I have this form, but I am not sure how to create the payload that will do this correctly.
<form method="post" action="/login" name="loginform" id="loginForm">
<fieldset id="fs">
<label for="username">Username:
<input type="text" id="username" name="username" />
</label>
<label for="password">Password:
<input type="password" id="password" name="password" />
</label>
<input type="hidden" name="act" value="login" />
<input name="submit" type="submit" id="submit" value="Login" />
</fieldset>
</form>
I tried doing payload = {"username":"blah","password":"blah"}; r=requests.post(url, data=payload) but I didn't get the response I was expecting; namely, r.text doesn't have the expected "Login failed" line in it.
But when I fill out the form and try to log in for the first time through a browser, it indicated that it was my second failed login.
The website I'm playing with in particular is www.thepiratebay.se, and what I'm working towards is being able to programmatically upload a torrent file.
---EDIT---
The new code I am using is
import requests
user = "username"
pswd = "password"
url = "http://www.thepiratebay.se/login"
payload = {
"act":"login",
"username":user,
"password":pswd,
"submit":"Login"
}
r = requests.post(url, data=payload, allow_redirects=True)
print r.text
Still not working! r.text is just the default login page. Anymore suggestions?
use firebug net tab to track down the actual sent parameters, this is what I got when I gave it a try:
act login
password password
submit Login
username username
Source
username=username&password=password&act=login&submit=Login
I ended up going with a different module, twill, to do what I wanted. I think twill is actually a 'full' web browser. Anyway, this is what the code turned into:
from twill import commands
commands.go("http://www.thepiratebay.se/login")
commands.form("loginform", "username", "blah")
commands.form("loginform", "password", "blah")
commands.submit()
Related
So I'm writing a web crawler to batch download PDFs from my university's website, as I don't fancy downloading them one by one.
I've got most the code working, using the 'requests' module. The issue is, you have to be signed in to a university account to access the PDFs, so I've set up requests to use cookies to sign into my university account before downloading the PDFs, however the HTML form to sign in on the university page is rather peculiar.
I've abstracted the HTML which can be found here:
<form action="/login" method="post">
<fieldset>
<div>
<label for="username">Username:</label>
<input id="username" name="username" type="text" value="" />
<label for="password">Password:</label>
<input id="password" name="password" type="password" value=""/>
<input type="hidden" name="lt" value="" />
<input type="hidden" name="execution" value="*very_long_encrypted_code*" />
<input type="hidden" name="_eventId" value="submit" />
<input type="submit" name="submit" value="Login" />
</div>
</fieldset>
</form>
Firstly the action parameter in the form does not reference a PHP file which I don't understand. Is action="/login" referencing the page itself, or http://www.blahblah/login/login? (the HTML is taken from the page http://www.blahblah/login.
Secondly, what's with all the 'hidden' inputs? I'm not sure how this page is taking the given login data and passing it to a PHP script.
This has led to the failure of the requests sign on in my python script:
import requests
user = input("User: ")
passw = input("Password: ")
payload = {"username" : user, "password" : passw}
s = requests.Session()
s.post(loginURL, data = payload)
r = s.get(url)
I would have thought this would take the login data and sign me into the page, but r is just assigned the original logon page. I'm assuming it's to do with the strange PHP interation in the HTML. Any ideas what I need to change?
EDIT: Thought I'd also mention there is no javascript on the page at all. Purely HTML & CSS
What you are looking at is likely a CSRF token
The linked answer is very good, but a summary is, these tokens used to make sure that you can't send malicious requests to a site from another page in your web browser. In this case it is a bit silly, because logging in has no consequences. It was likely added automatically by the framework your university website uses.
You will have to extract this token from the login page before doing your login POST and then include it with your data.
The full steps would be the following:
Fetch the login page
extract the token with e.g. BeautifulSoup or requests-html
Send the login request:
payload = {"username" : user, "password" : passw, "execution": token}
i am trying to login into a website using python script having the 'form' tag like this in the source code.
