python微信小程序报平安
python微信小程序报平安
疫情过后,公司开始使用微信小程序进行报平安。老婆是正式工,所以生孩子的时候都需要微信打卡,孩子出生到现在已经一年多了,一直都挺忙的。前几天公司开始狠抓没打卡的,老婆有一天由于工作忙碌,忘记打卡被扣了钱。我笑她上个班没赚到钱,还被扣了孩子的奶粉钱。 这个完全不能忍,于是沉下心来,在上个周末趁宝宝睡觉的时间,研究了一下自动微信报平安。
思路:
- 小欧报平安只能微信客户端打开,手机和电脑上都可以,但是必须得微信客户端,否者会报“请在微信客户端打开链接”,所以浏览器得模拟微信客户端
- 不知道服务器端有没有cookie认证
- 在考虑以前游戏的“按键精灵”的方案和“网页自动提交”的方案中做选择
- 报平安的网址复制出来是HTTPS开头的,更加确定需要抓包
工具:
- Fiddler(PC端)
- 安卓手机
- python
- VPS(最好有台云服务器,否则需要一台24小时开机并联网的PC)
抉择:
首先选择了网页自动提交数据的方案,这种方案感觉更符合现在的情况,也对设备的依赖更少。除了需要cookie会麻烦一些外。
实操:
一、抓包
PC端下载Fiddler Everywhere
Fiddler配置如下:
HTTPS
Connections
Fiddler listens on port*
8866手机端设置代理
- 代理设置成PC端IP:8866
- 打开手机浏览器“http://pc端IP:8866”,下载fiddler certificate文件。
- 安装下载的CA证书(fiddler certificate文件),IOS和Android机型都不一样,具体可以百度一下。#简单的意思就是安装CA证书,让手机新任PC端fiddler代理,PC端代理才能抓包手机的HTTPS协议的内容。
- 手机正常操作“小欧报平安”
PC端fiddler抓包数据分析
找到一个“GET”和两个“POST”请求(GET是一次请求提交,POST是先请求再提交)
GET请求如下: https://网址.com/wxappadmin/supermanweb/reportSafeUser/queryReportSafeUserByUserName/%E5(姓名的urlencode编码)8F%AF 得到Headers:
host:网址.com user-agent:Mozilla/5.0 (Linux; Android 11; Redmi K30 Pro Zoom Edition Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/86.0.4240.99 XWEB/3195 MMWEBSDK/20220204 Mobile Safari/537.36 MMWEBID/2567 MicroMessenger/8.0.20.2100(0x28001439) Process/toolsmp WeChat/arm64 Weixin NetType/WIFI Language/zh_CN ABI/arm64 #可以看出来手机型号,微信浏览器版本,WIFI的方式 accept:*/* origin:https://网址.com x-requested-with:com.tencent.mm sec-fetch-site:same-site sec-fetch-mode:cors sec-fetch-dest:empty referer:https://跳转到此的网址/safety/index.html #小欧报平安选择“报平安”或“打卡”的那个页面 accept-encoding:gzip, deflate accept-language:zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Content-Type:application/x-www-form-urlencoded得到response(json格式)
{ "status": "000", "message": "success", "data": [ { "id": XXXX, "orgCode": "XXXX", "orgName": "XXXXXXX有限公司", "userCode": "XXXXX7", "userName": "刘X", "phone": "1XXXXXXX24", "isXl": "0", "station": "XX", "sex": "0", "idCard": "XXXXXXXXXXX", "householdAddress": "XX市XX区", "workAddress": "XX省XX市", "simpleDrom": "", "floorNumber": "" } ] }经多次抓包信息发现上面的GET请求是在输入姓名的时候,服务器返回的信息。感觉没有什么用,倒是泄露了个人信息,真心不敢恭维欧冶的开发(不过更有信心了,其一,程序开发人员不负责,程序肯定不复杂;其二,headers请求头里面没有cookie,证明请求头可以永远有效) 看完GET再来看我们的重点POST
POST请求(只看其中一个有response的) POST https://网址.com/wxappadmin/supermanweb/reportSafe/addReportSafe HTTP/2
host: 网址.com content-length: 432 user-agent: Mozilla/5.0 (Linux; Android 11; Redmi K30 Pro Zoom Edition Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/86.0.4240.99 XWEB/3195 MMWEBSDK/20220204 Mobile Safari/537.36 MMWEBID/2567 MicroMessenger/8.0.20.2100(0x28001439) Process/toolsmp WeChat/arm64 Weixin NetType/WIFI Language/zh_CN ABI/arm64 content-type: application/json accept: */* origin: https://网址.com x-requested-with: com.tencent.mm sec-fetch-site: same-site sec-fetch-mode: cors sec-fetch-dest: empty referer: https://网址.com/safety/index.html accept-encoding: gzip, deflate accept-language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7response如下:
