[英]Get HTTP 400 Bad Request when login using Python requests
我正在嘗試使用requests
登錄https://appleid.apple.com/cn(/ us應該相同,但返回400錯誤請求。
session = requests.Session()
productURL = <the URL above>
headers = {
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",
"Accept-Encoding": "gzip, deflate, sdch, br",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Upgrade-Insecure-Requests":"1",
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36"
}
session.headers = headers
r = session.get(productURL)
url = "//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1"
r = session.get(url)
url = "//idmsa.apple.com/appleauth/auth/signin"
headers = {
"Accept":"application/json, text/javascript, */*; q=0.01",
"Accept-Encoding":"gzip, deflate, br",
"Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4",
"Connection":"keep-alive",
"Content-Length":"77",
"Content-Type":"application/json",
"Host":"idmsa.apple.com",
"Origin":"https://idmsa.apple.com",
"Referer":"//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1",
"User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36",
"X-Apple-Domain-Id":1,
"X-Apple-I-FD-Client-Info":{"U":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36","L":"en-US","Z":"GMT+08:00","V":"1.1","F":"7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn"},
"X-Apple-Locale":"zh_CN",
"X-Apple-Widget-Key":"af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3",
"X-Requested-With":"XMLHttpRequest"
}
session.headers = headers
payload = {
"accountName" : "accountName",
"password" : "password",
"rememberMe" : False
}
r = session.post(url, params=payload)
{ 'Content-Length': '77', 'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.6,en;q=0.4', 'Accept-Encoding': 'gzip, deflate, br', 'X-Apple-I-FD-Client-Info': { 'F': '7da44j1e3NlY5BSo9z4ofjb75PaK4Vpjt4U_98uszHVyVxFAk.lzXJJIneGffLMC7EZ3QHPBirTYKUowRslz8eibjVdxljQlpQJuYY9hte_1an92r5xj6KksmfTPdFdgmVxf7_OLgiPFMJhHFW_jftckkCoqAkCoq4ly_0x0uVMV0jftckcKyAd65hz7fwdGEM6uJ6o6e0T.5EwHXXTSHCSPmtd0wVYPIG_qvoPfybYb5EtCKoxw4EiCvTDfPbJROKjCJcJqOFTsrhsui65KQnK94CaJ6hO3f9p_nH1zDz.ICMpwoNSdqdbAE9XXTneNufuyPBDjaY2ftckuyPB884akHGOg429OMNo71xFmrur.S9RdPQSzOy_Aw7UTlf_0pNA1OXu_Llri5Ly.EKY.6ekL3sdmX.Cr_Jz9KyFxv5icCmVug4WBkl1BQLz4mvmfTT9oaSumKkpjlRiwerbXh8bUu_LzQW5BNv_.BNlYCa1nkBMfs.Byn', 'Z': 'GMT+08:00', 'U': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36', 'L': 'en-US', 'V': '1.1', }, 'Connection': 'keep-alive', 'X-Apple-Widget-Key': 'af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3', 'Origin': '//idmsa.apple.com', 'Accept': 'application/json, text/javascript, */*; q=0.01', 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/52.0.2743.116 Chrome/52.0.2743.116 Safari/537.36', 'Host': 'idmsa.apple.com', 'X-Apple-Domain-Id': 1, 'Referer': '//idmsa.apple.com/appleauth/auth/signin?widgetKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&language=zh_CN&rv=1', 'X-Apple-Locale': 'zh_CN', 'X-Requested-With': 'XMLHttpRequest', 'Content-Type': 'application/json', }
響應頭
{ 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.apple.com https://*.cdn-apple.com; style-src 'unsafe-inline' https://*.apple.com https://*.cdn-apple.com; connect-src 'self'; img-src 'self' data: https://*.apple.com https://*.cdn-apple.com https://*.icloud.com https://*.mzstatic.com; media-src * data:;", 'Content-Encoding': 'gzip', 'Transfer-Encoding': 'chunked', 'Set-Cookie': 'dslang=CN-ZH; Domain=.apple.com; Path=/; Secure; HttpOnly, site=CHN; Domain=.apple.com; Path=/; Secure; HttpOnly', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'Vary': 'Accept-Encoding', 'Expires': 'Thu, 01 Jan 1970 00:00:00 GMT', 'Server': 'Apple', 'Connection': 'close', 'X-BuildVersion': 'R15', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache, no-store', 'Date': 'Sat, 01 Oct 2016 04:23:19 GMT', 'X-FRAME-OPTIONS': 'DENY', }
我用真正的請求標頭檢查了所有標頭字段,“ X-Apple-I-FD-Client-Info”是唯一不正確的標頭。 挖一點,它是由JavaScript計算的。 'Z','U','L','V'是常數,取決於您的瀏覽器信息和時區等。但是'F'是一個非常長的隨機字符串
發布JSON時,應使用以下請求:
r = requests.post(url, json=payload)
同樣,無需對Content-Length
和Content-Type
請求包進行硬編碼即可解決此問題。
由於我是新手,所以無法發表評論(我還不太了解信譽系統),所以我必須寫一個答案。
我知道Google最近通過腳本(好吧,通過大多數腳本)阻止了登錄,因為對帳戶進行蠻力攻擊相當容易。
我以為Apple所做的事情非常相似,因此很難登錄到AppleId。 您確定可以通過這種方式登錄嗎?
鳴禽問候
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.