How to use Python's requests package to implement a mock login

This article is mainly for you to introduce in detail the use of Python requests package simulation landing, with a certain reference value, interested in small partners can refer to

Some time ago like to use Python to grab some pages to play, but are basically used get to request some pages, and then through the regular to filter.

Try it today and simulate landing a personal website. The discovery is also relatively simple. Reading this article requires a certain understanding of the HTTP protocol and HTTP sessions.

Note: because the simulation landing is my personal site, so the following code to the personal site and account password processing.

Website analysis

Crawler must be the first step to analyze the target site. This is an analysis using Google browser developer tools.

By landing crawl, see such a request.

The top section is the request header, and the following section is the parameter that the request is passed. As you can see from the picture, the page submits three parameters via a form. The _csrf,usermane,password are respectively.

One of the CSRF is to prevent cross-domain script forgery. The simple principle is that each time a request is generated, the server generates a string of encrypted strings. Placed in the hidden input form. Once again, the string is passed together in order to verify that the request is for the same user.

So, our code logic is there. First, request a login page. Then analyze the page and get the CSRF string. Finally, the string is passed along with the account password to the server for login.

First piece of code

#!/usr/bin/env python2.7#-*-coding:utf-8-*-import requestsimport re# Header information headers = {' Host ': ' localhost ', ' Accept-langu Age ': "zh-cn,zh;q=0.8", ' accept-encoding ': "gzip, deflate", ' Content-type ': "application/x-www-form-urlencoded", ' Connection ': "keep-alive", ' Referer ': "Http://localhost/login", ' user-agent ': "mozilla/5.0 (Windows NT 10.0; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/46.0.2490.86 safari/537.36 "}# login Method def login (URL,CSRF): data = {" _CSR F ": CSRF," username ":" Xiedj "," Password ":" * * * "} response = Requests.post (URL, data=data, headers=headers) return RESPO nse.content# first time Access get CSRF value def get_login_web (URL): page = Requests.get (' http://localhost/login ') reg = R ' <meta name= ' Csrf-token "Content=" (. +) "> ' CSRF = Re.findall (reg,page.content) [0] login_page = login (url,csrf) Print Login_pageif _ _name__ = = "__main__": url = "http://localhost/login/checklogin" Get_login_web (URL)

The code doesn't seem to have any problems. But it went wrong when it was executed. Check it out, the reason for the error is that CSRF verification failed!

Once more confirmation of the obtained CSRF and the CSRF string of the requested login no problem, I think of a problem.
If you don't know the wrong reason, you can pause to think about a problem. "How does the server know that the first request to get CSRF and the second post logon request is the same user?" ”

Here, it should be clear that if you want to log in successfully, you need to resolve how to make the service believe that two requests are the same user. There is a need to use the HTTP session (not clear can self-Baidu, here a brief introduction).

The HTTP protocol is a stateless protocol. In order for this stateless state to become stateful, a session is introduced. Simply put, by the session to record the state. When a user requests a Web service for the first time, the server generates a session to hold the user's information. Also, when returning to the client, save the SessionID in a cookie. When the user requests again, the browser will take this cookie. As a result, it is possible to know whether multiple requests are the same user on the server side.

So our code needs to get this sessionid on the first request. This sessionid is passed on the second request. And the requests of the place is, a simple requests. Session (), you can use this conversation object.

The second piece of code

#!/usr/bin/env python2.7#-*-coding:utf-8-*-import requestsimport re# Header information headers = {' Host ': ' L Ocalhost ", ' accept-language ':" zh-cn,zh;q=0.8 ", ' accept-encoding ':" gzip, deflate ", ' Content-type ':" application/ X-www-form-urlencoded ", ' Connection ':" keep-alive ", ' Referer ':" Http://localhost/login ", ' user-agent ':" mozilla/5.0 ( Windows NT 10.0; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/46.0.2490.86 safari/537.36 "}# login Method def login (url,csrf,r_session): data = {"_CSRF": CSRF, "username": "Xiedj", "Password": "* * *"} response = R_session.post (URL, data=data, Headers=header s) return response.content# first access gets CSRF value def get_login_web (URL): r_session = requests. Session () page = R_session.get (' http://localhost/login ') reg = R ' <meta name= "Csrf-token" content= "(. +)" > ' CSRF = re . FindAll (Reg,page.content) [0] login_page = login (url,csrf,r_session) print Login_pageif __name__ = = "__main__": url = "HT Tp://localhost/login/checklogin "Get_login_web (URL) 

Successful access to the page after landing

Can be known by code, requests. Session () The second request will automatically pass the last SessionID together when the conversation object is started.