test just test


Test Just Test Whitehat


1:可以考虑使用抓包的形式来跑一遍

2:可以考虑数据库到底是单独的就是这个数据库,还是包含了所有的数据的数据库,

3:apk的地址:http://qqt.mlocso.com/qqt/welcome.jsp



搜索http://
搜索“网络”
搜索 “result” 找到了package com.mlocso.framework;这个包里面的HttpRequest
搜索 HttpRequest 得到 package com.mlocso.framework.fun.other; 下面的FindUserPasswordReq,GetSMSCodeReq


开通:
package com.mlocso.qinqingtong.module.kaitong;

public class KaiTongClient



http://221.180.145.233:8081/Recommend/recommended/recommendedReport")




package com.mlocso.qinqingtong.module.homepage; ActualLocationUtil 这个文件是请求数据的JSON的。




public class ActualLocationUtil
{
  private static final String ACTION_CODE = "action_code";
  private static final String CHILD_MOBILE = "child_mobile";
  private static final String NICK_NAME = "nick_name";
  private static final String SESSIONID = "sessionid";
  private static final String TRANS = "trans";
  private HttpClient mClient = null;
  private HttpPost mPost = null;
  private String url = "";
  private String urlx = "http://221.180.145.32:8084/msp/DWTRTerminalGate";
  
  public ActualLocationUtil()
  {
    this.mClient.getParams().setParameter("http.connection.timeout", Integer.valueOf(30000));
    this.mClient.getParams().setParameter("http.socket.timeout", Integer.valueOf(30000));
  }
  
  public String getLocateResult(String paramString, Context paramContext)
    throws ClientProtocolException, IOException, JSONException, InterruptedException
  {
    String str1 = paramContext.getSharedPreferences("FREELOGIN", 1).getString("sessionId", "");
    this.url = (this.urlx + "?" + "action_code" + "=" + "A035" + "&" + "sessionid" + "=" + str1 + "&" + "trans" + "=" + paramString);
    this.mPost = new HttpPost(this.url);
    UrlEncodedFormEntity localUrlEncodedFormEntity = new UrlEncodedFormEntity(new ArrayList(), "UTF-8");
    this.mPost.setEntity(localUrlEncodedFormEntity);
    this.mPost.addHeader("Content-Type", "application/x-www-form-urlencoded;charset=utf-8");
    Constants.setStopLocation(false);
    for (;;)
    {
      if (Constants.STOP_LOCATION)
      {
        Log.e("��������������", "---------");
        return null;
      }
      Log.e("������������", this.url);
      HttpResponse localHttpResponse = this.mClient.execute(this.mPost);
      if (localHttpResponse.getStatusLine().getStatusCode() == 200)
      {
        String str2 = EntityUtils.toString(localHttpResponse.getEntity(), "UTF-8");
        if ((str2 != null) && (!str2.contains("20107")))
        {
          Constants.setStopLocation(false);
          Log.e("��������", str2);
          return str2;
        }
      }
      Thread.sleep(5000L);
    }
  }
  
  public String locate(String paramString1, String paramString2, Context paramContext)
    throws ClientProtocolException, IOException, JSONException
  {
    String str1 = paramContext.getSharedPreferences("FREELOGIN", 1).getString("sessionId", "");
    this.url = (this.urlx + "?" + "action_code" + "=" + "A034" + "&" + "sessionid" + "=" + str1 + "&" + "child_mobile" + "=" + paramString1 + "&" + "nick_name" + "=" + URLEncoder.encode(paramString2, "GBK"));
    this.mPost = new HttpPost(this.url);
    UrlEncodedFormEntity localUrlEncodedFormEntity = new UrlEncodedFormEntity(new ArrayList(), "UTF-8");
    this.mPost.setEntity(localUrlEncodedFormEntity);
    this.mPost.addHeader("Content-Type", "application/x-www-form-urlencoded;charset=utf-8");
    HttpResponse localHttpResponse = this.mClient.execute(this.mPost);
    if (localHttpResponse.getStatusLine().getStatusCode() == 200)
    {
      String str2 = EntityUtils.toString(localHttpResponse.getEntity(), "UTF-8");
      System.out.println("url" + this.url);
      System.out.println("result" + str2);
      JSONObject localJSONObject = new JSONObject(str2);
      if (str2.contains("trans")) {
        str2 = localJSONObject.getString("trans");
      }
      while ((str2.contains("\"x\"")) && (str2.contains("\"y\""))) {
        return str2;
      }
      if ((str2.contains("20009")) || (str2.contains("20008"))) {
        return "02";
      }
      if (str2.contains("20002")) {
        return "408";
      }
    }
    return "";
  }
}


在网址输入:http://221.180.145.32:8084/msp/DWTRTerminalGate
会得到请求错误,需要POST请求。







public String getUrl()
  {
    if (Constants.TEST) {
      return "http://211.137.44.86:8080/amnyw/ywGetMyPwd";
    }
    return "http://211.137.44.86:8080/amnyw/ywGetMyPwd";
  }




public class GetSMSCodeReq
  extends HttpRequest
{
  public HttpResponse doPost(String paramString1, String paramString2, String paramString3)
    throws ConnectTimeoutException, ClientProtocolException, IOException
  {
    BASE64Encoder localBASE64Encoder = new BASE64Encoder();
    ConcurrentHashMap localConcurrentHashMap1 = new ConcurrentHashMap();
    localConcurrentHashMap1.put("svn", paramString2);
    localConcurrentHashMap1.put("x-dp-imsi", localBASE64Encoder.encode(paramString1.getBytes()));
    localConcurrentHashMap1.put("x-serialnum", SerialNumberUtils.getSerialNumber());
    localConcurrentHashMap1.put("spid", Constants.SPID_VALUE);
    ConcurrentHashMap localConcurrentHashMap2 = new ConcurrentHashMap();
    localConcurrentHashMap2.put("msisdn", paramString3);
    return doPost(localConcurrentHashMap1, localConcurrentHashMap2);
  }
  
