wfid = get_task_detail(task_id, csrf, result_cookie, header); conncet = task_submit(task_wfid, csrf, result_cookie, header, task_result,temperature); print(user_name + '完成签到,随机温度为:'+ temperature + '。本程序于' + str(now_time[5]%10) + '秒后继续运行!'); print(user_name + '完成签到,随机温度为:'+ temperature + '。本程序于' + str(now_time[5]%10) + '秒后继续运行!' , file=log); except: print(''); except: print(user_name + '没有获取到未完成的任务'); print(user_name + '没有获取到未完成的任务' , file=log); continue; except: print(user_name + '没有获取到cookie'); print(user_name + '没有获取到cookie' , file=log); continue; except: print(user_name + '账号或者密码错误'); print(user_name + '账号或者密码错误' , file=log); continue; time.sleep(now_time[5]%10) def email(now_time): log = open('log/' + str(now_time[0]) + '.' + str(now_time[1]) + '.' + str(now_time[2]) + '-' + str(now_time[3]) + '.' + str(now_time[4]) + '.txt','r') my_sender='123456789@qq.com' # 发件人邮箱账号 my_pass = '123456789' # 发件人邮箱密码(当时申请smtp给的口令) my_user='123456789@qq.com' # 收件人邮箱账号,我这边发送给自己 def mail(): ret=True try: msg=MIMEText(log.read(),'plain','utf-8') msg['From']=formataddr(["Hogan",my_sender]) # 括号里的对应发件人邮箱昵称、发件人邮箱账号 msg['To']=formataddr(["易班自动签到提醒",my_user]) # 括号里的对应收件人邮箱昵称、收件人邮箱账号 msg['Subject']="已经完成"+ str(now_time[0]) + '-' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + "点的签到任务" # 邮件的主题,也可以说是标题 server=smtplib.SMTP_SSL("smtp.qq.com", 465) # 发件人邮箱中的SMTP服务器,端口是465 server.login(my_sender, my_pass) # 括号中对应的是发件人邮箱账号、邮箱密码 server.sendmail(my_sender,[my_user,],msg.as_string()) # 括号中对应的是发件人邮箱账号、收件人邮箱账号、发送邮件 server.quit()# 关闭连接 except Exception:# 如果 try 中的语句没有执行,则会执行下面的 ret=False ret=False return ret ret=mail() if ret: print("邮件发送成功") else: print("邮件发送失败") log.close() if __name__ == '__main__': while True: now_time = time.localtime(time.time()); if (now_time[3] == 7 or now_time[3] == 12 or now_time[3] == 18): log = open('log/' + str(now_time[0]) + '.' + str(now_time[1]) + '.' + str(now_time[2]) + '-' + str(now_time[3]) + '.' + str(now_time[4]) + '.txt','w') print('---------------------------------------------------'); print('目前时间:' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + '。签到开始!!!') print('目前时间:' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + '。签到开始!!!' , file=log) start(log); log.close() print('---------------------------------------------------'); email(now_time); print('---------------------------------------------------'); print('已经完成'+ str(now_time[3]) + '点的签到任务,本程序于1小时后重新检测。') print('---------------------------------------------------'); time.sleep(6000); else: print('目前时间:' + str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + '。不在签到时间!本程序于10分钟后重新检测。') time.sleep(600);
    Processed: 0.011, SQL: 8