使用Python中的CookieJar从“Google App Engine”登录到网站。这里有什么问题？ [英] Using CookieJar in Python to log in to a website from "Google App Engine". What's wrong here?

问题描述

我一直在试图找到一个python代码，它可以从Google App Engine
。
此处（点击此处查看该页面）我收到了以下代码：

 导入urllib，urllib2，cookielib 
 
 url =https://login.yahoo.com/config/login？ 
 form_data = {'login'：'my-login-here'，'passwd'：'my-password-here'} 
 
 jar = cookielib.CookieJar（）
 opener = urllib2.build_opener（urllib2.HTTPCookieProcessor（jar））
 form_data = urllib.urlencode（form_data）
从这个页面返回的数据包含重定向
 resp = opener.open（url，form_data ）
＃雅虎重定向到http://my.yahoo.com，所以让我们去那里，而不是
 resp = opener.open（'http://mail.yahoo.com'）
打印resp.read（）
  

此脚本的作者查看了 yahoo登录表单
，并提出了这个脚本。

该登录表单包含两个字段，一个用于用户Yahoo! ID和另一个是用户的密码。这两个字段的HTML代码如下所示：

用户ID字段：

 < input type =textmaxlength =96class =yreg_iptsize =17value =id =usernamename =login> 
  

密码字段：

 < input type =passwordmaxlength =64class =yreg_iptsize =17value =id =passwdname =passwd> 
  

但是，当我将此代码上传到Google App Engine时，我发现此登录表单不断出现回到我身上，我认为，这意味着登录过程没有成功。为什么会这样？

解决方案

您发送MD5散列并且不是纯粹的密码。此外，您还必须配合他们正在实施的各种CSRF保护措施。看：

 < input type =hiddenname =。triesvalue =1> 
< input type =hiddenname =。srcvalue =ym> 
< input type =hiddenname =。md5value => 
< input type =hiddenname =。hashvalue => 
< input type =hiddenname =。jsvalue => 
< input type =hiddenname =。lastvalue => 
< input type =hiddenname =promovalue => 
< input type =hiddenname =。intlvalue =us> 
< input type =hiddenname =。bypassvalue => 
< input type =hiddenname =。partnervalue => 
< input type =hiddenname =。value =bd5tdpd5rf2pg> 
< input type =hiddenname =。vvalue =0> 
< input type =hiddenname =。challengevalue =5qUiIPGVFzRZ2BHhvtdGXoehfiOj> 
< input type =hiddenname =。yplusvalue => 
< input type =hiddenname =。emailCodevalue => 
< input type =hiddenname =pkgvalue => 
< input type =hiddenname =stepidvalue => 
< input type =hiddenname =。evvalue => 
< input type =hiddenname =hasMsgrvalue =0> 
< input type =hiddenname =。chkPvalue =Y> 
< input type =hiddenname =。donevalue =http://mail.yahoo.com> 
< input type =hiddenname =。pdvalue =ym_ver = 0& c =& ivt =& sg => 
  

启动Wireshark并使用它。祝你好运：）

然而，如果你打算使用它，那么w / App Engine会记住使用Google IP几乎肯定会导致w / Captcha挑战。此外，雅虎可能会阻止Google永久设置的 User-Agent 。

I've been trying to find a python code that would log in to my mail box on yahoo.com from "Google App Engine" . Here (click here to see that page) I was given this code:

import urllib, urllib2, cookielib

url = "https://login.yahoo.com/config/login?"
form_data = {'login' : 'my-login-here', 'passwd' : 'my-password-here'}

jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
form_data = urllib.urlencode(form_data)
# data returned from this pages contains redirection
resp = opener.open(url, form_data)
# yahoo redirects to http://my.yahoo.com, so lets go there instead
resp = opener.open('http://mail.yahoo.com')
print resp.read()

The author of this script looked into HTML script of yahoo log-in form and came up with this script.

That log-in form contains two fields, one for users' Yahoo! ID and another one is for users' password. Here is how HTML code of that page for both of those fields looks like:

User ID field:

<input type="text" maxlength="96" class="yreg_ipt" size="17" value="" id="username" name="login">

Password field:

<input type="password" maxlength="64" class="yreg_ipt" size="17" value="" id="passwd" name="passwd">

However, when I uploaded this code to Google App Engine I discovered that this log-in form keeps coming back to me, which, I assume, means that logging-in process didn't succeed. Why is it so?

解决方案

You send MD5 hash and not plain password. Also you'd have to play along with all kinds of CSRF protections etc. that they're implementing. Look:

            <input type="hidden" name=".tries" value="1"> 
            <input type="hidden" name=".src" value="ym"> 
            <input type="hidden" name=".md5" value=""> 
            <input type="hidden" name=".hash" value=""> 
            <input type="hidden" name=".js" value=""> 
            <input type="hidden" name=".last" value=""> 
            <input type="hidden" name="promo" value=""> 
            <input type="hidden" name=".intl" value="us"> 
            <input type="hidden" name=".bypass" value=""> 
            <input type="hidden" name=".partner" value=""> 
            <input type="hidden" name=".u" value="bd5tdpd5rf2pg"> 
            <input type="hidden" name=".v" value="0"> 
            <input type="hidden" name=".challenge" value="5qUiIPGVFzRZ2BHhvtdGXoehfiOj"> 
            <input type="hidden" name=".yplus" value=""> 
            <input type="hidden" name=".emailCode" value=""> 
            <input type="hidden" name="pkg" value=""> 
            <input type="hidden" name="stepid" value=""> 
            <input type="hidden" name=".ev" value=""> 
            <input type="hidden" name="hasMsgr" value="0"> 
            <input type="hidden" name=".chkP" value="Y"> 
            <input type="hidden" name=".done" value="http://mail.yahoo.com"> 
            <input type="hidden" name=".pd" value="ym_ver=0&c=&ivt=&sg="> 

Launch Wireshark and play with it. Good luck :)

However if you intend to use it w/ App Engine keep in my mind that using Google IP will almost surely result w/ Captcha challenge. Also Yahoo might block your User-Agent that is being set permanently by Google.

这篇关于使用Python中的CookieJar从“Google App Engine”登录到网站。这里有什么问题？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！