无法使用Selenium自动执行Chase网站登录 [英] Unable to use Selenium to automate Chase site login

问题描述

当我尝试使用Selenium(Python)登录Chase网站时，遇到以下错误消息:

When I try to log into the Chase website using Selenium (Python), I'm hit with the following error message:

但是，使用人工"登录可以正常工作.似乎当Selenium找到一个元素时，就会触发该问题.

However, using "human" login works fine. It seems that when Selenium finds an element it triggers the issue.

我错过了什么吗?我试图在stackoverflow上找到答案，但无济于事.

Am I missing something? I've tried to find the answer on stackoverflow but to no avail.

预期结果是该脚本将成功允许我以编程方式登录.

The expected result is that the script would successfully allow me to login programatically.

这是下面的代码示例:

import time
import os

from selenium import webdriver

CHASE_USER_ID = os.getenv('CHASE_USER_ID', None)
CHASE_PASSWORD = os.getenv('CHASE_PASSWORD', None)

assert CHASE_USER_ID is not None, 'Chase user id not set'
assert CHASE_PASSWORD is not None, ' Chase password not set'


def main():
    chrome_options = webdriver.ChromeOptions()
    driver = webdriver.Chrome(r'./chromedriver', chrome_options=chrome_options)

    try:
        driver.get('https://secure07c.chase.com/web/auth/#/logon/logon/chaseOnline?')

        time.sleep(2)

        user_element = driver.find_element_by_id('userId-input-field')  # Finding an element here seems to make the login process fail 
        user_element.send_keys(CHASE_USER_ID)

        password_element = driver.find_element_by_id('password-input-field')
        password_element.send_keys(CHASE_PASSWORD)

        time.sleep(2)

        password_element.submit()

        time.sleep(10)
    finally:
        driver.quit()


if __name__ == '__main__':
    main()

推荐答案

我采用了您的代码并简化了结构，并以最少的代码行运行了测试，如下所示:

I took your code and simplified the structure and ran the test with minimal lines of code as follows:

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.support.ui import WebDriverWait


options = webdriver.ChromeOptions()
options.add_argument("start-maximized")
options.add_argument("--disable-extensions")
driver = webdriver.Chrome(chrome_options=options, executable_path=r'C:\Utility\BrowserDrivers\chromedriver.exe')
driver.get("https://secure07c.chase.com/web/auth/#/logon/logon/chaseOnline?")
WebDriverWait(driver, 20).until(EC.element_to_be_clickable((By.CSS_SELECTOR, "input.jpui.input.logon-xs-toggle.clientSideError"))).send_keys("jsmiao")
driver.find_element_by_css_selector("input.jpui.input.logon-xs-toggle#password-input-field").send_keys("hello")
driver.find_element_by_css_selector("button#signin-button>span.label").click()

类似地，根据您的观察，我遇到了相同的障碍，错误如下:

Similarly, as per your observation I have hit the same roadblock with the error as:

似乎元素上的click()的文本为登录确实发生了.尽管启动了用户名/密码查找，但是该过程中断了.在检查网页的 DOM树时，您会发现其中一些<script>标签是指具有关键字 dist 的 JavaScripts .例如:

It seems the click() on the element with text as Sign in does happens. Though the username / password lookup is initiated but the process is interupted. While inspecting the DOM Tree of the webpage you will find that some of the <script> tag refers to JavaScripts having keyword dist. As an example:

• <script src="https://static.chasecdn.com/web/library/blue-boot/dist/2.20.3/blue-boot/js/main-ver.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue-vendor/main" src="https://static.chasecdn.com/web/library/blue-vendor/dist/2.11.1/blue-vendor/js/main.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue/main" src="https://static.chasecdn.com/web/library/blue-core/dist/2.16.3/blue/js/main.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue-app/main" src="https://static.chasecdn.com/web/library/blue-app/dist/2.15.1/blue-app/js/main.js"></script>

• <script src="https://static.chasecdn.com/web/library/blue-boot/dist/2.20.3/blue-boot/js/main-ver.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue-vendor/main" src="https://static.chasecdn.com/web/library/blue-vendor/dist/2.11.1/blue-vendor/js/main.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue/main" src="https://static.chasecdn.com/web/library/blue-core/dist/2.16.3/blue/js/main.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue-app/main" src="https://static.chasecdn.com/web/library/blue-app/dist/2.15.1/blue-app/js/main.js"></script>

明确表明该网站受 Bot Management 服务提供商保护 > Distil Networks ，并检测到 ChromeDriver 进行的导航，随后阻止.

Which is a clear indication that the website is protected by Bot Management service provider Distil Networks and the navigation by ChromeDriver gets detected and subsequently blocked.

根据文章

Distil通过观察站点行为并识别刮板特有的模式来保护站点免受自动内容抓取机器人的攻击.当Distil在一个站点上识别出一个恶意bot时，它将创建一个列入黑名单的行为配置文件，并将其部署到所有客户.像漫游器防火墙一样，Distil会检测模式并做出反应.

Distil protects sites against automatic content scraping bots by observing site behavior and identifying patterns peculiar to scrapers. When Distil identifies a malicious bot on one site, it creates a blacklisted behavioral profile that is deployed to all its customers. Something like a bot firewall, Distil detects patterns and reacts.

进一步

"One pattern with Selenium was automating the theft of Web content"，Distil首席执行官拉米·埃塞伊(Rami Essai)在上周的一次采访中表示. "Even though they can create new bots, we figured out a way to identify Selenium the a tool they're using, so we're blocking Selenium no matter how many times they iterate on that bot. We're doing that now with Python and a lot of different technologies. Once we see a pattern emerge from one type of bot, then we work to reverse engineer the technology they use and identify it as malicious".

"One pattern with Selenium was automating the theft of Web content", Distil CEO Rami Essaid said in an interview last week. "Even though they can create new bots, we figured out a way to identify Selenium the a tool they're using, so we're blocking Selenium no matter how many times they iterate on that bot. We're doing that now with Python and a lot of different technologies. Once we see a pattern emerge from one type of bot, then we work to reverse engineer the technology they use and identify it as malicious".

---

参考

您可以在以下位置找到一些详细的讨论:

---

Reference

You can find a couple of detailed discussion in:

• Selenium webdriver:修改导航器.webdriver标志以防止硒检测
• Akamai Bot Manager检测到WebDriver驱动的Chrome浏览上下文

• Is there a way to use Selenium WebDriver without informing the document that it is controlled by WebDriver?
• Selenium webdriver: Modifying navigator.webdriver flag to prevent selenium detection
• Akamai Bot Manager detects WebDriver driven Chrome Browsing Context
• Is there a version of selenium webdriver that is not detectable?

这篇关于无法使用Selenium自动执行Chase网站登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！