体温填报第二天

最新推荐文章于 2024-09-27 08:48:00 发布

冰糖冰

最新推荐文章于 2024-09-27 08:48:00 发布

阅读量1.3k

点赞数

本文链接：https://blog.youkuaiyun.com/weixin_42175197/article/details/107378107

版权

本文记录了一次尝试通过修改URL时间戳来提前提交体温数据的实验过程。作者针对两个不同的体温填报平台进行了实验，发现平台不仅检查提交时间戳，还校验服务器时间。实验揭示了平台在提交时会进行服务器时间校验，并且涉及到的数据包含一个编码后的JSON，包含了体温等个人信息。最后，由于无法仅通过修改时间戳实现提前提交，作者暗示可能需要采用更复杂的自动化工具如Selenium。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

第二天我有了一个想法，如果它检测的是提交的时间戳，而没有检测服务器时间的话，那我改一改时间戳接着提交，我是不是不能把未来几十天的都提交了？

抱着这个态度我去试一试。

实验目的：只修改url的时间戳能否提交成功体温

实验环境：在家同学的填报平台（0-13点填报，可以提交3次，后简称a平台），留校同学的填报平台（11-13点填报，可以提交2次，后简称b平台）

实验假设：两个平台除许可提交时间段的限制外，其余不同部分可以忽略。

实验变量：1.url里的时间戳；2.平台的许可提交时间段

实验猜想：平台会对提交时间检测。共两次检测，第一次是平台许可时间检测，第二次是提交时间本身的检测。可能的检测的手段为url时间戳校验、服务器时间校验。

实验设计：在早晨11点前，分别对a、b平台提交时间戳为当日12:30的url。在服务器时间上，a平台为许可提交时间，b平台为不未许可提交时间。

实验过程及分析：

1594873581为2020-7-16 12:26:21的时间戳

a平台

好吧，实验直接翻车。人家a平台根本就不要时间戳。哎！是我一厢情愿了……

b平台

失败了，那么显然，b平台的平台许可时间校验为服务器时间。

那我就补做一个实验，等到11点的时候再看看。

本地时间11点，把时间戳换成12:25的，敲个回车。发现根本没有提交。

好吧，看来这个实验一开始的猜想就是错的。

趁着时间的空隙，看看它的网络请求，果然，好几个时间戳，而且都是我刷新网页时刻的时间戳。蓝条里的时间戳去掉末尾三个0就是2020-07-16 10:03:01。但是这个就触及到我的知识盲区了，光看见时间戳却不会用。

提交前

提交一次后

经过前后比对发现，不出意外的话，提交的就是这一条了

我滴个乖乖，一线数据，这可是我的宝贝，赶紧复制下来。

link address ：

https://jkcj.nankai.edu.cn/healthgather/index/addGather?time=1594865588000

response：

{"code":"001","message":"Success","result":{"n":1,"nModified":1,"ok":1,"err":null,"errmsg":null,"updatedExisting":true}}

copy as fetch：

fetch("https://jkcj.nankai.edu.cn/healthgather/index/addGather?time=1594865588000", {
"headers": {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9",
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-requested-with": "XMLHttpRequest"
},
"referrer": "https://jkcj.nankai.edu.cn/mobile/register/",
"referrerPolicy": "no-referrer-when-downgrade",
"body": "data=%7B%22q1%22%3A%2236.2%22%2C%22q2%22%3A%22%E5%B1%B1%E8%A5%BF%22%2C%22q10_show%22%3A%22%E5%B1%B1%E8%A5%BF%E7%9C%81%2F%E6%99%8B%E4%B8%AD%E5%B8%82%2F%E4%BB%8B%E4%BC%91%E5%B8%82%22%2C%22q10%22%3A%22140000%2F140700%2F140781%22%2C%22q9%22%3A%22%E5%B1%B1%E8%A5%BF%E7%9C%81%E4%BB%8B%E4%BC%91%E5%B8%82%E7%BB%8F%E5%A4%A9%E5%8D%97%E8%B7%AF%E7%BB%BF%E9%83%BD%E5%90%8D%E8%8B%91%22%2C%22q4%22%3A%22N%22%2C%22q5%22%3A%22N%22%2C%22q20%22%3A%22N%22%2C%22q11%22%3A%22N%22%2C%22q12%22%3A%22N%22%2C%22q13%22%3A%22%22%2C%22q8%22%3A%22%22%7D&status=1",
"method": "POST",
"mode": "cors",
"credentials": "include"
});

