[SGVLUG] Blind access through selenium
Michael Proctor-Smith via SGVLUG
sgvlug at sgvlug.net
Mon Sep 17 17:32:51 PDT 2018
I started to look at it and was a mess of JS requests. So to no repeat work
that you have already done what is the actual login url?
On Mon, Sep 17, 2018 at 5:28 PM Marc Lytle via SGVLUG <sgvlug at sgvlug.net>
wrote:
> I get a generic response page from cleeng.com. Tried it with both the
> last generated token and with out.
>
> On Mon, Sep 17, 2018 at 5:25 PM Marc Lytle <mlytle4218 at gmail.com> wrote:
>
>> I get a e
>>
>> On Mon, Sep 17, 2018 at 5:07 PM Michael Proctor-Smith via SGVLUG <
>> sgvlug at sgvlug.net> wrote:
>>
>>> Sounds like Cross-Site Request Forgery (CSRF) protection toke, if you
>>> make the request to login without it what gets returned? When I worked on
>>> that stuff when we got a request with out a token we would return a token
>>> and say repeat.
>>>
>>> On Mon, Sep 17, 2018 at 4:21 PM Marc Lytle via SGVLUG <sgvlug at sgvlug.net>
>>> wrote:
>>>
>>>> My name is Marc and I'm helping Chime Hart, from this last week's
>>>> sgvlug, with his systems. We are trying to log into a website with selenium
>>>> and having a bit of trouble. It was suggested I email this group with the
>>>> specifics of the problems we've been having. Below is some code I have
>>>> used:
>>>>
>>>> #!/usr/bin/env python
>>>> from selenium import webdriver
>>>> from selenium.webdriver.firefox.options import Options
>>>> from selenium.webdriver.support.ui import WebDriverWait as wait
>>>> from selenium.webdriver.support import expected_conditions as EC
>>>>
>>>> options = Options()
>>>> # options.set_headless(headless=True)
>>>>
>>>> driver = webdriver.Firefox(firefox_options=options,
>>>> executable_path=r'/usr/local/bin/geckodriver')
>>>> def i24_login():
>>>> driver.get ('https://video.i24news.tv/')
>>>>
>>>> driver.find_element_by_xpath('//*[@id="app"]/div/div/div[1]/div/nav[1]/div/div[3]/div[2]/button').click()
>>>> # This line returns True when printed, but doesn't see accessable
>>>> in any meaningfull way
>>>> # bob = wait(driver,
>>>> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_xpath('//iframe[contains(@src,
>>>> "auth/2/purchase")]')))
>>>> # This line throws an unfound error even though the radio button's
>>>> id is authType-1.
>>>> bob = wait(driver,
>>>> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_id('authType-1')
>>>> ))
>>>>
>>>> print bob
>>>>
>>>>
>>>> i24_login()
>>>>
>>>> print ("Headless Firefox Initialized")
>>>>
>>>> It opens the site and clicks the login, but neither wait lines above
>>>> results in an object of which I can do anything. 'authType-1' is a radio
>>>> button necessary to login and not register as a new user. If anyone can
>>>> find a way to access that, then I could easily enter his information to the
>>>> login.
>>>>
>>>> As far as the actual login request goes, it works through a third party
>>>> (cleeng.com) and seems to be a simple API call. I've watched the login
>>>> process itself from an open browser inspecting the network traffic, but the
>>>> login in request seems to have an auto-generated key/token that is created
>>>> for each request. I was hoping that I could just script the login and
>>>> inject the token, but I haven't found a way to predict that key yet.
>>>>
>>>> Any help or suggestions would be greatly appreciated.
>>>> --
>>>> Marc Lytle
>>>>
>>>
>>
>> --
>> Marc Lytle
>>
>
>
> --
> Marc Lytle
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20180917/3e0b561c/attachment.html>
More information about the SGVLUG
mailing list