[SGVLUG] Blind access through selenium

Michael Proctor-Smith via SGVLUG sgvlug at sgvlug.net
Mon Sep 17 17:06:18 PDT 2018 

Sounds like Cross-Site Request Forgery (CSRF) protection toke, if you make
the request to login without it what gets returned? When I worked on that
stuff when we got a request with out a token we would return a token and
say repeat.

On Mon, Sep 17, 2018 at 4:21 PM Marc Lytle via SGVLUG <sgvlug at sgvlug.net>
wrote:

> My name is Marc and I'm helping Chime Hart, from this last week's sgvlug,
> with his systems. We are trying to log into a website with selenium and
> having a bit of trouble. It was suggested I email this group with the
> specifics of the problems we've been having.  Below is some code I have
> used:
>
> #!/usr/bin/env python
> from selenium import webdriver
> from selenium.webdriver.firefox.options import Options
> from selenium.webdriver.support.ui import WebDriverWait as wait
> from selenium.webdriver.support import expected_conditions as EC
>
> options = Options()
> # options.set_headless(headless=True)
>
> driver = webdriver.Firefox(firefox_options=options,
> executable_path=r'/usr/local/bin/geckodriver')
> def i24_login():
>     driver.get ('https://video.i24news.tv/')
>
> driver.find_element_by_xpath('//*[@id="app"]/div/div/div[1]/div/nav[1]/div/div[3]/div[2]/button').click()
>     # This line returns True when printed, but doesn't see accessable in
> any meaningfull way
>     # bob = wait(driver,
> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_xpath('//iframe[contains(@src,
> "auth/2/purchase")]')))
>     # This line throws an unfound error even though the radio button's id
> is authType-1.
>     bob = wait(driver,
> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_id('authType-1')
> ))
>
>     print bob
>
>
> i24_login()
>
> print ("Headless Firefox Initialized")
>
> It opens the site and clicks the login, but neither wait lines above
> results in an object of which I can do anything. 'authType-1' is a radio
> button necessary to login and not register as a new user. If anyone can
> find a way to access that, then I could easily enter his information to the
> login.
>
> As far as the actual login request goes, it works through a third party (
> cleeng.com) and seems to be a simple API call. I've watched the login
> process itself from an open browser inspecting the network traffic, but the
> login in request seems to have an auto-generated key/token that is created
> for each request. I was hoping that I could just script the login and
> inject the token, but I haven't found a way to predict that key yet.
>
> Any help or suggestions would be greatly appreciated.
> --
> Marc Lytle
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20180917/5f1d2684/attachment.html>

More information about the SGVLUG mailing list