1

I am trying to submit a POST request to pwreset.seattleu.edu/change.aspx so I can change my account password on the command line. I think that I have set up the request properly, after reading various other similar questions, but the response being returned is the exact same page and my password is not being changed. A valid response should redirect me to pwreset.seattleu.edu/change_success.aspx

Code

from bs4 import BeautifulSoup
import requests

pwreset_url = "https://pwreset.seattleu.edu/change.aspx"

headers = {
    'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
    'User-Agent': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.17 (KHTML, like Gecko)  Chrome/24.0.1312.57 Safari/537.17',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Accept-Encoding': 'gzip,deflate,sdch',
    'Accept-Language': 'en-US,en;q=0.8',
    'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3'
}

session = requests.Session()
session.headers.update(headers)

form_response = session.get(pwreset_url, headers=headers) 
soup = BeautifulSoup(form_response.content)

viewstate = soup.find('input', {'name': "__VIEWSTATE"})['value']
viewstategenerator = soup.find('input', {'name': "__VIEWSTATEGENERATOR"})['value']

item_request_body = {
    'VIEWSTATE': viewstate,
    'VIEWSTATEGENERATOR': viewstategenerator,
    '__VIEWSTATEENCRYPTED': '',
    'Username': 'my_username',
    'OldPassword': 'my_password',
    'NewPassword': 'new_password',
    'ConfirmPassword': 'new_password',
    'DoChg': 'Change Password >>'
}

response = session.post(url=pwreset_url, headers=headers, data=item_request_body)

print(BeautifulSoup(response.content))

Am I doing anything wrong?

Michael N.
  • 21
  • 2
  • 1
    run a network sniffer, to compare requests sent by a browser and your code. – jfs Jul 01 '15 at 21:10
  • @Sebastian is looks like the data sent by my browser is the exact same as in the program, and the headers were similar. I tried copying over the header sent by my browser, but that didn't work. – Michael N. Jul 01 '15 at 21:53
  • There is no magic ball on the remote server; something is different. What does "didn't work" mean? What do you expect to happen? What happens instead (`response.history`, `response.status_code` -- update your question, to include the info) ? Does your browser make some additional requests e.g., via javascript or to download an image or a css file? – jfs Jul 01 '15 at 22:04

1 Answers1

0

A few years too late to help the original asker, I found a general solution to this problem; using requests-ntlm, which was created for authenticating against these wacky ASP.NET instances.

Here's a simple example of how to use it

import requests
from requests_ntlm import HttpNtlmAuth
​
username = input("username: ")
password = input("password: ") 

with requests.Session() as session:
    session.auth = HttpNtlmAuth(username, password)
    session.get(url)  # use methods of this object to have your result

consider using the builtin getpass.getpass() for getting the password string or some more secure method

ti7
  • 16,375
  • 6
  • 40
  • 68