Add functionality to the school's "old" project

coding problem has always been a headache in programmer development, especially in China, the programmer will have more experience. The first two days of school teachers to one of the platform to add the Change password function (do not know why, unexpectedly did not retrieve the function of the password, can only admire), the problem is that the school can not provide the educational system landing interface, so to verify the legitimacy of the account, I need to use the simulation landing, and then take the educational system verification results It is clear that there are several issues:1) How to make the verification code of the academic system appear on my page? 2) How to ensure that the verification code and account when the academic system backstage verification code and I just acquired the same? 3) Ensure that the form data submitted by the simulation is consistent with the normal submission of the page. 4) Analysis of the results of the landing. 5) Modify the database user data on this platform. The first question is simple: the Closeablehttpclient class method allows you to get a picture of the captcha and then save it on the server.　　Because it is not necessary, so I got the verification code picture after it did not identify the contents of it. The first step to achieve, I found on the page can only start Tomcat after the first save the Verification code picture display, this may be because the picture as a static resource, I tried a variety of ways to get pictures from the page, and finally use the image on the server with Base64 encryption, the encrypted stream back to the page, Using jqueryjquery convection to restore, display the picture, as follows: Server Base64 encrypted page for Base64 decryption The second problem is that if the developer is familiar with HTTP, it's easy to think of a solution, which is to save the conversation cook at the request. IE, then the next time you submit the login information, the cookie will be written into the hppt request header, and then initiate the request, so that the front and back two requests are in the same session, the verification code will not be invalidated.

Save cookies

Writes the saved Cooki into the HTTP header

Here I have hppt the header of the content has been written, because this is a mock request, not a browser-initiated request, so as far as possible to write the content complete, more like a real HTTP request, to avoid being rejected by the server. In fact, the third problem can take more time, which is also the reason for writing this article. The educational system is using C # and ASP, so you want to mimic the submission of the pro-world first to the normal package analysis. First look at the entire packet capture data stream, as follows: grab the packet to see the first string "ddwyode2ntm0otg7oz5lucavfg1oi%2bqaoskh9uzrpjfn1w%3d%3d", which is clearly visible with "%2b "and"%3d%3d"Two more special strings, this can be used to decompile the tool can easily get the source string" ddwyode2ntm0otg7oz5lucavfg1oi+qaoskh9uzrpjfn1w==", and this string corresponds to the attribute is"__viewstate", In the settings header is note added. The following "UserName" and "TextBox2" and "textsecrecode" respectively correspond to "user name" and "password" and "Verification Code", which are more normal fields and easy to analyze. followed by the RadioButtonList1 This is clearly seen to be encoded string "%d1%a7%c9%fa", but I use the tool to decode and see this "??? ", suddenly no words, although it can certainly be an identity category of options, can also guess is" student "two words, so I will fill in the field values as" students "to submit, but not AH. Can not decompile see the original stream, but know you it is encoded with gb2312, so I directly decompile, will decompile the string, directly written into the form is this: hahaha, the problem is solved. The next few empty fields do not have to study, there is no value, the assignment is empty on the line. The technical point of the project is basically the top three. Then the login results are analyzed, after the successful login, the return field will be a stable after the string "xs_main.aspx?xh=", so I will match it to the rule, but has not been normal results, check the data, but no results, so I have to reduce the length of the key field part, Surprised to find OK, I will gradually grow the string, found that the longest can only be "xs_main.aspx?x", and can not more than one character. Finally, link the remote database and modify the data. There is no big difference between Oracle database and MySQL database, which is the same for SQL statements nested inside Java projects. As a reminder, it is best to pre-compile SQL statements in a precompiled manner to prevent SQL injection attacks. One more thing to say, after forwarding the request or redirection with response, add return at the end of the method, or thenext request forwarding will report such an error: Java.lang.IllegalStateException:Cannot forward after response have been committed Project source code can view my github:https://github.com/PersonOFWorld/Servlet-ResetPassWord

Add functionality to the school's "old" project