使用python请求获取CSRF令牌 [英] Get CSRF token using python requests

问题描述

我当前正在使用Python请求，并且需要CSRF令牌才能登录到站点。根据我的理解，requests.Session（）获取cookie，但是显然我需要令牌。而且我也想知道在我的代码中放置它的位置。
导入请求

I am currently using Python Requests, and need a CSRF token for logging in to a site. from my understanding requests.Session() gets the cookie, but obviously I need the token. And Also I would like to know where to place it in my code. import requests

user_name = input('Username:')
payload = {
'username': 'user_name',
'password': 'randompass123'
}


with requests.Session() as s:
p = s.post('https://examplenotarealpage.com', data=payload)

推荐答案

请参见以下代码示例。您可以直接使用它登录仅使用cookie来存储登录信息的网站。

See the following code example. You can use it directly to login into a website that only uses cookies to store login information.

import requests

LOGIN_URL = 'https://examplenotarealpage.com'
headers = {
    'accept': 'text/html,application/xhtml+xml,application/xml',
    'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36'
}

response = requests.get(LOGIN_URL, headers=headers, verify=False)

headers['cookie'] = '; '.join([x.name + '=' + x.value for x in response.cookies])
headers['content-type'] = 'application/x-www-form-urlencoded'
payload = {
    'username': 'user_name',
    'password': 'randompass123'
}

response = requests.post(LOGIN_URL, data=payload, headers=headers, verify=False)
headers['cookie'] = '; '.join([x.name + '=' + x.value for x in response.cookies])

CSRF 令牌有一些可能的位置。不同的网站使用不同的方式将其传递给浏览器。以下是其中一些：

There are a few possible locations of the CSRF token. Different websites use different ways to pass it to browser. Here are some of them:

• 它可以带有响应标头，在这种情况下，获得它很容易。



• 有时，页面meta包含CSRF令牌。您必须解析页面的html内容才能获取它。找到合适的CSS选择器。查看示例：

• It can come with response headers, in that case getting it is easy.

• Sometimes page meta holds the CSRF token. You have to parse the html content of the page to get it. Find the proper CSS selector for it. See an example:

from bs4 import BeautifulSoup
soup = BeautifulSoup(response.text, 'lxml')
csrf_token = soup.select_one('meta[name="csrf-token"]')['content']

它可以在带有JavaScript代码的脚本标签内。得到它会很棘手。但是，您始终可以使用 regex 隔离它。

这篇关于使用python请求获取CSRF令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！