XHR 劫持并修改post中某个数据内容的求助
1、已知网站引用的Ajax的js文件及post内容的函数。2、已查看了XHR发送内容【postData": { "mimeType": "application/json;charset=UTF-8",
"text": "{\"historyId\":63641374,\"position\":240,\"len\":\"5400\",\"cid\":\"61\"}"】
3、如何在脚本中劫持XMLHttpRequest,并修改JS中某个参数,从而达到修改postData中position\":240,\"的数值。比如把240修改为2400或者直接等于len的值。
4、需要帮我把脚本代码写出来,或者推荐一个简单实用的抓包、能修改XHR中post信息并再次发送的软件。
下附Ajax请求JS文件:
(function (window, $) {
var timer1;
var timer2;
window.readAssist = function (id,source,postion,percent,len,root,timespace) {
var reloginpage = root + "/page/common-tokenerror";
var assist = new Object();
assist.hid = 0;
assist.url = root + "/resource/saveTssView";
assist.source = source;
assist.postion = postion;
assist.percent = percent;
assist.len = len;
assist.time = parseInt(new Date().getTime() / 1000);
if (timespace && !isNaN(timespace)) {
assist.timespace = timespace * 1000;
} else {
assist.timespace = 60000;
}
var result = new Object();
result.cid = id;
result.source = assist.source;
result.ttion = assist.postion;
result.percent = assist.percent;
assist.first = function () {
if (assist.hid == 0) {
$.ajax({
url: assist.url,
data: JSON.stringify(result),
type: "post",
dataType: "json",
timeout: 20000,
contentType: "application/json;charset=utf-8",
error: function (message) {
window.wxc.xcConfirm(
"网络繁忙,请稍后刷新页面重试!",
"studyWarning"
);
},
success: function (data) {
if (data) {
if (data.status == 0) {
assist.hid = data.id;
if (assist.timespace != 0) {
timer1 = window.setInterval(function () {
assist.progressing();
}, assist.timespace);
timer2 = window.setTimeout(function () {
assist.progressing();
clearInterval(timer1);
}, parseInt(len) * 1000);
}
} else if (data.status == 1) {
window.wxc.xcConfirm(
"获得初始进度失败,请刷新页面重试!",
"studyWarning"
);
}
}
}
});
}
};
assist.progressing = function () {
var now = parseInt(new Date().getTime() / 1000);
if (assist.postion == "") {
assist.postion = now - assist.time;
} else {
assist.postion = parseInt(assist.postion) + (now - assist.time);
}
assist.time = now;
var result = new Object();
result.historyId = assist.hid;
result.position = assist.postion;
result.len = assist.len;
result.cid = id;
$.ajax({
url: assist.url,
data: JSON.stringify(result),
type: "post",
dataType: "json",
timeout: 20000,
contentType: "application/json;charset=utf-8",
error: function (message) {
window.wxc.xcConfirm("网络繁忙,请稍后刷新页面重试!", "error");
},
success: function (data) {
if (data) {
if (data.status == 0) {
} else if (data.status == 1) {
window.wxc.xcConfirm(
"进度记录失败,请刷新页面重试!",
"studyWarning"
);
} else if (data.status == 2) {
window.clearTimeout(timer1);
window.clearTimeout(timer2);
window.wxc.xcConfirm(
"不能同时学习多门课程,点击确认关闭窗口。",
"readCourse",
{
onOk: function (v) {
window.close();
}
}
);
}
}
}
});
};
assist.history = function () {
if (assist.hid == 0) {
assist.first();
} else {
assist.progressing();
}
};
assist.history();
return assist;
};
})(window, $);
本帖最后由 cxxjackie 于 2022-10-8 21:10 编辑
https://bbs.tampermonkey.net.cn/thread-3284-1-1.html
// ==UserScript==
// @name xhr劫持
// @description...
// @namespace ...
// @author ...
// @version 1.0
// @match 你要匹配的网站
// @require https://scriptcat.org/lib/637/1.0.1/ajaxHooker.js
// @run-at document-start
// ==/UserScript==
(function() {
'use strict';
ajaxHooker.hook(request => {
if (request.url.includes('/resource/saveTssView') && request.method === 'POST') {
request.data = val => {
const postData = JSON.parse(val);
postData.position = 2400;
return JSON.stringify(postData);
};
}
});
})();
页:
[1]