4

I'm having trouble understanding requests. Let's say I have this request:

POST /user/follow HTTP/1.1
Host: www.website.com
User-Agent: some user agent
Accept: application/json, text/plain, */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Referer: https://www.website.com/users/12345/profile
Content-Type: application/json;charset=utf-8
X-CSRF-TOKEN: Ab1/2cde3fGH
Content-Length: 27
Cookie: some-cookie=;
DNT: 1
Connection: close

{"targetUser":"12345"}

How am I supposed to use this information to send a valid request using python? What I found is not really helpful. I need someone to show me an example with the data I gave you.

David
  • 139
  • 2
  • 8

3 Answers3

3

I would do something like this.

import requests
headers = {
    "User-Agent": "some user agent",
    "Content-Length": 27
    # you get the point
     }
data = {
    "targetUser" : "12345"
    }
url = "www.website.com/user/follow"
r = requests.post(url, headers=headers,data=data)

Yes, you would use cookies to log in. Cookies are a part of the headers.

apoorlydrawnape
  • 288
  • 3
  • 12
  • So, Content-Length can't be a string? ("27") – David Apr 08 '17 at 20:21
  • I would keep it as integer, but a string is fine. – apoorlydrawnape Apr 08 '17 at 20:25
  • A python error just told me that it has to be a string. Anyways, it seems like the website has some cookies that store some stuff like time/date and session tokens, most likely to prevent botting... this is gonna be tough. – David Apr 08 '17 at 20:32
  • You guys have fun while I try to figure out how to get through "XSRF Token Validation". By the way, I don't know which answer to accept. Can't both. – David Apr 08 '17 at 20:35
  • Oops, sorry for my mistake. I recently had a problem with CSRF tokens. I didn't continue what I was working on, but I think it could be bypassed with a session. I'm not sure how that works with requests, but at least it's possible. – apoorlydrawnape Apr 08 '17 at 20:50
  • 1
    I can get the token through console, put it in Burp's repeater and send the request. It worked. Now I gotta make that work with my script. – David Apr 08 '17 at 20:54
  • I need your help again. When I send the request with burp it works just fine, but when I send it with python I get back this response: {"isValid":false,"data":null,"error":""} – David Apr 09 '17 at 18:33
  • Will you just make a new question for this and link me to it? I can try to help but there's definitely people who know more than I. Include more details if you do that. – apoorlydrawnape Apr 09 '17 at 18:59
  • http://stackoverflow.com/questions/43311053/strange-error-response-requests – David Apr 09 '17 at 19:39
2

I will not write poems i just give you some exapmle code:

import requests

headers = {
    "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0",
    "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
    "Accept-Language": "en-US,en;q=0.5",
    "Referer": "SOMETHING",
    "Cookie": "SOMETHING",
    "Connection": "close",
    "Content-Type": "application/x-www-form-urlencoded"
}
data = "SOME DATA"
url = "https://example.com/something"

request = requests.post(url, headers=headers, data=data)

In headers you set needed header etc. you got it i think ;)

Symonen
  • 628
  • 2
  • 7
  • 19
  • Thanks, but where should the last line - {"targetUser":"12345"} go in my case? It seems to be different from the rest. – David Apr 08 '17 at 20:16
  • In your case you should change "SOME DATA" to " {"targetUser":"12345"} ". In data variable you should insert your data :) – Symonen Apr 09 '17 at 23:08
-2

This Burp extension may help: Copy As Python-Requests

It can copy selected request(s) as Python-Requests invocations.

In your case, after copying as Python-Requests, you get:

import requests

burp0_url = "http://www.website.com:80/user/follow"
burp0_cookies = {"some-cookie": ""}
burp0_headers = {"User-Agent": "some user agent", "Accept": "application/json, text/plain, */*", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Referer": "https://www.website.com/users/12345/profile", "Content-Type": "application/json;charset=utf-8", "X-CSRF-TOKEN": "Ab1/2cde3fGH", "DNT": "1", "Connection": "close"}
burp0_json={"targetUser": "12345"}
requests.post(burp0_url, headers=burp0_headers, cookies=burp0_cookies, json=burp0_json)
Tomerikoo
  • 18,379
  • 16
  • 47
  • 61
EndlessHomework
  • 31
  • 1
  • 5