公司内网 OA 打卡，要获取一个验证码，请问如何破解？

限制

公司内网
验证码

打卡

请求方法

post

请求头

请求参数

账号
密码
验证码

验证码

请求方法

请求头

请求参数

m= //固定参数，参数值为空
c=clock //固定参数
a=verify //固定参数
10.7490850710853119= //参数名每次变化，参数值为空

示例

打卡

curl "http://oa.xxxxx.com/index.php?m=^&c=clock^&a=sign" -H "Connection: keep-alive" -H "Cache-Control: max-age=0" -H "Origin: http://oa.xxxxx.com" -H "Upgrade-Insecure-Requests: 1" -H "Content-Type: application/x-www-form-urlencoded" -H "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8" -H "Referer: http://oa.xxxxx.com/index.php?m=^&c=clock^&a=sign" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: zh-CN,zh;q=0.9" -H "Cookie: PHPSESSID=bp42ebid4vcn7l99un4dfaqb93; Hm_lvt_ba7c84ce230944c13900faeba642b2b4=1527246841,1527293074,1527470120,1527565561; current_node=null; top_menu=null; Hm_lvt_2a935166b0c9b73fef3c8bae58b95fe4=1526912592,1527246849,1527470120,1527565563; Hm_lpvt_2a935166b0c9b73fef3c8bae58b95fe4=1527565563; oa_sign_info=think^%^3A^%^7B^%^22user_id^%^22^%^3A^%^22748^%^22^%^2C^%^22day^%^22^%^3A^%^2220180529^%^22^%^7D; Hm_lpvt_ba7c84ce230944c13900faeba642b2b4=1527565858" --data "mobile_tel=18501735107^&password=152830^&verify=0" --compressed

获取验证码

curl "http://oa.xxxxx.com/index.php?m=^&c=clock^&a=verify^&10.48088215596345063" -H "Accept-Encoding: gzip, deflate" -H "Accept-Language: zh-CN,zh;q=0.9" -H "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1" -H "Accept: image/webp,image/apng,image/*,*/*;q=0.8" -H "Referer: http://oa.xxxxx.com/index.php?m=^&c=clock^&a=sign" -H "Cookie: PHPSESSID=bp42ebid4vcn7l99un4dfaqb93; Hm_lvt_ba7c84ce230944c13900faeba642b2b4=1527246841,1527293074,1527470120,1527565561; current_node=null; top_menu=null; Hm_lvt_2a935166b0c9b73fef3c8bae58b95fe4=1526912592,1527246849,1527470120,1527565563; Hm_lpvt_2a935166b0c9b73fef3c8bae58b95fe4=1527565563; oa_sign_info=think^%^3A^%^7B^%^22user_id^%^22^%^3A^%^22748^%^22^%^2C^%^22day^%^22^%^3A^%^2220180529^%^22^%^7D; Hm_lpvt_ba7c84ce230944c13900faeba642b2b4=1527566302" -H "Connection: keep-alive" --compressed

richChou

2018-05-29 17:39:41 +08:00

@df4VW
@ho121
@bfdh
@timwei
@shoaly
@woscaizi
@7654
@SourceMan
@Felldeadbird
@lusheldon
@sbbeta
@xiejc
@turi
@luoway
@Tokin

感谢大家的分享，想了下，真的还是找台设备可以远程登录方便。有朋友说破坏规则不太好，其实我也有顾虑，不过事实就是这样，破坏规则获利，确实让人开心，在不伤害别人的基础上，推荐大家遇到事情都要这么做。做 IT 互联网的，还是太保守了，大家学学资本家，多赚钱让家人过上好日子才是最重要的。别有心理包袱。
再次感谢大家。