使用多个令牌发布 CSRF 令牌?
Posting CSRF Token with multiple tokens?
我一直在尝试通过登录(使用 yelp)来抓取网站。第一个问题是为了更好地理解:我按照一些教程来了解这些想法,并注意到它们都使用 CSRF 令牌制作字典,但是,当我抓取 yelp 登录站点时,我发现了 6 个令牌。我知道我不能在字典中有重复的键,教程为此使用字典也是如此 redundant/incorrect 因为我只会以最后一个标记结束吗?
其次,如果有多个token,你用哪个?或者你如何使用所有这些?我似乎无法登录并阅读了 BeautifulSoup 和 Requests 的文档,并在昨晚搜索了 Stack。下面的代码。
感谢您的任何解释。
s = requests.session()
login = s.get('https://www.yelp.com/login')
soup = BeautifulSoup(login.text, 'html.parser')
tokenList = soup.find_all(type = 'hidden', attrs={"name": "csrftok"})
c = login.cookies #Just peeked into cookies to see if there is a token
print(c)
keys = [x.attrs["name"] for x in tokenList]
values = [x.attrs["value"] for x in tokenList]
#If I print these two lists, I get 6 keys of the "csrftok" String, and 6
#different keys.
email = "my email"
password = "my password"
#I tried creating a dictionary with zip of all the tokens, etc. This
#is an attempt just using the first key and value I find.
d = {'email': email, 'password': password, keys[0]: values[0]}
response = s.post('https://www.yelp.com/login', data = d)
print(response.url)
你试过这样吗?我认为它应该引导您走向正确的方向:
s = requests.session()
login = s.get('https://www.yelp.com/login')
soup = BeautifulSoup(login.text, 'lxml')
token = soup.select(".csrftok")[0]['value']
email = "my email"
password = "my password"
headers={
'accept':'application/json, text/javascript, */*; q=0.01',
'accept-encoding':'gzip, deflate, br',
'content-type':'application/x-www-form-urlencoded; charset=UTF-8',
'referer':'https://www.yelp.com/login',
'user-agent':'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'x-distil-ajax':'fytrybseesxsvsresb',
'x-requested-with':'XMLHttpRequest'
}
payload = {
'csrftok':token,
'email':email,
'password':password,
}
response = s.post('https://www.yelp.com/login/newajax', data = payload, headers=headers)
print(response.url)
我一直在尝试通过登录(使用 yelp)来抓取网站。第一个问题是为了更好地理解:我按照一些教程来了解这些想法,并注意到它们都使用 CSRF 令牌制作字典,但是,当我抓取 yelp 登录站点时,我发现了 6 个令牌。我知道我不能在字典中有重复的键,教程为此使用字典也是如此 redundant/incorrect 因为我只会以最后一个标记结束吗?
其次,如果有多个token,你用哪个?或者你如何使用所有这些?我似乎无法登录并阅读了 BeautifulSoup 和 Requests 的文档,并在昨晚搜索了 Stack。下面的代码。 感谢您的任何解释。
s = requests.session()
login = s.get('https://www.yelp.com/login')
soup = BeautifulSoup(login.text, 'html.parser')
tokenList = soup.find_all(type = 'hidden', attrs={"name": "csrftok"})
c = login.cookies #Just peeked into cookies to see if there is a token
print(c)
keys = [x.attrs["name"] for x in tokenList]
values = [x.attrs["value"] for x in tokenList]
#If I print these two lists, I get 6 keys of the "csrftok" String, and 6
#different keys.
email = "my email"
password = "my password"
#I tried creating a dictionary with zip of all the tokens, etc. This
#is an attempt just using the first key and value I find.
d = {'email': email, 'password': password, keys[0]: values[0]}
response = s.post('https://www.yelp.com/login', data = d)
print(response.url)
你试过这样吗?我认为它应该引导您走向正确的方向:
s = requests.session()
login = s.get('https://www.yelp.com/login')
soup = BeautifulSoup(login.text, 'lxml')
token = soup.select(".csrftok")[0]['value']
email = "my email"
password = "my password"
headers={
'accept':'application/json, text/javascript, */*; q=0.01',
'accept-encoding':'gzip, deflate, br',
'content-type':'application/x-www-form-urlencoded; charset=UTF-8',
'referer':'https://www.yelp.com/login',
'user-agent':'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'x-distil-ajax':'fytrybseesxsvsresb',
'x-requested-with':'XMLHttpRequest'
}
payload = {
'csrftok':token,
'email':email,
'password':password,
}
response = s.post('https://www.yelp.com/login/newajax', data = payload, headers=headers)
print(response.url)