精华内容
下载资源
问答
  • 通过在交互式的python解释器下,可以通过help()函数查看函数或模块的用途。 dir() 函数不带参数时,返回当前范围内的变量、方法和定义的类型列表;带参数时,返回参数的属性、方法列表 ls(),查看选项,如 ls(ARP) ...

    小技巧

    通过在交互式的python解释器下,可以通过help()函数查看函数或模块的用途。

    dir() 函数不带参数时,返回当前范围内的变量、方法和定义的类型列表;带参数时,返回参数的属性、方法列表

    ls(),查看选项,如 ls(ARP)

    安装

    python3,Ubuntu 18.04环境

    sudo apt install python3-pip
    
    pip3 install scapy

    导入

    from scapy.all import *

    构造包

    scapy通过重载'/'符号,能够一层一层的构造包,比如构造一个ARP请求包

    arpPkt = Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst="172.16.128.85")

    发送 与 接受

    send 与 sendp,都只发送,且send 只能发送三层协议,而sendp才能发送二层协议。

    send(IP())
    sendp(Ether()/IP())

    sr与srp,发送并接受,且sr不能发送二层协议,srp才能。

    两个的返回值为 响应与没收到响应元组。

    >>> ans,unans = srp(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst="172.16.85.128"),iface="vmnet8")
    Begin emission:
    Finished sending 1 packets.
    *
    Received 1 packets, got 1 answers, remaining 0 packets
    >>> type(ans)
    <class 'scapy.plist.SndRcvList'>
    
    >>> type(ans[0])
    <class 'tuple'>
    >>> ans[0]
    (<Ether  dst=FF:FF:FF:FF:FF:FF type=0x806 |<ARP  pdst=172.16.85.128 |>>, <Ether  dst=00:50:56:c0:00:08 src=00:0c:29:90:8d:a1 type=0x806 |<ARP  hwtype=0x1 ptype=0x800 hwlen=6 plen=4 op=is-at hwsrc=00:0c:29:90:8d:a1 psrc=172.16.85.128 hwdst=00:50:56:c0:00:08 pdst=172.16.85.1 |<Padding  load='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' |>>>)
    
    >>> type(ans[0][0])
    <class 'scapy.layers.l2.Ether'>
    >>> type(ans[0][1])
    <class 'scapy.layers.l2.Ether'>
    
    >>> ans[0][0].dst
    'FF:FF:FF:FF:FF:FF'
    >>> ans[0][0].src
    '00:50:56:c0:00:08'
    >>> ans[0][1].dst
    '00:50:56:c0:00:08'
    >>> ans[0][1].src
    '00:0c:29:90:8d:a1'
    
    >>> ans[0][1][1].show()
    ###[ ARP ]### 
      hwtype    = 0x1
      ptype     = 0x800
      hwlen     = 6
      plen      = 4
      op        = is-at
      hwsrc     = 00:0c:29:90:8d:a1
      psrc      = 172.16.85.128
      hwdst     = 00:50:56:c0:00:08
      pdst      = 172.16.85.1
    ###[ Padding ]### 
         load      = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
    
    >>> ans[0][1][1].psrc
    '172.16.85.128'
    

    通过以上分析,可以知道,ans为一个发送与接受的列表,其包含发送与接受的元组。元组中下标为0为发送的数据,下标为1为接受到的数据。且返回数据包中,可以通过下标提取固定的协议数据

    sr1,srp1 是 sr,srp的简化版本

    >>> ans= srp1(Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst="172.16.85.128"),iface="vmnet8")
    Begin emission:
    Finished sending 1 packets.
    *
    Received 1 packets, got 1 answers, remaining 0 packets
    >>> type(ans)
    <class 'scapy.layers.l2.Ether'>
    >>> ans.pdst
    '172.16.85.1'

    发送并只接受第一个返回的数据包.返回值为接受到的第一个数据包,没有收到数据时,返回None

    抓包

    通过sniff抓取数据包

    eg:

    >>> packets = sniff(iface="wlp58s0",count=20)
    >>> type(packets)
    <class 'scapy.plist.PacketList'>
    >>> type(packets[0])
    <class 'scapy.layers.l2.Ether'>

    局域网ARP扫描器

    #!/usr/bin/python3
    
    from scapy.all import *
    
    if __name__ == "__main__":
        netif = "vmnet8"  #net iface
        ip_prefix = "172.16.85."
        
        live_host = {}; 
    
        for i in range(1,255):
            ip_str = ip_prefix + str(i)
            print("ip:",ip_str)
            arp_req_pkt = Ether(dst="FF:FF:FF:FF:FF:FF")/ARP(pdst=ip_str)
            arp_rsp_pkt = srp1(arp_req_pkt,iface=netif,timeout=0.01)
    
            if arp_rsp_pkt != None:
                live_host[arp_rsp_pkt.psrc] = arp_rsp_pkt.hwsrc
    
        for key,value in live_host.items():
            print(key,value)
        
