python请求登录网站返回403 [英] python Requests login to website returns 403

问题描述

我正在尝试使用 requests 登录网站，但是您可能会猜到我遇到了问题

I'm trying to use requests to login to a website but as you can guess I'm having a problem

这是我正在使用的代码

import requests

EMAIL = '***'
PASSWORD = '***'
URL = 'https://portal.bitcasa.com/login'

client = requests.session(config={'verbose': sys.stderr})
login_data = {'username': EMAIL, 'password': PASSWORD,}
r = client.post(URL, data=login_data, headers={"Referer": "foo"})
print r

如果我打印出 r.text ，我会得到

and if I print out r.text I get

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head><script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()])</script>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta name="robots" content="NONE,NOARCHIVE">
  <title>403 Forbidden</title>
  <style type="text/css">
    html * { padding:0; margin:0; }
    body * { padding:10px 20px; }
    body * * { padding:0; }
    body { font:small sans-serif; background:#eee; }
    body>div { border-bottom:1px solid #ddd; }
    h1 { font-weight:normal; margin-bottom:.4em; }
    h1 span { font-size:60%; color:#666; font-weight:normal; }
    #info { background:#f6f6f6; }
    #info ul { margin: 0.5em 4em; }
    #info p, #summary p { padding-top:10px; }
    #summary { background: #ffc; }
    #explanation { background:#eee; border-bottom: 0px none; }
  </style>
</head>
<body>
<div id="summary">
  <h1>Forbidden <span>(403)</span></h1>
  <p>CSRF verification failed. Request aborted.</p>

</div>

<div id="explanation">
  <p><small>More information is available with DEBUG=True.</small></p>
</div>

<script type="text/javascript">if(!NREUMQ.f){NREUMQ.f=function(){NREUMQ.push(["load",new Date().getTime()]);var e=document.createElement("script");e.type="text/javascript";e.src=(("http:"===document.location.protocol)?"http:":"https:")+"//"+"d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js";document.body.appendChild(e);if(NREUMQ.a)NREUMQ.a();};NREUMQ.a=window.onload;window.onload=NREUMQ.f;};NREUMQ.push(["nrfj","beacon-1.newrelic.com","0e859e0620",778660,"ZAZRbUcHWBAHURFYX11MdUxbBUIKCVxKVVpSDVRWGwtfBwJeAEZRQQYdWkYUUFklQRdXZloGRHRcAlIPA0UEQ1UdE0FWVgNFEDlEDFRH",0,7,new Date().getTime(),"","","","",""])</script></body>
</html>

他们结合使用了django和pyramid.

They're using a combination of django and pyramid.

我已经玩了大约两天了，但是很显然，它没有任何进展.感谢您的帮助.

I've been playing around with this for about two days now but, obviously, have gotten nowhere. Thanks for your help.

推荐答案

登录页面使用CSRF令牌来防止跨站点脚本攻击.您需要先检索该令牌.

The login page uses a CSRF token to prevent cross-site scripting attacks. You'll need to retrieve that token first.

登录页面设置了具有相同令牌的cookie，我们需要先加载登录页面并首先获取该令牌，然后再将其传递给登录POST:

The login page sets a cookie with the same token, we need to load the login page and grab that token first, before we pass this on to the login POST:

client = requests.session()

# Retrieve the CSRF token first
client.get(URL)  # sets the cookie
csrftoken = client.cookies['csrftoken']

login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken)
r = client.post(URL, data=login_data, headers={"Referer": "foo"})

这篇关于python请求登录网站返回403的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！