很多大学都使用一些在线学习平台来布置和考察作业。作为一名计算机专业的大学生,又颇爱研究Web安全,循规蹈矩地做作业当然不是我的风格,干就完了。
蓝墨云班课——破解视频进度不可控
我校部分专业课老师经常在云班课上发布一些“教学资源文件”,每看完一个视频或文件,都会被后台记录并获得对应的经验值。
先来一张成果图
由于之前测试过学习通,直接重放视频观看结束后的包是不可行的。后端的数据说到底还是从前端JS传过去的,于是这次决定从前端入手,直接修改前端的值,符合程序逻辑一点。
随便打开一个视频看看情况
最下边一条灰色的bar,是进度条,看着像自己做的那种。先打开F12看看情况。
直奔目标,审查进度条元素,发现有事件监听器,展开事件监听代码,看看功能。
哟西,有注释,看一遍学生们就懂了,是个好程序员,往下翻翻。
联系上下文,高亮部分的代码作用大概就是:
- 计算已看进度和总进度的百分比
- 按百分比绘制进度条
- 设置当前看过的视频时间
既然那么简单明了,那么就直接Ctrl-C,打开Firefox控制台
直接定义一个函数,将进度调整到9999,调用自定义函数。可以看到,9999明显超长,绘制的进度条已经超出了屏幕宽度,预期的效果有了。
有同学之前质疑,前端只是表面,那么后端数据更新了吗?刷新一下看看。
很OK,50分钟的视频,一两分钟就看完了,美滋滋。
优学院——破解视频进度不可控+获取选择题答案
第一部分 破解视频进度
优学院相对于云班课来说,就麻烦了一点。
还是先上一张成果图。
随便打开一个视频
按照之前的测试方法,打开F12,审查进度条元素。
前后翻了一下,只有这段代码有事件监听器,而且代码已被混淆处理,难以阅读。既然这样,就直接去调试器里看看了。
翻了一下文件,盯上了PageViewModule.js,文件名可疑,参数和注释更可疑。
这段代码的逻辑比较明了,大概是这样:
- 如果观看时间>=视频总长度,视频进度设置为100,此判断可能是为了防止数值过大出现异常。
- 如果观看进度>=95%,视频进度设置为100,此判断可能是为了容错。
这段代码中有个方法被多次调用:element.record(),由第二个判断条件来看,element.record().status(1)可以直接把视频状态更新为已看完。
去控制台直接改一下试试
element变量不存在,有几种可能,pageViewModule.js可能没有被直接引用,element可能是一个当前作用域无法访问的局部变量。那么,就下一个断点,刷新页面试试。由于代码中的两处逻辑判断,条件不成立,无法跳入,那么,我选择在第一个判断前下断点,就是下图中的第765行。
刷新页面,运行到断点,js停止。
输入代码,element.record().status(1),回车
刷新页面看一下,后端数据是否更新
很OK,破解完成
第二部分 获取选择题答案
这个就比较简单了,BurpSuite挨个抓包,每个选择题对应一个题目ID,通过一个接口,可以获取对应题目ID的答案。
结语
之前我一直把Web安全的重心放到后端,其实实际场景中,前端也会出现很多小问题,而且JavaScript是重点关注对象。
关于抓包怎么抓可以有详细的教程吗
配置好JDK,下载BurpSuite的jar包,把BurpSuite设置为代理就可以了
接口是什么,大佬
Great info! Keep post great articles.
Say, you got a nice post.Really thank you! Want more.
Aloha! Interesting post! I’m really appreciate it.{ It will be great if
Really informative blog post.Really looking forward to read more.
modafinil online provigil online [url=]provigil generic [/url]
A big thank you for your blog article.Really looking forward to read more. Want more.
Muchos Gracias for your blog article.Much thanks again. Want more.
diflucan fluconazole order diflucan online ukfoods for ed
A big thank you for your blog article.Really looking forward to read more. Cool.
Looking forward to reading more. Great post.Thanks Again. Great.
Very neat blog.Thanks Again. Really Great.
canadian pharmacy asthma inhalers fda approved canadian online pharmacies
I loved your blog article.Really looking forward to read more. Want more.