  public String getUrl()
  {
    if (Constants.TEST) {
      return "http://211.137.44.86:8080/amnyw/ywGetSMSCode";
    }
    return "http://211.137.44.86:8080/amnyw/ywGetSMSCode";
  }
}




public class ModifyUserPasswordReq
  extends HttpRequest
{
  public HttpResponse doPost(String paramString1, String paramString2, String paramString3, String paramString4, String paramString5)
    throws ConnectTimeoutException, ClientProtocolException, IOException
  {
    BASE64Encoder localBASE64Encoder = new BASE64Encoder();
    ConcurrentHashMap localConcurrentHashMap1 = new ConcurrentHashMap();
    localConcurrentHashMap1.put("svn", paramString2);
    localConcurrentHashMap1.put("x-dp-imsi", localBASE64Encoder.encode(paramString1.getBytes()));
    localConcurrentHashMap1.put("x-serialnum", SerialNumberUtils.getSerialNumber());
    localConcurrentHashMap1.put("spid", Constants.SPID_VALUE);
    ConcurrentHashMap localConcurrentHashMap2 = new ConcurrentHashMap();
    localConcurrentHashMap2.put("msisdn", paramString3);
    localConcurrentHashMap2.put("oldpassword", localBASE64Encoder.encode(paramString4.getBytes()));
    localConcurrentHashMap2.put("newpassword", localBASE64Encoder.encode(paramString5.getBytes()));
    return doPost(localConcurrentHashMap1, localConcurrentHashMap2);
  }
  
  public String getUrl()
  {
    if (Constants.TEST) {
      return "http://211.137.44.86:8080/amnyw/ywModifyPwd";
    }
    return "http://211.137.44.86:8080/amnyw/ywModifyPwd";
  }
}




public class OtherUserLoginReq
  extends HttpRequest
{
  public HttpResponse doPost(String paramString1, String paramString2, String paramString3, String paramString4)
    throws ConnectTimeoutException, ClientProtocolException, IOException
  {
    BASE64Encoder localBASE64Encoder = new BASE64Encoder();
    ConcurrentHashMap localConcurrentHashMap1 = new ConcurrentHashMap();
    localConcurrentHashMap1.put("svn", paramString2);
    localConcurrentHashMap1.put("x-dp-imsi", localBASE64Encoder.encode(paramString1.getBytes()));
    localConcurrentHashMap1.put("x-serialnum", SerialNumberUtils.getSerialNumber());
    localConcurrentHashMap1.put("spid", Constants.SPID_VALUE);
    ConcurrentHashMap localConcurrentHashMap2 = new ConcurrentHashMap();
    localConcurrentHashMap2.put("msisdn", paramString3);
    localConcurrentHashMap2.put("password", paramString4);
    return doPost(localConcurrentHashMap1, localConcurrentHashMap2);
  }
  
  public String getUrl()
  {
    if (Constants.TEST) {
      return "http://211.137.44.86:8080/amnyw/ywLogin";
    }
    return "http://211.137.44.86:8080/amnyw/ywLogin";
  }
}






public class GetMsgInfo
  extends HttpRequest
{
  public HttpResponse doPost(String paramString1, String paramString2, String paramString3, String paramString4)
    throws ConnectTimeoutException, ClientProtocolException, IOException
  {
    BASE64Encoder localBASE64Encoder = new BASE64Encoder();
    ConcurrentHashMap localConcurrentHashMap1 = new ConcurrentHashMap();
    localConcurrentHashMap1.put("svn", paramString3);
    localConcurrentHashMap1.put("x-dp-imsi", localBASE64Encoder.encode(paramString2.getBytes()));
    localConcurrentHashMap1.put("x-serialnum", SerialNumberUtils.getSerialNumber());
    localConcurrentHashMap1.put("spid", Constants.SPID_VALUE);
    localConcurrentHashMap1.put("x-session-id", paramString4);
    ConcurrentHashMap localConcurrentHashMap2 = new ConcurrentHashMap();
    localConcurrentHashMap2.put("sysVersion", "Android");
    localConcurrentHashMap2.put("msgID", paramString1);
    return doPost(localConcurrentHashMap1, localConcurrentHashMap2);
  }
  
  public String getUrl()
  {
    if (Constants.TEST) {
      return "http://211.137.44.86:8080/amnmsg/getMsgInfo";
    }
    return "http://msg.mlocso.com:8371/amnmsg/getMsgInfo";
  }
}




public class GetUrlReq
  extends HttpRequest
{
  public HttpResponse doPost(String paramString1, String paramString2)
    throws ConnectTimeoutException, ClientProtocolException, IOException
  {
    BASE64Encoder localBASE64Encoder = new BASE64Encoder();
    ConcurrentHashMap localConcurrentHashMap = new ConcurrentHashMap();
    localConcurrentHashMap.put("svn", paramString2);
    localConcurrentHashMap.put("x-dp-imsi", localBASE64Encoder.encode(paramString1.getBytes()));
    localConcurrentHashMap.put("x-serialnum", SerialNumberUtils.getSerialNumber());
    localConcurrentHashMap.put("spid", Constants.SPID_VALUE);
    return doPost(localConcurrentHashMap, null);
  }
  
  public String getUrl()
  {
    if (Constants.TEST) {
      return "http://211.137.44.86:8080/amnmsg/onGetUrl";

你可能感兴趣的:(test just test)