Python implementation of I personnel automatic clock out sample code

Time:2021-5-3

The punch in software used by our company is I personnel. However, I often miss the punch in and check out. I will forget when I set the alarm clock. Today, I was defeated by the boss again. So we are ready to grasp the check-in interface and use crontab to realize automatic check-in and check-out.

Environment configuration

Here we use Fiddler to capture packets. Fiddler is an HTTP debugging agent tool, which monitors the network data stream in the form of proxy server. The reason why Wireshark is not used is that I am not very familiar with Wireshark’s filter, and the other reason is that this paper uses simulator (mobile application background traffic is too much, not easy to analyze) to capture packets, so proxy server is more convenient.

Install fiddler

First install Fiddler (official website address), and then install Fiddler certmaker (official website address)

Fiddler configuration

As shown in the figure, open fiddler, tools, select Fiddler options, check the place marked in the figure, click OK after configuration, save and restart fiddler

 

Open the tab again and click action to generate the certificate to the desktop (file name fiddlerroot. CER)

 

Upload the certificate file to the simulator.

Simulator configuration

Record the IP backup of the current windows network card.

Open the simulator, select “security” in the system settings of the simulator, select “install from SD card”, select the certificate uploaded before, and then install( During the process, you will be required to set the screen saver password, just set it.)

Select the WiFi connection in the simulator, long press the current WiFi, select Modify network, select manually configure agent, fill in the address of windows local IP recorded in front, port is 8888, save and restart the simulator.

 

Start to grab the bag

Configure filters

After opening fiddler, open the simulator. At this time, Fiddler will listen to a large amount of traffic information for easy search. We need to use filters, as shown in the figure. On the right side of fiddler interface, select “filters” and check, select “use filters”, and in the “hosts” project, select “show only the following hosts”, And fill in“ www.ihr360.com ”At the same time, in “request headers”, check “show only if URL contains”, fill in “gateway / attention / aggregate / attention / API / sign / dosign”, click actions in the upper right corner, and select “run filter set now” to make the filter effective. In the flow information bar on the left side of fiddler, use Ctrl + X to clear all current flow information.

Simulator check in

Locate the simulation location of the simulator to the location where you need to punch in, open I personnel, click attendance punch in, punch in and sign in. At this time, a monitored request will appear in fiddler, and double-click to open it, as shown in the figure,

 

As you can see, the punch in and check-in action is actually a post request. After we understand the basic content of this post request, we can use Python’s requests module to simulate the submission.

Impersonation request

It’s very simple to simulate the post request. I won’t say much here. Just paste the code (bad =. =!), Just use it. Don’t spray it

#!/usr/bin/env python3
# www.iots.vip 
# Alliot 
# 2020-1-8 
import requests
import json
import smtplib
from email.mime.text import MIMEText
from email.utils import formataddr
from time import strftime, localtime
#Ignore requests authentication warning
requests.packages.urllib3.disable_warnings()
#Mail Settings
server = 'smtp.163.com'
port = '25'
Sender ='sender mailbox '
Passwd ='password (authorization code) '
Receiver ='recipient '
#I personnel sign in interface address
url = "https://www.ihr360.com/gateway/attendance/aggregate/attendance/api/sign/doSign"
#Packet capture sign in request header
headersValue = {
  'Cookie': 'SESSION=XXXXXXXXXXXXXX; Path=/; HttpOnly',
  'accept': 'application/json;charset=UTF-8',
  'appKey': 'com.irenshi.personneltreasure',
  'appVersion': 'XXXX',
  'osVersion': 'XXXX',
  'udid': 'XXXXXX',
  'user-agent': 'IRENSHI_APP_AGENT',
  'os': 'Android',
  'irenshilocale': 'zh_CN',
  'Content-Type': 'application/json; charset=utf-8',
  'Content-Length': '272',
  'Host': 'www.ihr360.com',
  'Connection': 'Keep-Alive',
  'Accept-Encoding': 'gzip',
}
#Packet capture request JSON
jsonValue = {
  "deviceToken": " ",
  "deviceType": "NORMAL",
  "latitude": XXX,
  "locationName": "XXX",
  "longitude": XXX,
  "phoneName": "MI6",
  "signSource": "APP",
  "wifiMac": "XXX",
  "wifiName": "Alliot",
}
#Check in method
def doSign(url, jsonValue, headersValue):
  r = requests.post(url, json=jsonValue, headers=headersValue, verify=False)
  global results
  results = json.loads(r.text)
  print(strftime("%Y-%m-%d %H:%M:%S", localtime()))
  return results
#Email reminder method
def sendMail(server, port, sender, passwd, msg):
  smtp = smtplib.SMTP()
  smtp.connect(server, port)
  smtp.login(sender, passwd)
  smtp.sendmail(msg['From'], msg['To'], msg.as_string())
  smtp.quit()
  Print ('email has sent out! ")
def newMail(status):
  msg = MIMEText(str(results), 'plain', 'utf-8')
  msg['From'] = formataddr(["AlliotSigner", sender])
  msg['To'] = formataddr(["Alliot", receiver])
  if status == None:
    MSG ['subject '] ='clock in failed -!'
    Print ("clock out failed")
  else:
    MSG ['subject '] ='auto clock in succeeded'
    Print ("punch in success")
  sendMail(server, port, sender, passwd, msg)
#Sign in and notify the result by e-mail. If you don't need to notify, just change to dosign (URL, JSON value, headersvalue)
newMail(doSign(url, jsonValue, headersValue)["data"])
# doSign(url, jsonValue, headersValue)

Modify the configuration to the data captured above (note here,headersValueThe request header is in dictionary format,jsonValueThen it is in JSON format. Check whether it is a format error when reporting an error.)

Upload to the server and execute:

Python3 ihr.py # your file name

After execution, open I personnel to check whether a check-in record has been generated successfully. If it is successful, it can be added to the planned task.

Regular execution

Crontab is used to implement automatic execution. For the specific use of crontab, you can see the use and precautions of crontab under Linux | Alliot’s blog

I define the clock in at 8:18 on weekdays. Crontab is configured as:


0 8,18 * * mon,tue,wed,thu,fri,sat /usr/bin/python3 /alliot/ihr.py>>/alliot/ihr_log.txt

Postscript

The whole process is very simple and rough. In fact, it can be seen in the background, because the check-in location is the same every time. So if you want to be more realistic, you can use the random number of the range in the longitude and latitude of the request, the location name, and so on… However, the same sentence: Yes, but not necessary.

The above is the whole content of this article, I hope to help you learn, and I hope you can support developer more.