I have to make a http requests using my cookie information as the current web application does not have a api exposed for me to get the data.
MCHALLENGE=CHALLENGE_DONE; ipServerp_grandslam2e_80=82712748.20480.0000; __ca=P0-361438119-1454365384599; s_getNewRepeat=1454365384951-New; s_lv=1454365384953; s_vnum=1456808400955%26vn%3D1; s_cc=true; s_fid=24C5BAE937778C2F-2319CF2297558C5F; s_sq=%5B%5BB%5D%5D; MSESSION=nrtLGo9j+11CNQliPTsj3GnXW7YGEl7RmO2DZLHF6EvgoerYioMu162++fUVZFKRuXo8ntcJdwEg7qijbLecxyKDxN4QWUUPppPXnF+wP+JcDsJG6djuQ2DkOUOUOzPvP9pU4ZXEiWRDJsH8Vlk2Zg442aE2eyyJ0fV7K02cweLbKF0D/sDBu919tc6+0Y4TjV0yxCDeyFuk+if2TNworWjaMass6HIQvGGWx2kNPf7jPe+dRjfdK+6DDtdWQNawgloC4bt5EEte5a2mkzY6O6+vC5pjEHjnT3EFAtxLsabQExX2Ab7hcjUz/tXkqqRwJh2X2cvtpD8utpDobniyfhToxfg++eblfy0QzgTvwefgJGqAcrcxyKEf6btl3mjzpT/qtElFiJCo0SvN3cai5/Vf6+/7DZD89aEV0uEvQp95IUcSuDlSTbfoTjt6sX9h2D+jHr2tDGcXueSrN029c2JQZ7v9CLFXbecHtdrSKWfM6MYLv7QsjKFIUmCT0prmdOZmZ+rTWFiUKXRGNC2BA6kR4165UjeY0BQXa6XOrfmMJux9LaUKIym4OvlltH+5S+5KQPtzvjP96mBVWqdNPZokReQY5QxZ3ztGR/tyh4+fnLTQyXhRBH/jLmqNdZoCwhRFJfHj9qqgi3J0dcKAIMiGj06XrrqeN4zF/kQ2qCw7c1UL9DQ70qHP65ggM4FgfKkX0WHLJrwandi9K8iYavGE4YkENfLb0CFXOtFN1ekdBlaikAdez2WEs/TMjY1Ei9x9pYI7ht+3exUb0wWhIgwVv1myWAhkUGPIL1PS7mi+A6tWMPpidl4zlTAvY/YJdZJOQW7gD7uI+AAz4ucm3A7VBdtfOe/PRlylHg9+xOJjIqmVKa1e4zzM/yvOSpYu9AL8Qkxe4Bvn7GHq+94ZXG8rC+4410/DLns+16dDoOBI6G/nOBjavVe3X+qgcvvFi8K8GDp/xdBXz9eUDEzPcrRuU28y7ccKPmvakmRPwutjQDdNA0iP8KoJtrVrpih9EP5P1l+NpNJHnLn/CW9RSsDJuMLfMuelaEO7eVL+q91t3HG0pebZ/utYMyHxLI1fCEpXDdYC8IBObaNCJylFRL80l59GviefcYdfMQjSWemhVvEBelGl77zNx+7FdZs/wtLVCOxaDaif2TdW6LO5hvTIHeXOsdKtMykitBXYXtecZJbyLHW3kBGDiOT2qDyhiWIIWspvQZaNHuj9PSzWPIq7/tDTxdQ4+qskd+LDWGcB2LinFt0j/LOpsTjZRZ80RaVQloFAigaMJkp8Q3VPFJksbkMofBcYmC8dFlSQCW65pn4fypsLDb5HibroD0pshQeaaid1AZ8iVZlwdBMlk27LGU8TtGhfEAwtNeQbA32knTSixq3jAIq/+ysZ1+pitn+GzmtLFjqBMBANfiFWQAQiYIjaED6c3wHtkzoBVAx3MYrb+keNIeNc1+744cfNx+wTTwAzelKvhVT3CgECccXze1UKbUQZ; JSessionID=zjPJWyLMspYZgQz02B42FnDv3QCPv1v57wLR768kCrrd48Dtm21F!-223451482; CTICookie=a9a17649-55b7-475a-81df-06f715b50695=true&1eb9e01a-2ff7-405b-b319-ae2b839ecee8=true&f4052f95-9686-4aac-a959-50e6a2e2b8dd=true; SiteminderUserInfo=SiteminderUserId=p7c&SiteminderUserGUID=45ec3b6f-6378-480c-8c5b-2be29cbbc9fd; DRUM_BT1=R:43|i:7917|e:529; DRUM_BT=R:43|g:aecc35e8-9ce2-4f21-8957-944f5bd4334e
Here is the cookie string thats been passed.
How can I reconstruct the same information using Python dictionary to be passed using python requests module.
data = dict(s.split("=") for s in my_cookie_string.split(";"))
I guess ... maybe?
Related
I am creating a bot that gets all the free items available on the item catalog, I want the person using the bot to just put their roblox cookie into a .txt file, how would I log in with the cookie in python?
If you're using requests, then you're most likely using requests.Session(). You can simply use session.cookies
Code example:
import requests as r
cookie = "" # cookie goes here (accessed via text file)
requestSession = r.Session() # initiate a session
requestSession.cookies[".ROBLOSECURITY"] = cookie
Then you can make a request using the Session and it will include the ROBLOSECURITY in the headers.
I'm trying to write a Python 3.5 Flask application that redirects a user to an OAuth URL, for authentication / authorization. As part of that redirection, I have to include the Authorization header. The built-in redirect() method in Flask doesn't seem to support adding HTTP headers.
