使用Python請求登錄時獲得HTTP 400錯誤請求

Question

我正在嘗試使用requests登錄https://appleid.apple.com/cn（/ us應該相同，但返回400錯誤請求。

session = requests.Session()

productURL = <the URL above>

headers = {
            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
            "Accept-Encoding": "gzip, deflate, sdch, br",
            "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
            "Upgrade-Insecure-Requests":"1",
            "User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
        }
session.headers = headers
r = session.get(productURL)

url = "//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1"
r = session.get(url)

url = "//idmsa.apple.com/appleauth/auth/signin"
headers = {
        "Accept":"application/json, text/javascript, */*; q=0.01",
        "Accept-Encoding":"gzip, deflate, br",
        "Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
        "Connection":"keep-alive",
        "Content-Length":"77",
        "Content-Type":"application/json",
        "Host":"idmsa.apple.com",
        "Origin":"https://idmsa.apple.com",
        "Referer":"//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1",
        "User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36",
        "X-Apple-Domain-Id":1,
        "X-Apple-I-FD-Client-Info":{"U":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36","L":"en-US","Z":"GMT+08:00","V":"1.1","F":"7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn"},
        "X-Apple-Locale":"zh_CN",
        "X-Apple-Widget-Key":"af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3",
        "X-Requested-With":"XMLHttpRequest"
        }
session.headers = headers

payload = {
            "accountName" : "accountName",
            "password" : "password",
            "rememberMe" : False
        }
r = session.post(url, params=payload)

標頭信息

請求頭

 { 'Content-Length': '77', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4', 'Accept-Encoding': 'gzip, deflate, br', 'X-Apple-I-FD-Client-Info': { 'F': '7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn', 'Z': 'GMT+08:00', 'U': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36', 'L': 'en-US', 'V': '1.1', }, 'Connection': 'keep-alive', 'X-Apple-Widget-Key': 'af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3', 'Origin': '//idmsa.apple.com', 'Accept': 'application/json, text/javascript, */*; q=0.01', 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36', 'Host': 'idmsa.apple.com', 'X-Apple-Domain-Id': 1, 'Referer': '//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1', 'X-Apple-Locale': 'zh_CN', 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/json', } 

響應頭

 { 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apple.com https://*.cdn-apple.com; style-src 'unsafe-inline' https://*.apple.com https://*.cdn-apple.com; connect-src 'self'; img-src 'self' data: https://*.apple.com https://*.cdn-apple.com https://*.icloud.com https://*.mzstatic.com; media-src * data:;", 'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'dslang=CN-ZH; Domain=.apple.com; Path=/; Secure; HttpOnly, site=CHN; Domain=.apple.com; Path=/; Secure; HttpOnly', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Vary': 'Accept-Encoding', 'Expires': 'Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Apple', 'Connection': 'close', 'X-BuildVersion': 'R15', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache, no-store', 'Date': 'Sat, 01 Oct 2016 04:23:19 GMT', 'X-FRAME-OPTIONS': 'DENY', } 

我用真正的請求標頭檢查了所有標頭字段，“ X-Apple-I-FD-Client-Info”是唯一不正確的標頭。 挖一點，它是由JavaScript計算的。 'Z'，'U'，'L'，'V'是常數，取決於您的瀏覽器信息和時區等。但是'F'是一個非常長的隨機字符串

• 是“ X-Apple-I-FD-Client-Info”問題導致400錯誤的請求？
• 這是編寫自動登錄之類的正確方法嗎？ 通過一一比較請求標頭和cookie？
• 是否可以生成或跳過標題“ X-Apple-I-FD-Client-Info”？
• 如何獲得此自動登錄功能？

Answer 1

發布JSON時，應使用以下請求：

r = requests.post(url, json=payload)

同樣，無需對Content-Length和Content-Type請求包進行硬編碼即可解決此問題。

Answer 2

由於我是新手，所以無法發表評論（我還不太了解信譽系統），所以我必須寫一個答案。

我知道Google最近通過腳本（好吧，通過大多數腳本）阻止了登錄，因為對帳戶進行蠻力攻擊相當容易。

我以為Apple所做的事情非常相似，因此很難登錄到AppleId。 您確定可以通過這種方式登錄嗎？

鳴禽問候