    

    Links

    https://scapy.readthedocs.io/en/latest/introduction.html#about-scapy

    转载于:https://www.cnblogs.com/r1ng0/p/9861521.html

    展开全文
  • 该脚本使用python通过winpcap和网卡驱动交互,从而实现抓包和跨协议栈的发包功能; 在入口函数中增加了脚本使用说明和举例! s = SNIFFER(interface)#设置待监听的网卡 s.start()#设置启动线程开始监听网卡 time....
  • Python + winpcap抓包发包

    千次阅读 2018-11-22 16:40:00
    Python的winpcapy库可以简单地实现收发Layer2层(数据链路层,以太网)数据。 winpcapy主页:https://github.com/orweis/winpcapy 安装 pip install winpcapy 发送数据 from winpcapy import ...

    winpcapy

    Python的winpcapy库可以简单地实现收发Layer2层(数据链路层,以太网)数据。

     winpcapy主页:https://github.com/orweis/winpcapy

    安装

    pip install winpcapy

    发送数据

    from winpcapy import WinPcapUtils
    # Build a packet buffer
    # This example-code is built for tutorial purposes, for actual packet crafting use modules like dpkt
    arp_request_hex_template = "%(dst_mac)s%(src_mac)s08060001080006040001" \
                               "%(sender_mac)s%(sender_ip)s%(target_mac)s%(target_ip)s" + "00" * 18
    packet = arp_request_hex_template % {
        "dst_mac": "aa"*6,
        "src_mac": "bb"*6,
        "sender_mac": "bb"*6,
        "target_mac": "cc"*6,
        # 192.168.0.1
        "sender_ip": "c0a80001",
        # 192.168.0.2
        "target_ip": "c0a80002"
    }
    # Send the packet (ethernet frame with an arp request) on the interface
    WinPcapUtils.send_packet("*Ethernet*", packet.decode("hex"))

    不过注意上面的Sample是Python2的,Python3如下:

    WinPcapUtils.send_packet("*Ethernet*", bytes.fromhex(packet)) # for Python3

    捕获数据

    from winpcapy import WinPcapUtils
    
    # Example Callback function to parse IP packets
    def packet_callback(win_pcap, param, header, pkt_data):
        # Assuming IP (for real parsing use modules like dpkt)
        ip_frame = pkt_data[14:]
        # Parse ips
        src_ip = ".".join([str(ord(b)) for b in ip_frame[0xc:0x10]])
        dst_ip = ".".join([str(ord(b)) for b in ip_frame[0x10:0x14]])
        print("%s -> %s" % (src_ip, dst_ip))
    
    WinPcapUtils.capture_on("*Ethernet*", packet_callback)

    WinPcapUtils类提供的API接口是指定网卡的设备描述(device description),一般场合是够用的。
    不过也有特别的时候,使用双口的光通信模块时,两个光纤网卡的设备描述是相同的,这时需要指定设备名称(device name)

    from winpcapy import WinPcap
    
    device_name = '\\Device\\NPF_{AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE}'
    with WinPcap(device_name) as capture:
        capture.send(bytes.fromhex('ff'*6))

     

    转载于:https://www.cnblogs.com/gamesun/p/10002012.html

    展开全文
  • python+winpcap可以实现简单的收发数据链路层的数据 实验: 发包程序:发送数据 from winpcapy import WinPcapUtils # Build a packet buffer # This example-code is built for tutorial purposes, for actual ...

    背景:环境已搭建好。python+winpcap可以实现简单的收发数据链路层的数据

    实验:

    发包程序:发送数据

    from winpcapy import WinPcapUtils
    # Build a packet buffer
    # This example-code is built for tutorial purposes, for actual packet crafting use modules like dpkt
    arp_request_hex_template = "%(dst_mac)s%(src_mac)s08060001080006040001" \
                               "%(sender_mac)s%(sender_ip)s%(target_mac)s%(target_ip)s" + "00" * 18
    packet = arp_request_hex_template % {
        "dst_mac": "aa"*6,
        "src_mac": "bb"*6,
        "sender_mac": "bb"*6,
        "target_mac": "cc"*6,
        # 192.168.43.205
        "sender_ip": "c0a80001",
        # 192.168.43.205
        "target_ip": "c0a80002"
    }
    # Send the packet (ethernet frame with an arp request) on the interface
    WinPcapUtils.send_packet("*Ethernet*", bytes.fromhex(packet)) # for Python3
    print(packet)

    输出结果

    捕获数据:收包程序

     

     

    展开全文
  • 为什么要这么玩呢,因为很久之前(非本次),某网站的长达几个小时的视频,通过python伪造请求,可以做到10s看完,非常有意思 这个网站的视频逻辑是不断发包请求 但是每个的请求的视频点,不得超过太长时间,...

