前情回顾
【web逆向】某省开放大学登陆接口(上)
https://www.52pojie.cn/thread-1903660-1-1.html
(出处: 吾爱破解论坛)
获取学生课程
# 获取当前正在学习的课程
def getCurrentCourseListByStudent():
headers = {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Origin': 'http://xuexi.jsou.cn',
'Referer': 'http://xuexi.jsou.cn/jxpt-web/student/homework/study',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
}
response = requests.post(
'http://xuexi.jsou.cn/jxpt-web/student/courseuser/getCurrentCourseListByStudent',
headers=headers,
verify=False,
)
return response.json()["body"]
获取课程的学习任务
# 获取课程的学习任务,传入课程的id
def getAllActivity(courseVersionId):
headers = {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Referer': 'http://xuexi.jsou.cn/jxpt-web/student/courseuser/courseContent?courseVersionId=9b041272444d49d0a33936ef430e51b9&subpage=contents',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
}
response = requests.get(
f'http://xuexi.jsou.cn/jxpt-web/student/course/getAllActivity/{courseVersionId}',
headers=headers,
verify=False,
)
AllActivity = response.json()['body']
# 文档
AllActivitys3 = []
# 视频
AllActivitys2 = []
# 过程性考核作业
AllActivitys4 = []
# 讨论
AllActivitys6 = []
for i in AllActivity:
if i.get("activitys"):
for k in i["activitys"]:
#根据type类型存数据
if k["type"] == "3":
AllActivitys3.append(
(k["activityName"], k["activityId"], k["unitId"],
k["relationId"]))
if k["type"] == "6":
AllActivitys6.append(
(k["activityName"], k["activityId"], k["unitId"],
k["relationId"], k["hasForumPost"]))
if k["type"] == "2":
AllActivitys2.append(
(k["activityName"], k["activityId"], k["unitId"],
k["relationId"], k["length"], k["hasViewVideo"]))
if k["type"] == "4":
AllActivitys4.append(
(k["activityName"], k["activityId"], k["unitId"],
k["relationId"]))
return AllActivitys2, AllActivitys3, AllActivitys4, AllActivitys6
看文档
# 看文档,传入courseVersionId,activityId,token。token参数的获取请往下看
def heartbeat(courseVersionId, activityId, token):
headers = {
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
'Origin': 'http://xuexi.jsou.cn',
'Referer': f'http://xuexi.jsou.cn/jxpt-web/student/activity/display?courseVersionId={courseVersionId}&activityId={activityId}',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
}
data = {
'playStatus': 'false',
'isResourcePage': 'true',
'courseVersionId': courseVersionId,
'activityId': activityId,
'type': '1',
'isStuLearningRecord': '2',
'token': token,
}
response = requests.post(
'http://xuexi.jsou.cn/jxpt-web/common/learningBehavior/heartbeat',
headers=headers,
data=data,
verify=False,
)
print(headers["Referer"] + "观看文档+30s" + response.json()["code"])
看视频
# 看视频。传入courseVersionId,activityId,timePoint。token参数的获取请往下看
def heartbeatvid(courseVersionId, activityId, token, timePoint):
headers = {
'Accept': '*/*',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
'Origin': 'http://xuexi.jsou.cn',
'Referer': f'http://xuexi.jsou.cn/jxpt-web/student/activity/display?courseVersionId={courseVersionId}&activityId={activityId}',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
}
data = {
'playStatus': 'true',
'isResourcePage': 'true',
'courseVersionId': courseVersionId,
'activityId': activityId,
'type': '2',
'isStuLearningRecord': '2',
'token': token,
'timePoint': timePoint,
}
response = requests.post(
'http://xuexi.jsou.cn/jxpt-web/common/learningBehavior/heartbeat',
headers=headers,
data=data,
verify=False,
)
print(headers["Referer"] + f"观看视频+{timePoint}" + response.json()["code"])
评论
# 获取第一个人的评论,传入relationId,courseVersionId
def getSpecifyRepliesForumDiscussion(relationId, courseVersionId):
headers = {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Referer': 'http://xuexi.jsou.cn/jxpt-web/student/forumdiscussion/title?forumDiscussionId=2c50a85243984e0a83b1bac307ef4142&courseVersionId=9b041272444d49d0a33936ef430e51b9&forumDetailFlag=1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
}
response = requests.get(
f'http://xuexi.jsou.cn/jxpt-web/student/forumdiscussion/getSpecifyRepliesForumDiscussion/{relationId}/1/0/{courseVersionId}',
headers=headers,
verify=False,
)
return response.json()["body"]["list"][0]["message"]
# 发表评论,postAttachment应该是传附件
def insertReplies(forumDiscussionId, courseVersionId, richText):
headers = {
'Accept': 'application/json, text/javascript, */*; q=0.01',
'Accept-Language': 'zh-CN,zh;q=0.9',
'Connection': 'keep-alive',
'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
'Origin': 'http://xuexi.jsou.cn',
'Referer': f'http://xuexi.jsou.cn/jxpt-web/student/forumdiscussion/title?forumDiscussionId={forumDiscussionId}&courseVersionId={courseVersionId}&forumDetailFlag=1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
'X-Requested-With': 'XMLHttpRequest',
}
params = {
'forumDiscussionId': forumDiscussionId,
'courseVersionId': courseVersionId,
}
data = {
'richText': richText,
'postAttachment': '',
'message': f'{richText}',
}
response = requests.post(
'http://xuexi.jsou.cn/jxpt-web/student/forumdiscussion/insertReplies',
params=params,
headers=headers,
data=data,
verify=False,
)
print(headers['Referer'] + "回复" + richText + response.json()["code"])
获取token
搜索token进行对比,找到创建token的js代码,打断点。
发现就是生成随机数。
//扣代码,补环境
function randomString(len) {
len = len || 32;
var $chars = 'ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678';
/****默认去掉了容易混淆的字符oOLl,9gq,Vv,Uu,I1****/
var maxPos = $chars.length;
var pwd = '';
for (i = 0; i < len; i++) {
pwd += $chars.charAt(Math.floor(Math.random() * maxPos));
}
return pwd;
}
结语
一键看视频,看文档,评论到这里就已经结束了,只要获取到对应的参数就行,剩下的就是逻辑的处理。
下一期更新作业部分,目前推断作业的答案数据在后端,不能提前看答案,会提供另外的解决思路,欢迎大家一起探讨。
有其它学习网站需要分析的也可以私信我。
发表于 2024-3-25 21:33
