尝试使用请求时,我收到 419 页过期状态代码。 我如何成功登录?
[英]I'm receiving a 419 page expired status code when trying to use requests. How do I successfully login?
问题描述
I'm getting a 419 page expired status code when using requests on this site.
在此站点上使用请求时,我收到 419 页过期状态代码。 I gathered the information for the headers and data by monitoring the network tab of the developer console.我通过监视开发者控制台的网络选项卡收集了标题和数据的信息。 How can I use the Python requests module to successfully login?如何使用 Python requests 模块成功登录?
import requests
url = 'https://rates.itgtrans.com/login'
headers = {
'authority': 'rates.itgtrans.com',
'cache-control': 'max-age=0',
'sec-ch-ua': '"Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'upgrade-insecure-requests': '1',
'origin': 'https://rates.itgtrans.com',
'content-type': 'application/x-www-form-urlencoded',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36',
'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'navigate',
'sec-fetch-user': '?1',
'sec-fetch-dest': 'document',
'referer': 'https://rates.itgtrans.com/login',
'accept-language': 'en-US,en;q=0.9',
'cookie': 'XSRF-TOKEN=eyJpdiI6IkEzbi9JQkVwbWloZTM1UVdSdVJtK0E9PSIsInZhbHVlIjoiM1pxQVYxajhPcWdlZ1NlYlVMSUlyQzFISVpPNjNrMVB0UmNYMXZGa0crSmYycURoem1vR0FzRUMrNjB2bXFPbCs4U3ZyeGM4ZVNLZ1NjRGVmditUMldNUUNmYmVzeTY2WS85VC93a1c0M0JUMk1Jek00TTNLVnlPb2VVRXpiN0ciLCJtYWMiOiJkNjQyMTMwMGRmZmQ4YTg0ZTNhZDgzODQ5M2NiMmE2ODdlYjRlOTIyMWE5Yjg4YzEyMTBjNTI2ODQxY2YxMzNkIiwidGFnIjoiIn0%3D; draymaster_session=eyJpdiI6Im9vUDZabmlYSTY0a1lSNGdYZzZHT0E9PSIsInZhbHVlIjoiMGVVcSs2T3RheGhMeDNVVFJUQjRmb212TkoySVY5eWFjeVNHT1lGWE9sRHdtR3JTa0REZFhMTzNJeisyTjNOZ1hrQnNscWY0dXBheFFaRFhIdDAvUlFMOFdvTFdaOXBoejcwb2ZDNFNMdDZ6MUFxT2dHU3hlNVkxZmpiTnd2Z0QiLCJtYWMiOiIwN2RmZTc1ZDUzYzViYTgzYWU1MjFjNjIxZjYzMzY3MDE0YjI4MDhkMWMwMTVkYmYxYWM2MzQ0ODM1YzRkNDY1IiwidGFnIjoiIn0%3D'
}
data = {
'_token': 'o8jJ4tR3PHkuz5TR2kuoHwBAdHd5RczFx2rlul1C',
'email': '****',
'password': '****',
'button': ''
}
with requests.Session() as s:
cookies = s.cookies
p = s.post(url='https://rates.itgtrans.com/login', data=data, headers=headers, cookies=cookies)
print(p)
1 个解决方案
解决方案1
1 已采纳 2021-11-10 22:19:13
As for me all problem is that you always use the same _token .对我来说,所有的问题是你总是使用相同的_token 。
Server for every user should generate new uniq token which is valid only few minutes - all for security reason (so hacker can't get it and use it after longer time)每个用户的服务器都应该生成新的 uniq 令牌,该令牌仅在几分钟内有效 - 所有这些都是出于安全原因(因此黑客无法获得它并在更长的时间后使用它)
BTW: went I run your code and get page with status 419 and display p.text then I see HTML with text Page Expired which can confirm that you use expired token.顺便说一句:我运行您的代码并获取状态为419页面并显示p.text然后我看到带有文本Page Expired HTML,它可以确认您使用了过期的令牌。
You should always GET this page and search new token in HTML您应该始终GET此页面并在 HTML 中搜索新令牌
<input name="_token" type="hidden" value="Xz0pJ0djGVnfaRMuXNDGMdBmZRbc55Ql2Q2CTPit"/>
and use this value in POST并在POST使用此值
I don't have account on this page but using fresh token from <input name="_token"> I get status 200 instead of 419 .我在此页面上没有帐户,但使用来自<input name="_token">新令牌我得到状态200而不是419 。
import requests
from bs4 import BeautifulSoup
url = 'https://rates.itgtrans.com/login'
headers = {
'authority': 'rates.itgtrans.com',
'cache-control': 'max-age=0',
'origin': 'https://rates.itgtrans.com',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36',
'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'referer': 'https://rates.itgtrans.com/login',
'accept-language': 'en-US,en;q=0.9',
}
data = {
'_token': '-empty-',
'email': '****',
'password': '****',
'button': ''
}
with requests.Session() as s:
# --- first GET page ---
response = s.get(url='https://rates.itgtrans.com/login', headers=headers)
#print(response.text)
# --- search fresh token in HTML ---
soup = BeautifulSoup(response.text)
token = soup.find('input', {'name': "_token"})['value']
print('token:', token)
# --- run POST with new token ---
data['_token'] = token
response = s.post(url='https://rates.itgtrans.com/login', data=data, headers=headers)
#print(response.text)
print('status_code:', response.status_code)
BTW:顺便提一句:
I get 200 even if I don't use headers .即使我不使用headers我也会得到200 。
Because code uses Session so I don't have to copy cookies from GET to POST because Session copies them automatically.因为代码使用Session所以我不必将 cookie 从GET复制到POST因为Session自动复制它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.