使用Java登陆广东工业大学教务系统获得数据
一、准备工作
- 广东工业大学教务系统登录网址:
https://jxfw.gdut.edu.cn
,外网可以直接访问而不需要校园网 - 登录方法有两种:直接登录和使用统一认证中心登录。两种方法都会进行分析
- 需要有能够登录进系统的学号和密码
- 使用工具:Fiddler
二、登录方法一:直接登录
- 运行
Fiddler
并开始监听
进入教务系统首页,开始分析登录过程
浏览器地址栏输入
https://jxfw.gdut.edu.cn
回车
谷歌浏览器会提示不安全,这是因为Fiddler
在监听,点击高级,继续访问即可
打开登录页面后,此时Fiddler捕获了两个GET请求,其中第二个是获取在线人数的请求:
这里给出第一个请求的请求头和响应头:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28请求头:
GET https://jxfw.gdut.edu.cn/ HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
DNT: 1
1 :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
document :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
none :
navigate :
?1 :
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
响应头:
200 OK
Date: Fri, 13 Mar 2020 18:19:17 GMT
text/html;charset=UTF-8 :
chunked :
Connection: keep-alive
anyu.qianxin.com :
Vary: Accept-Encoding
JSESSIONID=93D861D8904DC5EEF66B05B346C9CC9C; Path=/; Secure; HttpOnly :
gzip :
Server: qianxin-waf
1121-1584152357.165-w-waf01fzm :输入用户名和密码,此步浏览器没有向服务器发送请求
验证码输入框获得焦点(鼠标点击进入或者tab键切入)将加载验证码图片,这是一次
GET
请求:由于在同一个
session
中,cookie
保持一致,下面是这次请求的请求头和响应头:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28请求头:
GET https://jxfw.gdut.edu.cn/yzm?d=1584123577677 HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
image :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
DNT: 1
Accept: image/webp,image/apng,image/*,*/*;q=0.8
same-origin :
no-cors :
Referer: https://jxfw.gdut.edu.cn/
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID=93D861D8904DC5EEF66B05B346C9CC9C
响应头:
200 OK
Date: Fri, 13 Mar 2020 18:19:38 GMT
image/jpeg;charset=UTF-8 :
Connection: keep-alive
anyu.qianxin.com :
Expires: Thu, 01 Jan 1970 00:00:00 GMT
no-store, no-cache, must-revalidate :
post-check=0, pre-check=0 :
Pragma: no-cache
Server: qianxin-waf
1121-1584152378.169-w-waf03fzm :
2516 :输入验证码点击登录按钮,将自动跳转到教务系统首页,而在这个过程中,从Fiddler中看到请求了一个登录接口:
这个接口将刚才输入的用户名、密码和验证码都发送给了服务器。这里的密码不是真正的密码,而是经过了加密后的密码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28请求头:
POST https://jxfw.gdut.edu.cn/new/login HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
71 :
Accept: application/json, text/javascript, */*; q=0.01
empty :
XMLHttpRequest :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
DNT: 1
application/x-www-form-urlencoded; charset=UTF-8 :
Origin: https://jxfw.gdut.edu.cn
same-origin :
cors :
Referer: https://jxfw.gdut.edu.cn/
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID=93D861D8904DC5EEF66B05B346C9CC9C
POST的body数据:
account=3118004024&pwd=411624cbf36a9888ef0a171e77df37d2&verifycode=2wef
响应JSON:
{
0, :
"/login!welcome.action", :
"登录成功" :
}密码加密规则
查看源码就可以看到:
登录成功
三、登录方法二:使用统一认证中心登录
访问教务系统登录首页
此步骤同上述直接登录的第一步,下面给出请求头和响应头:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28请求头:
GET https://jxfw.gdut.edu.cn/ HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
DNT: 1
1 :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
document :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
none :
navigate :
?1 :
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
响应头:
200 OK
Date: Fri, 13 Mar 2020 18:23:10 GMT
text/html;charset=UTF-8 :
chunked :
Connection: keep-alive
anyu.qianxin.com :
Vary: Accept-Encoding
JSESSIONID=CD2B5182B20EEC88B40F7A8A0DF3F531; Path=/; Secure; HttpOnly :
gzip :
Server: qianxin-waf
1121-1584152590.51-w-waf03fzm :这次请求设置了一个
cookie
在登录页面点击使用统一认证中心登录进入统一认证中心
这个进入认证中心首页的过程分为两步:
先向一个网址发送了
GET
请求,并被重定向:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26请求头:
GET https://jxfw.gdut.edu.cn/new/ssoLogin HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
document :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
