[SGVLUG] Blind access through selenium

Marc Lytle via SGVLUG sgvlug at sgvlug.net
Mon Sep 17 17:25:49 PDT 2018 

I get a e

On Mon, Sep 17, 2018 at 5:07 PM Michael Proctor-Smith via SGVLUG <
sgvlug at sgvlug.net> wrote:

> Sounds like Cross-Site Request Forgery (CSRF) protection toke, if you make
> the request to login without it what gets returned? When I worked on that
> stuff when we got a request with out a token we would return a token and
> say repeat.
>
> On Mon, Sep 17, 2018 at 4:21 PM Marc Lytle via SGVLUG <sgvlug at sgvlug.net>
> wrote:
>
>> My name is Marc and I'm helping Chime Hart, from this last week's sgvlug,
>> with his systems. We are trying to log into a website with selenium and
>> having a bit of trouble. It was suggested I email this group with the
>> specifics of the problems we've been having.  Below is some code I have
>> used:
>>
>> #!/usr/bin/env python
>> from selenium import webdriver
>> from selenium.webdriver.firefox.options import Options
>> from selenium.webdriver.support.ui import WebDriverWait as wait
>> from selenium.webdriver.support import expected_conditions as EC
>>
>> options = Options()
>> # options.set_headless(headless=True)
>>
>> driver = webdriver.Firefox(firefox_options=options,
>> executable_path=r'/usr/local/bin/geckodriver')
>> def i24_login():
>>     driver.get ('https://video.i24news.tv/')
>>
>> driver.find_element_by_xpath('//*[@id="app"]/div/div/div[1]/div/nav[1]/div/div[3]/div[2]/button').click()
>>     # This line returns True when printed, but doesn't see accessable in
>> any meaningfull way
>>     # bob = wait(driver,
>> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_xpath('//iframe[contains(@src,
>> "auth/2/purchase")]')))
>>     # This line throws an unfound error even though the radio button's id
>> is authType-1.
>>     bob = wait(driver,
>> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_id('authType-1')
>> ))
>>
>>     print bob
>>
>>
>> i24_login()
>>
>> print ("Headless Firefox Initialized")
>>
>> It opens the site and clicks the login, but neither wait lines above
>> results in an object of which I can do anything. 'authType-1' is a radio
>> button necessary to login and not register as a new user. If anyone can
>> find a way to access that, then I could easily enter his information to the
>> login.
>>
>> As far as the actual login request goes, it works through a third party (
>> cleeng.com) and seems to be a simple API call. I've watched the login
>> process itself from an open browser inspecting the network traffic, but the
>> login in request seems to have an auto-generated key/token that is created
>> for each request. I was hoping that I could just script the login and
>> inject the token, but I haven't found a way to predict that key yet.
>>
>> Any help or suggestions would be greatly appreciated.
>> --
>> Marc Lytle
>>
>

-- 
Marc Lytle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20180917/4da2008f/attachment.html>

More information about the SGVLUG mailing list