I am trying to automate 2 requests using python, first request is GET and the 2nd is POST
Here is how I manually do it using Chrome,
I visit http://testserver/index on chrome browser.
It prompt me for NTLM login. I provided username/password which was successful. Then I went on another page,
http://testserver/find_user and enter a username to search for. I press entered which displayed the results.
Then I copy the curl request from Chrome, convert it into python code and got this,
import requests
with requests.Session() as session:
session.auth = HttpNtlmAuth("DOSTR\\TESTUSER", getpass.getpass('Password:'))
url = "http://testserver/find_user"
payload = "username=test"
headers = {
'Connection': "keep-alive",
'Cache-Control': "max-age=0",
'Origin': "http://testserver",
'Upgrade-Insecure-Requests': "1",
'Content-Type': "application/x-www-form-urlencoded",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
'Referer': "http://testserver/find_user?thread=2&aftk-687=-719740030",
'Accept-Encoding': "gzip, deflate",
'Accept-Language': "en-GB,en-US;q=0.9,en;q=0.8",
'Cookie': "JSESSIONID=4D8270489027BCD04777AAB32769B3A9; lang=en; mode=index"
}
response = session.request("POST", url, data=payload, headers=headers)
print(response.text)
The above request works.
But the problem is I have to make a first request using Chrome to generate cookies.
So I tried making the first request using Python as well like this, and use its cookies in the 2nd request
with requests.Session() as session:
session.auth = HttpNtlmAuth("DOSTR\\TESTUSER", getpass.getpass('Password:'))
url = "http://testserver/index"
headers = {
'Connection': "keep-alive",
'Upgrade-Insecure-Requests': "1",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
'Accept-Encoding': "gzip, deflate",
'Accept-Language': "en-GB,en-US;q=0.9,en;q=0.8"
}
response = session.request("GET", url, headers=headers, allow_redirects=True)
# now 2nd request in same session with cookies of above response.
url = "http://testserver/find_user"
payload = "username=test"
headers = {
'Connection': "keep-alive",
'Cache-Control': "max-age=0",
'Origin': "http://testserver",
'Upgrade-Insecure-Requests': "1",
'Content-Type': "application/x-www-form-urlencoded",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
'Referer': "http://testserver/find_user?thread=2&aftk-687=-719740030",
'Accept-Encoding': "gzip, deflate",
'Accept-Language': "en-GB,en-US;q=0.9,en;q=0.8"
}
response = session.request("POST", url, data=payload, headers=headers, cookies=response.cookies)
print(response.text)
But I keep getting permission denied error on the 2nd request (The GET request is successful, and I can see the output if I print it)
it only works when I use the cookies in 2nd request generated by Chrome, but not when I generate those cookies using python
I am not sure why the cookies from first request is not working in the 2nd request.
Can someone please tell me what am I doing wrong?
Edit:
Response header from GET request in chrome,
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Encoding: gzip
Expires: Sat, 6 May 1995 12:00:00 GMT
Server: Microsoft-IIS/7.5
X-Frame-Options: DENY
Set-Cookie: JSESSIONID=F8DC91356195C0D1730638B81A60F6EB; Path=/index/; HttpOnly
Set-Cookie: lang=en; Expires=Mon, 09-Apr-2068 18:49:54 GMT
Persistent-Auth: true
X-Powered-By: ASP.NET
Date: Tue, 05 Feb 2019 21:24:57 GMT
Content-Length: 13267
Response header from GET request in Python,
{'Cache-Control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', 'Pragma': 'no-cache', 'Content-Length': '984', 'Content-Type': 'text/html;charset=UTF-8',
'Content-Encoding': 'gzip', 'Expires': 'Sat, 6 May 1995 12:00:00 GMT', 'Server': 'Microsoft-IIS/7.5', 'X-Frame-Options': 'DENY', 'Set-Cookie': 'JSESSIONID=EF3589A5EC319542C6254C16418F6265; Path=/index/; HttpOnly', 'Persistent-Auth': 'true', 'X-Powered-By': 'ASP.NET', 'Date': 'Tue, 05 Feb 2019 21:27:33 GMT'}
Related
I'm working on a web scraper build in python. Until now I build the following code:
import requests
headers = {
'authority': 'truegamedata.com',
'accept': '*/*',
'x-requested-with': 'XMLHttpRequest',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.152 Safari/537.36',
'content-type': 'application/x-www-form-urlencoded; charset=UTF-8',
'sec-gpc': '1',
'origin': 'https://truegamedata.com',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
'sec-fetch-dest': 'empty',
'referer': 'https://truegamedata.com/weapon_builder.php',
'accept-language': 'pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7',
}
data = {
'weapon_name': '^%^5B^%^22Kilo 141^%^22^%^2C^%^22wz^%^22^%^5D'
}
response = requests.post('https://truegamedata.com/SQL_calls/base_data.php', headers=headers, data=data)
print(response.text)
For some reason, I get the following error:
<br />
<b>Fatal error</b>: Uncaught Error: Call to a member function execute() on bool in /home/customer/www/truegamedata.com/public_html/SQL_calls/base_data.php:29
Stack trace:
#0 {main}
thrown in <b>/home/customer/www/truegamedata.com/public_html/SQL_calls/base_data.php</b> on line <b>29</b><br />
Does anyone know why this is happening? And how I can get this response?
