H
H
herypank2021-05-17 14:24:19
Python
herypank, 2021-05-17 14:24:19

How to log in and upload a profile photo my world[mail.ru]?

I want to make authorization sessions (requests) python in the service my world
and then upload a profile photo.
Naturally, I have already done everything with selenium, but if something changes, then the whole script will fly, for example, a banner will appear.

Please help, I can't do it for 3 days already. I tried to repeat requests through Burp Suite, watched how the browser sends requests, it did not help. Mail has its own api, but in order to register the application, you must do it manually or with selenium + my world does not support the methods that I need there.

Here is what the burp suite outputs.
60a251cb5bd13690326219.jpeg
Also, I could not find where I should write my login and password to authorize. There are some strange values ​​\u200b\u200bin the date that cannot be taken anywhere.

When uploading a photo, the same troubles appeared, even if I entered browser cookies.
In general, it is not clear what to write in the date so that the request is processed.

All that has been done so far is authorization in light mail ru , but my world needs other cookies , cookies

have changed, so do not try to use them
The code that I tried to use to load the picture

import requests

cookies = {
    '$act': 'a83d04d4d54840d9adca40ced24262c6',
    'mrcu': 'CB44619E6BB71E86F4999B6CEC6D',
    'p': 'AHMAABb/VgAA',
    'tmr_lvid': 'd12c1003ee8804c32ef6ec0a88c2e284',
    'tmr_lvidTS': '1620995001627',
    't': 'obLD1AAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACAAAkB0AcA',
    's': 'octavius=1',
    'Mpop': '1620995011:465c517d057b54581905000017031f051c054f6c5150445e05190401041d0309000750575e5d5d51595e595b145c555e551f4243:[email protected]:',
    'sdcs': 'SZfKeBy4GAu3jXcd',
    'hses': '1',
    'searchuid': '7146720301620995113',
    'VID': '2C2TgT0spz2200000U0yD4o2:::5b8c4e7-0-0-5b8c479:CAASED9cbdpJckH17mJp6cbZzXQaYBveTHgwffXN__f8EjhxqjjJ1tRo5ahnoO5M0QzUy5iGzpX3dea5vHhLU74XxH_UNvLChywNBRTH2X0fS7oeBBt2oAq49-O-r5exhY3nJORAMwu1bi78YJPbyTyweZhYSA',
    '_showsc_1921420075': '1',
    'c': 'MGyeYAEAEHsTAAAUAQAACQDgmVbIAQAA',
    'b': 'SEkCAJCp1/0AJwnWhgAAAAIA',
    'tmr_reqNum': '38',
}

headers = {
    'Host': 'upload-12.my.mail.ru',
    'Connection': 'close',
    'Content-Length': '51232',
    'sec-ch-ua': '\\"Chromium\\";v=\\"89\\", \\";Not A Brand\\";v=\\"99\\"',
    'Accept': '*/*',
    'sec-ch-ua-mobile': '?0',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36',
    'Content-Type': 'multipart/form-data; boundary=----WebKitFormBoundaryhOu76ALnKJYjALeM',
    'Origin': 'https://my.mail.ru',
    'Sec-Fetch-Site': 'same-site',
    'Sec-Fetch-Mode': 'cors',
    'Sec-Fetch-Dest': 'empty',
    'Referer': 'https://my.mail.ru/',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'en-US,en;q=0.9',
}

with open('/home/depocode/Downloads/images/image_1', 'rb') as file:
    content = file.read()
response = requests.post('https://upload-12.my.mail.ru/uploadphoto', headers=headers, cookies=cookies, data={'file': content})


tried to login
resp = s.post('https://auth.mail.ru/cgi-bin/auth', data={
    'username': '[email protected]',
    'password': '_53uJpe%$y'}
              )