    今天开心的玩游戏,突然发来通知,增加了一门课程,打开一看,噢,原来是雨课堂

    其实,本来通过多开挂机的方式,完成了大部分的课程了,但是,还是想探究一下,这个原理,于是乎,留了几节课,用来实验。

     

    为什么要这么玩呢,因为很久之前(非本次),某网站的长达几个小时的视频,通过python伪造请求,可以做到10s看完,非常有意思

    这个网站的视频逻辑是不断发包请求

    但是每个包的请求的视频点,不得超过太长时间,否则失效。以下为破解代码

    import requests
    import random
    import time
    import math
    courseId = "****"
    videoId = "****"
    longtime = 1000
    viewUUID = "****"
    cs = {
            "_fecdn_":"1",
            "gr_user_id":"****",
            "****_gr_session_id":"****",
            "grwng_uid":"****",
            "****":"true",
            "UniqueKey":"****",
            "lebanban_auth":"****",
            "fb_auth":"****",
            "****_gr_last_sent_sid_with_cs1":"****",
            "****_gr_last_sent_cs1":"****",
            "****_gr_cs1":"****",
            "JSESSIONID":"****"
        }
    hs = {
            "Host":"www.****.com",
            "Connection":"keep-alive",
            "Accept":"application/json, text/javascript, */*; q=0.01",
            "X-Requested-With":"XMLHttpRequest",
            "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4139.0 Safari/537.36 Edg/84.0.516.1",
            "Content-Type":"application/x-www-form-urlencoded",
            "Origin":"https://www.****.com",
            "Sec-Fetch-Site":"same-origin",
            "Sec-Fetch-Mode":"cors",
            "Sec-Fetch-Dest":"empty",
            "Referer":"https://www.****.com/course/introduction/"+courseId+".shtml",
            "Accept-Encoding":"gzip, deflate, br",
            "Accept-Language":"zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
        }
    
    monitor = {
        "courseId":courseId,
        "videoId" : videoId,
        "resourceType":"0",
        "currentSec":0,
        "viewUUID":viewUUID,
        "bufferTime":0
        }
    
    end = math.floor(longtime * 60)
    for c in range(1,end+5,5):
        tranceId = (str(time.time()*1000)[:13]+str(random.randint(10,99)))[-11:];
        monitor["currentSec"] = c
        monitor["bufferTime"] = random.randint(1,99)
        url = "https://www.****.com/learn/common/playstatistics.json?traceId=" + tranceId
        rsp = requests.post(url,headers=hs,cookies=cs,params=monitor)
        print(rsp.text)
    
    

    回归正题,一起来了解一下雨课堂的情况。

    反手就是打开 fiddler,点开课程抓包看看情况。

    (远不止这些包)

    每次请求,和得到的回包,都用notepad++记录一下,以便于之后,通过请求获取具体的课堂信息等

    除了分析了300多行,想了解一下,每个包的目的等。

    首先,我先教大家使用notepad++里面,好用的js和json的格式自动排版工具

    JSTool和JSON Viewer。。。。。JSON Viewer可以一键将json格式化

    至于JSTool,好羞愧啊,刚开始,有些参数没有弄明白,我直接去后台扒JS看了,emmmmmm,乱七八糟的(混淆了),放弃了。

     

    接下来,我将具体说明每个请求和每个包的作用(*为手动马赛克)

    先放上感觉没有用的包。

    #获取学校信息(暂时没啥作用,因为返回来的包,没什么有价值的东西)
    GET https://****.yuketang.cn/edu_admin/get_custom_university_info/?current=1 
    
    GET https://****.yuketang.cn/edu_admin/get_custom_university_info/?host_name=****.yuketang.cn&no_loading=true&term=latest&uv_id=0000
    
    #导出列表(暂时没用)
    GET https://****.yuketang.cn/edu_admin/display_data_dashboard/export_list/?no_loading=true&page_size=10&page=1
    #回包
    {"msg": "", "data": {"exporting_count": 0, "page_size": 0, "task_list": []}, "success": true}
    

    回包含有我需要的参数的包。

    # 获取课堂信息
    GET https://****.yuketang.cn/mooc-api/v1/lms/learn/classroom_info/?classroom_id=****&sign=****&term=latest&uv_id=****
    # 回包
    {
    	"msg": "",
    	"data": {
    		"notice": false,
    		"end": 1611000000000.0, #课堂的结束时间(已随机修改)
    		"name": "***",
    		"start": 1604000000000.0,#课堂的开始时间(已随机修改)
    		"course_name": "***",
    		"is_class_end": false,
    		"teacher": {
    			"picture": "***",
    			"name": "***"
    		}
    	},
    	"success": true
    }
    # 获取该课堂的章节
    GET https://****.yuketang.cn/mooc-api/v1/lms/learn/course/chapter?cid=****&sign=****&term=latest&uv_id=**** HTTP/1.1
    
