Recently often meet with friends WeChat vote, just to try and crack, learning how to learn the knowledge, but the younger brother technology, encountered a few problems, see a lot of data is not idea, a great god passing feel free advice ~

A number can vote 5 times a day, on a mobile phone 3 times test vote, caught analysis, found that each request of the head, the data parameter is the same, the process is as follows:

first use wireshark caught, while vote, vote after a successful caught the results below



return result is normal



then simulate HTTP post, see below







fetching simulated HTTP post package for



can see return result is a 302 redirect



attached in the end, the voters links

http://toupiao.bssz023.com/Show/MemberInfo? Mid=71 & amp; amp; amp; amp; amp; Acid=1 & amp; amp; amp; The from=singlemessage& amp; amp; Isappinstalled=0 & amp; amp; The from=timeline& amp; Isappinstalled=0 & amp; The from=timeline& Isappinstalled=0

Initial guess every visit to vote on the mobile phone WeChat page will establish a session, cookie message is sessionid and simulated on the computer without the process of establishing the session structure, cause the sessionid in, this guess is that right? How to construct or disguise session?

CodePudding user response:

This is an authorization link, the user to get a vote openid,
The somebody else is your WeChat voting record in the local persistence to provoke,

However, there is no way to cheat!
B: of course!
Professional water army, each ticket 5 MAO,
Ah ha ha ha

I talk nonsense,

CodePudding user response:

reference 1st floor jam_show response:

This is an authorization link, the user to get a vote openid,
The somebody else is your WeChat voting record in the local persistence to provoke,

However, there is no way to cheat!
B: of course!
Professional water army, each ticket 5 MAO,
Ah ha ha ha

I talk nonsense,

Answer, I before is directly grasp the ajax request packet, and then see if openid access to relevant information, local persistence is what process, can explain about it, thanks,

CodePudding user response:

refer to the second floor haoqide_mao response:

Quote: refer to 1st floor jam_show response:

This is an authorization link, the user to get a vote openid,
The somebody else is your WeChat voting record in the local persistence to provoke,

However, there is no way to cheat!
B: of course!
Professional water army, each ticket 5 MAO,
Ah ha ha ha

I talk nonsense,

Answer, I before is directly grasp the ajax request packet, and then see if openid access to relevant information, local persistence is what process, can explain about it, thanks.

The most common way that database to store!
What is a database? ~ ~ ~ ~ ~ ~ ~
baidu entry!!!!! Well, the connection above basic need not see
!!!!! What persistent process of
!!!!! Let me use the return uncut jade to put in the big meaning tell you
!!!!! Your voting record is recorded on the hard disk,,,,,,,,,

The process of persistence, so many ways to provoke,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Your persistent data is a relational model? XML? Binary stream?
Persistent way, JDBC connection? File stream to write? ,,
Agghh ah does not say

CodePudding user response:

reference jam_show reply: 3/f

Quote: refer to the second floor haoqide_mao response:

Quote: refer to 1st floor jam_show response:

This is an authorization link, the user to get a vote openid,
The somebody else is your WeChat voting record in the local persistence to provoke,

However, there is no way to cheat!
B: of course!
Professional water army, each ticket 5 MAO,
Ah ha ha ha

I talk nonsense,

Answer, I before is directly grasp the ajax request packet, and then see if openid access to relevant information, local persistence is what process, can explain about it, thanks.

The most common way that database to store!
What is a database? ~ ~ ~ ~ ~ ~ ~
baidu entry!!!!! Well, the connection above basic need not see
!!!!! What persistent process of
!!!!! Let me use the return uncut jade to put in the big meaning tell you
!!!!! Your voting record is recorded on the hard disk,,,,,,,,,

The process of persistence, so many ways to provoke,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Your persistent data is a relational model? XML? Binary stream?
Persistent way, JDBC connection? File stream to write? ,,
Agghh fundamental ah does not say

See what you mean ~ are you saying that the backend server keeps voting records including the openid, I thought you said is in my WeChat client locally on persistence, wondered for a long time ^ _ ^, now I have a question, I put the phone into the 4 g network to vote again, caught found Cookie hasn't changed, is still a Cookie pair: ASP.NET _SessionId=x3bxv0wx0xplchgmabksz4sksessionid, likely this Cookie contains a lot of information, but why is simulated on the computer request would return a 302 redirect the forehead?

CodePudding user response:

reference 4 floor haoqide_mao response:

Quote: reference jam_show reply: 3/f

Quote: refer to the second floor haoqide_mao response:

Quote: refer to 1st floor jam_show response:

This is an authorization link, the user to get a vote openid,
The somebody else is your WeChat voting record in the local persistence to provoke,

However, there is no way to cheat!
B: of course!
Professional water army, each ticket 5 MAO,
Ah ha ha ha

I talk nonsense,

Answer, I before is directly grasp the ajax request packet, and then see if openid access to relevant information, local persistence is what process, can explain about it, thanks.

The most common way that database to store!
What is a database? ~ ~ ~ ~ ~ ~ ~
baidu entry!!!!! Well, the connection above basic need not see
!!!!! What persistent process of
!!!!! Let me use the return uncut jade to put in the big meaning tell you
!!!!! Your voting record is recorded on the hard disk,,,,,,,,,

nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull