Python Interface Automation 12-case Study (Csrftoken) "Reprint"

Source: Internet
Author: User

Objective:

Some websites to log in with the previous blog park and token login will not be the same, put Csrftoken into a cookie, before and after the login cookie is no change, in this case how to bypass the front-end verification code login?

First, before and after the comparison

1. If the login page has a graphics verification code, this is generally the way to bypass login, such as through packet analysis, first do not enter the password, grab the packet

(Because this is the company's internal Web site, so the URL can not be open, only to provide solutions to the problem of ideas)

2. Enter your account and password in the login page after manual login, the following information is captured

3. After the packet capture cookie information before and after the login has not changed, there are mainly three parameters:

--businessusername: This is the account name
--jsessionid: This is a string of strings, mainly see this will not change (usually have a valid) copy out on the line
--csrftoken: This is a string of strings, mainly see this will not change (usually have a valid) copy out on the line

Second, GET request

1. A GET request like this sign-in method, the request header cookie does not change, this can ignore login directly, do not need to control the login process, directly send the request on the line

2. Code implementation

# Coding:utf-8
Import requests
# coupon List
url = ' Http://xxx/xxx/coupon/list '
H = {
"User-agent": "mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) gecko/20100101 firefox/44.0 ",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",
"Accept-encoding": "gzip, deflate",
"Cookie": "Csrftoken=xxx (copy the information of the grab packet); JSESSIONID=XXX (Copy the information of the grab packet); Businessusername= (user name) ",
"Connection": "Keep-alive"
}
r = Requests.get (URL, headers=h)
Print R.content

Third, POST request to encounter pit

1.post request can also ignore the login process, the direct grab packet three parameters in the cookie (Businessusername, Jsessionid, Csrftoken) added to the head is also possible.

2. But here comes a pit: Redirect to login page with composer request

3. Main reason: Redirect request, cookie parameter missing

Four, redirect

1. To solve the above problem, it is very simple, the redirection is disabled (specific to the 2.8 redirect location) after the link to obtain, re-send a GET request, the head with the three parameters of the cookie on the line

# Coding:utf-8
Import requests
# mostly Post requests redirect, cookies are lost, so go back to the login page
# Workaround, disable redirection, get redirected URLs, re-send redirected URL address requests on the line

# three main parameters
Csrftoken = ' acquired Csrftoken, usually with an expiry date '
Jsessionid = ' acquired Jsessionid '
UserName = ' User name '


url = ' Http://xxx/xxxx/update '
H1 = {
"User-agent": "mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) gecko/20100101 firefox/46.0 ",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",
"Accept-encoding": "gzip, deflate",
"Cookie": "csrftoken=%s; jsessionid=%s; businessusername=%s "% (Csrftoken, Jsessionid, UserName),
"Connection": "Keep-alive",
"Content-type": "application/x-www-form-urlencoded",
"Content-length": "115"
}

BODY = {"Instantmessageid": "56",
"Name": U "haha 1",
"Order": "",
"Csrftoken": Csrftoken,
"Type": "QQ",
"Account": "1001"}

s = requests.session ()
R1 = s.post (URL, headers=h1, Data=body, Allow_redirects=false)
Print R1.status_code
# Get redirected URL address
Redirect_url = r1.headers["Location"]
Print Redirect_url

H2 = {
"User-agent": "mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) gecko/20100101 firefox/46.0 ",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
"Accept-language": "zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3",
"Accept-encoding": "gzip, deflate",
"Cookie": "csrftoken=%s; jsessionid=%s; businessusername=%s "% (Csrftoken, Jsessionid, UserName),
"Connection": "Keep-alive"
}
r2 = S.get (Redirect_url, HEADERS=H2)
Print R2.content

Python Interface Automation 12-case Study (Csrftoken) "Reprint"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.