tried to login v.2
import requests

cookies = {
    'p': '1gACOM/9BwAA',
    'searchuid': '692413531621243871',
    'mrcu': '50D360A237E002DA059A9B6CEC6D',
    'tmr_lvid': '7a77320aa5f463ec54e25a81bdad2707',
    'tmr_lvidTS': '1631243873831',
    'act': '5d695f26353c4bfc8906987b7765169d',
    't': 'obLD1AAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAACAAAkB0AcA',
    'b': 'S0kBAJC6tnQA30EShRMAAEA4rxVdBwAA',
    'c': 'jTiiYAEAEHsTAAAUAQAACQDgfVbIAQAA',
    'i': 'AQCNoKJgAQDJAAUCAQA=',
    'Mpop': '1618475646:5f4e64655474517c1905000017031f051c054f6c5150445e05190401041d0309000750575e5d5d51595e595b145c555e551f4243:[email protected]:',
    'tmr_reqNum': '13',
    'VID': '1rQ6E70909Y200000U0yD4o2:::5bc9148-0-0-5bc90a2:CAASENmXgK9GeWpGuARl3u_XPEUaYJqljFU1XFnUgFGp78kic3ZKPJXSgD3AQZ6Ey9bs4gIN4_6AaBHWQjaVHghf-X9rpqugX1Ea2WQJX5vvYv-kORPZ5OxuW95_EKiPZRTv0jz2Bq0efIsSDiYcl8TRfCazrA',
}

headers = {
    'Host': 'account.mail.ru',
    'Connection': 'close',
    'Content-Length': '164',
    'sec-ch-ua': '\\"Chromium\\";v=\\"89\\", \\";Not A Brand\\";v=\\"99\\"',
    'sec-ch-ua-mobile': '?0',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36',
    'Content-Type': 'text/plain;charset=UTF-8',
    'Accept': '*/*',
    'Origin': 'https://account.mail.ru',
    'Sec-Fetch-Site': 'same-origin',
    'Sec-Fetch-Mode': 'cors',
    'Sec-Fetch-Dest': 'empty',
    'Referer': 'https://account.mail.ru/login/?mode=simple&v=2.8.1&account_host=account.mail.ru&type=login&modal=1&allow_external=1&success_redirect=https%3A%2F%2Fmy.mail.ru%2F&opener=mail.login&noinnerscroll=1&wide=1&rebranding2018=1&parent_url=https%3A%2F%2Fe.mail.ru%2Fcgi-bin%2Flogin%3Flang%3Den_US%26page%3Dhttps%3A%2F%2Fmy.mail.ru%2F',
    'Accept-Encoding': 'gzip, deflate',
    'Accept-Language': 'en-US,en;q=0.9',
}

params = (
    ('p', 'login'),
    ('split', 's10273.b1s'),
    ('r', 'https://e.mail.ru/'),
    ('pgid', 'koseulnr.pds'),
)

data = 'batch=%5B%7B%22v%22%3A%221%22%2C%22skipdwh%22%3A%22false%22%2C%22i%22%3A%22form_submit%3A1%22%2C%22t%22%3A%22mail-login_ref_mymailru%22%2C%22uid%22%3A%2257%22%7D%5D'

response = requests.post('https://account.mail.ru/api/v1/utils/xray/batch', headers=headers, params=params, cookies=cookies, data=data)


upd. I found the mobile version and log in like this, only now I need to bypass another thing
import requests
headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Accept-Language': 'en-US,en;q=0.5',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Origin': 'https://m.my.mail.ru',
    'Connection': 'keep-alive',
    'Referer': 'https://m.my.mail.ru/',
    'Upgrade-Insecure-Requests': '1',
    'Sec-GPC': '1',
}
data = {
  'Login': '[email protected]',
  'Domain': 'mail.ru',
  'Password': '+9C5U2cfCO',
  'page': 'https://m.my.mail.ru/',
  'FailPage': 'https://m.my.mail.ru/cgi-bin/login?infomessage=bad_password&page=https://m.my.mail.ru/'
}
s = requests.session()
response = s.post('https://auth.mail.ru/cgi-bin/auth?rand=2777947971', headers=headers, data=data)

60a28b3881450147355133.jpeg
upd 2. I also bypassed this thing, but now cookies are not suitable for the regular version of the site, they are very badly broken site code is broken how I bypassed number confirmation

resp = s.post('https://account.mail.ru/api/v1/user/copper',
                  json={'fields': {"phone": phone}, 'htmlencoded': False})
    resp.raise_for_status()
    if resp.json().get('body'):
        url = resp.json()['body']['url']
        response = s.get(url)
        response.raise_for_status()


I would be glad for any help, all the best.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question