目前很多所謂的互連網公司都要搞GPS定位考勤打卡,目前所在的客戶單位也要求所有廠家人員進行GPS軟體打卡。除了公司的指紋打卡外,還要再打客戶的卡。既然是地理定位,在android平台下之前測試過通過使用Fake GPS軟體 ,開啟開發人員模式,允許類比地理位置是可以實現地點任意的。不過目前用的iphone手機,又不想越獄掉,就想通過抓包,利用python向伺服器定點發送偽造包的方式解決。原理和之前寫的手機APP自動簽到—python實現一樣。
這個不同與這之前寫的是,這裡使用的是POST方法,相對get方法要安全一些,不過區別也並不是特別大,代碼如下(由於不便於泄露一些資訊,這裡將重要訊息隱去或修改了):
#!/usr/bin/env python
#coding=utf-8
import sys
reload(sys)
sys.setdefaultencoding('utf-8')
import string
import pycurl
import StringIO
import json
def initCurl():
c = pycurl.Curl()
c.setopt(pycurl.COOKIEFILE, "cookie_file_name")#把cookie儲存在該檔案中
c.setopt(pycurl.COOKIEJAR, "cookie_file_name")
c.setopt(pycurl.FOLLOWLOCATION, 1) #允許跟蹤來源
c.setopt(pycurl.MAXREDIRS, 5)
c.setopt(pycurl.CONNECTTIMEOUT, 20)
return c
def PostData(curl, url, data):
head = ['Accept:*/*',
'Content-Type:application/json;charset=utf-8',
'render:json',
'clientType:json',
'Connection:close',
'Proxy-Connection:close',
'User-Agent:xx考勤 4.2.30 rv:102030 (iPhone; iPhone OS 8.4; zh_CN)',
'DontTrackMeHere:gzip, deflate',
'Authorization: 9fa1e7e454b486b9842b1aaf9b5559e3']
buf = StringIO.StringIO()
curl.setopt(pycurl.WRITEFUNCTION, buf.write)
curl.setopt(pycurl.POSTFIELDS, data)
curl.setopt(pycurl.URL, url)
curl.setopt(pycurl.HTTPHEADER, head)
curl.perform()
the_page = buf.getvalue()
#print the_page
buf.close()
return the_page
def PostGPS(curl, url, data):
head = ['Accept:*/*',
'Content-Type:application/x-www-form-urlencoded',
'Connection:keep-alive',
'Proxy-Connection:keep-alive',
'User-Agent: %E6%97%BA%E8%B4%A2%E8%80%83%E5%8B%A4/102030 CFNetwork/711.4.6 Darwin/14.0.0',
'DontTrackMeHere:gzip, deflate',
'Accept-Language: zh-cn',]
buf = StringIO.StringIO()
curl.setopt(pycurl.WRITEFUNCTION, buf.write)
curl.setopt(pycurl.POSTFIELDS, data)
curl.setopt(pycurl.URL, url)
curl.setopt(pycurl.HTTPHEADER, head)
curl.perform()
the_page = buf.getvalue()
#print the_page
buf.close()
return the_page
curl = initCurl()
#地理位置資料,在分析安卓版時發現直接調用的高德地圖,iphone版發現是通過第三方mob.com的api調用的
GPSdata = 'm=aB0muOxxsXgo20qSkp99jkbLias%2F8BZxj0yOoWccGlqRvWq%2FJMj1QwQKQeHRVJMtOjqFCzTdafiGQdIla75aubgWY1e9LJfn9KnYSA5WnyKriQBkExDuu9mjAtYbeTSDqewpSrLyNO%2Fsu%2FsacPJPraD6xoqIv%2BohXiF8lzcVsBXYXGtgTXJXv5FtSoNhLnPCRlGsf3vnmNoAXR4%2BtEroC6O5o%2BcZXq%2FIRAOedRnV%2F1zP0uqZ6wYF8XvTKsos91zLEf7esG8evqwW5KiRCOaYwg%3D%3D'
GPSurl = 'http://api.share.mob.com:80/data2'
GPSresult = PostGPS(curl, GPSurl, GPSdata)
print GPSresult
#該json資料裡會檢驗token值是否發生變化,發生變化時也是無法正常打卡的,會提示手機與綁定時發生變化,需要管理員重新審核。這點做的相對還是相對牛逼的,變相的限制了通過一部手機打多人卡的問題。
jsondata = '{"id":"xxxxx","list":[{"name":"xxx路(xxx號)","aId":"1293"}],"type":"1","token":"880B2373-2272-46A7-3588-2B6E580268D2"}'
kqurl = 'http://api.iquanqin.com/kaoqin1/104001/phone/gps/clock'
result = PostData(curl, kqurl, jsondata)
print result
暫時還遺留兩個問題需要後續解決:
1、是否會有安全碼到期的問題,比如之前在做APP自動簽到時也遇到過。由於不知道別人用的演算法,算不出安全碼,這就導致可能安全碼在伺服器端設定了10天有效,10天后需要重新抓包擷取的問題;
2、crontab中配置好該任務調用後,發現/var/log/cron 日誌中可以發現有執行的記錄,但發現crontab調用的並不能打卡成功,而直接執行的是可以成功的。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
