I am a CS undergrad and i do what the uni tells me to do
cause academics

altho sometimes when they are shoving things down our throats i get mad

and so they gave us this online course platform to learn about AI
do they have structured classes ?
no
its more like bunch of random articles that we are supposed to read and click mark as done

so being the lazy guy i am i automated this redundant task
its an autoclicker

go right click click inspect, and paste this in console

targets=document.querySelector('.contentlist_sec').children

function complete(f=0){
elem=targets[f]
if(f >= targets.length){
    return
}
let pid=elem.id.split('_')[1]
getSubProduct(pid,'0','1','false')
setTimeout(()=>{
pre_mark_as_complete(pid,'false')
},1000)
setTimeout(()=>{
mark_as_complete_hub_product(parseInt(pid))
elem.classList.remove('allActiveProd')
},3000)
setTimeout(()=>{
    complete(f+1)
},7000)
}
complete()

wait some seconds and u have all your courses automatically clicked and done awesome right ?

well i should have stopped there
well i didn't

the ugly

little did i know i was getting myself into a grave grave mistake that would haunt me for an entire night
rise my adrenaline levels and almost threw me into a panic attack

i inspected the quizzes section and decided to see how i can bypass the quizz , i moved around the js files sent to the client and figured out a way to print the answers well the IDs of the answers
you'll have to inspect and click on them so its kinda hard

this wasnt enough i wanted to see if i can override the entire quizz cause i saw no live answers being posted to a server on checking requests all i saw was nothing

so the quizz was being validated on the client which itself is a stupid thing to do , hey atleast they put it inside an iframe to make it work so good for them
most peeps dont know this trick
you can access an

>> frames

this is an array of iframes so i can even call the methods inside the iframe script by just chaining them to the first iframe like an object's methods

>> frames[0].checkAnswers()

yup its that obvious client code isnt bundled no obscufication just straight up methods and their names
good for us
bad for them

frames[0].questions_data.map(v=>v.all_options.filter(s=>s.is_true==1)).forEach((val,i)=>{
let log=frames[0].document.getElementById(val[0].answer_id).children[0].children[0].innerHTML
console.log(`${i+1})  ${log}`)
})

i dont think they care tbh if they did they wouldnt have made a shitty site to begin with and most of all the courses are very shit

so i saw this method called publishResult() and thought this might directly publish my results and get me that quizz completed
so i went ahead and called it

grave mistake, if i had a timemachine i'd go back in time and smack old me before doing it,
this traumatic incident has given me a new insight

never call a function or any get routes that seems like they are
messing with data on the db
reason is simple get request's likely modify something on the server and its not gonna let u control that modification again , so once its done theres no over-riding it unless u find another post request that actually does something

well in this apps case its a get request so i started this shit around 2am as of time i am writign this its 6:30 am yes i didnt sleep
i couldnt sleep

cause the calling that publishResult() from the client did something and made my quizzy a self paced one meaning that i cant retake it anymore , too bad i havent even completed

so there i was stuck midway at a course 16% done , mandatory for the semester unable to move past this quizz , cause no matter how hard i try server will not serve the quizz link to me cause that route likely is doing some checking with some table inside the server and its saying that i have already completed so send me the results page

except the thing isn't marked as complete in the courses table (ig at this point i can only guess what they have named it as)
so i was cooked

deep fried 🥵
like burnt to ashes sorta cooked

there was 0 escape , i dug into the iframes nothing there
no new function calls no new ways to find the new routes
i even installed fucking gobuster in hopes of finding new routes
so that i can do a post request to
no way to continue this course without clearing that quizz , but quizz wont open cause the server thinks i did it already

i was almost at the verge of a panic attack i calmed down and started praying to the god

fr i was stressing over this cause no ordianry person would ever encounter this error and i had some serious explaining to do if i was caught

publishResult() was inside the iframe it wont be called unless the server decided its the right time to serve it to normies would never even call this let alone inspect the site, i cant even explain that to the helpline

anyways i decided to sleep and call helpline then due to the fear i refused to give up i wanted this shit done no matter how hard it was
if i got to this point i can fix it as well
i tried taking new courses and trying to attend quizzes again to see how the system did it

after hours of digging attending the same quizz over 10-11 times i finally found a promising url ,and i chaged the quizz id and then i did a get request to the server got 500 back

i was dead 500 error code ,luckly error was some
for some reason the thing worked and i had overridden the quizz
and got the course marked as completed

override quizzes

here is that magic overriding link

https://www./LX/vcourses/declare_course_complete_self_pace?c_id=&enb_id=&content_player=true&dashboard_mark_as_complete=&new_ui_flag=true&quiz_single_node=true

idk what enb id is (cause god knows what they thought of while making this api) i figured it'd be different for diff users so if u wanna know yours just inspect some of those iframe ajax requests or just inspect the iframe itself prolly youll find it there

and it overrides quizzes , i want to see how to override a whole course like the entire thing but that will prolly be too noticeable to be disregarded as a glitch ig
so basically if u wanna override a quizz without doing it just call this ig

i didnt wanna expose that company so i placed sitename.in replace that with the sites name if yk yk

should u do this

absolutely frikin no !!
defo dont do this if u are doing this , then you are either running out of time or just wanna like do it for the sake of doing this

btw the autoclicker thingy perfectly safe to use , but ethically i think its better to go through each article and try to learn something dont chase comfort like i did , i lost sleep over it
well now i am scared to even open that website
😩 anyways that was my terrible experience with this mooc courses platform

(i should make another article criticizing how retarded most indian companies are when it comes to making websites its like we never escaped the php and jquery era { i am speaking as if i could make these big sites 😵})