Appreciate you sharing, great article.Really thank you! Fantastic.
Very neat article.Really thank you! Will read on…
Great blog post. Much obliged.
Appreciate you sharing, great blog article.Really thank you! Awesome.
wow, awesome blog post. Fantastic.
I loved your article post.Really thank you! Keep writing.
I loved your blog. Fantastic.
Very nice post. I just stumbled upon your blog and wanted to say that I’ve really enjoyed browsing your blog posts. In any case I’ll be subscribing to your rss feed and I hope you write again soon!
Wellness rx pharmacy medications canada pharmacy international online pharmacy
Say, you got a nice article.Really looking forward to read more. Want more.
Thanks for sharing your thoughts about Larnaca Investment.Regards
Thank you for your post.Really looking forward to read more. Fantastic.
zyrtec europe allegra medication – zyrtec glaucoma
A big thank you for your article.Much thanks again. Will read on…
Thank you ever so for you blog article.Thanks Again. Want more.
We’re developing a conference, and it looks like you would be a great speaker.
Very good article. Keep writing.
We’re developing a conference, and it looks like you would be a great speaker.
กระแสพนันออนไลน์ว่าแรงแล้ว ยังแรงไม่สู้โปรโมชั่นเด็ดๆที่ UFABET ขยันเอาใจสมาชิกมากครับผม แล้วก็ชื่นชอบผมซะด้วย ไม่ใช่แค่เรื่องโปรโมชั่นครับผม ผมชอบที่เค้ามีเกมให้เลือกมากมาย ทั้งยังแทงบอล บาคาร่า ยิงปลา สล็อต เกมใหม่ๆมีหมด
fantastic internet site, I could definitely go to your web page once more…acquired some really nice info.
Really informative blog article.Thanks Again. Cool.
I used to be able to find good information from your articles.
Thank you for your blog article. Great.
Thank you for your article post.Really thank you! Want more.
Nice blog. Could someone with little experience do it, and add updates without messing it up? Good information on here, very informative.
Say, you got a nice blog article.Thanks Again.
bookmarked!!, I really like your web site!
Nice i really enjoyed reading your blogs. Keep on posting. Thanks
Appreciate you sharing, great post.Really looking forward to read more. Keep writing.
Very neat blog.Much thanks again. Will read on…
Very good article post. Keep writing.
Does it look like we’re in for a big ride here?
I loved your blog.Thanks Again.
Our local network of agencies has found your research so helpful.
A round of applause for your post. Awesome.
benefits of zoloft how long does zoloft stay in your system
wow, awesome post.Thanks Again. Really Great.
백링크 작업, 국내최초 자체 개발을 통해 애드뉴만의 로직으로 백링크를 작업해드립니다. 승인코드 AD
Very good post.Much thanks again. Much obliged.
order medications online from india: reputable online pharmacies in india best online international pharmacies india
cytotec medicine – cytotec tab cytotec uk pharmacy
gnc ed pills – top ed pills roman ed pills
Have you given any kind of thought at all with converting your current web-site into French? I know a couple of of translaters here that will would certainly help you do it for no cost if you want to get in touch with me personally.
Howdy, a helpful article for sure. Thank you.
cymbalta side effects in men maximum dose of cymbalta
I love your blog. It looks every informative.
I really like your writing style, excellent info , thanks for putting up : D.
Thanks for a marvelous posting! I quite enjoyed reading it, you might be a great author.I will always bookmark your blog and will often come back from now on. I want to encourage one to continue your great writing, have a nice morning!
Well, I don’t know if that’s going to work for me, but definitely worked for you! 🙂 Excellent post!
fantastic internet site, I could definitely go to your web page once more…acquired some really nice info.
I was able to find good advice from your articles.
Thanks a lot. Helpful stuff. online pharmacies
SportsBettingDime can help every single form of player as desires evolve.
canadian pharmacy online pharmacy canadian pharmacy online no script
Nice blog. Could someone with little experience do it, and add updates without messing it up? Good information on here, very informative.
nicee content keep writing
persuasive essay format essay editor how to start college essayhow to write an essay introduction
Nice blog. Could someone with little experience do it, and add updates without messing it up? Good information on here, very informative.
ivermectin for humans stromectol uk – stromectol for humans
Very interesting points you have mentioned, thankyou for posting.