{"companyCode":"XXXX","companyName":"XXXX有限公司","healthStatus":1,"isGoHubei":"","openid":"oQP1XXXXXX8LdL2NXXXX7H-XXXk","phone":"1XXXXXXXXXX","isTouch":0,"remark":"","strokeArea":"","userName":"刘X","address":"XX省/XX市","createDate":"","userCode":"XXXXXX","workStatus":5,"goOutWork":"","conditionDesc":"","liveAddress":"XX市XX区XX小区","isParking":0,"returnWorkPlaceDate":""}
这个POST的内容就是我们报平安每次填写的内容,这就是我们需要请求的POST,经过多次测试,发现只需要改名字、工号、电话、常驻地、定位地址再提交请求就可以打卡。至此抓包完成!
二、利用python模拟报平安
安装python模块
pip install requests
pip install json新建ouyeelpeaceful.py如下:
import requests
import json
#POST小欧报平安信息
url = 'https://网址.com/wxappadmin/supermanweb/reportSafe/addReportSafe'
headers = {
'host': '网址.com',
'user-agent': 'Mozilla/5.0 (Linux; Android 11; Redmi K30 Pro Zoom Edition Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/86.0.4240.99 XWEB/3195 MMWEBSDK/20220204 Mobile Safari/537.36 MMWEBID/2567 MicroMessenger/8.0.20.2100(0x28001439) Process/toolsmp WeChat/arm64 Weixin NetType/WIFI Language/zh_CN ABI/arm64',
'content-type': 'application/json',
'accept': '*/*',
'origin': 'https://网址.com',
'x-requested-with': 'com.tencent.mm',
'sec-fetch-site': 'same-site',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
'referer': 'https://网址.com/safety/index.html',
'accept-encoding': 'gzip, deflate',
'accept-language': 'zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7'
}
post_data = {
"companyCode": "XXXX",
"companyName": "XXXXX公司",
"healthStatus": 1,
"isGoHubei": "",
"openid": "oQXXXXX8LdLXXNSXXXX0XXXk",
"phone": "1XXXXXXXXXX",
"isTouch": 0,
"remark": "",
"strokeArea": "",
"userName": "刘X",
"address": "XX省/XX市",
"createDate": "",
"userCode": "XXXXXX",
"workStatus": 0,
"goOutWork": "",
"conditionDesc": "",
"liveAddress": "XX市XX区XX路",
"isParking": 0,
"returnWorkPlaceDate": ""
}
info = post_data
r = requests.post(url, headers=headers,data=json.dumps(post_data))
j = r.text
jg = json.loads(j)
if jg['status'] == "000":
print(jg['status'],"您已经成功报平安!")
elif jg['status'] == "999":
print(jg['status'],jg['message'])
else:
print("网络连接错误!")运行python程序
python ouyeelpeaceful.py
成功!
三、自动报平安——定时执行python任务
因为本人有VPS(云服务器),装的Linux系统,所以上传ouyeelpeaceful.py到VPS上使用cron制定定时任务。
上传本地文件到云
scp /local/ouyeelpeaceful.py -p 22 [email protected]:/opt/python
云操作
安装python(略)、安装依赖模块(上面的pip install xxxxxxx)
设置定时任务
crontab -e命令进入编辑,追加如下:24 8 * * * python /opt/python/ouyeelpeaceful.py保存,system出台了reload crond重新载入定时器配置 自动设置报平安完成!