    # 部分回包
    "section_leaf_list": [{
    				"order": 0,
    				"leaf_list": [{
    					"name": "Video",
    					"is_locked": false,
    					"start_time": ****, # 开始时间
    					"chapter_id": ****, # 章节id
    					"section_id": ****, # 部分id(参数可能有用)
    					"leaf_type": 0,
    					"id": ****, #(参数可能有用)
    					"is_show": true,
    					"end_time": 0,
    					"score_deadline": 0,
    					"is_score": true,
    					"is_assessed": false,
    					"order": 0,
    					"leafinfo_id": **** #叶子id (参数可能有用)
    				}],
    				"chapter_id": ****,
    				"id": ****,
    				"name": "章节名称"
    			}

    下面这个包,几乎包含了所有的信息,大概如下

    # 通过课堂名,章节名,还有sign还有university_id,获取信息
    GET https://****.yuketang.cn/mooc-api/v1/lms/learn/leaf_info/****/****/?sign=****&term=latest&uv_id=****
    
    # 回包
    {
    	"msg": "",
    	"data": {
    		"sku_id": ****, # sku_id有用
    		"is_deleted": false,
    		"name": "Video",
    		"content_info": {
    			"status": "post",
    			"expand_discuss": false,
    			"score_evaluation": {
    				"score_proportion": {
    					"proportion": 0.5
    				},
    				"score": 1.0,
    				"id": 6,
    				"name": "****"
    			},
    			"download": [],
    			"is_score": true,
    			"is_discuss": true,
    			"remark": {
    				"remark": ""
    			},
    			"cover_desc": "",
    			"cover_thumbnail": "https://qn-next.xuetangx.com/****.jpg?imageView2/0/h/500",
    			"media": {
    				"lecturer": 0,
    				"ccid": "****",
    				"start_time": 0,
    				"cover": "https://qn-next.xuetangx.com/****.jpg",
    				"ccurl": "****",
    				"duration": 0000,
    				"end_time": 0,
    				"live_palyback_url": "",
    				"live_url": "",
    				"type": "video",
    				"teacher": []
    			},
    			"cover": "https://qn-next.xuetangx.com/****.jpg",
    			"leaf_type_id": null,
    			"context": "<!DOCTYPE html><html><head></head><body>\n</body></html>"
    		},
    		"classroom_id": "****",# classroom_id有用
    		"locked_reason": null,
    		"user_role": 3,
    		"leaf_type": 0,
    		"id": ****,
    		"has_classend": false,
    		"university_id": ****,# university_id有用
    		"be_in_force": false,
    		"score_deadline": 0,
    		"course_id": ****,# course_id有用
    		"user_id": ****,# user_id有用
    		"is_score": true,
    		"teacher": {
    			"org_name": "****",
    			"picture": "****",
    			"name": "****",
    			"department_name": "****",
    			"intro": "****",
    			"job_title": "****"
    		},
    		"is_assessed": false
    	},
    	"success": true
    }
    # 获取user基本信息
    GET https://****.yuketang.cn/edu_admin/get_user_basic_info/?term=latest&uv_id=****
    
    # 回包
    {
    	"msg": "",
    	"login_status": true,
    	"data": {
    		"school_new_name": "https://qn-next.xuetangx.com/****.png",
    		"year_terms": [
    			{
    				"year_name": "2020-2021学年",
    				"terms": [
    					{
    						"name": "第一学期",
    						"value": "202001"
    					}
    				]
    			}
    		],
    		"is_email_user": false,
    		"school_id": ****,
    		"is_assistant_teacher": false,
    		"all_year_terms": [
    			{
    				"year_name": "2020-2021学年",
    				"terms": [
    					{
    						"name": "第一学期",
    						"value": "202001"
    					}
    				]
    			}
    		],
    		"is_only_read": false,
    		"current_year_term": "202001",
    		"user_number": "****",
    		"platform_id": 3,
    		"school_color_list": [
    			"",
    			""
    		],
    		"is_fake": false,
    		"school_official_website": "http://www.tsinghua.edu.cn/publish/newthu/index.html",
    		"user_info": {
    			"user_id": ****,
    			"avatar": "****",
    			"name": "****"
    		},
    		"permissions": [],
    		"is_auditor": false,
    		"department_id": ****,
    		"school_icon": "https://qn-next.xuetangx.com/****.png",
    		"school_evaluation": false,
    		"school_name": "****",
    		"user_role": 3,
    		"is_edu_support": false,
    		"session_id": "****",
    		"department_name": "****",
    		"school_type": 1,
    		"school_new_logo": "https://qn-next.xuetangx.com/****.png"
    	},
    	"success": true
    }

