Help with Python Requests

Discuss the many weaknesses of browser security and ways to mitigate the threat

Help with Python Requests

Post by Staticxor on Wed Mar 24, 2010 9:00 am
([msg=37256]see Help with Python Requests[/msg])

I need to do a request do auto fill some forms, and I am having a lot of trouble. I made requests for Programming Challanges here in HTS and I was working fine. But not on this site:

http://www.onid.org.br/portal/login
user: thiagocavila@gmail.com
password: senha

I tryied this:

Code: Select all

-THIS CODE IS UPDATED BELOW, PLEASE DON'T TRY THIS ONE-

#!/usr/bin/env python

import urllib, urllib2, cookielib, re

from sys import argv

host = 'www.onid.org.br'
user_agent = 'Mozilla/4.0 (compatible; MSIE 6.0)'
referer = 'http://www.onid.org.br/portal/login'
content_type = 'application/x-www-form-urlencoded'

accept_encoding = 'gzip,deflate'

body = {'username': 'thiagocavila@gmail.com', 'password': 'senha'}

#build cookie handler
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
urllib2.install_opener(opener)

#encode request information
login_data = urllib.urlencode(body)

#send login information
req = urllib2.Request(referer, login_data, values)
page = urllib2.urlopen(req)

#see result
f = open('result.html','w')
print >> f, page.read()
f.close()


But I didn't logged in. Can someone help me?

Thx!!
Last edited by Staticxor on Mon Mar 29, 2010 8:37 am, edited 3 times in total.
Staticxor
New User
New User
 
Posts: 15
Joined: Sat Dec 26, 2009 9:05 am
Blog: View Blog (0)


Re: Help with Python Requests

Post by tgoe on Wed Mar 24, 2010 11:12 am
([msg=37258]see Re: Help with Python Requests[/msg])

You're missing a required hidden field. What is this for anyway?
User avatar
tgoe
Contributor
Contributor
 
Posts: 658
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Help with Python Requests

Post by Staticxor on Wed Mar 24, 2010 5:51 pm
([msg=37278]see Re: Help with Python Requests[/msg])

tgoe wrote:You're missing a required hidden field. What is this for anyway?


Dead tgoe, this website monitors webcenters provided by government in Brazil, as I work in the company that moderates this info, I will try to make some scripts to automate my work. But, I couldn't login anyway adding the hidden field like:

Code: Select all
body = {'username': 'telecentros.rfpom@gmail.com', 'password': 'subiid2010', 'next': ''}


I can't see what I am doing wrong =/ When I am making a request, I always have to set all values in the form?

Thanks for the help :D
Staticxor
New User
New User
 
Posts: 15
Joined: Sat Dec 26, 2009 9:05 am
Blog: View Blog (0)


Re: Help with Python Requests

Post by tgoe on Sat Mar 27, 2010 1:29 am
([msg=37366]see Re: Help with Python Requests[/msg])

Looks like some redirection tricks. I've never used it but I think this will help:
http://wwwsearch.sourceforge.net/mechanize/
User avatar
tgoe
Contributor
Contributor
 
Posts: 658
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Help with Python Requests

Post by Staticxor on Sun Mar 28, 2010 8:05 pm
([msg=37417]see Re: Help with Python Requests[/msg])

I've improved my code a bit, but still no good result, I need to understand why it is not working . Anyone? :(
tgoe maybe won't need to use another library if I find out what is wrong, but thanks anyway.

tgoe wrote:Looks like some redirection tricks.


I don't think it is a problem of redirection, because I tryed to enter a page that must be logged in to enter, and I was redirected to de login page.

Code: Select all
#!/usr/bin/env python

import urllib, urllib2, cookielib, re

from sys import argv

host = 'www.onid.org.br'
user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0)'
referer = 'http://www.onid.org.br/portal/login'
content_type = 'application/x-www-form-urlencoded'
accept_encoding = 'gzip,deflate'

body = {'username': 'thiagocavila@gmail.com', 'password': 'senha', 'next': ''}

values = {'Host': host,
          'User-Agent': user_agent,
          'Referer': referer,
          'Content-Type': content_type,
          'Accept-Encoding': accept_encoding,
          }

# build cookie handler
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
urllib2.install_opener(opener)

# encode request information
login_data = urllib.urlencode(body)

# send login information
req = urllib2.Request(referer, login_data, values)

try:
   page = urllib2.urlopen(req)
except URLError, e:
    if hasattr(e, 'reason'):
        print 'We failed to reach a server.'
        print 'Reason: ', e.reason
    elif hasattr(e, 'code'):
        print 'The server couldn\'t fulfill the request.'
        print 'Error code: ', e.code
else:

# everything is fine
# see result
   f = open('result.html','w')
   print >> f, page.read()
   f.close()

   # open a must-be-logged page
   url = "http://cadastro.onid.org.br/telecentro/33049/detalhes/telecentro"
   page2 = urllib2.urlopen(url)
   text = page2.read()
   # see if page was redirected
   print page2.geturl()


Output >> http://cadastro.onid.org.br/login/ so I never logged in.
Staticxor
New User
New User
 
Posts: 15
Joined: Sat Dec 26, 2009 9:05 am
Blog: View Blog (0)


Re: Help with Python Requests

Post by tgoe on Wed Mar 31, 2010 11:32 pm
([msg=37554]see Re: Help with Python Requests[/msg])

I really don't know :?
If you sniff the traffic you see a circle-jerk of redirects around /portal/usuario/redirect/www.onid.org.br/portal/login/
which juggles the session id. Maybe urllib/2 just doesn't handle this.
User avatar
tgoe
Contributor
Contributor
 
Posts: 658
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests