这关比之前一关复杂一点,需要多提交名为‘csrfmiddlewaretoken’的值,而且涉及到cookie,不过都是小意思,谁让我们有requests呢。
1.先去注册一个账号,然后登陆,打开firefox的Firebug看看cookie的变化。会发现需要提交‘csrfmiddlewaretoken’的值
和cookie里的‘csrfmiddlewaretoken’的值有关系,第二种方法就是查看源码,里面有一个隐藏标签,其值就是‘crsftoken’的值。
2.登陆完后,与第二关相似,暴力破解密码,只不过也要加一个‘csrfmiddlewaretoken’的值。
废话不多说,上代码。
#! /user/bin/env python
# -*- coding:utf-8 -*-
import requests
from lxml import etree
def findText(url):
session=requests.Session()
req=session.get(url,timeout=4)
cookies=requests.utils.dict_from_cookiejar(session.cookies)
for key in cookies:
token1=cookies[key]
headers={'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0',
'Referer':'http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/'
}
data1={'username':'youncyb','password':'heibanke163com','csrfmiddlewaretoken':token1}
req=session.post(url,data=data1,headers=headers)
cookies=requests.utils.dict_from_cookiejar(session.cookies)
token2=cookies['csrftoken']
url='http://www.heibanke.com/lesson/crawler_ex02/'
a="您输入的密码错误, 请重新输入"
for i in range(30):
data2={'username':'youncyb','password':i,'csrfmiddlewaretoken':token2}
req=session.post(url,data=data2,headers=headers).text
content=str(etree.HTML(req).xpath("//h3/text()"))
if a not in content:
print(i)
print (content)
exit(0)
def main():
url="http://www.heibanke.com/accounts/login/?next=/lesson/crawler_ex02/"
findText(url)
if __name__ == '__main__':
main()
Comments NOTHING