0

I am trying to log in to the site using a post request, as I need to log in to it. I pass all the information from the Chrome request headers in the header. I am transferring everything from the form data to the Data, but as a result I get error 403. Maybe someone can tell you? Unfortunately, I can't provide a website

(Where test - I have a real site specified)

RequestHeaders scrin

FormData

url = 'test.ru'
header = {
         'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9'
          'Accept-Encoding': 'gzip, deflate'
          'Accept-Language': 'ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7'
          'Cache-Control': 'max-age=0'
          'Connection': 'keep-alive'
          'Content-Length': '82'
          'Content-Type': 'application/x-www-form-urlencoded'
          'Cookie': 'cookie'
          'Host': 'test'
          'Origin': 'test.ru'
          'Referer': 'test.ru/sign'
          'Upgrade-Insecure-Requests': '1'
          'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36'          
}

data = {
       'username':'admin'
       'password':'q1'
       'remember-me':'1'
       '_csrf':'6a973144-4dec-42-ab-9fda-f62f6054fe68'
}

s = requests.Session()
s.post(url, data=data, headers=header)

*The screenshots are fresh, and I wrote the code yesterday, so some data may vary, but when testing the code, I took the current ones from the browser

Fedor March
  • 67
  • 8
  • 403 error occurs when the server understands the request but refuses to authorize it. Please can you check with latest valid authentication tokens you are using – onkar May 19 '22 at 12:50
  • Are you sure you are meant to log in this way? Where did you get the csrf token? Typically the server will refuse your request if the csrf token is incorrect. https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work – Håken Lid May 19 '22 at 12:53
  • Additionally, it's possible that the csrf token has been invalidated. Those are typically invalidated after a single use. It's designed so that you must request the form from the actual server if you want to make the request. – Souperman May 19 '22 at 12:53
  • I logged in through the browser with the correct username and password, logged in, and transmitted the same data via .post and still get an error. Maybe you need to additionally pass a cookie? – Fedor March May 19 '22 at 12:54
  • If you logged in via the browser, it would've consumed the csrf token, making it unusable on subsequent requests – Souperman May 19 '22 at 12:55
  • Indeed, I tried to log in using the same csrf token. Now I'm looking at whether it is possible to get this token, for example, using a get request and then log in using post – Fedor March May 19 '22 at 13:01
  • I get csrf when executing a GET request, update it in Data and pass it to POST, but still the same error 403. Maybe some other data needs to be replaced? How about cookies – Fedor March May 19 '22 at 13:19
  • Decided. Indeed, the problem was in csrf, but in addition it was necessary to update the Cookie in the Header. – Fedor March May 19 '22 at 13:38

0 Answers0