前言

為了鞏固xss漏洞的知識點，所以就刷xss挑戰。期間自然有卡住的時候，而遇到難題卡住加上思考就是最好的學習方式，當快出來的時候，突然舍友突然微信叫我易班簽到，我心態都炸了，整個思路都亂了，簽完到發現到那一步了都不知道，所以像我這種健康的學生就想著有沒有一個可以自動簽到的軟體呢。找了半天發現沒有，但找到了一篇文章，是looyeagee大佬寫的。因為都是接觸的是web方面的，但主要是pc端的，對安卓不是很瞭解，看到大佬文章出現的連結突然反應過來，都是http協定，那不都效果一樣嗎？就著手準備進行學習一波，我可沒想著用呀！只是學習！

這個只適合江門職業技術學院，而且國慶後可能沒有定位，需要重新抓包修改
注意：這個指令碼是可以讀到建立的所有程式，通過修改可以提交幾天後的任務都可以，但前提是釋出人有建立這個任務（有些任務是到點才顯示出來，只有通過讀取資料才能發現）

程式碼

import re
import time
import requests
import json
import os
import urllib


def get_user():
   account = []
   passwd = []
   state = 0
   name_file = 'data/username.txt';
   pass_file = 'data/password.txt';

   try:
       f = open(name_file, mode='r');
       lines = f.readlines();
       for line in lines:
           conn = line.strip('\n');
           account.append(conn);
       f.close();
   except:
       state = 1;

   try:
       f = open(pass_file, mode='r');
       lines = f.readlines();
       for line in lines:
           conn = line.strip('\n');
           passwd.append(conn);
       f.close();
   except:
       state = 1;

   return account, passwd, state;


def get_time_stamp():
   now_time = time.localtime(time.time());

   if now_time[3] == 7 or now_time[3] == 8 or now_time[3] == 9:
       start_time = '7:00:00';
   elif now_time[3] == 11 or now_time[3] == 12 or now_time[3] == 13:
       start_time = '11:00:00';
   elif now_time[3] >= 17 and now_time[3] <= 22:
       start_time = '17:30:00';
   else:
       return 1;

   now_year = str(now_time[0]);
   now_mouth = str(now_time[1]);
   now_day = str(now_time[2]);
   fixed_time = (str(now_year + '-' + now_mouth + '-' + now_day + ' ' + start_time));
   fixed_time = time.strptime(fixed_time, "%Y-%m-%d  %H:%M:%S");
   timestamp = int(time.mktime(fixed_time));

   return timestamp;

#登入頁面
def login(account, passwd, csrf, csrf_cookies, header):
   params = {
       "account": account,
       "ct": 1,
       "identify": 1,
       "v": "4.7.12",
       "passwd": passwd
   }
   login_url = 'https://mobile.yiban.cn/api/v2/passport/login';
   login_r = requests.get(login_url, params=params);
   login_json = login_r.json();
   user_name = login_json['data']['user']['name'];
   access_token = login_json['data']['access_token'];

   return user_name, access_token;

#二次認證
def auth(access_token, csrf, csrf_cookies, header):
   auth_first_url = 'http://f.yiban.cn/iapp/index?act=iapp7463&v=' + access_token + '';
   auth_first_r = requests.get(auth_first_url, timeout=10, headers=header, allow_redirects=False).headers['Location'];
   verify_request = re.findall(r"verify_request=(.*?)&", auth_first_r)[0];

   auth_second_url = 'https://api.uyiban.com/base/c/auth/yiban?verifyRequest=' + verify_request + '&CSRF=' + csrf;
   auth_result = requests.get(auth_second_url, timeout=10, headers=header, cookies=csrf_cookies);
   auth_cookie = auth_result.cookies;
   auth_json = auth_result.json();

   return auth_cookie;


'''
def get_complete_list(csrf,csrf_cookies,auth_cookie,header):
   complete_url = 'https://api.uyiban.com/officeTask/client/index/completedList?CSRF={}'.format(csrf);

   result_cookie = {
       'csrf_token': csrf,
       'PHPSESSID': auth_cookie['PHPSESSID'],
       'cpi': auth_cookie['cpi']
   }
   complete_r = requests.get(complete_url, timeout = 10, headers = header, cookies = result_cookie);
   task_num = len(complete_r.json()['data']);
   time = get_time_stamp();

   for i in range(0, task_num):
       task_time = complete_r.json()['data'][i]['StartTime'];
       if time == task_time:
           task_id = complete_r.json()['data'][i]['TaskId'];
           get_task_detail(task_id, csrf, result_cookie, header);
           break;
'''