What's the proper way of handling this in such an application?
You will need to build your own response object to add headers. You can check out the docs here: http://docs.python-requests.org/en/master/api/#requests.Response
A simple example for your use case would be something like:
response = Response(headers={'Authorization': 'whatever'},
is_redirect=True,
url="https://your-redirected-url.com")
return response
Edit: Further info
Also, I would check out https://github.com/lepture/flask-oauthlib if you are interested in using a library. It has support for oAuth1 and oAuth2 and it is relatively easy to setup with a standard Flask app.
Edit: Another way of doing it
This morning I remembered a simpler way to do this. You can call the redirect function and it will return a flask Response object. Then you are able to set the headers on that newly created object.
response = redirect('https://url')
response.headers = {'authorization': 'whatever'}
return response
I'm starting to learn how to use the python requests module. For practicing I tried to manage a challenge/response problem: I want to access the data on http://lema.rae.es/drae/srv/search?val=hacer
With the "Tamper Data" plugin for Firefox I inspected the necessary HTTP requests:
GET http://lema.rae.es/drae/srv/search?val=hacer
POST http://lema.rae.es/drae/srv/search?val=hacer
I copied the exact headers that are sent by Firefox in the two HTTP requests and implemented the JavaScript "challenge" function in Python. Then I'm doing the following:
url = "http://lema.rae.es/drae/srv/search?val=hacer"
headers = { ... }
r1 = requests.get(url=url, headers=headers)
html = r1.content.decode("utf-8")
formdata = challenge(html)
headers = { ... }
r2 = requests.post(url=url, data=formdata, headers=headers)
Unfortunately, the server will not answer in the expected way. I checked all the headers I'm sending via "r.request.headers" and they agree perfectly with the headers that firefox sends (according to Tamper Data)
What am I doing wrong?
You can inspect my full code here: http://pastebin.com/7JAZ9B4s
This is the response header I should be getting:
Date[Tue, 10 Feb 2015 17:13:53 GMT]
Vary[Accept-Encoding]
Content-Encoding[gzip]
Cache-Control[max-age=0, no-cache]
Keep-Alive[timeout=5, max=100]
Connection[Keep-Alive]
Content-Type[text/html; charset=UTF-8]
Set-Cookie[TS014dfc77=017ccc203c29467c4d9b347fb56ea0e89a7182e52b9d7b4a1174efbf134768569a005c7c85; Path=/]
Transfer-Encoding[chunked]
And this is the response header I really get:
Content-Length[5798]
Content-Type[text/html]
Pragma[no-cache]
Cache-Control[no-cache]
I found the reason why my code doesn't work:
The server expects the POSTDATA in exactly the same order in which the entries appear as input-elements of the form. In my code the values of the input-elements were stored in a python dict. But this data type does not preserve the order in which values have been declared!
The ruby script (referred to in the comments) however does work because the ruby dict data type seems to preserve the order of declaration!
Furthermore, reimplementing the javascript challenge() function in python was not necessary at all, because the server will be happy to accept any response string (that worked in the past) over and over again!
So, I've been working on making a script that authenticates to a NetDoT installation. Normally, a browser will load the URL and get a 302 redirect with the cookie I want. Instead my script gets a 403 no cookie. After much debugging, which mostly consisted of packet captures and FireFox tamper-data plugin requests and trying to narrow the gap between the requests library request and the FireFox request, I was able to reproduce the problem in Firefox by making it send a Content-Length of 0, just like the requests library does.
So, now I'm trying to figure out how to have the requests library send a Content-Length of the right size instead of 0. I've searched google, but didn't find anything all that obvious. I'm using python3 with Ubuntu 14.04 in case that matters.
So, how do I have the requests library calculate and send a Content-Length of the right size instead of 0?
Here's what I'm using currently. Running wireshark shows it sending a Content-Length of 0.
import requests
s = requests.Session()
s.headers.update({'referer': 'http://my.server.com/netdot/'})
b = s.post('http://my.server.com/netdot/NetdotLogin', params={'destination' : '/netdot/', 'credential_0' : 'admin', 'credential_1' : 'password'})
(And no, I'm not using password as my password, I know better, I just don't want to publicly post my password).
The params argument is for passing url parameters, not for sending post content. That's why your post request has a content length of 0, because it doesn't contain any content.
To correctly pass your data as content and not as url parameters, use the data argument instead:
...
b = s.post('http://my.server.com/netdot/NetdotLogin', data={'destination' : '/netdot/', 'credential_0' : 'admin', 'credential_1' : 'password'})
...
I'm trying to use the Zimbra SOAP API from Python to programmatically modify & cleanup my contacts but I'm having trouble getting started.
What I have so far is:
from SOAPpy import SOAPProxy
url = 'https://zimbra/service/soap'
auth = {"account": "xxxxx", "password": "xxxxx"}
zimbra = SOAPProxy(url, 'urn:zimbra')
zimbraAuth = SOAPProxy(url, "urn:zimbraAccount")
zimbraMail = SOAPProxy(url, "urn:zimbraMail")
response = zimbraAuth.AuthRequest(**auth)
authToken = response.authToken
I've logged in successfully, but can't pass this authToken in further requests.
My understanding is that any zimbraMail requests need to have a header in the urn:zimbra namespace with the authToken set there, but being new to SOAP I have no idea how to do so.
I'm not married to using SOAPpy so any example code for another library would be well appreciated.
I'd like to nod in the direction of Python-Zimbra, a python library for Zimbra, which does all that for you.
There is also an higher level, and pythonic library: zimsoap.
Using raw SOAP or python-zimbra or zimsoap depends realy on what level of flexibility/ease you need (although I will not suggest using SOAP directly, as python-zimbra can issue any possible SOAP request to zimbra.