POST CSRF request in python?

N

nzarchii602020-05-13 16:08:01

Python

nzarchii60, 2020-05-13 16:08:01

I'm trying to login to a resource.
This requires getting CSRF or cookies.
I receive CSRF and send a POST request, but the response is "CSRF verification failed"
How to substitute previously received cookies in request?

spoiler

import requests
from bs4 import BeautifulSoup
from lxml import html
import time
import re
source = ['https://chatur', 'bate.com','/auth/login/']
#print(source[0]+source[1])
xead = source[0]+source[1]
xeads = source[0]+source[1]+source[2]
headers = {
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
    'Accept-Encoding': 'gzip, deflate',
    'Origin': f'{xead}',
    'Referer': f'{xeads}',
    'Upgrade-Insecure-Requests': '1',
    'Content-Type': 'application/json',
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36'
}
with requests.Session() as s:
    url = f'{xeads}'
    r = s.get(url, headers=headers)
    tree = html.fromstring(r.content)
    csrf = tree.xpath('//*[@id="main"]/div/div/form/input/@value')
    print(csrf[1])
    ksrf = r.headers.get('Set-Cookie')
    result = re.findall(r'csrftoken=\w+', ksrf)
    results = re.findall(r'\w+', str(result))
    print(csrf[1], results[1])
    login_data = {
    'next': None,
    'csrfmiddlewaretoken': csrf[1],
    'username': 'thorix0',
    'password': 'Lovacska00'
    }

    cfduid = (r.cookies.get('__cfduid'))
    affkey = (r.cookies.get('affkey'))
    csrftoken = (r.cookies.get('csrftoken'))
    dwf_s_a = (r.cookies.get('dwf_s_a'))
    sbr = (r.cookies.get('sbr'))
    

    headers = {
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
    'Accept-Encoding': 'gzip, deflate',
    'Origin': f'{xead}',
    'Referer': f'{xeads}',
    'cookie': f'__cfduid={cfduid}; csrftoken={csrftoken}; affkey={affkey}; sbr={sbr}; dwf_s_a={dwf_s_a}; xaduuid=46286a6b-b343-4de1-8bf3-642063c76746; _ga=GA1.2.1099840177.1589195089; _gid=GA1.2.220136171.1589195089; agreeterms=1; stcki="VbMkPs=0"; __utfpp="f:trnx9dd2486c9fa7ae89556a1dbfe9069386:1jYcch:s1GBrAZDOlTSXBaA_JGaB2j5mOw"; __cf_bm=099f0bcce6e7f825e6cdb0255872df4af896b74f-1589321255-1800-AX9QQ3hj3q9ixK08V17u0v2XzC87BMlnVdE2FOthWmdCvYoGQG+KrjSL9Ra19JcnrwjKrwtQevQpW2azIgatD0A=',
    'Upgrade-Insecure-Requests': '1',
    'Content-Type': 'application/json',
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36'
    }
    """print(r.cookies.get('__cfduid'))
                print(r.cookies.get('affkey'))
                print(r.cookies.get('csrftoken'))
                print(r.cookies.get('dwf_s_a'))
                print(r.cookies.get('sbr'))
                """
    print(r.cookies)
    time.sleep(5)
    #login_data['form_build_id'] = soup.find('input', attrs={'name': 'form_build_id'})['value']
    rr = s.post(url, data=login_data, headers=headers, cookies=r.cookies)
    print(rr.content)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dr. Bacon, 2020-05-13
@bacon

And why rewrite cookies in headers, because they are saved within requests.Session.