i have next request which has been captured with firebug, i want to re-use this request. This POST request happen when i press "Submit" button, somebody can help me please adjust this request for python requests library.
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control no-cache
Connection keep-alive
Content-Length 5419
Content-Type text/x-gwt-rpc; charset=utf-8
Cookie JSESSIONID=0000nJNqFPHEWvBoven6ubi8c2E:17oe8njmt;
SessionTimeoutTimer=1424436529792; resourceLoadStart=1424436528864; wdp-initial-auth=false;
LtpaToken2=mytoken
DNT 1
Host myhost.com
Pragma no-cache
Referer http://myhost/webapp/1/
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
X-GWT-Module-Base http://myhostcom/webapp/1/
X-GWT-Perf-result [{"moduleName":"com.my.module", "subSystem":"startup", "eventGroup":"moduleStartup", "millis":1424436529193, "type":"moduleEvalEnd", "parameters":{"sessionId":"", "windowId":"70489170848"}},{"moduleName":"com.my.module", "subSystem":"startup", "eventGroup":"moduleStartup", "millis":1424436529194, "type":"onModuleLoadStart", "parameters":{"sessionId":"", "className":"com.google.gwt.useragent.client.UserAgentAsserter", "windowId":"70489170848"}}]
X-GWT-Perf-uid 4
X-GWT-Perf-wnd-id 70489170848
X-GWT-Permutation 548AB49A6680866C6B602849711C2FAC
My code looks like that:
cookies = {
'JSESSIONID': 'sessionID',
'SessionTimeoutTimer': '1424432784218',
'resourceLoadStart': '1424432777757',
'wdp-initial-auth': 'false',
'LtpaToken2': 'mytoken',
}
headers = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Encoding': 'gzip, deflate',
'Accept-Language': 'en-US,en;q=0.5',
'Cache-Control': 'no-cache',
'Connection': 'keep-alive',
'Content-Length': '5415',
'Content-Type': 'text/x-gwt-rpc; charset=utf-8',
'DNT': '1',
'Host': 'http://myweb/webapp/1/',
'Pragma': 'no-cache',
'Referer': 'http://myweb/webapp/1/',
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
'X-GWT-Module-Base': 'http://myweb/webapp/1/',
'X-GWT-Perf-result': '[{"moduleName":"com.myweb.webapp.1", "subSystem":"rpc", "eventGroup":"6", "millis":1424432798282, "type":"begin", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute", "windowId":"766855627216"}},{"moduleName":"com.myweb.webapp.1", "subSystem":"rpc", "eventGroup":"6", "millis":1424432798315, "type":"requestSerialized", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute", "windowId":"766855627216"}}]',
'X-GWT-Perf-uid': '6',
'X-GWT-Perf-wnd-id': '766855627216',
'X-GWT-Permutation': '548AB49A6680866C6B602849711C2FAC',
}
data = {
"moduleName":"my.module.1", "subSystem":"rpc", "eventGroup":"6", "type":"begin", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute",}},{"moduleName":"my.module.1", "subSystem":"rpc", "eventGroup":"6", "type":"requestSerialized", "parameters":{"sessionId":"", "method":"CommandDispatcher_Proxy.execute", }}
data = json.dumps(data)
with requests.session() as c:
url = 'http://myweb/webapp/1/gwt.base.client.command.CommandDispatcher.rpc'
c.post(url, headers=headers, cookies=cookies, data=data)
print c
Related
I'm trying to post form data to a printers Web interface, i can post fields successfully but there's a certain type of form data which doesn't seem to work/update.