显然，这个data就是url编码嘛，那么之后我就可以随意修改我想要的体温，然后进行编码

解析一下

为了方便复制和修改，来一份文本的数据格式

{"q1":"36.2","q2":"山西","q10_show":"山西省/晋中市/介休市","q10":"140000/140700/140781","q9":"山西省介休市经天南路绿都名苑","q4":"N","q5":"N","q20":"N","q11":"N","q12":"N","q13":"","q8":""}

copy as node.js fetch：

fetch("https://jkcj.nankai.edu.cn/healthgather/index/addGather?time=1594865588000", {
"headers": {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9",
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-requested-with": "XMLHttpRequest",
"cookie": "UM_distinctid=17272633d4797d-00b280a51b2d5f-1b396257-1aeaa0-17272633d48ad3; PHPSESSID=29d59nm9sbusbfd6vk0sofpbv1"
},
"referrer": "https://jkcj.nankai.edu.cn/mobile/register/",
"referrerPolicy": "no-referrer-when-downgrade",
"body": "data=%7B%22q1%22%3A%2236.2%22%2C%22q2%22%3A%22%E5%B1%B1%E8%A5%BF%22%2C%22q10_show%22%3A%22%E5%B1%B1%E8%A5%BF%E7%9C%81%2F%E6%99%8B%E4%B8%AD%E5%B8%82%2F%E4%BB%8B%E4%BC%91%E5%B8%82%22%2C%22q10%22%3A%22140000%2F140700%2F140781%22%2C%22q9%22%3A%22%E5%B1%B1%E8%A5%BF%E7%9C%81%E4%BB%8B%E4%BC%91%E5%B8%82%E7%BB%8F%E5%A4%A9%E5%8D%97%E8%B7%AF%E7%BB%BF%E9%83%BD%E5%90%8D%E8%8B%91%22%2C%22q4%22%3A%22N%22%2C%22q5%22%3A%22N%22%2C%22q20%22%3A%22N%22%2C%22q11%22%3A%22N%22%2C%22q12%22%3A%22N%22%2C%22q13%22%3A%22%22%2C%22q8%22%3A%22%22%7D&status=1",
"method": "POST",
"mode": "cors"
});

以下是文本版的header信息

General

Request URL:

https://jkcj.nankai.edu.cn/healthgather/index/addGather?time=1594865588000

Request Method:

POST

Status Code:

200

Remote Address:

[2001:250:401:d450::190]:443

Referrer Policy:

no-referrer-when-downgrade

Response Headers

access-control-allow-origin:

https://wxtest.nankai.edu.cn

cache-control:

no-store, no-cache, must-revalidate, post-check=0, pre-check=0

content-length:

120

content-type:

application/json

date:

Thu, 16 Jul 2020 02:13:08 GMT

expires:

Thu, 19 Nov 1981 08:52:00 GMT

pragma:

no-cache

server:

nginx

status:

200

x-content-type-options:

nosniff

x-frame-options:

sameorigin

Request Headers

:authority:

jkcj.nankai.edu.cn

:method:

POST

:path:

/healthgather/index/addGather?time=1594865588000

:scheme:

https

accept:

*/*

accept-encoding:

gzip, deflate, br

accept-language:

zh-CN,zh;q=0.9

content-length:

532

content-type:

application/x-www-form-urlencoded; charset=UTF-8

cookie:

UM_distinctid=17272633d4797d-00b280a51b2d5f-1b396257-1aeaa0-17272633d48ad3; PHPSESSID=29d59nm9sbusbfd6vk0sofpbv1

origin:

https://jkcj.nankai.edu.cn

referer:

https://jkcj.nankai.edu.cn/mobile/register/

sec-fetch-dest:

empty

sec-fetch-mode:

cors

sec-fetch-site:

same-origin

user-agent:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

x-requested-with:

