![](/img/trans.png)
[英]How to use requests (Python) to log in a website with no obvious csrf token
[英]How to log into a website that uses a CSRF token using the python requests library
網站: https://auth.pleaseignore.com/login/?next=/profile/
import requests
from bs4 import BeautifulSoup
request_url = 'https://auth.pleaseignore.com/login/'
with requests.session() as session:
get_url = session.get('https://auth.pleaseignore.com/login/')
HTML = BeautifulSoup(get_url.text, 'html.parser')
csrfmiddlewaretoken = HTML.find_all('input')[-1]['value']
#logging in
payload = {
'next' : '/ profile /',
'username' : 'asfasf',
'password' : 'afsfafs',
'next': '/ profile /',
'csrfmiddlewaretoken': csrfmiddlewaretoken
}
login_request = session.post(request_url,payload)
print(login_request)
Output:
<Response [403]>
我收到 403 響應的原因是 csrfmiddlewaretoken 令牌無效,它無效的原因是每次發送 a.get 和 .post 請求時 csrfmiddlewaretoken 令牌都會更改,我想知道如何登錄該網站盡管那樣
import requests
from bs4 import BeautifulSoup
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0",
"Referer": "https://auth.pleaseignore.com/login/"
}
data = {
"next": [
"/profile/",
"/profile/"
],
"username": "username",
"password": "password",
}
def get_soup(content):
return BeautifulSoup(content, 'lxml')
def main(url):
with requests.Session() as req:
req.headers.update(headers)
r = req.get(url)
soup = get_soup(r.content)
data['csrfmiddlewaretoken'] = soup.select_one(
'input[name="csrfmiddlewaretoken"]')['value']
r = req.post(url, data)
print(r)
main('https://auth.pleaseignore.com/login/')
缺少的“Referer”header 導致 [403 Forbidden]。
headers = {'Referer': 'https://auth.pleaseignore.com/login/'}
login_request = session.post(request_url,payload, headers=headers)
完整腳本:
import requests
from bs4 import BeautifulSoup
request_url = 'https://auth.pleaseignore.com/login/'
with requests.session() as session:
get_url = session.get('https://auth.pleaseignore.com/login/')
HTML = BeautifulSoup(get_url.text, 'html.parser')
csrfmiddlewaretoken = HTML.find_all('input')[-1]['value']
#logging in
payload = {
'next' : '/ profile /',
'username' : 'asfasf',
'password' : 'afsfafs',
'next': '/ profile /',
'csrfmiddlewaretoken': csrfmiddlewaretoken
}
headers = {
'Referer': 'https://auth.pleaseignore.com/login/'
}
login_request = session.post(request_url,payload, headers=headers)
print(login_request)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.