Python Requests Log In

Question

I am trying to build a log in code using python requests for this form (see html code below)

My goal:

I just want to log in to this website using python requests. I already have coded the python script but when I run it, nothing is happening. I'm wondering what am I missing.

I have tried to follow the tutorials i found in google but none of them works.

here's my Python code:

import requests
from bs4 import BeautifulSoup

headers = {
    'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36'
}

login_data = {
    "username": "myusername",
    "password": "mysupersecurepassword",
    "tradingpin": "123456"
}

with requests.Session() as s:
    url = "https://my.website.com/"
    r = s.get(url, headers=headers)
    print(r.text)

    # Make a post request to website
    r = s.post(url, data=login_data, headers=headers)

HTML FORM

<form action="" method="post">
  <input id="hdnToken" name="token" type="hidden" />
  <input type="text" placeholder="Username" id="u-value" class="ph-tooltip-T form-control" value="">
  <input type="password" placeholder="Password" id="password" class="ph-tooltip-T form-control" value="">
  <i onclick="togglePwVisibility()" id="eye" class="glyphicon glyphicon-eye-open form-control-feedback"></i>
  <a href="https://login.website.com/" style="color: darkslategray;font-size: 11px;" class="btn-link">Forgot your password?</a>
  <h5>Advanced Option:</h5>
  <label>
    <input type="checkbox" id="chkTrading" name="isTPinAutoFill" onclick="toggleTradingPIN()"> Auto-fill Trading PIN </label>
  <i>Save and pre-fill your Trading PIN during trading transactions.</i>
  <br>
  <br>
  <input type="password" id="txtTradingPin" name="tradingPIN" class="ph-tooltip-T form-control" placeholder="Trading PIN" maxlength="4" onkeypress="return isNumber(event)" value="">
  <button type="submit" id="loginButton" style="background-color: #333333;width: 25%;color: ghostwhite" class="ph-button1 btn btn-default">LOGIN</button>
</form>

Issues

1. Input or Forms don't have the name attribute.
2. The python code that i have written doesn't do anything? Its as if nothing happened. I checked the print(r.text) and it returned the hml code for the log in page. So i think the POST request was not executed.

Answer 1

I don't think you can login with this site, because login request requires body like this:

token=Basic+ZFhObGNtNWhiV1U9Ok1USXpORFUy&isTPinAutoFill=on&tradingPIN=1234

And this is what I've inputed

username='username'
password='123456'
pin='1234'

If you don't know the algorithm that encode the username & password , then no way to login.

Answer 2

Contrary to what the accepted answer would have you believe, the algorithm isn't that complex. It appears on the surface as Base64, but it's been double-encoded (not clear exactly why this is, however).

The generation algorithm in pseudocode would be:

Token = base64_encode(base64_encode(username) + ":" + base64_encode(password))

All you need to do is send the form data along (with Content-Type: application/x-www-form-urlencoded header) in a POST to properly emulate what your browser is doing on your behalf.

It's still not clear if there are any security mechanisms in place on the target site that would prevent the success of this sort of automated consumption of the site.

Answer 3

You are printing r.text before posting any data to the website. Try this:

import requests
from bs4 import BeautifulSoup

headers = {
    'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36'
}

login_data = {
    "username": "myusername",
    "password": "mysupersecurepassword",
    "tradingpin": "123456"
}

with requests.Session() as s:
    url = "https://my.website.com/"
    # r = s.get(url, headers=headers) THIS DOES NOTHING
    # print(r.text)

    # Make a post request to website
    r = s.post(url, data=login_data, headers=headers)
    print(r.content)
    # with soup:
    soup = BeautifulSoup(r.content, 'html.parser')
    print(soup)

You should be able to find your username and password in the html. If so it means that you have successfully logged in!

Answer 4

This website is kind of special in some way. Sorry, newbie and this is the first time I encountered this kind of log in process.

The thing is, the "Token" is all you need to log in. This website (im not sure if its the correct term) encrypts your username and password then issues you a "unique" token. That token will be sent to the server instead of the conventional username and password.

So to address my log in issue, all i need to do is to just change the login_data to this:

login_data = {
    'token': 'Basic easkdhkajjkadjknaskjdhajks'
}

where easkdhkajjkadjknaskjdhajks is the unique token issued to every user.