same-origin :
navigate :
?1 :
Referer: https://jxfw.gdut.edu.cn/
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID=CD2B5182B20EEC88B40F7A8A0DF3F531
响应头:
302 Found
Date: Fri, 13 Mar 2020 18:23:16 GMT
0 :
Connection: keep-alive
anyu.qianxin.com :
Location: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
Server: qianxin-waf
1131-1584152596.84-w-waf03fzm :进入重定向地址:
这一步中服务器设置了一个
cookie
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26请求头:
GET http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin HTTP/1.1
Host: authserver.gdut.edu.cn
Connection: keep-alive
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
gzip, deflate :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
响应头:
200 OK
Date: Fri, 13 Mar 2020 18:23:17 GMT
text/html; charset=UTF-8 :
Connection: keep-alive
anyu.qianxin.com :
no-cache :
no-store :
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
JSESSIONID_AUTH=2snVIuEDqUFdPfw_xgu2dKK5u_uT9RF-DeuL0IEbS3HhSgEZTdlZ!-1347652570; path=/; HttpOnly :
Server: qianxin-waf
1121-1584152597.817-w-waf01fzm :
9747 :
输入用户名密码后点击登录,就进入了教务系统首页。但是这个过程并不像表面上看起来的那么简单。下面分析详细过程
首先发送了一个
GET
请求,返回了一个false1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22:
GET http://authserver.gdut.edu.cn/authserver/needCaptcha.html?username=3118004024&_=1584123805687 HTTP/1.1
Host: authserver.gdut.edu.cn
Connection: keep-alive
Accept: text/plain, */*; q=0.01
DNT: 1
XMLHttpRequest :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID_AUTH=2snVIuEDqUFdPfw_xgu2dKK5u_uT9RF-DeuL0IEbS3HhSgEZTdlZ!-1347652570
:
200 OK
Date: Fri, 13 Mar 2020 18:23:25 GMT
text/html;charset=utf-8 :
7 :
Connection: keep-alive
anyu.qianxin.com :
Server: qianxin-waf
1121-1584152605.853-w-waf01fzm :紧接着再次向该地址发送了一个请求,也返回了一个false。但是
_
参数不一样,—
应该是时间戳1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22:
GET http://authserver.gdut.edu.cn/authserver/needCaptcha.html?username=3118004024&_=1584123811104 HTTP/1.1
Host: authserver.gdut.edu.cn
Connection: keep-alive
Accept: text/plain, */*; q=0.01
DNT: 1
XMLHttpRequest :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID_AUTH=2snVIuEDqUFdPfw_xgu2dKK5u_uT9RF-DeuL0IEbS3HhSgEZTdlZ!-1347652570
:
200 OK
Date: Fri, 13 Mar 2020 18:23:31 GMT
text/html;charset=utf-8 :
7 :
Connection: keep-alive
anyu.qianxin.com :
Server: qianxin-waf
1121-1584152611.274-w-waf01fzm :上面两个令人迷惑的请求发完之后,开始向服务器发送用户输入的账号和密码:
本次请求的信息:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35:
POST http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin HTTP/1.1
Host: authserver.gdut.edu.cn
Connection: keep-alive
180 :
max-age=0 :
Origin: http://authserver.gdut.edu.cn
1 :
DNT: 1
application/x-www-form-urlencoded :
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID_AUTH=2snVIuEDqUFdPfw_xgu2dKK5u_uT9RF-DeuL0IEbS3HhSgEZTdlZ!-1347652570
username=3118004024&password=sjfidk%24djdkf678<=LT-548135-FUHEejVslNawvU6NnYhB5mcYD6HS5p1584123797763-cFcb-cas&dllt=userNamePasswordLogin&execution=e1s1&_eventId=submit&rmShown=1
:
302 Moved Temporarily
Date: Fri, 13 Mar 2020 18:23:31 GMT
Connection: keep-alive
anyu.qianxin.com :
no-cache :
no-store :
Pragma: no-cache
Location: http://jxfw.gdut.edu.cn/new/ssoLogin?ticket=ST-356885-iL1ceRAa4WckbERa03Cc1584123811383-tSiF-cas
Expires: Thu, 01 Jan 1970 00:00:00 GMT
CASTGC=TGT-280516-nZe2alLUI2u9gq9TmSGzmVmkq9IDYUYEa4c0RerBBDlaNa1Uf51584123811325-X4qk-cas;Path=/authserver/;HttpOnly; :
CASPRIVACY=; expires=Thu, 01-Jan-1970 01:00:00 GMT; path=/authserver/ :
iPlanetDirectoryPro=ErQbx0QC3APBl6RCvdG3UH; domain=.wisedu.com.cn; path=/ :
Server: qianxin-waf
1131-1584152611.457-w-waf01fzm :