My Code:
import sys
import requests
IP='xxx.xxx.xxx.xxx'
PrinterSession = requests.session()
csrfdata = PrinterSession .get('http://xxx.xxx.xxx.xxx/properties/authentication/login.php')
csrftoken = str(csrfdata.content)[str(csrfdata.content).index('CSRFToken')+18:str(csrfdata.content).index('CSRFToken')+146]
login_data ={
'webUsername' : 'admin',
'webPassword' : 'xxxx',
'CSRFToken' : csrftoken,
'NextPage' : '/properties/authentication/luidLogin.php',
'_fun_function' : 'HTTP_Authenticate_fn',
'frmaltDomain' : 'default',
}
LoginPrinter = PrinterSession.post("http://xxx.xxx.xxx.xxx/userpost/printer.set", data=login_data )
headersSMTP = {
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,* /*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Accept-Encoding': 'gzip, deflate, br',
'Accept-Language': 'en-US,en;q=0.9',
'Cache-Control': 'max-age=0',
'Connection': 'keep-alive',
'Content-Length': '328',
'Content-Type': 'application/x-www-form-urlencoded',
'Cookie': 'PageToShow=; statusNumNodes=8; statusSelected=n1; frmCompany=; frmIFax=; frmFaxNumber=; frmProtocol=SMB; frmDocumentPath=; frmLoginName=Xerox; frmServerName=; frmNdsContext=; frmSmbShare=Scans; frmNdsTree=; frmIpv6_Host_1=%3A%3A; frmFirstName=David; frmLastName=Fester; frmFriendlyName=SMB%20Scan; frmEmail=dawie180#gmail.com; frmDisplayName=Fester%2C%20David; frmServerVolume=Scans; frmIpv4_1_1=12; frmIpv4_1_2=12; frmIpv4_1_3=12; frmIpv4_1_4=12; frmXrxAdd_1=Hn; frmHnAdd_1=asdasdsdasda; propNumNodes=117; PHPSESSID=457428a534bf077cc6bb0fff7ee80f7f; propSelected=n49; propHierarchy=001010000010000000000000000; WebTimerPopupID=15',
'Host': '10.241.24.28',
'Origin': 'https://10.241.24.28',
'Referer': 'https://10.241.24.28/protocols/smtp/required.php?from=email_req_smtp',
'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"',
'sec-ch-ua-mobile': '?0',
'Sec-Fetch-Dest': 'frame',
'Sec-Fetch-Mode': 'navigate',
'Sec-Fetch-Site': 'same-origin',
'Sec-Fetch-User': '?1',
'Upgrade-Insecure-Requests': '1',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36',
}
cookietolist=headersSMTP['Cookie'].split(";")
cookietolist[27]=' PHPSESSID='+PrinterSession.cookies.get_dict()['PHPSESSID']
StringCookie = ";".join(cookietolist)
headersSMTP['Cookie']=StringCookie
postSMTPform = {
'_fun_function': 'HTTP_Set_Config_Attrib_fn',
'_fun_function': 'HTTP_CN_Set_fn',
'_fun_function': 'HTTP_SNMP_Set_SvcMon_fn',
'NextPage': '/properties/email/required.php',
'CSRFToken': csrftoken,
'POP3_MAILBOX_ADDRESS': 'smtp.test.com',
'connectivity.smtp.server': 'xxx.xxx.xxx.xxx:25',
}
PostSMTP = PrinterSession.post('http://'+IP+'/dummypost/printer.set', data=postSMTPform, headers=headersSMTP)
Post Request inspected via Chrome:
Request Headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 364
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=c960f2c4fb2f99c44333e601d3cc6a79; propSelected=n1; propNumNodes=117; WebTimerPopupID=2
Host: 10.241.24.28
Origin: https://10.241.24.28
Referer: https://10.241.24.28/protocols/smtp/required.php?from=email_cfg_over
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Form Data:
_fun_function: HTTP_Set_Config_Attrib_fn
_fun_function: HTTP_CN_Set_fn
_fun_function: HTTP_SNMP_Set_SvcMon_fn
NextPage: /config_overview/email.php
connectivity.smtp.server: 10.10.10.10:25
POP3_MAILBOX_ADDRESS: test#home.com
CSRFToken: eb590d22d4b0c75038816bd82a26e188f9a49941029c42765dd790cb8acd07b4966f5a910f493f2d839cb36d5d0a77a7632f614e06fcd67019c0f95f508d7da1
So "POP3_MAILBOX_ADDRESS: test#home.com" works fine, updates the SMTP From Address in the printer, all other Fields using the same Uppercase and underscore style key works fine, but the other field "connectivity.smtp.server: 10.10.10.10:25" does not work, it does not update the setting in the printer and it seems every field which uses this lower case seperated by periods style does not work.
The "POP3_MAILBOX_ADDRESS: test#home.com" works fine even without parsing the headers with the post request, i added the headers after and it still doesn't work. Don't know what im doing wrong.
Please help. I'm trying to create a POST request on an .asp site that requires cookies, but the way I handle them seems not to return anything. Read through some questions of similar topic but can't find the _SessionID cookie some are referring to. Please help me formulate this POST request so it works.