    这里自动跳过了暂时无用包

    # 获取视频的观看进度
    
    GET https://****.yuketang.cn/video-log/get_video_watch_progress/?cid=****&user_id=****&classroom_id=****&video_type=video&vtype=rate&video_id=****&snapshot=1&term=latest&uv_id=****
    
    # 
    {
    	"****": {
    		"last_point": ****, # 最近的一次
    		"completed": 0,
    		"first_point": ****,
    		"video_length": ****,# 视频长度
    		"rate": ****
    	},
    	"message": null,
    	"code": 0,
    	"data": {
    		"****": {
    			"last_point": ****,
    			"completed": 0,
    			"first_point": ****,
    			"video_length": ****,
    			"rate": ****
    		}
    	}
    }
    

    这里提一下,可以利用爬虫来获取讨论区的内容并筛选

    讨论区也是学生的作业,每个人必须要评论,可以通过爬虫获取,分析,重组评论,直接发包评论(有想法,没有去实现)

    # 获取评论区
    
    GET https://****.yuketang.cn/v/discussion/v2/comment/list/****/?_date=****&term=latest&offset=0&limit=10&web=web 
    
    # 回包
    
    {
    	"msg": "",
    	"data": {
    		"good_comment_list": {
    			"count": 0,
    			"previous": null,
    			"results": [],
    			"next": null
    		},
    		"new_comment_list": {
    			"count": 64,
    			"previous": null,
    			"results": [
    				{
    					"to_user": ****,
    					"liked": 0,
    					"user_id": ****,
    					"is_essence": 0,
    					"replys": [],
    					"deleted": false,
    					"topic": ****,
    					"classroom_id": ****,
    					"ids": [
    						****,
    					],
    					"commented": 0,
    					"content": {
    						"text": "****",
    						"upload_images": []
    					},
    					"user_info": {
    						"user_id": ****,
    						"name": "****",
    						"school_number": "****",
    						"role": 5,
    						"avatar": "https://qn-next.xuetangx.com/****?imageView2/1/w/100/h/100",
    						"nickname": "****"
    					},
    					"is_top": 0,
    					"create_time": ****,
    					"score_status": 0,
    					"is_self": 0,
    					"is_praise": 0,
    					"score": 0,
    					"id": ****
    				},

    视频都在这个包,可以通过视频源地址下载(我不清楚网站有没有提供下载地址,没了解)

    # 获取某视频的URL
    https://****.yuketang.cn/api/open/audiovideo/playurl?_date=****&term=latest&video_id=****&provider=cc&file_type=1&is_single=0 
    
    
    # 回包
    !!!!大家看到wsSecret了吗,从这里可以获取,其他地方好像也可以,我记不清了
    {
    	"msg": "",
    	"data": {
    		"playurl": {
    			"sources": {
    				"quality20": [
    					"https://ws.cdn.xuetangx.com/****-20.mp4?wsSecret=****&wsTime=****"
    				], # 一个是高清的,一个是标清的,两个视频的地址
    				"quality10": [
    					"https://ws.cdn.xuetangx.com/****-10.mp4?wsSecret=****&wsTime=****"
    				]
    			},
    			"group": "chinanetcenter"
    		}
    	},
    	"success": true
    }
    #大家都知道, 字幕是另外加的,通过这个请求,可获得所有字幕
    