<form action="trylogin.php" method="post">
<input name="authenticity_token" type="hidden" value="dpsTlD8zutj35FVWJTIqtUZGX67qQ/vab33hpPyYuaU=" />
<input id="user_username" maxlength="20" name="username" placeholder="Username" size="20" type="text" />
<input id="user_password" name="password" placeholder="Password" size="20" type="password" />
<input class="submit themed_bg themed-dark-hover-background" name="commit" type="submit" value="Login" />
</form>
and i am trying the following python code
import requests
import lxml
import lxml.html
s = requests.session()
login = s.get('url')
login_html = lxml.html.fromstring(login.text)
hidden_inputs = login_html.xpath(r'//form//input[#type="hidden"]')
form = {x.attrib["name"]: x.attrib["value"] for x in hidden_inputs}
form['username'] ='user'
form['password'] ='pass'
form['commit'] = 'Login'
response = s.post('url', data=form)
response.ok
response.url
s.get() is working fine and response.ok also gives 'true'output but url of response is same as of previous page. it seems like it is redirecting the same page. i can't login from python. What should i do Should i use header arguement in s.post()? how to know it? and i have used
form['commit'] = 'Login'
since login is in form of input not button, is it correct?
<input class="submit themed_bg themed-dark-hover-background" name="commit" type="submit" value="Login" />
I want to Sign into my Google account using Python but when I print the html results it doesn't show my username. That's how I know it isn't logged in.
How do I sign into google using Python? I have seen two popular modules so far for this urllib.request or Requests but none have helped me with logging into the giant Google.
Code:
import requests
# Fill in your details here to be posted to the login form.
payload = {
'Email': 'accountemail#gmail.com',
'Passwd': 'accountemailpassword'
}
# Use 'with' to ensure the session context is closed after use.
with requests.Session() as s:
p = s.post('https://accounts.google.com/signin/challenge/sl/password', data=payload)
# print the html returned or something more intelligent to see if it's a successful login page.
print(p.text)
Login form info:
<input id="Email" name="Email" placeholder="Enter your email" type="email" value="" spellcheck="false" autofocus="">
<input id="Passwd" name="Passwd" type="password" placeholder="Password" class="">
<input id="signIn" name="signIn" class="rc-button rc-button-submit" type="submit" value="Sign in">
When I login the console will give me 4 link to request so I'm not sure if I'm even using the right URL.
Request URL:https://accounts.google.com/signin/challenge/sl/password
Request Method:POST
Status Code:302
Request URL:https://accounts.google.com/CheckCookie?hl=en&checkedDomains=youtube&checkConnection=youtube%3A503%3A1&pstMsg=1&chtml=LoginDoneHtml&service=youtube&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26feature%3Dsign_in_button%26app%3Ddesktop%26action_handle_signin%3Dtrue%26next%3D%252F&gidl=CAASAggA
Request Method:GET
Status Code:302
Request URL:https://accounts.google.com/CheckCookie?hl=en&checkedDomains=youtube&checkConnection=youtube%3A503%3A1&pstMsg=1&chtml=LoginDoneHtml&service=youtube&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Fhl%3Den%26feature%3Dsign_in_button%26app%3Ddesktop%26action_handle_signin%3Dtrue%26next%3D%252F&gidl=CAASAggA
Request Method:GET
Status Code:302
request URL:https://www.youtube.com/signin?hl=en&feature=sign_in_button&app=desktop&action_handle_signin=true&next=%2F&auth=xAMUT-baNWvXgWyGYfiQEoYLmGv4RL0ZTB-KgGa8uacdJeruODeKVoxZWwyfd-NezfxB6g.
Request Method:GET
Status Code:303
I am currently using Python 3.4.2 & don't plan on using google's API.
This will get you logged in:
from bs4 import BeautifulSoup
import requests
form_data={'Email': 'you#gmail.com', 'Passwd': 'your_password'}
post = "https://accounts.google.com/signin/challenge/sl/password"
with requests.Session() as s:
soup = BeautifulSoup(s.get("https://mail.google.com").text)
for inp in soup.select("#gaia_loginform input[name]"):
if inp["name"] not in form_data:
form_data[inp["name"]] = inp["value"]
s.post(post, form_data)
html = s.get("https://mail.google.com/mail/u/0/#inbox").content
If you save and open the html in a browser, you will see the Loading you#gmail.com…, you would need Javascript to actually load the page. You can further verify by putting in a bad password, if you do you will see the html of the login page again.
You can see in your browser a lot more gets posted than you have provided, the values are contained in the gaia_loginform.