Headers
:authority: safer.fmcsa.dot.gov
:method: POST
:path: /query.asp
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
content-length: 85
content-type: application/x-www-form-urlencoded
cookie: ASP.NET_SessionId=ywxszihqlu1yciwe5z5gm4qt; etype=au; ASPSESSIONIDQECTCDRB=KGFOBHBBLKCBKBFIAPEBMIHJ; ASPSESSIONIDQGARCDRA=LKEDBAOBMOMDNGBNBFEMMIPB; ASPSESSIONIDSEBQCBSB=DAMJMNKCNJKHCMDCIJBPKEHD; ASPSESSIONIDCEQRADQC=EIEJCDLBHHCCKHCNJNIMHDKA; ASPSESSIONIDAESTCBQC=KPDPJNHCLOBJENEHPNIFKJLH; LI_carrier=67449; ASPSESSIONIDAGSQADRC=CPIBAKEDDPNFCIPLIGLOKKLA; ASPSESSIONIDAERTDBQD=FMKFHJJAJKNIGCBCCFJFCMNF; AWSALB=Xc7OAuZUmx6vgE5l9NaawsH8oBWjy6eZ3B62kw2rZ5HieoRlMu4SSmVVcaPJPcPjp1fVt9U/T9FaRflgNHwtzmsK4X4e+y+yoGArTfgpb75NWo/ilAek0Qk/sFYI; AWSALBCORS=Xc7OAuZUmx6vgE5l9NaawsH8oBWjy6eZ3B62kw2rZ5HieoRlMu4SSmVVcaPJPcPjp1fVt9U/T9FaRflgNHwtzmsK4X4e+y+yoGArTfgpb75NWo/ilAek0Qk/sFYI
origin: https://safer.fmcsa.dot.gov
referer: https://safer.fmcsa.dot.gov/CompanySnapshot.aspx
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
Form Data
searchtype: ANY
query_type: queryCarrierSnapshot
query_param: USDOT
query_string: 2300842
My Code So Far
def checkDOT():
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0',
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'Accept-Language': 'en-US,en;q=0.9',
'Cache-Control': 'no-cache,no-store,must-revalidate,max-age=0,private',
'upgrade-insecure-requests': '1',
'Connection': 'keep-alive',
'origin': 'https://safer.fmcsa.dot.gov',
'referer': 'https://safer.fmcsa.dot.gov/CompanySnapshot.aspx'
}
s = requests.Session()
data = {
'searchtype': 'ANY',
'query_type': 'queryCarrierSnapshot',
'query_param': 'USDOT',
'query_string': '2300842'
}
params = (
('pageNumber', '0'),
('itemsPerPage', '15'),
)
url = 'https://safer.fmcsa.dot.gov/CompanySnapshot.aspx'
response = s.get(url, headers=headers, data=data, params=params)
if response:
print(response.content)
else:
print("This did not work")
get requests dont use data parameter, and your code is requests.get,is that right?
I can get a html page with:
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0',
}
url = 'https://safer.fmcsa.dot.gov/CompanySnapshot.aspx'
response = requests.get(url, headers=headers, verify=False)
print(response.text)
I am trying to automate 2 requests using python, first request is GET and the 2nd is POST
Here is how I manually do it using Chrome,
I visit http://testserver/index on chrome browser.
It prompt me for NTLM login. I provided username/password which was successful. Then I went on another page,
http://testserver/find_user and enter a username to search for. I press entered which displayed the results.
Then I copy the curl request from Chrome, convert it into python code and got this,
import requests
with requests.Session() as session:
session.auth = HttpNtlmAuth("DOSTR\\TESTUSER", getpass.getpass('Password:'))
url = "http://testserver/find_user"
payload = "username=test"
headers = {
'Connection': "keep-alive",
'Cache-Control': "max-age=0",
'Origin': "http://testserver",
'Upgrade-Insecure-Requests': "1",
'Content-Type': "application/x-www-form-urlencoded",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
'Referer': "http://testserver/find_user?thread=2&aftk-687=-719740030",
'Accept-Encoding': "gzip, deflate",
'Accept-Language': "en-GB,en-US;q=0.9,en;q=0.8",
'Cookie': "JSESSIONID=4D8270489027BCD04777AAB32769B3A9; lang=en; mode=index"
}
response = session.request("POST", url, data=payload, headers=headers)
print(response.text)
The above request works.