    https://****.yuketang.cn/mooc-api/v1/lms/service/subtitle_parse/?c_d=****&lg=0 
    # 下面是视频观看时发送的心跳包(!很重要,模拟观看用)
    {
    	"heart_data": [{
    		"i": 5,
    		"et": "loadstart",
    		"p": "web",
    		"n": "ws",
    		"lob": "cloud4",
    		"cp": 0,
    		"fp": 0,
    		"tp": 0,
    		"sp": 1,
    		"ts": "****",
    		"u": ****,
    		"uip": "",
    		"c": ****,
    		"v": ****,
    		"skuid": ****,
    		"classroomid": "****",
    		"cc": "****",
    		"d": 0,
    		"pg": "****",
    		"sq": 1,
    		"t": "video"
    	}, {
    		"i": 5,
    		"et": "seeking",
    		"p": "web",
    		"n": "ws",
    		"lob": "cloud4",
    		"cp": ****,
    		"fp": 0,
    		"tp": ****,
    		"sp": 1,
    		"ts": "****",
    		"u": ****,
    		"uip": "",
    		"c": ****,
    		"v": ****,
    		"skuid": ****,
    		"classroomid": "****",
    		"cc": "****",
    		"d": ****,
    		"pg": "****",
    		"sq": 2,
    		"t": "video"
    	}, {
    		"i": 5,
    		"et": "loadeddata",
    		"p": "web",
    		"n": "ws",
    		"lob": "cloud4",
    		"cp": ****,
    		"fp": 0,
    		"tp": ****,
    		"sp": 1,
    		"ts": "****",
    		"u": ****,
    		"uip": "",
    		"c": ****,
    		"v": ****,
    		"skuid": ****,
    		"classroomid": "****",
    		"cc": "****",
    		"d": ****,
    		"pg": "****",
    		"sq": 3,
    		"t": "video"
    	}, {
    		"i": 5,
    		"et": "playing",
    		"p": "web",
    		"n": "ws",
    		"lob": "cloud4",
    		"cp": 70,
    		"fp": 0,
    		"tp": 70,
    		"sp": 1,
    		"ts": "****",
    		"u": ****,
    		"uip": "",
    		"c": ****,
    		"v": ****,
    		"skuid": ****,
    		"classroomid": "****",
    		"cc": "****",
    		"d": ****,
    		"pg": "****",
    		"sq": 5,
    		"t": "video"
    	}, {
    		"i": 5,
    		"et": "pause",
    		"p": "web",
    		"n": "ws",
    		"lob": "cloud4",
    		"cp": ****,
    		"fp": 0,
    		"tp": 70,
    		"sp": 1,
    		"ts": "****",
    		"u": ****,
    		"uip": "",
    		"c": ****,
    		"v": ****,
    		"skuid": ****,
    		"classroomid": "****",
    		"cc": "****",
    		"d": ****,
    		"pg": "****",
    		"sq": 6,
    		"t": "video"
    	}]
    }

    还有许多包,这里就不赘述了。

    既然大概的发包情况都了解了,那么,开始写代码吧,先把全局变量安排好

    import requests
    import random
    import time
    import math
    import json
    ####################
    csrftoken     = "0"
    sessionid     = "0"
    video_id      = "0"
    classroom_id  = "0"
    sign = "0"
    university_id = "0"
    ####################
    nowDate = str(int(time.time() * 1000))     # 跳动时间
    theDate = str(int(time.time() * 1000))     # 全局时间
    course_id = "123"             # cid
    user_id = "123"               # user_id
    sku_id = ""                   # sku_id
    cc_id = ""                    # ccid
    wsSecret = ""                 # wsSecret
    ####################
    last_point = 0
    first_point = ""
    video_length = ""
    heart_beat_time = 1
    ####################

    接下来,构造请求头,cookies等json包

    headers = {
        "Host"           : "0",
        "Connection"     : "keep-alive",
        "Accept"         : "application/json, text/plain, */*",
        "X-CSRFToken"    : csrftoken,
        "xtbz"           : "cloud",
        "university-id"  : university_id,
        "User-Agent"     : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
        "Sec-Fetch-Site" : "same-origin",
        "Sec-Fetch-Mode" : "cors",
        "Sec-Fetch-Dest" : "empty",
        "Referer"        : "https://0/pro/lms/" + sign + "/" + classroom_id + "/video/" + video_id,
        "Accept-Encoding": "gzip, deflate, br",
        "Accept-Language": "zh-CN,zh;q=0.9"
    }
    heart_headers = {
        "Host": "0.yuketang.cn",
        "Connection": "keep-alive",
        "Content-Length": "881",
        "Accept": "*/*",
        "X-CSRFToken": csrftoken,
        "X-Requested-With": "XMLHttpRequest",
        "xtbz": "cloud",
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36",
        "Content-Type": "application/json",
        "Origin": "https://0.yuketang.cn",
        "Sec-Fetch-Site": "same-origin",
        "Sec-Fetch-Mode": "cors",
        "Sec-Fetch-Dest": "empty",
        "Referer": "https://0.yuketang.cn/pro/lms/" + sign + "/" + classroom_id + "/video/" + video_id,
        "Accept-Encoding": "gzip, deflate, br",
        "Accept-Language": "zh-CN,zh;q=0.9"
    }
    cookies = {
        "csrftoken"     : csrftoken,
        "sessionid"     : sessionid,
        "university_id" : university_id,
        "platform_id"   : "3"
    }
    
    get_video_watch_progress = {
        "cid"         : course_id,   
        "user_id"     : user_id,  
        "classroom_id": classroom_id,
        "video_type"  : "video",
        "vtype"       : "rate",
        "video_id"    : video_id,
        "snapshot"    : "1",
        "term"        : "latest",
        "uv_id"       : university_id
    }
    leaf_info = {
        "sign"    : sign,
        "term"    : "latest",
        "uv_id"   : university_id
    }
    heart_beat = {
    	"heart_data": [ # 自行构造,此为删减
            {
                "i": 5,
                "et": "heartbeat",
                "p": "web",
                "n": "ws",
                "lob": "cloud4",
                "cp": str(int(float(last_point))+ heart_beat_time * 5),
                "fp": 0,
                "tp": last_point,
                "sp": 1,
                "ts": nowDate,
                "u": user_id,
                "uip": "",
                "c": course_id,
                "v": video_id,
                "skuid": sku_id,
                "classroomid": classroom_id,
                "cc": cc_id,
                "d": video_length,
                "pg": "****",
                "sq": heart_beat_time,
                "t": "video"
    	    }
        ]
    }