I really like your writing style, excellent info , thanks for putting up : D.
Very fine blog.
canadian pharmacy world coupon: canadian mail order pharmacy – canadian online pharmacy
Very nice post. I just stumbled upon your blog and wanted to say that I’ve really enjoyed browsing your blog posts. In any case I’ll be subscribing to your rss feed and I hope you write again soon!
Just stumble upon your blog from from time to time. nice article
Thank you ever so for you blog post. Want more.
Write more stories, more chapters.
Nice blog. Could someone with little experience do it, and add updates without messing it up? Good information on here, very informative.
modafinil weight loss provigil generic – modalert
It’s a comprehensive, yet fast read.
cymbalta hurts worse duloxetine and sweating
It’s time for communities to rally.
chloroquine phosphate tablet hydroxychloroquine reviews
Very nice post. I just stumbled upon your blog and wanted to say that I have truly enjoyed surfing around your blog posts. After all I will be subscribing to your rss feed and I hope you write again soon!
can you vape cbd oil cbd vape oil for sale cbd vape oil for sale
Great info! Keep post great articles.
bonjour I love Your Blog can not say I come here often but im liking what i c so far….
I really like your writing style, excellent info , thanks for putting up : D.
I like your blog. It sounds every informative.
Makes sense to me.
What a great article.. i subscribed btw!
I really like your writing style, excellent info , thanks for putting up : D.
You write Formidable articles, keep up good work.
nicee content keep writing
ceftin generic: generic tinidazoleceftin online
college essay writing help – help 123 essay pay for term paper
Magnificent beat ! Can I be your apprentice? Just kidding!
Write more stories, more chapters.
Wow, great blog article.Thanks Again. Really Great.
A big thank you for your blog post. Really Cool.
ed pills otc ed pills from canada – online medications
Great info! Keep post great articles.
Fantastic blog.Thanks Again. Really Cool.
Awesome blog.Much thanks again. Really Great.
cytotec 600 mcg – cytotec online pharmacy with paypal cytotec
Very good blog article.Really thank you! Really Cool.
A big thank you for your article.Much thanks again. Much obliged.
I like your blog. It sounds every informative.
Enjoyed every bit of your blog article.Really looking forward to read more. Want more.
Awesome blog.Thanks Again.
Fantastic article. Really Great.
ivermectin side effects — stromectol virus ivermectina online
A big thank you for your article post.Thanks Again. Awesome.
Looking forward to reading more. Great blog post.Much thanks again. Cool.
Thank you ever so for you blog post.Thanks Again. Keep writing.
Muchos Gracias for your blog article.Really thank you! Keep writing.
Enjoyed every bit of your blog.Thanks Again. Really Great.
Wow, great blog.Thanks Again. Awesome.
Very informative blog article.Really looking forward to read more. Great.
Looking forward to reading more. Great blog article. Great.
Wow, great article post.Thanks Again. Great.
Appreciate you sharing, great post.Much thanks again. Cool.
Este post é realmente uma perfeita ajuda para as pessoas queestão em busca de bons conteúdos. Parabéns.
Greate pieces. Keep posting such kind of information on your blog. Im really impressed by your blog.
Thank you ever so for you blog article.Much thanks again. Awesome.
worming sheep with ivermectin ivermectin pour on dosage for goats
Awesome article.Thanks Again.
Muchos Gracias for your article.Really thank you!
What a great idea and perfect gor Earth Dau. I will be sharing. Karine Pattie Wey
ed pills used by michael douglas – pills for ed men app hannity ed pill max
I loved your blog post.Really thank you! Keep writing.
Fantastic blog post.Really thank you! Awesome.
????????? 5 ????? 11 12 13 14 ?????Loading…
Seksosievietem.kuulutused, Seks Pazintys Skelbiu
Thank you for your article.Really looking forward to read more. Fantastic.
can i take ed pills with hydroxychloroquine used for – rgif ed pill ed pills mailed
wow, awesome blog post.Thanks Again. Awesome.
Very neat blog post.Thanks Again. Awesome.
wow, awesome blog article. Want more.
Looking forward to reading more. Great article post.Thanks Again.