But the problem is I have to make a first request using Chrome to generate cookies.
So I tried making the first request using Python as well like this, and use its cookies in the 2nd request
with requests.Session() as session:
session.auth = HttpNtlmAuth("DOSTR\\TESTUSER", getpass.getpass('Password:'))
url = "http://testserver/index"
headers = {
'Connection': "keep-alive",
'Upgrade-Insecure-Requests': "1",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
'Accept-Encoding': "gzip, deflate",
'Accept-Language': "en-GB,en-US;q=0.9,en;q=0.8"
}
response = session.request("GET", url, headers=headers, allow_redirects=True)
# now 2nd request in same session with cookies of above response.
url = "http://testserver/find_user"
payload = "username=test"
headers = {
'Connection': "keep-alive",
'Cache-Control': "max-age=0",
'Origin': "http://testserver",
'Upgrade-Insecure-Requests': "1",
'Content-Type': "application/x-www-form-urlencoded",
'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36",
'Accept': "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8",
'Referer': "http://testserver/find_user?thread=2&aftk-687=-719740030",
'Accept-Encoding': "gzip, deflate",
'Accept-Language': "en-GB,en-US;q=0.9,en;q=0.8"
}
response = session.request("POST", url, data=payload, headers=headers, cookies=response.cookies)
print(response.text)
But I keep getting permission denied error on the 2nd request (The GET request is successful, and I can see the output if I print it)
it only works when I use the cookies in 2nd request generated by Chrome, but not when I generate those cookies using python
I am not sure why the cookies from first request is not working in the 2nd request.
Can someone please tell me what am I doing wrong?
Edit:
Response header from GET request in chrome,
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Encoding: gzip
Expires: Sat, 6 May 1995 12:00:00 GMT
Server: Microsoft-IIS/7.5
X-Frame-Options: DENY
Set-Cookie: JSESSIONID=F8DC91356195C0D1730638B81A60F6EB; Path=/index/; HttpOnly
Set-Cookie: lang=en; Expires=Mon, 09-Apr-2068 18:49:54 GMT
Persistent-Auth: true
X-Powered-By: ASP.NET
Date: Tue, 05 Feb 2019 21:24:57 GMT
Content-Length: 13267
Response header from GET request in Python,
{'Cache-Control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', 'Pragma': 'no-cache', 'Content-Length': '984', 'Content-Type': 'text/html;charset=UTF-8',
'Content-Encoding': 'gzip', 'Expires': 'Sat, 6 May 1995 12:00:00 GMT', 'Server': 'Microsoft-IIS/7.5', 'X-Frame-Options': 'DENY', 'Set-Cookie': 'JSESSIONID=EF3589A5EC319542C6254C16418F6265; Path=/index/; HttpOnly', 'Persistent-Auth': 'true', 'X-Powered-By': 'ASP.NET', 'Date': 'Tue, 05 Feb 2019 21:27:33 GMT'}
I am trying to learn requests module and was practice logging to a website but for some reason the it is not working and i am unable to login.
import requests
import sys
param1 = sys.argv[1]
param2 = sys.argv[2]
url2 = 'https://myhpgas.in/myHPGas/Login.aspx'
with requests.Session() as s:
s.get(url2)
print(r.headers)
payload = {'ctl00$ContentPlaceHolder1$txtUserNameEmail': param1,
'ctl00$ContentPlaceHolder1$txtPassword': param2}
p = s.post(url2, data=payload, headers=headers)
p.raise_for_status()
r = s.get('https://myhpgas.in/myHPGas/HPGas/User/ConsumerConsole.aspx')
print(r.text)
Session cookie.
