I believe that simulated login is familiar to everyone. The following article mainly introduces you to the method of python simulated login and keeping cookies. The introduction in the article is very detailed and has certain reference value for everyone. Friends who need it Let’s take a look together below.
Preface
Recently I was crawling the data of nosec.org. I saw that I need to simulate login to get the cookie before I can access the data I want to capture. It is important. There is an authentication_token field in the login page form of nosec.org, which will be automatically generated every time you visit the login page, and will be POSTed to the server like your username and password.
After some research, we found that when directly accessing the website login interface, the server's response header will have a Set-Cookie field, as follows:
_nosec_session=ZTlHNmxuZXE4R0s1UXpsVUxGRTNPblNBWFd2TXU4TU9aNWVJM2lyLzNFY0pLeUdNMDY1cmZqanpkc0ppaGtjU i9kTGdWenBrNXJKenNqbnN2YUxucE1DRW5UMHNTR1RxWDZPeGlLazllTmY1czVpYWplazJXdWkvZS9wUHJpc1Jya3ZzcmNVMytPR it2T1dEcGx4bHNDTTVzSmVTb0xhSjRycE03QUl5RXE5Z2tZWG1mTHFBWGx1QW52QjBURi8rLS1acE8yeVRtMFRZR1JWdExneStwdmpRPT0 %3D--a6ccd9a12a8af5c8b5fb6625c24bb4db0398c503; path=/; HttpOnly
And the form of the page form There is an input of authentication_token, the content is as follows:
<input type="hidden" name="authenticity_token" value="cGdhqVxDMRndpKbpvIV66wfEQlGf4Rz6UtXqsf79brEvFveHw2rCc6uz3euFEyUlpuA0azt5uNhnmrUiCaAyUg==" />
Previously, the value of _nosec_session was analyzed according to the back-end logic, decrypted and various xx techniques were used to obtain the value of authentication_token, and then just post the username and password, and finally found out What a capital idiot! ! I always think about problems with back-end thinking, and I can't even walk well recently. So, just grab the generated authenticity_token value directly from the page, and then follow the POST.
Use the Session()
method of the requests library, which is really easy to use. It is much more convenient than using cookielib directly in the early days.
Code
The login method of class XXX is used to simulate login, so I will post this part of the login code.
class XXX: def login(self): r = self.s.get('https://nosec.org/users/sign_in') html = r.text p1 = re.compile(r'city_token" value="(.*?)"') res = re.search(p1,html) authenticity_token = str(res.group(1)) print 'authenticity_token:',authenticity_token # print 'cookies',self.s.cookies # print s.cookies data = { 'authenticity_token':authenticity_token, 'user[login]':'xxxxx', 'user[password]':'xxxxx' } r = self.s.post('https://nosec.org/users/sign_in',data=data) # print r.headers # print r.request.headers # print self.s.cookies print '[*] OK!' return True
After calling the login method, next time you directly use self.s.get()
to request the web page, the cookie will be included.
I was fooled once by the idea and once by a typo (https was written as http), which caused me to go crazy for a long time before I discovered this "BUG" ==, so I have to thank the code for improvement. The efficiency of troubleshooting is 2333!
Summarize
The above is the detailed content of Detailed example of how to simulate login in python and keep cookies. For more information, please follow other related articles on the PHP Chinese website!