The data principle analysis of the University Educational Administration system acquired by Android

Acquisition principle

To obtain the data of the university educational system, there is only one principle:

Get information about the login cookie to the educational system.

Below I take my university's school educational system to analyze and analyze;
First we have to prepare a clutch kit, recommended: Win under Fiddler, Mac under Charles.

Next I will use the Charles this tool, the use of charcles need to note is not to open other proxy services. For example, the wall of the agent.

Landing System

Below to enter our school's electricity tariff Inquiry system, the website is: http://jn.hhtc.edu.cn:8021/XSCK/:
Enter the system,

Open the Grab kit tool and tick Mac OS X Proxy.

Choose a bedroom, enter the password into the system. If the login succeeds, look at the grab packet to see the data:

You can see that there are a lot of parameters, we can get the data through the client, just the username and password. So there is a problem, landing page requires verification code input, as to why this is not required, this is a bug in this system. If your system needs verification code, in fact the solution is also very simple, by grasping the package tool, catch the picture of this verification code, and then show in the client, let the user input on it.

After the successful landing, we also need a data, is a cookie. Many systems use cookies to identify the user,

This is all you need to get sessionid.

So we can get the two data by grabbing the package tool and we'll be able to manipulate the system.

1. User name, password
2. SessionId

Code implementation

Below we use a okhttp tool for Hongyang, address: https://github.com/hongyangAndroid/okhttp-utils.

First user name and password is to have, if there are friends need to learn on this system, you can privately chat me, I can provide user name and password to you.

Then use the tools above to get SessionID. The code is as follows:

Okhttputils.post (). URL (URL). Addparams ("User Name field","User name"). Addparams ("password field","Password"). Build (). Execute (NewCallback () {@Override                     PublicObjectParsenetworkresponse(Response Response)throwsIOException {Headers Headers = Response.headers (); LOGUTIL.E (TAG,"--------> Cookie ="+ Headers.get ("Set-cookie")); }@Override                     Public void OnError(Request request, Exception e) {                    }@Override                     Public void Onresponse(Object response)    {                    }                }); }

With log information, we know that we can get cookie information and then take this cookie information and do other things.

We will come to this cookie information to do other things, we choose to view the features in real time.

Click View in real time, then view the source code in the browser, analyze the source code, and locate the data we need. Here we only need the balance of the electricity bill:

This label is what we care about. Let's take a look at what is implemented in the client via code:

Here we use a tool Jsoup to parse the HTML page data, JAR package: Https://jsoup.org/download

doc = Jsoup.connect(url).cookie("ASP.NET_SessionId", cookie).timeout(50000).get();

The value of the URL is the address of the function you want to manipulate, and the above code is equivalent to the function we click to view in real time (if the URL value is the real-time view of the address). Return the entire page back and we'll see how to parse this page:

 Document content = Jsoup.parse(doc.toString()); divs=content.select("#ctl00_ContentPlaceHolder1_ASPxRoundPanel1_BZ"); String res = divs.text().trim(); LogUtil.e"----------> res = " + res.toString());

It's easy to choose by selecting the method we care about the content, and we just need to care about the balance to the information, and after our analysis above, the ID of the balance label is
CTL00_CONTENTPLACEHOLDER1_ASPXROUNDPANEL1_BZ, so we can get what we need with this ID.

The final effect:

In fact, this is the most critical to get a cookie, with this cookie information, you can freely manipulate any content on the system.

If you want to crawl, the academic system of the results, curriculum information, the principle is the same.

END

The data principle analysis of the University Educational Administration system acquired by Android