XMLHttpRequest

Query String Parametersview sourceview URL encoded

time:

1594865588000

Form Dataview sourceview URL encoded

data:

{"q1":"36.2","q2":"山西","q10_show":"山西省/晋中市/介休市","q10":"140000/140700/140781","q9":"山西省介休市经天南路绿都名苑","q4":"N","q5":"N","q20":"N","q11":"N","q12":"N","q13":"","q8":""}

status:

1

上面是a平台的数据，b平台的我也来一份

提交前

提交后

link address：

https://jkcj.nankai.edu.cn/healthgather/Inschool/addInschoolGather?time=1594869093000

。

response：

{"code":"001","message":"Success","result":{"$id":"5f0fc565ddc1845b7c000005"}}

。

copy as fetch：

fetch("https://jkcj.nankai.edu.cn/healthgather/Inschool/addInschoolGather?time=1594869093000", {
"headers": {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9",
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-requested-with": "XMLHttpRequest"
},
"referrer": "https://jkcj.nankai.edu.cn/mobile/register/inschool.html?time=1594868840",
"referrerPolicy": "no-referrer-when-downgrade",
"body": "data=%7B%22q1%22%3A%2236.2%22%2C%22q16%22%3A%2236.2%22%2C%22q17%22%3A%2236.2%22%2C%22q2%22%3A%22%E5%A4%A9%E6%B4%A5%22%2C%22q10_show%22%3A%22%E5%A4%A9%E6%B4%A5%E5%B8%82%2F%E5%A4%A9%E6%B4%A5%E5%B8%82%2F%E6%BB%A8%E6%B5%B7%E6%96%B0%E5%8C%BA%22%2C%22q10%22%3A%22120000%2F120000%2F120116%22%2C%22q9%22%3A%22%E5%AE%BF%E8%88%8D%22%2C%22q4%22%3A%22N%22%2C%22q5%22%3A%22N%22%2C%22q20%22%3A%22N%22%2C%22q11%22%3A%22N%22%2C%22q12%22%3A%22N%22%2C%22q13%22%3A%22green%22%2C%22q18%22%3A%222%22%2C%22q19%22%3A%222%22%2C%22q8%22%3A%22%22%7D&status=1",
"method": "POST",
"mode": "cors",
"credentials": "include"
});

。

copy as Node.js fetch:

fetch("https://jkcj.nankai.edu.cn/healthgather/Inschool/addInschoolGather?time=1594869093000", {
"headers": {
"accept": "*/*",
"accept-language": "zh-CN,zh;q=0.9",
"content-type": "application/x-www-form-urlencoded; charset=UTF-8",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"x-requested-with": "XMLHttpRequest",
"cookie": "UM_distinctid=17272633d4797d-00b280a51b2d5f-1b396257-1aeaa0-17272633d48ad3; PHPSESSID=29d59nm9sbusbfd6vk0sofpbv1"
},
"referrer": "https://jkcj.nankai.edu.cn/mobile/register/inschool.html?time=1594868840",
"referrerPolicy": "no-referrer-when-downgrade",
"body": "data=%7B%22q1%22%3A%2236.2%22%2C%22q16%22%3A%2236.2%22%2C%22q17%22%3A%2236.2%22%2C%22q2%22%3A%22%E5%A4%A9%E6%B4%A5%22%2C%22q10_show%22%3A%22%E5%A4%A9%E6%B4%A5%E5%B8%82%2F%E5%A4%A9%E6%B4%A5%E5%B8%82%2F%E6%BB%A8%E6%B5%B7%E6%96%B0%E5%8C%BA%22%2C%22q10%22%3A%22120000%2F120000%2F120116%22%2C%22q9%22%3A%22%E5%AE%BF%E8%88%8D%22%2C%22q4%22%3A%22N%22%2C%22q5%22%3A%22N%22%2C%22q20%22%3A%22N%22%2C%22q11%22%3A%22N%22%2C%22q12%22%3A%22N%22%2C%22q13%22%3A%22green%22%2C%22q18%22%3A%222%22%2C%22q19%22%3A%222%22%2C%22q8%22%3A%22%22%7D&status=1",
"method": "POST",
"mode": "cors"
});