387 :这是一次重定向
这次请求很重要,其中的参数很多:参数 值 备注 username 3118004024 学号 password sjfidk$djdkf678 密码 lt LT-829051-ZqPpNq6CZ7OX6iYlRqqstdg9aX47aS1584444217457-cFcb-cas dllt userNamePasswordLogin execution e1s1 _eventId submit rmShown 1 这些参数事实上可以在网页源码中找到(找了好久哈哈哈哈):
可以使用
Jsoup
提取这些信息访问上面重定向的网址:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23:
GET http://jxfw.gdut.edu.cn/new/ssoLogin?ticket=ST-356885-iL1ceRAa4WckbERa03Cc1584123811383-tSiF-cas HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
:
301 Moved Permanently
Date: Fri, 13 Mar 2020 18:23:32 GMT
text/html :
178 :
Connection: keep-alive
anyu.qianxin.com :
Location: https://jxfw.gdut.edu.cn/new/ssoLogin?ticket=ST-356885-iL1ceRAa4WckbERa03Cc1584123811383-tSiF-cas
Server: qianxin-waf
1131-1584152612.25-w-waf03fzm :这又是一次重定向,
Location
为https://jxfw.gdut.edu.cn/new/ssoLogin?ticket=ST-356335-5BRL6fJWBkW7yTblaafn1584120222774-tSiF-cas
访问上面重定向的网址:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26:
GET https://jxfw.gdut.edu.cn/new/ssoLogin?ticket=ST-356885-iL1ceRAa4WckbERa03Cc1584123811383-tSiF-cas HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
cross-site :
navigate :
?1 :
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID=CD2B5182B20EEC88B40F7A8A0DF3F531
:
302 Found
Date: Fri, 13 Mar 2020 18:23:32 GMT
0 :
Connection: keep-alive
anyu.qianxin.com :
Location: http://jxfw.gdut.edu.cn/new/ssoLogin
Server: qianxin-waf
1131-1584152612.818-w-waf03fzm :请求头中发送了一个
cookie
,这个cookie
是一开始访问教务系统登录首页获得的cookie
再次重定向
访问上面重定向的网址:
这次请求没有发送
cookie
而是直接被重定向到https
协议1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23请求头:
GET http://jxfw.gdut.edu.cn/new/ssoLogin HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
响应头:
301 Moved Permanently
Date: Fri, 13 Mar 2020 18:23:33 GMT
text/html :
178 :
Connection: keep-alive
anyu.qianxin.com :
Location: https://jxfw.gdut.edu.cn/new/ssoLogin
Server: qianxin-waf
1131-1584152613.043-w-waf03fzm :访问上面重定向的网址:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27请求头:
GET https://jxfw.gdut.edu.cn/new/ssoLogin HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
cross-site :
navigate :
?1 :
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID=CD2B5182B20EEC88B40F7A8A0DF3F531
响应头:
302 Found
Date: Fri, 13 Mar 2020 18:23:33 GMT
0 :
Connection: keep-alive
anyu.qianxin.com :
Location: https://jxfw.gdut.edu.cn/login!welcome.action
en-US :
Server: qianxin-waf
1131-1584152613.427-w-waf03fzm :这次请求发送了
cookie
,并再次重定向访问上面重定向的网址:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28:
GET https://jxfw.gdut.edu.cn/login!welcome.action HTTP/1.1
Host: jxfw.gdut.edu.cn
Connection: keep-alive
max-age=0 :
1 :
DNT: 1
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36 :
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
cross-site :
navigate :
?1 :
Referer: http://authserver.gdut.edu.cn/authserver/login?service=http%3A%2F%2Fjxfw.gdut.edu.cn%2Fnew%2FssoLogin
gzip, deflate, br :
en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 :
Cookie: JSESSIONID=CD2B5182B20EEC88B40F7A8A0DF3F531
:
200 OK
Date: Fri, 13 Mar 2020 18:23:33 GMT
text/html;charset=UTF-8 :
Connection: keep-alive
anyu.qianxin.com :
Vary: Accept-Encoding
zh-CN :
Server: qianxin-waf
1121-1584152613.845-w-waf03fzm :
9201 :此时这个
cookie
已经通过验证,可以凭借这个cookie
去获取信息了
[GET]获取个人课表接口:https://jxfw.gdut.edu.cn/xsgrkbcx!getKbRq.action?xnxqdm=201902&zc=1
[POST]获取课程成绩接口:https://jxfw.gdut.edu.cn/xsgrkbcx!getKbRq.action?xnxqdm=201902&zc=1
参数:xnxqdm=201902&page=1&rows=60&sort=xnxqdm&order=asc
2019年第二学期,页数为1,一行60数据,后两个参数意义不明,暂且不动
[GET]获取考试安排接口:https://jxfw.gdut.edu.cn/xsksap!getDataList.action