Here is the request from Chorme Dev tools:
Request URL: https://truegamedata.com/SQL_calls/base_data.php
Request Method: POST
Status Code: 200
Remote Address: 127.0.0.1:61696
Referrer Policy: strict-origin-when-cross-origin
cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 12 Feb 2021 20:08:45 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: 8441280b0c35cbc1147f8ba998a563a7
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-httpd-modphp: 1
x-proxy-cache-info: DT:1
:authority: truegamedata.com
:method: POST
:path: /SQL_calls/base_data.php
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: pt-BR,pt;q=0.9
content-length: 42
content-type: application/x-www-form-urlencoded; charset=UTF-8
cookie: PHPSESSID=375e8ebdfa9174d6db5eb8c1cda4411b; game=wz
origin: https://truegamedata.com
referer: https://truegamedata.com/weapon_builder.php
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
sec-gpc: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.152 Safari/537.36
x-requested-with: XMLHttpRequest
weapon_name: ["FR 5.56","wz"]
I tried to give as much information as possible, if anything is missing let me know
I am trying to learn requests module and was practice logging to a website but for some reason the it is not working and i am unable to login.
import requests
import sys
param1 = sys.argv[1]
param2 = sys.argv[2]
url2 = 'https://myhpgas.in/myHPGas/Login.aspx'
with requests.Session() as s:
s.get(url2)
print(r.headers)
payload = {'ctl00$ContentPlaceHolder1$txtUserNameEmail': param1,
'ctl00$ContentPlaceHolder1$txtPassword': param2}
p = s.post(url2, data=payload, headers=headers)
p.raise_for_status()
r = s.get('https://myhpgas.in/myHPGas/HPGas/User/ConsumerConsole.aspx')
print(r.text)
Session cookie.
{'ARRAffinity': 'ab2cda67a33c1a756e728834a3f88bc425b66b583804aee440e53c204539d683'}
Request headers for POST request
{'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Cookie': 'ARRAffinity=ab2cda67a33c1a756e728834a3f88bc425b66b583804aee440e53c204539d683', 'Content-Length': '125', 'Content-Type': 'application/x-www-form-urlencoded'}
Response headers for POST request
{'Cache-Control': 'private', 'Content-Length': '7404', 'Content-Type': 'text/html; charset=utf-8', 'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding', 'Set-Cookie': '.CZONEAUTH=; expires=Mon, 11-Oct-1999 18:30:00 GMT; path=/; HttpOnly', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET, ARR/2.5, ASP.NET', 'Date': 'Fri, 05 May 2017 13:49:59 GMT