以下是文本版的header信息

Request URL:

https://jkcj.nankai.edu.cn/healthgather/Inschool/addInschoolGather?time=1594869093000

Request Method:

POST

Status Code:

200

Remote Address:

[2001:250:401:d450::190]:443

Referrer Policy:

no-referrer-when-downgrade

Response Headers

access-control-allow-origin:

https://wxtest.nankai.edu.cn

cache-control:

no-store, no-cache, must-revalidate, post-check=0, pre-check=0

content-length:

78

content-type:

application/json

date:

Thu, 16 Jul 2020 03:11:33 GMT

expires:

Thu, 19 Nov 1981 08:52:00 GMT

pragma:

no-cache

server:

nginx

status:

200

x-content-type-options:

nosniff

x-frame-options:

sameorigin

Request Headers

:authority:

jkcj.nankai.edu.cn

:method:

POST

:path:

/healthgather/Inschool/addInschoolGather?time=1594869093000

:scheme:

https

accept:

*/*

accept-encoding:

gzip, deflate, br

accept-language:

zh-CN,zh;q=0.9

content-length:

532

content-type:

application/x-www-form-urlencoded; charset=UTF-8

cookie:

UM_distinctid=17272633d4797d-00b280a51b2d5f-1b396257-1aeaa0-17272633d48ad3; PHPSESSID=29d59nm9sbusbfd6vk0sofpbv1

origin:

https://jkcj.nankai.edu.cn

referer:

https://jkcj.nankai.edu.cn/mobile/register/inschool.html?time=1594868840

sec-fetch-dest:

empty

sec-fetch-mode:

cors

sec-fetch-site:

same-origin

user-agent:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

x-requested-with:

XMLHttpRequest

Query String Parametersview sourceview URL encoded

time:

1594869093000

Form Dataview sourceview URL encoded

data:

{"q1":"36.2","q16":"36.2","q17":"36.2","q2":"天津","q10_show":"天津市/天津市/滨海新区","q10":"120000/120000/120116","q9":"宿舍","q4":"N","q5":"N","q20":"N","q11":"N","q12":"N","q13":"green","q18":"2","q19":"2","q8":""}

status:

1

下一步就该考虑怎么使用这个post请求了。

本地时间12点，用python发一下这个url试试

import requests
from requests.exceptions import RequestException
import json
headers = {
    'authority':'jkcj.nankai.edu.cn',
    'path':'/healthgather/Inschool/addInschoolGather?time=1594869093000',
    'scheme':'https',
    'accept-encoding':'gzip, deflate, br',
    'accept-language':'zh-CN,zh;q=0.9',
    'content-type':'application/x-www-form-urlencoded; charset=UTF-8',
    'cookie':'UM_distinctid=17272633d4797d-00b280a51b2d5f-1b396257-1aeaa0-17272633d48ad3; PHPSESSID=29d59nm9sbusbfd6vk0sofpbv1',
    'origin':'https://jkcj.nankai.edu.cn',
    'referer':'https://jkcj.nankai.edu.cn/mobile/register/inschool.html?time=1594875599',
    'sec-fetch-mode':'cors',
    'sec-fetch-site':'same-origin',
    'user-agent':'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36',
    'x-requested-with':'XMLHttpRequest',
}
url = 'https://jkcj.nankai.edu.cn/mobile/register/inschool.html?time=1594868840'
json = {"q1":"36.2","q16":"36.2","q17":"36.2","q2":"天津","q10_show":"天津市/天津市/滨海新区","q10":"120000/120000/120116","q9":"宿舍","q4":"N","q5":"N","q20":"N","q11":"N","q12":"N","q13":"green","q18":"2","q19":"2","q8":""}
r = requests.post(url, headers=headers,json=json)
if r.status_code == 200:
    print(r)
    print(r.content)
else:
    print(r)
    print(r.content)
    print(r.request)
    print(r.status_code)
    print(r.reason)

结果被拒绝了