参考文档:
dota_st师傅的博客
阿里云fc文档
准备工作
- 阿里云账号(支付宝账号,淘宝账号)
- GitHub账号(用于登录bugku)
抓取自己GitHub的cookie备用(user_session的值)
- bugku账号(绑定GitHub账号)
- 签到脚本(基本使用dota_st这位师傅博客中的脚本,进行了一些小修改)
index.py 云函数服务默认调用的文件名,不要修改
import urllib3
import re
import requests
from urllib import request as RR
import json
from retrying import retry
from bs4 import BeautifulSoup
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
#定义通用的请求头
headers = {"user-agent": " Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
}#读取txt配置
def load_txt():
user_list = []
server_list = []
git_list = []
f = open(r'配置.txt', 'r', encoding='utf-8')
data = f.readlines()
for i in range(len(data)):
if data[i] != r'******author:dota_st******':
user_line = data[i].split(r"user=")[1].split("#")[0]
server_line = data[i].split(r"server_key=")[1].split("#")[0]
git_line = data[i].split(r"git_cookie=")[1].split("#")[0]
user_list.append(user_line)
server_list.append(server_line)
git_list.append(git_line)
else:
break
return user_list, server_list, git_list#使用server酱发送消息
def server_send(user_line, server_line, message):
data = {'desp': message}
server_key = server_line
requests.post("https://sctapi.ftqq.com/"+server_key+".send?title=尊贵的"+user_line+"用户bugku自动签到脚本结果", data=data)#获取签到结果返回信息
def login_result(user_line, server_line, bug_cookie):
global headers
headers['X-Requested-With'] = "XMLHttpRequest"
headers['cookie'] = bug_cookie
req = RR.Request(url='https://ctf.bugku.com/user/checkin', headers=headers) # 这样就能把参数带过去了
# 下面是获得响应
with RR.urlopen(req) as f:
Data = f.read()
data = json.loads(Data)
print(data['msg'])
server_send(user_line, server_line, data['msg'])
#登录判断
def login_status(user_line, server_line,res):
if ("登录成功" in res.text):
print("cookie提取成功!")
for i in res.headers['Set-Cookie'].split(','):
if ('PHPSESSID' in i):
login_result(user_line, server_line, i.strip())
break#主函数
@retry(stop_max_attempt_number=3)
def main_fun(user_line, server_line, git_line):
headers = {
"user-agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
}
keep = requests.Session()
div = BeautifulSoup(keep.get("https://ctf.bugku.com/login".rstrip(), headers=headers, verify=False).text, 'lxml')
git_url = div.find('a', class_='btn btn-floating btn-github')['href']
git_cookie = 'user_session={git_line1}; __Host-user_session_same_site={git_line2};'.format(git_line1=git_line, git_line2=git_line )
headers['cookie'] = git_cookie
flag = keep.get("https://github.com/settings/profile", headers=headers, verify=False, allow_redirects=False)
if(flag.status_code!= 200):
server_send(user_line, server_line, "github的cookie失效了噢!")
res = keep.get(git_url, headers=headers, verify=False)
login_status(user_line,server_line, res)
if("github.githubassets.com" in res.text):
print(res.text)
choose = res.text.split('<form action="')[1].split('<input type="hidden" name="scope"')[0]
rule = re.compile('name="(.*?)".*?value="(.*?)"')
form_data = rule.findall(choose)
Data = {}
for i in form_data:
Data[i[0]] = i[1]
Data['authorize'] = 1
formurl = "https://github.com" + choose.split('"')[0]
headers = {
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36",
"cookie": git_url
}
res = keep.post(formurl, data=Data, headers=headers, verify=False)
login_status(user_line,server_line, res)
elif("登录成功" not in res.text):
server_send(user_line, server_line, "超时错误")
keep.cookies.clear()
keep.close()def main():
passdef handler(event, context):
user_list, server_list, git_list = load_txt()
for i in range(len(user_list)):
main_fun(user_list[i], server_list[i], git_list[i])if __name__ == '__main__':
main()配置.txt,记得把对应的参数加进去
user=你的用户名# server_key=填写你的server酱# git_cookie=填写抓包获得的githubcookie#
******author:dota_st******
- 然后去注册一下server酱,绑定你的微信。然后通过调用server酱,把打卡结果发送到微信上
地址:https://sct.ftqq.com/
- 然后去注册一下server酱,绑定你的微信。然后通过调用server酱,把打卡结果发送到微信上
云函数部署
创建云函数
阿里云云函数网址
首次开通不收费,跟随指导直接默认开通就行
进入管理控制台 -> 选择函数 -> 创建函数 -> 选择事件函数 -> 填写函数名称,运行环境选择python,通过文件或压缩包上传代码 ->点击创建
配置运行环境
因为脚本需要用到一些外部库,因此需要下载,点击函数名进入函数,往下拉到在线编辑器界面,进入终端
进入终端后依次输入命令:
pip install --upgrade pip
pip install retrying -t .
pip install bs4 -t .
这三个命令的意思是更新pip,下载retrying库和bs4库脚本所在目录,库的具体作用自行百度
完成后点击部署代码,点击测试函数,可以看到脚本执行后的回显(我已经签过到了)
设置定时任务
往上找到配置点击后在触发器功能里创建触发器,选择定时触发器 ->输入定时器名称 自定义cron表达式 CRON_TZ=Asia/Shanghai 0 0 7 * * *(每天7点执行,可以更改数字7改变时间)点击确定。至此全部完成
!感谢dddmmm师傅投稿!
原文始发于微信公众号(SecHub网络安全社区):使用阿里云云函数进行bugku签到
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论