This is how form data from browser looks like
tsmManager_HiddenField:
__EVENTTARGET:
__EVENTARGUMENT:
__LASTFOCUS:
__VIEWSTATE:/wEPDwULLTEwODE4NjM1MzcPZBYCZg9kFgICBA9kFgwCAQ8QZGQWAWZkAgUPFgIeB1Zpc2libGVoZAIGDxYCHwBoZAIJDw8WAh4EVGV4dGVkZAILDxYCHwBnZAIMD2QWAmYPZBYCAgUPZBYCAgMPZBYCAgEPZBYCAgEPZBYCAgEPZBYEAgMPFgIeBXN0eWxlBbEBYmFja2dyb3VuZDp1cmwoQ29udHJvbHMvR2VuZXJhdGVDYXB0Y2hhLmFzcHg/NjM2Mjk2MDE0MjUxMTMzNTI2KSBuby1yZXBlYXQ7YmFja2dyb3VuZC1zaXplOjEwMHB4IDMwcHg7aGVpZ2h0OjMwcHg7d2lkdGg6MTAwcHg7YmFja2dyb3VuZC1zaXplOjEwMHB4IDMwcHg7aGVpZ2h0OjMwcHg7d2lkdGg6MTAwcHg7ZAIFDw8WAh8BBVM8aW1nIHNyYz0nQXBwX1RoZW1lcy9CbHVlL2ltYWdlcy9yZWZyZXNoLnBuZycgYWx0PScnIHN0eWxlPSd2ZXJ0aWNhbC1hbGlnbjogdG9wOycvPmRkZDXNsct5fehr8ckYOVLlGTlg9kZ8dqdv11qCFhUCflOc
__EVENTVALIDATION:/wEdACBL8cV3HeSpiBr5eBlx9SY20Xzuqe7DgFLen1mQ9qwwkgTERbnLJaH6mqTlVXquFl7SgzmX0pXnQBVBYHDsagiMkyN1xWptALXH/a/EZC1F4KWAtKwjmte8a5j5Fhl1Xf6IzLKjB01uqKx6ADvgPGnp98RzIzeJI0XjAUrjE3GioE7EqnQGYNYbWcIn1pAHroN3VSUMn8TK6zgSES6I5dLiG9mftCmBcU0BKKuHa3mUvYxWp7bWYNbw7KFKbXe1cNG4vRds483c4wog6wZz3kG439kSOfHwry7ydkMen+8Oykq3dUvfODXzmhEEomZU6Gpc6cx/Q2ozQ90Cwd74q2EZFSptkDm3zh7+G5RAX6wIBHAtqlGmDyDCRAIiHffjIOz35c1Cw4BBvDKiEHQ47ZVnq++zVWerHmq9rIPE2hYysPySrcngv4yAvO4y9I26+ioOlSP/t2GtC9XJw3/Csh53EA1Y7qClBJnaD+WR8QqXtMM2zR3WYG3GJBTLRhXO2+5Z/ephgfX47bkgLErB0CQD3W66Z0s6zx7FcGFEl6h5gfEAYrHaepPURBQevSsriBousIddxfsdtnH74OnL9jhz83qJSb3w8Gz5FiWFgonTQHjjswiyhm+g6KodwobC/fOwS4xnW8ZIVB06X7opsHDkeSC1J6i9rb2nVg34wXRSxTpegcArnmtEi7N5qZc9BFbIJWQgX02aZk1hcI5GYiz9
ctl00$ddlSelectLanguage:-1
ctl00$ContentPlaceHolder1$txtUserNameEmail:emailid#domain.com
ctl00$ContentPlaceHolder1$txtPassword:password
ctl00$ContentPlaceHolder1$btnLogin:Login
And below are the request headers that the browser is sending
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:1678
Content-Type:application/x-www-form-urlencoded
Cookie:ARRAffinity=ab2cda67a33c1a756e728834a3f88bc425b66b583804aee440e53c204539d683; _csm_ux_data=; ASP.NET_SessionId=dxonrup25fyldmnwvhuakv4y
Host:myhpgas.in
Origin:https://myhpgas.in
Referer:https://myhpgas.in/myHPGas/Login.aspx
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
So can someone let me know what i am missing here ?
I was able to parse the GET response and then extract the dynamic values from html source and then posted them in POST request, that resolved my issue.
I'm trying to use requests to log into https://appleid.apple.com/cn (/us should be the same, but get 400 Bad request returned.
