Background: The company adopts software punch-in, and there are restrictions on punch-in addresses, and punch-in can only be done within a few hundred meters around the company.
Goal: Obtain the interface address by capturing packets, manually tamper with the GPS coordinate address, and achieve the purpose of punching in anytime, anywhere.
Tools: windows7_x64+ fiddler + GPS query website + Httpea (running on iPhone).
step:
1. Download and install fiddler .
2. Configure fiddler , assuming the IP is 192.168.2.100.
3. Configure the iPhone and set the proxy to point to the fiddler's IP and port: 192.168.2.100:8888
4. Run the punch-in software and click the punch-in button.
5. At this time, you can see the called url and input parameters on the fiddler interface, and you can find that the input parameters are based on the form. You can also see the parameters in the header.
6. Decode the input parameter . Because the input parameter is encode, there are a lot of % in it. Using decode can restore the original string. Press ctrl+e, copy the input parameters cut out by fiddler, and select URLDecode.
6. Use the GPS query website to query the longitude and latitude of the company's location.
7. Download Httpea on the iPhone, fill in the url found above (the longitude and latitude should be changed to the company's), the parameters in the parameters, and the header, click the send button, you can check in successfully
. In this way, you can use your mobile phone to punch in anywhere, regardless of location.
Note :
1. Only play the same day. Assuming that yesterday's forgotten hit, this method is powerless.
2, can only solve the location restrictions. Time constraints cannot be resolved. In other words, if you're late, you can only be late.
3. In summary, the time is controlled by the server, and no interface is left on the client.
above, the goal has been reached
----------------------------------------------------------------------------------------------------------------
Here are some debugging tips:
1. If you don't use Httpea, you can use fiddler directly to achieve the goal of punching in. Because fiddler has a function to intercept all requests , when the request is intercepted, change the longitude and latitude to the company's, and then click Run To Completion.
2. You can use postman to debug. Installing postman requires fanqiang (you can use lantern)
left questions:
I found that the entry for punching in at work and punching in after get off work is the same. I don’t know if it was my mistake, I didn’t distinguish between the two, and I will try again tomorrow.
Here is a fiddler tutorial for a particularly small tank!