头脑王者作弊辅助工具
王者头脑作弊辅助工具
基于 mitmproxy 实现, 具体方式是抓包获取数据问题和选项, 通过搜索引擎查询问题, 并在返回页面中匹配问题选项出现的次数, 一般来说出现次数最多的选型可能是正确答案的概率较大 (或者出现次数最少的选项).
运行程序:
$ mitmproxy -p 8129 -s listen.py打开 http://mitm.it 下载并安装证书, 并设置设备的手动代理到相应地址(eg. 192.168.2.235:8129)
选项在搜索结果中出现的次数, 会显示在选项最后
或者, 输入 "e" 查看日志可以提前看到答案
然后, 就可以轻松王者啦
问题:打开头脑王者就会出现request:failed 此服务器的证书无效。您可能正在连接到一个伪装成"question.hortor.net"的服务器,这会威胁到您的机密信息的安全
只有关掉http代理才可以打开头脑王者小程序
现象:mac安装好mitmproxy,并且iOS设备安装好证书,但是一进入小程序就登录不上并显示“似乎断开互联网”。
问题:是否因为代理的原因无法通过SSL验证导致的?
前2天使用的时候,证书也点击信任了 但是小程序依然显示断开了链接 ! 是不是他们那种做了进一步的检查,然后屏蔽了这种方式?
Cannot establish TLS with client (sni: question.hortor.net): TlsException("SSL handshake error: SysCallError(-1, 'Unexpected EOF')",)
小程序对返回的题目数据进行了加密处理,抓包/question/bat/findQuiz得到的json数据Encrypted Data就是被加密的题目,通过下载小程序源码发现其解密方式为AES,模式CBC pkcs7,解码js代码(app.js)如下:
aesDecrypt: function(e) { try { var e = w.util.base64ToBytes(e), t = w.util.base64ToBytes(this.aeskey), a = w.util.base64ToBytes(this.aeskey), i = new w.mode.CBC(w.pad.pkcs7), n = w.AES.decrypt(e, t, { asBpytes: !0, iv: a, mode: i }); return JSON.parse(n); } catch (e) { return null; } }, initAESKey: function() { var e = w.util.randomBytes(24); this.aeskey = w.util.bytesToBase64(e); }
在程序启动的时候POST到/question/role/updateMocha将返回key
通过这个key值可以解密出原题目,我尝试着做了一下,发现字符编码实在有点头疼,希望哪位大大能指点一二。
安装了之后 打开头脑王者的时候, 提示request:fail 此服务器的证书无效, 估计是小程序 验证服务器地址了, 作者现在还能成功么? 我是用的 iOS 11 版本。
Windows 通过安装包安装的 mitmprotxy , 然后执行启动 mitmproxy, 在 cmd 执行 python listen.py 执行完成就没有结果了.
python mitmproxy -p 8129 -s listen.py
python: can't open file 'mitmproxy': [Errno 2] No such file or directory
是mitmproxy 要放在当前文件夹下吗?感觉不像啊
It happens on python3.5
Solve: change line 11:
from
content = flow.response.contentto
content = flow.response.text
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.