session = requests.Session()
productURL = <the URL above>
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, sdch, br",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Upgrade-Insecure-Requests":"1",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
}
session.headers = headers
r = session.get(productURL)
url = "//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1"
r = session.get(url)
url = "//idmsa.apple.com/appleauth/auth/signin"
headers = {
"Accept":"application/json, text/javascript, */*; q=0.01",
"Accept-Encoding":"gzip, deflate, br",
"Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Connection":"keep-alive",
"Content-Length":"77",
"Content-Type":"application/json",
"Host":"idmsa.apple.com",
"Origin":"https://idmsa.apple.com",
"Referer":"//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1",
"User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36",
"X-Apple-Domain-Id":1,
"X-Apple-I-FD-Client-Info":{"U":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36","L":"en-US","Z":"GMT+08:00","V":"1.1","F":"7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn"},
"X-Apple-Locale":"zh_CN",
"X-Apple-Widget-Key":"af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3",
"X-Requested-With":"XMLHttpRequest"
}
session.headers = headers
payload = {
"accountName" : "accountName",
"password" : "password",
"rememberMe" : False
}
r = session.post(url, params=payload)
Headers info
request headers
{
'Content-Length': '77',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4',
'Accept-Encoding': 'gzip, deflate, br',
'X-Apple-I-FD-Client-Info': {
'F': '7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn',
'Z': 'GMT+08:00',
'U': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36',
'L': 'en-US',
'V': '1.1',
},
'Connection': 'keep-alive',
'X-Apple-Widget-Key': 'af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3',
'Origin': '//idmsa.apple.com',
'Accept': 'application/json, text/javascript, */*; q=0.01',
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36',
'Host': 'idmsa.apple.com',
'X-Apple-Domain-Id': 1,
'Referer': '//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1',
'X-Apple-Locale': 'zh_CN',
'X-Requested-With': 'XMLHttpRequest',
'Content-Type': 'application/json',
}
response headers
{
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': "default-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apple.com https://*.cdn-apple.com; style-src 'unsafe-inline' https://*.apple.com https://*.cdn-apple.com; connect-src 'self'; img-src 'self' data: https://*.apple.com https://*.cdn-apple.com https://*.icloud.com https://*.mzstatic.com; media-src * data:;",
'Content-Encoding': 'gzip',
'Transfer-Encoding': 'chunked',
'Set-Cookie': 'dslang=CN-ZH; Domain=.apple.com; Path=/; Secure; HttpOnly, site=CHN; Domain=.apple.com; Path=/; Secure; HttpOnly',
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
'Vary': 'Accept-Encoding',
'Expires': 'Thu, 01 Jan 1970 00:00:00 GMT',
'Server': 'Apple',
'Connection': 'close',
'X-BuildVersion': 'R15',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache, no-store',
'Date': 'Sat, 01 Oct 2016 04:23:19 GMT',
'X-FRAME-OPTIONS': 'DENY',
}
I checked all the headers field with the real request headers, "X-Apple-I-FD-Client-Info" is the only one not correct. Dig a little bit, it was calculated by javascript. 'Z','U','L','V' are constant, depends on you browser info and timezone etc. But the 'F' is a very long random string
Is "X-Apple-I-FD-Client-Info" the problem result in 400 Bad request?
Is this the right way to write something like auto login? By compareing request headers and cookies one by one?
Is it possible to generate or skip header "X-Apple-I-FD-Client-Info"?
How can I get this auto login work?
When you are posting JSON you should use requests like:
r = requests.post(url, json=payload)
also, don't need to hardcode the Content-Length and Content-Type requests package takes care of that.
Since I'm new and can't comment (I don't quite understand the reputation system yet), I'll have to write an answer.
I know that Google recently blocked the login via scripts (well, via most scripts) because it was rather easy to conduct brute force attacks against accounts.
I am presuming that Apple did something very similar and thus making it hard to log onto the AppleId. Do you know for sure that it is possible to login that way?
Greetings,
Narusan
I'm trying to replicate a request. I have a session up and functioning properly up until a last POST.
In browser:
General:
Request URL:https:// paycom online. net/v4/e e/ee-taweb sheet.php
Request Method:POST
Status Code:302 Moved Temporarily
Headers:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:483
Content-Type:application/x-www-form-urlencoded
Host:www.paycomonline.net
Origin:https://www.paycomonline.net
Referer:https://www.paycom online. net/v4/e e/ee-taweb sheet.php?periodsel.....
