Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Skillz012020-04-15 15:43:57
Python
Skillz01, 2020-04-15 15:43:57

Bypassing a hash on a site during authorization in python?

I'm trying to set up automatic authorization on the site (python requests module). I tried it on different sites, on the site md.samdu.uz/login/index.php in the POST method on the site itself, in addition to anchor:, username: and password: there is a logintoken value: after I enter the password and try to log in, logintoken is issued every time a new value (apparently a hash) and I don’t know how to predict or hash it, I read a lot of articles, but there really is no exact answer ... Please tell me how to bypass or solve the problem with encryption.

Suggested solution: Author: Dr. Bacon @bacon
The general view is this, but different sites may have their own nuances:
1. start a session if it is requests, or save request cookies in other ways
2. make a GET request in which you will receive a logintoken, it can be in cookies, in html code
3. now make a POST with the received logintoken and the necessary data, the main thing is within this session.

The program displays an authorization page...

import requests


url = 'http://md.samdu.uz/login/index.php'
headers = {
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7',
    'Cache-Control': 'max-age=0',
    'Content-Length': '113',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'MoodleSession=14pa1tlcrcbipjdke9u4lh88fl',
    'Host': 'md.samdu.uz',
    'Origin': 'http://md.samdu.uz',
    'Proxy-Connection': 'keep-alive',
    'Referer': 'http://md.samdu.uz/login/index.php',
    'Upgrade-Insecure-Requests': '1',
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36'
}

s = requests.Session()
token = s.get(url).text.split()
index = token.index('name="logintoken"') 
print(token[index+1])
logintoken = token[index + 1][7:-2]
print(logintoken)
datas = {
    'anchor': '',
    'logintoken': logintoken,
    'username': 'Amaliy2685',
    'password': 'Aml-2683'}


r = s.post(url, data=datas, headers=headers)
print(r.text)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Dimonchik, 2020-04-15
@dimonchik2013

bro why where is the login what do you go to md.samdu.uz/login/index.php
when all login options lead to md.samdu.uz/lib/ajax/service.php ?

Report
S
Sergey Grebennikov, 2020-04-16
@SergeyGrebennikov

It is also possible to check on the server side: whether the client supports caching, for example, pictures. Request does not support. Silenium can help.

Similar questions
D
Dmitry Korolev2017-11-04 16:04:39
How to write two lines in this format? 2Reply
H
HellWalk2017-11-10 15:06:05
Why does SmoothScroll.js work crookedly? 1Reply
A
Alexey2020-03-24 16:06:56
How to catch PJAX errors in Yii2? 1Reply
H
heIIfire2017-11-30 17:18:58
What if packages have different dependency versions? 4Reply
V
Vadym Piatkovskyi2017-12-03 03:28:34
How to make collectionView in tableView? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question