Great blog article. Keep writing.
Awesome article post.Thanks Again. Much obliged.
wow, awesome blog.Thanks Again. Awesome.
Awesome article post.Really thank you! Want more.
I’ll right away grasp your rss as I can’t in finding your e-mail subscription link or e-newsletter service. Do you have any? Please allow me realize so that I could subscribe. Thanks.
A big thank you for your blog post.Really looking forward to read more. Much obliged.
Thank you ever so for you blog.Thanks Again. Fantastic.
Fantastic post.Really thank you! Really Cool.
Awesome article post.Much thanks again.
A round of applause for your article.Much thanks again. Fantastic.
Jngoqr – words to use in a research paper Gkmmqg ssgoci
A big thank you for your article.Thanks Again. Will read on…
Very good article post.Really thank you! Great.
A big thank you for your article.Much thanks again. Will read on…
A big thank you for your article post.Thanks Again. Great.
wow, awesome article post.Really looking forward to read more. Much obliged.
Pretty nice post. I just stumbled upon your blog and wanted to say that I’ve really enjoyed browsing your blog posts. In any case I’ll be subscribing to your feed and I hope you write again very soon!|
I was able to find good advice from your blog posts.
wow, awesome post.Thanks Again. Really Great.
Saved as a favorite, I love your blog.
Aybastı’nın inşaat firması
A big thank you for your article. Cool.
Appreciate you sharing, great article. Great.
Enjoyed every bit of your article post.Thanks Again. Will read on…
Awesome article. Really Cool.
Looking forward to reading more. Great blog article.Much thanks again.
A round of applause for your blog article.Really thank you! Really Cool.
wow, awesome blog.Really thank you! Really Great.
Your insights often blow me away. Thanks for sharing!
Very informative blog post.Really looking forward to read more. Really Cool.
Wow, great article.Much thanks again. Want more.
wow, awesome blog.Really looking forward to read more. Keep writing.
Awesome article post.Really looking forward to read more. Will read on…
I really liked your blog.Really looking forward to read more. Really Great.
Awesome blog.Really looking forward to read more. Will read on…
wow, awesome article.Really looking forward to read more. Keep writing.
Enjoyed every bit of your article post.Really thank you! Keep writing.
wow, awesome blog. Want more.
Thank you for your post.Much thanks again. Will read on…
I used to be able to find good info from your blog articles.
Muchos Gracias for your blog article.Thanks Again. Fantastic.
Great blog.Really thank you! Will read on…
Appreciate you sharing, great post.Really looking forward to read more. Cool.
Looking forward to reading more. Great blog.Thanks Again. Keep writing.
Great article post.Really looking forward to read more.
Appreciate you sharing, great blog. Really Cool.
I really liked your article post.Much thanks again. Will read on…
ErecPrime dietary capsule contains an effective natural formulation that helps with boosting your experience.
Fast Lean Pro tricks your brain into imagining that you’re fasting and helps you maintain a healthy weight no matter when or what you eat.
Buy Metanail Serum Pro USA official website. Say goodbye to nail and foot woes and hello to healthy, happy hands and feet with Metanail Serum Pro
Nervogen Pro™ Scientifically Proven Ingredients That Can End Your Nerve Pain in Short Time.
Alpha Tonic daily testosterone booster for energy and performance. Convenient powder form ensures easy blending into drinks for optimal absorption.
Very informative post.Much thanks again. Fantastic.
Thank you ever so for you blog post. Want more.
Thank you for your article. Keep writing.
Thank you ever so for you article.Really thank you! Awesome.
Looking forward to reading more. Great post.Much thanks again. Will read on…
Great article, I really like it, congratulations. 120651111
kenaragecin.HrLI4n17SNhj
Saçımızın ve gözümüzün rengi ne olursa olsun, herkesin gözlerinden aynı yaşlar akar.
Etrafın ne kadar kalabalık boş ver, yüreğin ne kadar yalnızlaştı sen onu söyle bana.
Yazı Tipi
Aşkınla sararıp solacak kadar, Sevginle bahtiyar olacak kadar Uğruna canımı verecek kadar seviyorum dese
Enjoyed every bit of your blog. Will read on…
wow, awesome blog post. Much obliged.
