AoPS ajax

The AoPS Ajax route (alcumus/ajax.php, community/ajax.php, ajax.php) is the API Endpoint for AoPS Community and Alcumus. (Note: you can't cheat on Alcumus using this!)

You can make community bots using the ajax endpoint, even moderator bots!

But first, we must understand what it does.

Ajax stands for Asynchronous JavaScript And XML. You can basically load content from other pages, such as google.com. AoPS uses these two files to make posts in the community, submit answers in Alcumus. We can harness the power and create evil stuff, but we'll stick to making chill programs for now.

We first must understand how to use it!

To understand how AoPS Itself uses it, we must see its requests to the ajax file.

If we open the console (ctrl+shift+i) then click the network tab, we will see all of the requests AoPS made.

Let's try and post a post. We submit, and something interesting shows up in the network tab. A text named ajax.php shows up. we click on (the first one), and this shows up:


That is the request made by AoPS to make that post I just submitted.

curl "https://artofproblemsolving.com/m/community/ajax.php" ^

 -H "authority: artofproblemsolving.com" ^
 -H "accept: application/json, text/javascript, */*; q=0.01" ^
 -H "prefer: safe" ^
 -H "x-requested-with: XMLHttpRequest" ^
 -H "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36 Edg/89.0.774.77" ^
 -H "content-type: application/x-www-form-urlencoded; charset=UTF-8" ^
 -H "origin: https://artofproblemsolving.com" ^
 -H "sec-fetch-site: same-origin" ^
 -H "sec-fetch-mode: cors" ^
 -H "sec-fetch-dest: empty" ^
 -H "referer: https://artofproblemsolving.com/" ^
 -H "accept-language: en-US,en;q=0.9" ^
 -H "cookie: __cfduid=dda7200b8cf4d1a887206f22b8c9dc4861618527781; _gcl_au=1.1.1406359502.1618527782; _hjid=b4888a37-5b79-459c-b9ac-68ab97f938c2; auid=561462; alogin=nbctbk; _gid=GA1.2.1373483230.1618684470; aopssid=EgBVyeZapSNX16187698697746pM5qdFNDNMGv; aopsuid=561462; _gaexp=GAX1.2.vcocTA_uQOabMfyYJW6VSw.18808.0; ifkchdtccd_AuthAopsSession=p8p3rgvb1u39kdm8pgb717mg42s20c4r; _uetsid=8c1ad5509fab11eba8a82b8ef387899a; _uetvid=ba9619409e3e11eb807b4fa70cc9a431; _ga=GA1.2.808991707.1618527782; cmty_init_time=1618773866; _ga_NVWC1BELMR=GS1.1.1618772225.106.1.1618773925.1; UseDC=master; UseCDNCache=false" ^
 --data-raw "attachments=^%^5B^%^5D&post_text=Just+testing^%^2C+nothing+intresting+here&notify_email=0&topic_id=2282563&allow_latex_errors=0&last_post_num=581&last_update_time=1618506889&disable_bbcode=0&is_announcement=0&a=submit_post&aops_logged_in=true&aops_user_id=561462&aops_session_id=cc344bed5996c8ea0a375930e9d8d0d8" ^

(note: I cleared all of that cookie and session stuff. not gonna work by the time you're reading this.)

That is the curl code that AoPS sent to the ajax. that basically means, "Hey can you do what this curl code says"

if we can convert it to python code, this is what it might look like:


In the data variable, we can actually see what I wrote in.

if we make a request to https://artofproblemsolving.com/m/community/ajax.php with those headers and data, and reload the thread (or whatever), we can actually see the code actually made a post!

This is all it for now, I will write more later

Invalid username
Login to AoPS