    接下来,通过GET https://0.yuketang.cn/mooc-api/v1/lms/learn/leaf_info/这个

    def getInfor():# 获取信息
        url = "https://0.yuketang.cn/mooc-api/v1/lms/learn/leaf_info/" + classroom_id + "/" + video_id + "/"
        rsp = requests.get(url,headers = headers, cookies = cookies, params = leaf_info)
        jRes = json.loads(rsp.text)
        course_id = jRes["data"]["course_id"]
        user_id = jRes["data"]["user_id"]
        sku_id = jRes["data"]["sku_id"]
        cc_id = jRes["data"]["content_info"]["media"]["ccid"]
        print("详细信息查询" + str(course_id) + " : " + str(user_id) + " : " + str(sku_id) + " : " + str(cc_id))

    通过模拟

    def getClass():
        global heart_beat_time
        for i in range(10):
            url = "https://0.yuketang.cn/video-log/get_video_watch_progress/"
            rsp = requests.get(url,headers = headers, cookies = cookies, params = get_video_watch_progress)
            jRes = json.loads(rsp.text)
            last_point = jRes[video_id]["last_point"]
            first_point = jRes[video_id]["first_point"]
            video_length = jRes[video_id]["video_length"]
            print("第 " + str(heart_beat_time) + " 次视频进度查询" + str(last_point) + " : " + str(first_point) + " : " + str(video_length))
    
            nowDate = str(int(time.time() * 1000))     # 跳动时间
            url = "https://0.yuketang.cn/video-log/heartbeat/ "
            heart_beat["heart_data"][0]["ts"] = nowDate
            rsp = requests.post(url,headers = heart_headers, cookies = cookies, params = heart_beat)
            print("第 " + str(heart_beat_time) + " 次心脏:" + rsp.text)
            heart_beat_time += 1
            sleep(000000000000000000000000000000)

    ===============================================================

    ===============================================================

    cookies等怎么获取呢

    如果大家想了解更多这种原理等, 可以看看之前的cf活动领取器,通过抓包发包进行操作,超级方便。

    还记得逆战当初出活动(貌似是爱丽丝)翻车了,通过穷举,获取红包,白嫖了好几百块的东西,233333333

     

    展开全文
  • 正方教务系统模拟登录,爬取信息,自动抓包发包抢课 抢课需谨慎,记得看注意事项 程序仅供交流学习,请勿用作非法用途 环境需求 python环境 :Python3.5+ 程序依赖 : requests bs4 pillow lxml 使用步骤 1. release...
  • python-scapy的sniff抓包按照方向过滤

    千次阅读 2020-05-27 18:08:48
    python-scapy是一款非常好用的组包/发包/抓包工具。 但是sniffer在端口抓包的时候,会将进出的报文都抓。有时候我们只需要抓一个方向,例如入方向的报文。此时可以在原本的filter中加入方向关键字。 例如:需要只抓...
  • 2.具体流程可以抓包分析。 所有请求的参数如要搞清楚需要分析js源码。只能提示一下,一共分为三步:  第一步:get方式获取 prov_cd(地区编号);  第二步:url为动态的(传入手机号和第一步获取的prov_cd)post发送...
  • 为了我错了不少功课,对两款菜刀以及市面上3款webshell存活检测工具抓包分析 发现其中一款菜刀存在后门,3款webshell存活检测工具都存在后门 首先尝试抓包webshell存活检测 如图: 可以看到最下面是base64...
  • MAC和IP地址伪造发包

    2020-11-18 21:02:10
    思路 1.动态修改arp缓存表里的主机mac地址 2.通过scapy的sinff()方法获取本机数据包后,对包内ip进行修改。 3.自动化实现 1.修改MAC 基础操作 很简单 liunx系统下 sudo ifconfig eth0 down ...2.抓包 ...
  • python开发,调用pylibcap进行抓包 3个线程:一个负责抓包并分析内容,一个负责写日志,一个用来清除过期数据 使用tcpdump抓取的数据还需要2次分析,tcpxm可以很方便的抓取和分析tcp请求,打印成需求的日志形式...
  • python scapy模块