#未完成的任務
def get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header):
   uncomplete_url = 'https://api.uyiban.com/officeTask/client/index/uncompletedList?CSRF={}'.format(csrf);

   result_cookie = {
       'csrf_token': csrf,
       'PHPSESSID': auth_cookie['PHPSESSID'],
       'cpi': auth_cookie['cpi']
   }
   uncomplete_r = requests.get(uncomplete_url, timeout=10, headers=header, cookies=result_cookie);
   task_num = len(uncomplete_r.json()['data']);
   for i in range(0, task_num):
       task_time = uncomplete_r.json()['data'][i]['StartTime'];
       time = get_time_stamp();
       if time == task_time:
           task_id = uncomplete_r.json()['data'][i]['TaskId'];
           user_state = 0;
           return task_id, result_cookie, user_state;
           break;

#獲取表單資訊
def get_task_detail(task_id, csrf, result_cookie, header):
   task_detail_url = 'https://api.uyiban.com/officeTask/client/index/detail?TaskId={0}&CSRF={1}'.format(task_id, csrf);
   task_detail_r = requests.get(task_detail_url, timeout=10, headers=header, cookies=result_cookie);
   task_result = task_detail_r.json();
   task_wfid = task_result['data']['WFId'];
   return task_result, task_wfid;

#提交表單
def task_submit(task_wfid, csrf, result_cookie, header, task_result):
   extend = {"TaskId": task_result['data']['Id'],
             "title": "任務資訊",
             "content": [{"label": "任務名稱", "value": task_result['data']['Title']},
                         {"label": "釋出機構", "value": task_result['data']['PubOrgName']},
                         {"label": "釋出人", "value": task_result['data']['PubPersonName']}]}
   data = {"0caddc48d709afde9cc4986b3a85155e": "36.5",
           "a4f42d8428d2d4ca3f4562ff86305eb0": {"name": "菜鳥驛站",
                                                "location": "113.109408,22.629419",
                                                "address": "潮連街道潮連大道6號江門職業技術學院"}}

   params = {
       'data': json.dumps(data),
       'extend': json.dumps(extend)
   }

   task_submit_url = 'https://api.uyiban.com/workFlow/c/my/apply/{0}?CSRF={1}'.format(task_wfid, csrf);
   task_submit_r = requests.post(task_submit_url, timeout=10, headers=header, cookies=result_cookie, data=params);

#執行程式
def start():
   csrf = "365a9bc7c77897e40b0c7ecdb87806d9"
   csrf_cookies = {"csrf_token": csrf}
   header = {"Origin": "https://c.uyiban.com", "User-Agent": "yiban"}

   get_time_stamp();

   account, passwd, state = get_user();

   if state == 1:
       print('賬號或者密碼檔案開啟有誤');
       exit();

   if len(account) != len(passwd):
       print('賬號和密碼數量不一致');
       exit();

   for i in range(0, len(account)):
       print(account[i]);
       try:
           user_name, access_token = login(account[i], passwd[i], csrf, csrf_cookies, header);
           try:
               auth_cookie = auth(access_token, csrf, csrf_cookies, header);
               try:
                   task_id, result_cookie, user_state = get_uncomplete_list(csrf, csrf_cookies, auth_cookie, header);

                   try:
                       task_result, task_wfid = get_task_detail(task_id, csrf, result_cookie, header);
                       conncet = task_submit(task_wfid, csrf, result_cookie, header, task_result);
                       print(user_name + '完成簽到');
                   except:
                       print('');
               except:
                   print(user_name + '沒有獲取到未完成的任務');
                   continue;
           except:
               print(user_name + '沒有獲取到cookie');
               continue;
       except:
           print(user_name + '賬號或者密碼錯誤');
           continue;

#指令碼自動跑
if __name__ == '__main__':
   def time_sleep(n):
       while True:
           a = get_time_stamp();
           now_time = time.localtime(time.time());
           print(
               str(now_time[1]) + '-' + str(now_time[2]) + ' ' + str(now_time[3]) + ':' + str(now_time[4]) + ':' + str(
                   now_time[5]));
           start();
           if (now_time[3] >= 7 and now_time[3] <= 21):
               time.sleep(1800);
           else:
               time.sleep(3600);
   time_sleep(5);

需要修改的地方

登入和二次認證那塊可以不修改
get_uncomplete_list獲取資訊後每個學校是不一樣的，像我們學校有測評資訊可以檢視的，但有些學校是沒有的，所以需要修改一下獲取的資訊
get_task_detail獲取的是任務表單的資訊，也需要修改，比如釋出人、任務名字之類的。
task_submit是提交資料，這裡需要提交data和extend，這兩個資料是不同的，需要自己抓包來看進行修改。
最後那個自動跑的time_sleep()是我懶得好好寫，讓他自動提交就好了，懶得去理他幾點提交了