如何使用 python 请求库登录使用 CSRF 令牌的网站
How to log into a website that uses a CSRF token using the python requests library
网站:https://auth.pleaseignore.com/login/?next=/profile/
import requests
from bs4 import BeautifulSoup
request_url = 'https://auth.pleaseignore.com/login/'
with requests.session() as session:
get_url = session.get('https://auth.pleaseignore.com/login/')
HTML = BeautifulSoup(get_url.text, 'html.parser')
csrfmiddlewaretoken = HTML.find_all('input')[-1]['value']
#logging in
payload = {
'next' : '/ profile /',
'username' : 'asfasf',
'password' : 'afsfafs',
'next': '/ profile /',
'csrfmiddlewaretoken': csrfmiddlewaretoken
}
login_request = session.post(request_url,payload)
print(login_request)
输出:
<Response [403]>
我收到 403 响应的原因是 csrfmiddlewaretoken 令牌无效,它无效的原因是每次发送 .get 和 .post 请求时 csrfmiddlewaretoken 令牌都会更改,我想知道尽管如此我如何登录网站
import requests
from bs4 import BeautifulSoup
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0",
"Referer": "https://auth.pleaseignore.com/login/"
}
data = {
"next": [
"/profile/",
"/profile/"
],
"username": "username",
"password": "password",
}
def get_soup(content):
return BeautifulSoup(content, 'lxml')
def main(url):
with requests.Session() as req:
req.headers.update(headers)
r = req.get(url)
soup = get_soup(r.content)
data['csrfmiddlewaretoken'] = soup.select_one(
'input[name="csrfmiddlewaretoken"]')['value']
r = req.post(url, data)
print(r)
main('https://auth.pleaseignore.com/login/')
缺少 'Referer' header 导致 [403 Forbidden]。
headers = {'Referer': 'https://auth.pleaseignore.com/login/'}
login_request = session.post(request_url,payload, headers=headers)
完整脚本:
import requests
from bs4 import BeautifulSoup
request_url = 'https://auth.pleaseignore.com/login/'
with requests.session() as session:
get_url = session.get('https://auth.pleaseignore.com/login/')
HTML = BeautifulSoup(get_url.text, 'html.parser')
csrfmiddlewaretoken = HTML.find_all('input')[-1]['value']
#logging in
payload = {
'next' : '/ profile /',
'username' : 'asfasf',
'password' : 'afsfafs',
'next': '/ profile /',
'csrfmiddlewaretoken': csrfmiddlewaretoken
}
headers = {
'Referer': 'https://auth.pleaseignore.com/login/'
}
login_request = session.post(request_url,payload, headers=headers)
print(login_request)
网站:https://auth.pleaseignore.com/login/?next=/profile/
import requests
from bs4 import BeautifulSoup
request_url = 'https://auth.pleaseignore.com/login/'
with requests.session() as session:
get_url = session.get('https://auth.pleaseignore.com/login/')
HTML = BeautifulSoup(get_url.text, 'html.parser')
csrfmiddlewaretoken = HTML.find_all('input')[-1]['value']
#logging in
payload = {
'next' : '/ profile /',
'username' : 'asfasf',
'password' : 'afsfafs',
'next': '/ profile /',
'csrfmiddlewaretoken': csrfmiddlewaretoken
}
login_request = session.post(request_url,payload)
print(login_request)
输出:
<Response [403]>
我收到 403 响应的原因是 csrfmiddlewaretoken 令牌无效,它无效的原因是每次发送 .get 和 .post 请求时 csrfmiddlewaretoken 令牌都会更改,我想知道尽管如此我如何登录网站
import requests
from bs4 import BeautifulSoup
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0",
"Referer": "https://auth.pleaseignore.com/login/"
}
data = {
"next": [
"/profile/",
"/profile/"
],
"username": "username",
"password": "password",
}
def get_soup(content):
return BeautifulSoup(content, 'lxml')
def main(url):
with requests.Session() as req:
req.headers.update(headers)
r = req.get(url)
soup = get_soup(r.content)
data['csrfmiddlewaretoken'] = soup.select_one(
'input[name="csrfmiddlewaretoken"]')['value']
r = req.post(url, data)
print(r)
main('https://auth.pleaseignore.com/login/')
缺少 'Referer' header 导致 [403 Forbidden]。
headers = {'Referer': 'https://auth.pleaseignore.com/login/'}
login_request = session.post(request_url,payload, headers=headers)
完整脚本:
import requests
from bs4 import BeautifulSoup
request_url = 'https://auth.pleaseignore.com/login/'
with requests.session() as session:
get_url = session.get('https://auth.pleaseignore.com/login/')
HTML = BeautifulSoup(get_url.text, 'html.parser')
csrfmiddlewaretoken = HTML.find_all('input')[-1]['value']
#logging in
payload = {
'next' : '/ profile /',
'username' : 'asfasf',
'password' : 'afsfafs',
'next': '/ profile /',
'csrfmiddlewaretoken': csrfmiddlewaretoken
}
headers = {
'Referer': 'https://auth.pleaseignore.com/login/'
}
login_request = session.post(request_url,payload, headers=headers)
print(login_request)