Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Skillz012020-04-15 15:43:57
Python
Skillz01, 2020-04-15 15:43:57

Bypassing a hash on a site during authorization in python?

I'm trying to set up automatic authorization on the site (python requests module). I tried it on different sites, on the site md.samdu.uz/login/index.php in the POST method on the site itself, in addition to anchor:, username: and password: there is a logintoken value: after I enter the password and try to log in, logintoken is issued every time a new value (apparently a hash) and I don’t know how to predict or hash it, I read a lot of articles, but there really is no exact answer ... Please tell me how to bypass or solve the problem with encryption.

Suggested solution: Author: Dr. Bacon @bacon
The general view is this, but different sites may have their own nuances:
1. start a session if it is requests, or save request cookies in other ways
2. make a GET request in which you will receive a logintoken, it can be in cookies, in html code
3. now make a POST with the received logintoken and the necessary data, the main thing is within this session.

The program displays an authorization page...

import requests


url = 'http://md.samdu.uz/login/index.php'
headers = {
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7',
    'Cache-Control': 'max-age=0',
    'Content-Length': '113',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Cookie': 'MoodleSession=14pa1tlcrcbipjdke9u4lh88fl',
    'Host': 'md.samdu.uz',
    'Origin': 'http://md.samdu.uz',
    'Proxy-Connection': 'keep-alive',
    'Referer': 'http://md.samdu.uz/login/index.php',
    'Upgrade-Insecure-Requests': '1',
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36'
}

s = requests.Session()
token = s.get(url).text.split()
index = token.index('name="logintoken"') 
print(token[index+1])
logintoken = token[index + 1][7:-2]
print(logintoken)
datas = {
    'anchor': '',
    'logintoken': logintoken,
    'username': 'Amaliy2685',
    'password': 'Aml-2683'}


r = s.post(url, data=datas, headers=headers)
print(r.text)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
Dimonchik, 2020-04-15
@dimonchik2013

bro why where is the login what do you go to md.samdu.uz/login/index.php
when all login options lead to md.samdu.uz/lib/ajax/service.php ?

Report
S
Sergey Grebennikov, 2020-04-16
@SergeyGrebennikov

It is also possible to check on the server side: whether the client supports caching, for example, pictures. Request does not support. Silenium can help.

Similar questions
C
Creel2015-04-30 19:12:00
How to close/unload XMLReader() data from memory? 3Reply
V
Vladislav2014-07-11 09:35:30
What is the best way to parse html? 8Reply
I
Igor Mamontov2015-06-09 12:49:49
How to modify the card template in the plugin? 2Reply
M
Master Ruby2021-11-12 16:53:51
How to transfer data from one dictionary to another dictionary or array? 2Reply
M
Martin_Shelby2020-08-05 02:46:53
How to fix asyncio.exceptions.TimeoutError error? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question