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36
Form Data:
session_nonce:f14fd8003d9014259f6e5298f64
newpunchdatestr:08/10/2016
newpunchdateend:00/00/0000
daysFromTodayStart:-4
daysFromTodayEnd:10
periodstr:08/06/2016
periodend:08/20/2016
newpunchdept:
jobcategory[1]:
jobcategory[2]:
newpunchtype:OD
PunchTime:06:53 PM
date_time_format:hh:mm p
newpunchdesc:
newpunchtaxprof:0
periodselect:2016-08-06_2016-08-19
approvalday:2016-08-06
clockid:WEB01
cmdaddpunch:1
session_nonce:f14fd8003d9014259f6e5298f64
In requests I have the following:
headers={
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'Accept-Encoding':'gzip, deflate, br',
'Accept-Language':'en-US,en;q=0.8',
'Cache-Control':'max-age=0',
'Upgrade-Insecure-Requests':'1',
'User-Agent':'Mozilla/5.0 (X11; Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36'
}
data={
'session_nonce':session_nonce,
'newpunchdatestr':'08/10/2016',
'newpunchdateend':'00/00/0000',
'daysFromTodayStart':'-4',
'daysFromTodayEnd':'10',
'periodstr':'08/06/2016',
'periodend':'08/20/2016',
'newpunchdept':'',
'jobcategory[1]':'',
'jobcategory[2]':'',
'newpunchtype':'OD',
'PunchTime':'06:53 PM',
'date_time_format':'hh:mm p',
'newpunchdesc':'',
'newpunchtaxprof':'0',
'periodselect':'2016-08-06_2016-08-19',
'approvalday':'2016-08-06',
'clockid':'WEB01',
'cmdaddpunch':'1'
}
r=session.post('https:// paycom online. net/v4/e e/ee-taweb sheet.php', data=data,headers=headers, allow_redirects=False)
I noticed that the session nonce is a multiple key and attempted to just make the value a list containing the same nonce twice as it does in the in-browser request. I get a 200 response but it arrives at a page that states the previous request was invalid. The headers on the response:
{'Date': 'Wed, 10 Aug 2016 22:24:37 GMT', 'Content-Length': '152141', 'Server': 'Microsoft-IIS/7.5', 'Content-Type': 'text/html', 'X-Powered-By': 'ASP.NET'}
What am I doing wrong? Thank you
i have next request which has been captured with firebug, i want to re-use this request. This POST request happen when i press "Submit" button, somebody can help me please adjust this request for python requests library.
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control no-cache
Connection keep-alive
Content-Length 5419
Content-Type text/x-gwt-rpc; charset=utf-8
Cookie JSESSIONID=0000nJNqFPHEWvBoven6ubi8c2E:17oe8njmt;
SessionTimeoutTimer=1424436529792; resourceLoadStart=1424436528864; wdp-initial-auth=false;
LtpaToken2=mytoken
DNT 1
Host myhost.com
Pragma no-cache
Referer http://myhost/webapp/1/
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
X-GWT-Module-Base http://myhostcom/webapp/1/
X-GWT-Perf-result [{"moduleName":"com.my.module", "subSystem":"startup", "eventGroup":"moduleStartup", "millis":1424436529193, "type":"moduleEvalEnd", "parameters":{"sessionId":"", "windowId":"70489170848"}},{"moduleName":"com.my.module", "subSystem":"startup", "eventGroup":"moduleStartup", "millis":1424436529194, "type":"onModuleLoadStart", "parameters":{"sessionId":"", "className":"com.google.gwt.useragent.client.UserAgentAsserter", "windowId":"70489170848"}}]
X-GWT-Perf-uid 4
X-GWT-Perf-wnd-id 70489170848
X-GWT-Permutation 548AB49A6680866C6B602849711C2FAC
My code looks like that:
cookies = {
'JSESSIONID': 'sessionID',
'SessionTimeoutTimer': '1424432784218',
'resourceLoadStart': '1424432777757',
'wdp-initial-auth': 'false',
'LtpaToken2': 'mytoken',
}
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.5',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Length': '5415',
'Content-Type': 'text/x-gwt-rpc; charset=utf-8',
'DNT': '1',
'Host': 'http://myweb/webapp/1/',
'Pragma': 'no-cache',
'Referer': 'http://myweb/webapp/1/',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
'X-GWT-Module-Base': 'http://myweb/webapp/1/',
'X-GWT-Perf-result': '[{"moduleName":"com.myweb.webapp.1", "subSystem":"rpc", "eventGroup":"6", "millis":1424432798282, "type":"begin", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute", "windowId":"766855627216"}},{"moduleName":"com.myweb.webapp.1", "subSystem":"rpc", "eventGroup":"6", "millis":1424432798315, "type":"requestSerialized", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute", "windowId":"766855627216"}}]',
'X-GWT-Perf-uid': '6',
'X-GWT-Perf-wnd-id': '766855627216',
'X-GWT-Permutation': '548AB49A6680866C6B602849711C2FAC',
}
data = {
"moduleName":"my.module.1", "subSystem":"rpc", "eventGroup":"6", "type":"begin", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute",}},{"moduleName":"my.module.1", "subSystem":"rpc", "eventGroup":"6", "type":"requestSerialized", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute", }}
data = json.dumps(data)
with requests.session() as c:
url = 'http://myweb/webapp/1/gwt.base.client.command.CommandDispatcher.rpc'
c.post(url, headers=headers, cookies=cookies, data=data)
print c