Very informative post.Much thanks again. Really Cool.
I really like and appreciate your article.Much thanks again. Really Great.
Enjoyed every bit of your article.Really looking forward to read more. Great.
Appreciate you sharing, great blog article.Thanks Again. Great.
Fantastic blog.Thanks Again. Much obliged.
BİZİ SİK BİZ BUNU HAK EDİYORUZ wrtgdfgdfgdqq.aYSO4qzZK6vC
Looking forward to reading more. Great post.Really thank you! Really Great.
Say, you got a nice article.Much thanks again. Great.
Looking forward to reading more. Great post.
– Я не получаю то, что хочу.
– Не хватает мотивации на регулярные занятия.
– Мои цели сбываются у других людей.
Почему так, разузнай у опсуимолога!
Вбивай в поиск: “опсуимолог” и получи актуальные контакты.
Ты же знаешь кто такой опсуимолог?
Fantastic blog article. Will read on…
wow, awesome post.Much thanks again. Cool.
I really liked your blog article.Really looking forward to read more.
I really like and appreciate your blog article.Thanks Again. Want more.
Great information. Lucky me I recently found your website by accident (stumbleupon). I’ve saved it for later!
fuck bingoxx.DdDosJXTc6u2
food porn 250tldenemebonusuxx.dECqEfp9brlx
A round of applause for your blog post.Much thanks again. Keep writing.
Very neat post.Thanks Again. Want more.
Great article post. Want more.
Very informative blog article.Thanks Again. Great.
Enjoyed every bit of your article post.Really looking forward to read more. Awesome.
wow, awesome blog. Much obliged.
Very good blog.Much thanks again. Fantastic.
Very neat blog post.Really thank you! Will read on…
porn video hd new ggjennifegg.HCvcZAjntGJ
Thanks for ones marvelous posting! I truly enjoyed reading it, you happen to be a great author. I will be sure to bookmark your blog and will come back sometime soon. I want to encourage you to ultimately continue your great work, have a nice day!|
A big thank you for your blog post.Really looking forward to read more.
Muchos Gracias for your article. Really Cool.
Thank you ever so for you blog post. Really Cool.
harika bir sohbet deneyimi için tavsiye ederim
Say, you got a nice post.Really thank you! Fantastic.
Howdy! Do you use Twitter? I’d like to follow you if that would be okay. I’m undoubtedly enjoying your blog and look forward to new posts.|
Awesome post.Much thanks again. Cool.
You made such an interesting piece to read, giving every subject enlightenment for us to gain knowledge.
kolay yemek tarifleri
En İyi Kadın Blogu
Hello, Omegle TV address has been added to chat on a quality site.
Awesome article post.Really looking forward to read more. Awesome.
jenniferroy ザーメンポルノ japanesexxporns.xrCh32IHBKQ
नानी अश्लील qqyyooppxx.WAWs3ZdV0P4
उभयलिंगी अश्लीलता के बारे में बतावल गइल बा hjkvbasdfzxzz.RuVbEbBJTZp
तांडव अश्लील txechdyzxca.jVHAXm7DKvW
गुदा अश्लीलता hkyonet.TPlycPFmiZT
Hukuk Burolarina Ozel Cagri Merkezi Ile Ilgili Sik Sorulan Sorular
Hukuk Burolarina Ozel Cagri Merkezi Entegrasyonu Nasil Yapilir?
Viagra
Buy Drugs
Porn site
ladesbet ਮਰਦ ਹੱਥਰਸੀ ਪੋਰਨ ladesinemi.lgigdTkdmZv
ladesbet おもちゃのポルノ ladestinemi.T7z7h4DOoZD
Porn site
Sex
Buy Drugs
Porn
Porn site
Porn site
Viagra
Sex
Buy Drugs
Porn
Pornstar
Porn
Sex
Sex
Viagra
Porn site
Porn
Porn site
bookmarked!!, I like your blog!|
seni bilmem de anan sektorun kralicesi 😀
Upgrade Your Style with Tech Fleece Nike Sneakers
Sex
Pornstar
Viagra
Verdiginiz bilgiler için teşekkürler , güzel yazı olmuş