Python Interface Automation 12-case Study (Csrftoken) "Reprint"

Objective:

Some websites to log in with the previous blog park and token login will not be the same, put Csrftoken into a cookie, before and after the login cookie is no change, in this case how to bypass the front-end verification code login?

First, before and after the comparison

1. If the login page has a graphics verification code, this is generally the way to bypass login, such as through packet analysis, first do not enter the password, grab the packet

(Because this is the company's internal Web site, so the URL can not be open, only to provide solutions to the problem of ideas)

2. Enter your account and password in the login page after manual login, the following information is captured

3. After the packet capture cookie information before and after the login has not changed, there are mainly three parameters:

--businessusername: This is the account name
--jsessionid: This is a string of strings, mainly see this will not change (usually have a valid) copy out on the line
--csrftoken: This is a string of strings, mainly see this will not change (usually have a valid) copy out on the line

Second, GET request

1. A GET request like this sign-in method, the request header cookie does not change, this can ignore login directly, do not need to control the login process, directly send the request on the line

2. Code implementation

# Coding:utf-8
Import requests
# coupon List
url = ' Http://xxx/xxx/coupon/list '
H = {
"User-agent": "mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) gecko/20100101 firefox/44.0 ",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",
"Accept-encoding": "gzip, deflate",
"Cookie": "Csrftoken=xxx (copy the information of the grab packet); JSESSIONID=XXX (Copy the information of the grab packet); Businessusername= (user name) ",
"Connection": "Keep-alive"
}
r = Requests.get (URL, headers=h)
Print R.content

Third, POST request to encounter pit

1.post request can also ignore the login process, the direct grab packet three parameters in the cookie (Businessusername, Jsessionid, Csrftoken) added to the head is also possible.

2. But here comes a pit: Redirect to login page with composer request

3. Main reason: Redirect request, cookie parameter missing

Four, redirect

1. To solve the above problem, it is very simple, the redirection is disabled (specific to the 2.8 redirect location) after the link to obtain, re-send a GET request, the head with the three parameters of the cookie on the line

# Coding:utf-8
Import requests
# mostly Post requests redirect, cookies are lost, so go back to the login page
# Workaround, disable redirection, get redirected URLs, re-send redirected URL address requests on the line

# three main parameters
Csrftoken = ' acquired Csrftoken, usually with an expiry date '
Jsessionid = ' acquired Jsessionid '
UserName = ' User name '


url = ' Http://xxx/xxxx/update '
H1 = {
"User-agent": "mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) gecko/20100101 firefox/46.0 ",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",
"Accept-encoding": "gzip, deflate",
"Cookie": "csrftoken=%s; jsessionid=%s; businessusername=%s "% (Csrftoken, Jsessionid, UserName),
"Connection": "Keep-alive",
"Content-type": "application/x-www-form-urlencoded",
"Content-length": "115"
}

BODY = {"Instantmessageid": "56",
"Name": U "haha 1",
"Order": "",
"Csrftoken": Csrftoken,
"Type": "QQ",
"Account": "1001"}

s = requests.session ()
R1 = s.post (URL, headers=h1, Data=body, Allow_redirects=false)
Print R1.status_code
# Get redirected URL address
Redirect_url = r1.headers["Location"]
Print Redirect_url

H2 = {
"User-agent": "mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) gecko/20100101 firefox/46.0 ",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",
"Accept-encoding": "gzip, deflate",
"Cookie": "csrftoken=%s; jsessionid=%s; businessusername=%s "% (Csrftoken, Jsessionid, UserName),
"Connection": "Keep-alive"
}
r2 = S.get (Redirect_url, HEADERS=H2)
Print R2.content

Python Interface Automation 12-case Study (Csrftoken) "Reprint"