<form novalidate method="post" action="https://accounts.google.com/signin/challenge/sl/password" id="gaia_loginform">
<input name="Page" type="hidden" value="RememberedSignIn">
<input type="hidden" name="GALX" value="5r_aVZgnIGo">
<input type="hidden" name="gxf" value="AFoagUUk33ARYpIRJqwrADAIgtChEXMHUA:33244249">
<input type="hidden" id="_utf8" name="_utf8" value="☃"/>
<input type="hidden" name="bgresponse" id="bgresponse" value="js_disabled">
<input type="hidden" id="pstMsg" name="pstMsg" value="0">
<input type="hidden" id="dnConn" name="dnConn" value="">
<input type="hidden" id="checkConnection" name="checkConnection" value="">
<input type="hidden" id="checkedDomains" name="checkedDomains"
value="youtube">
I am obviously not going to share my email or password but you can I have my email stored in a variable my_mail below, you can see when we test for it that it is there:
In [3]: from bs4 import BeautifulSoup
In [4]: import requests
In [5]: post = "https://accounts.google.com/signin/challenge/sl/password"
In [6]: with requests.Session() as s:
...: soup = BeautifulSoup(s.get("https://accounts.google.com/ServiceLogin?elo=1").text, "html.parser")
...: for inp in soup.select("#gaia_loginform input[name]"):
...: if inp["name"] not in form_data:
...: form_data[inp["name"]] = inp["value"]
...: s.post(post, form_data)
...:
In [7]: my_mail in s.get("https://mail.google.com/mail/u/0/#inbox").text
Out[7]: True
Except by using oAuth or their API, google has things like captcha and so to prevent bots from brute-forcing and guessing passwords.
You can try and trick the user-agent but I still believe it's to vein.
I'm trying to use requests to login into a website using post. I have this form...
<form action="/" method="post" id="login_form" class="formposition" style="display: block;">
<input type="text" name="btc_address" id="login_form_btc_address">
<input type="password" name="password" id="login_form_password">
<input type="submit" value="LOGIN!" id="login_button" class="button expand" style="margin:0;">
I wrote this code:
import requests
url = "https://freebitco.in/?op=home"
values = { "btc_address": "username", "password": "password"}
r = requests.post(url, data=values)
However, when I run the code it doesn't work... can someone give me an advice?
Using firebug in firefox, you can see that when you login into the website, posting password and address is not enough, you need:
'btc_address': 'your_btc_address',
'csrf_token': 'the_csrf_token',
'op': 'login',
'password': 'your_password'
Using python 3.2.3 I am trying to log into some websites and save the source from a hidden page to a file. I am stuck on how to log in. I have figured out how to log into a specific website but can't seem to get it working on others. The source of the webpage I am trying to log into is:
<form id="login_form" name="login_form" action="https://www.o2online.ie/amserver/UI/Login?org=o2ext&goto=%2F%2Fwww.o2online.ie%2Fo2%2Fmy-o2%2F" method="post">
<p id="form_header">My Account login</p>
<input value="Go" type="hidden" name="IDButton" id="IDButton"/>
<input value="o2ext" type="hidden" name="org" id="org"/>
<input value="TRUE" type="hidden" name="CONNECTFORMGET"/>
<label for="IDToken1">Username</label><br />
<input tabindex=1 type="text" id="IDToken1" name="IDToken1" value="Username/mobile" onclick="javascript: this.value='';" maxlength="60" onfocus="this.value='';" tabindex=1 /><br />
<br />
<label for="IDToken2">Password</label><br />
<input tabindex=2 type="password" id="IDToken2" name="IDToken2" value="" maxlength="30" onfocus="this.value='';" tabindex=2 />
<input tabindex=3 type="image" src="../images/my-o2/Login-button.png" id="submit_button" />
</form>
On the other pages that I have logged into sucessfully have had a submit button with a certain value but this webpage has an image for the submit button which has no value.
The code I have been using is:
import urllib.request
import urllib.parse
import http.client
import sys
url = 'http://www.o2online.ie/o2/login/'
login_data = {
'IDToken1': 'xxxx',
'IDToken2': 'xxxx',
#'submitbutton': 'submit'
}
# creating an opener object that will handle the cookies
opener = urllib.request.build_opener(urllib.request.HTTPCookieProcessor)
r = opener.open(url, urllib.parse.urlencode(login_data).encode())
# logged in
#Opening and saving source to a file
f = opener.open('http://www.o2online.ie/o2/my-o2/')
sys.stdout = open('file.html', 'w')
print (f.read(999999))
I have commented out the submit button.
Can this code be modified to log into this website?
How would you submit this form in python?