{'ARRAffinity': 'ab2cda67a33c1a756e728834a3f88bc425b66b583804aee440e53c204539d683'}
Request headers for POST request
{'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Cookie': 'ARRAffinity=ab2cda67a33c1a756e728834a3f88bc425b66b583804aee440e53c204539d683', 'Content-Length': '125', 'Content-Type': 'application/x-www-form-urlencoded'}
Response headers for POST request
{'Cache-Control': 'private', 'Content-Length': '7404', 'Content-Type': 'text/html; charset=utf-8', 'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding', 'Set-Cookie': '.CZONEAUTH=; expires=Mon, 11-Oct-1999 18:30:00 GMT; path=/; HttpOnly', 'X-AspNet-Version': '4.0.30319', 'X-Powered-By': 'ASP.NET, ARR/2.5, ASP.NET', 'Date': 'Fri, 05 May 2017 13:49:59 GMT
This is how form data from browser looks like
tsmManager_HiddenField:
__EVENTTARGET:
__EVENTARGUMENT:
__LASTFOCUS:
__VIEWSTATE:/wEPDwULLTEwODE4NjM1MzcPZBYCZg9kFgICBA9kFgwCAQ8QZGQWAWZkAgUPFgIeB1Zpc2libGVoZAIGDxYCHwBoZAIJDw8WAh4EVGV4dGVkZAILDxYCHwBnZAIMD2QWAmYPZBYCAgUPZBYCAgMPZBYCAgEPZBYCAgEPZBYCAgEPZBYEAgMPFgIeBXN0eWxlBbEBYmFja2dyb3VuZDp1cmwoQ29udHJvbHMvR2VuZXJhdGVDYXB0Y2hhLmFzcHg/NjM2Mjk2MDE0MjUxMTMzNTI2KSBuby1yZXBlYXQ7YmFja2dyb3VuZC1zaXplOjEwMHB4IDMwcHg7aGVpZ2h0OjMwcHg7d2lkdGg6MTAwcHg7YmFja2dyb3VuZC1zaXplOjEwMHB4IDMwcHg7aGVpZ2h0OjMwcHg7d2lkdGg6MTAwcHg7ZAIFDw8WAh8BBVM8aW1nIHNyYz0nQXBwX1RoZW1lcy9CbHVlL2ltYWdlcy9yZWZyZXNoLnBuZycgYWx0PScnIHN0eWxlPSd2ZXJ0aWNhbC1hbGlnbjogdG9wOycvPmRkZDXNsct5fehr8ckYOVLlGTlg9kZ8dqdv11qCFhUCflOc
__EVENTVALIDATION:/wEdACBL8cV3HeSpiBr5eBlx9SY20Xzuqe7DgFLen1mQ9qwwkgTERbnLJaH6mqTlVXquFl7SgzmX0pXnQBVBYHDsagiMkyN1xWptALXH/a/EZC1F4KWAtKwjmte8a5j5Fhl1Xf6IzLKjB01uqKx6ADvgPGnp98RzIzeJI0XjAUrjE3GioE7EqnQGYNYbWcIn1pAHroN3VSUMn8TK6zgSES6I5dLiG9mftCmBcU0BKKuHa3mUvYxWp7bWYNbw7KFKbXe1cNG4vRds483c4wog6wZz3kG439kSOfHwry7ydkMen+8Oykq3dUvfODXzmhEEomZU6Gpc6cx/Q2ozQ90Cwd74q2EZFSptkDm3zh7+G5RAX6wIBHAtqlGmDyDCRAIiHffjIOz35c1Cw4BBvDKiEHQ47ZVnq++zVWerHmq9rIPE2hYysPySrcngv4yAvO4y9I26+ioOlSP/t2GtC9XJw3/Csh53EA1Y7qClBJnaD+WR8QqXtMM2zR3WYG3GJBTLRhXO2+5Z/ephgfX47bkgLErB0CQD3W66Z0s6zx7FcGFEl6h5gfEAYrHaepPURBQevSsriBousIddxfsdtnH74OnL9jhz83qJSb3w8Gz5FiWFgonTQHjjswiyhm+g6KodwobC/fOwS4xnW8ZIVB06X7opsHDkeSC1J6i9rb2nVg34wXRSxTpegcArnmtEi7N5qZc9BFbIJWQgX02aZk1hcI5GYiz9
ctl00$ddlSelectLanguage:-1
ctl00$ContentPlaceHolder1$txtUserNameEmail:emailid#domain.com
ctl00$ContentPlaceHolder1$txtPassword:password
ctl00$ContentPlaceHolder1$btnLogin:Login
And below are the request headers that the browser is sending
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:1678
Content-Type:application/x-www-form-urlencoded
Cookie:ARRAffinity=ab2cda67a33c1a756e728834a3f88bc425b66b583804aee440e53c204539d683; _csm_ux_data=; ASP.NET_SessionId=dxonrup25fyldmnwvhuakv4y
Host:myhpgas.in
Origin:https://myhpgas.in
Referer:https://myhpgas.in/myHPGas/Login.aspx
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
So can someone let me know what i am missing here ?