    2019-01-03 08:58:10
    scapy模块,python里的全能网络抓包发包,网络攻击,功能强大
  • frida实战——hook某app发包参数

    千次阅读 2018-06-10 12:01:18
    1. 抓包分析 拿到一个app,首先先进行数据包的分析 这次我们要分析的是oauth_signature这个值,一眼看上去像是经过了base64处理的,根据后面oauth_signature_method的“提示”,猜测是一个hmac-sha1加密base64对二...
  • Python中Scapy网络嗅探模块的使用

    万次阅读 多人点赞 2018-11-05 23:36:08
    抓包  将抓取到的数据包保存 查看抓取到的数据包  格式化输出 过滤抓包 Scapy scapy是python中一个可用于网络嗅探的非常强大的第三方库,可以用它来做 packet 嗅探和伪造 packet。 scapy已经在内部实现了...
  • Python2.7的scapy安装

    2017-12-18 14:21:02
    可以在Python2.7上安装scapy,亲测可用,利用scapy抓包发包分析包,完美!!!
  • 通过fiddler抓包我发现relax的打卡过程是这样的: 先发送登陆包,然后服务器会返回一个维持会话的cookie; 之后再发一个包获得当天的打卡id; 最后发打卡包。 然后使用python的requests库进行发包操作: 将账号...
  • 最基本的,你要会:* 基本计算机知识,计算机网络、操作系统等* 基本工具的使用:fiddler抓包发包,伪造请求。chrome控制台,清cookie,js打断点。* Pyspider/Scrapy等爬虫框架。* NoSQL、SQL* 在linux下开发加...
  • Python】学习之学习通自动签到

    千次阅读 2020-11-03 14:40:07
    要写爬虫呢首先就是要懂得如何抓包发包以及软件的运行步骤。当然这得有一定的基础,不不然处理起来可能稍微有点费劲,声明,博主之前只学过易语言,其他语言真没接触过。 工具 Chrome 浏览器 Fidd
  • python 获取本机 IP

    2018-08-21 11:04:00
    原文 通过 UDP 获取本机 IP,目前见过最优雅的方法 这个方法是目前见过最优雅获取本机服务器的IP方法了。...这个方法并不会真实的向外部发包,所以用抓包工具是看不到的。但是会申请一个 UDP 的端口,所以如果经...
  • 网友在post一个网站登录页面的时候,总是不成功,找我来试试 抓个包,然后用发包工具测试了一下,没有任何加密和其他...所以抓包的时候,一定要清除浏览器cookie,因为火狐浏览器是第一次抓这个网站的包,但是谷歌浏
  • python通过UDP获取本机IP

    千次阅读 2018-08-28 11:20:12
    这个方法并不会真实的向外部发包,所以用抓包工具是看不到的。但是会申请一个 UDP 的端口,所以如果经常调用也会比较耗时的,这里如果需要可以将查询到的IP给缓存起来,性能可以获得很大提升。 import socket s = ...
  • 看web看多了,想写写页游的外挂,其实原理是一样的,就是端口不一样协议字段你不知道,而这也提高了点技术门槛,看我们来一点一点突破这些门槛,这次我们来用python发包模拟flash的客户端登陆。 以热血三国2为例,...
  • 常用接口测试工具

    2018-02-22 11:48:00
    发包工具 典型商业工具:loadrunner、soapui 典型开源工具: jmeter、jsoup、httpclient、python中的urllib2,urllib库 抓包工具 ...HTTP抓包:HTTP Analyzer 、HTTPwatch、Fiddler、Firebug ...进程级抓包:W...
  • HTTP的理解

    2014-06-16 13:33:19
    要求~ 你要清晰的理解HTTP基础理论 收发包原理 返回码特征 GET/POST优劣 编码问题 实践 ...网卡抓包、进程抓包Python写一个小型爆破。例如www.a.com跑根目录下文件,可简单加载外部字典。
  • 自动更新QQ昵称为当前时间 Lan 2020-05-08 12:01 ... 先到了QQ手机端修改名称的。然后用python发包,就这么简单。但是速度过快会被禁止修改。就像这样。然后python实现代码如...
  • # 问题编号对应题目编号 1.通过burpsuit抓包添加header发包能否用python实现(发送修改过header后的数据包) 转载于:https://www.cnblogs.com/IMBlackMs/p/11272883.html...
  • 正方教务系统模拟登录,爬取信息,自动抓包发包抢课 抢课需谨慎,记得看注意事项 程序仅供交流学习,请勿用作非法用途 环境需求 python环境 :Python3.5+ 程序依赖 : requests bs4 pillow lxml rsa 使用步骤 ...

空空如也

空空如也

1 2
收藏数 28
精华内容 11
关键字:

python抓包发包

python 订阅