I was able to parse the GET response and then extract the dynamic values from html source and then posted them in POST request, that resolved my issue.
I'm trying to use requests to log into https://appleid.apple.com/cn (/us should be the same, but get 400 Bad request returned.
session = requests.Session()
productURL = <the URL above>
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, sdch, br",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Upgrade-Insecure-Requests":"1",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
}
session.headers = headers
r = session.get(productURL)
url = "//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1"
r = session.get(url)
url = "//idmsa.apple.com/appleauth/auth/signin"
headers = {
"Accept":"application/json, text/javascript, */*; q=0.01",
"Accept-Encoding":"gzip, deflate, br",
"Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Connection":"keep-alive",
"Content-Length":"77",
"Content-Type":"application/json",
"Host":"idmsa.apple.com",
"Origin":"https://idmsa.apple.com",
"Referer":"//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1",
"User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36",
"X-Apple-Domain-Id":1,
"X-Apple-I-FD-Client-Info":{"U":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36","L":"en-US","Z":"GMT+08:00","V":"1.1","F":"7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn"},
"X-Apple-Locale":"zh_CN",
"X-Apple-Widget-Key":"af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3",
"X-Requested-With":"XMLHttpRequest"
}
session.headers = headers
payload = {
"accountName" : "accountName",
"password" : "password",
"rememberMe" : False
}
r = session.post(url, params=payload)
Headers info
request headers
{
'Content-Length': '77',
'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4',
'Accept-Encoding': 'gzip, deflate, br',
'X-Apple-I-FD-Client-Info': {
'F': '7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn',
'Z': 'GMT+08:00',
'U': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36',
'L': 'en-US',
'V': '1.1',
},
'Connection': 'keep-alive',
'X-Apple-Widget-Key': 'af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3',
'Origin': '//idmsa.apple.com',
'Accept': 'application/json, text/javascript, */*; q=0.01',
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36',
'Host': 'idmsa.apple.com',
'X-Apple-Domain-Id': 1,
'Referer': '//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1',
'X-Apple-Locale': 'zh_CN',
'X-Requested-With': 'XMLHttpRequest',
'Content-Type': 'application/json',
}
response headers
{
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': "default-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apple.com https://*.cdn-apple.com; style-src 'unsafe-inline' https://*.apple.com https://*.cdn-apple.com; connect-src 'self'; img-src 'self' data: https://*.apple.com https://*.cdn-apple.com https://*.icloud.com https://*.mzstatic.com; media-src * data:;",
'Content-Encoding': 'gzip',
'Transfer-Encoding': 'chunked',
'Set-Cookie': 'dslang=CN-ZH; Domain=.apple.com; Path=/; Secure; HttpOnly, site=CHN; Domain=.apple.com; Path=/; Secure; HttpOnly',
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
'Vary': 'Accept-Encoding',
'Expires': 'Thu, 01 Jan 1970 00:00:00 GMT',
'Server': 'Apple',
'Connection': 'close',
'X-BuildVersion': 'R15',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache, no-store',
'Date': 'Sat, 01 Oct 2016 04:23:19 GMT',
'X-FRAME-OPTIONS': 'DENY',
}
I checked all the headers field with the real request headers, "X-Apple-I-FD-Client-Info" is the only one not correct. Dig a little bit, it was calculated by javascript. 'Z','U','L','V' are constant, depends on you browser info and timezone etc. But the 'F' is a very long random string
Is "X-Apple-I-FD-Client-Info" the problem result in 400 Bad request?
Is this the right way to write something like auto login? By compareing request headers and cookies one by one?
Is it possible to generate or skip header "X-Apple-I-FD-Client-Info"?
How can I get this auto login work?
When you are posting JSON you should use requests like:
r = requests.post(url, json=payload)
also, don't need to hardcode the Content-Length and Content-Type requests package takes care of that.
Since I'm new and can't comment (I don't quite understand the reputation system yet), I'll have to write an answer.
I know that Google recently blocked the login via scripts (well, via most scripts) because it was rather easy to conduct brute force attacks against accounts.
I am presuming that Apple did something very similar and thus making it hard to log onto the AppleId. Do you know for sure that it is possible to login that way?
Greetings,
Narusan