[SGVLUG] Blind access through selenium

Mon Sep 17 17:36:15 PDT 2018

has the password and username in the body

On Mon, Sep 17, 2018 at 5:35 PM Marc Lytle <mlytle4218 at gmail.com> wrote:

> with the CORS id
> https://cleeng.com/us/login?afid=eef7ec4df467507742995febf73a48ad
>
> On Mon, Sep 17, 2018 at 5:34 PM Michael Proctor-Smith via SGVLUG <
> sgvlug at sgvlug.net> wrote:
>
>> I started to look at it and was a mess of JS requests. So to no repeat
>> work that you have already done what is the actual login url?
>>
>> On Mon, Sep 17, 2018 at 5:28 PM Marc Lytle via SGVLUG <sgvlug at sgvlug.net>
>> wrote:
>>
>>> I get a generic response page from cleeng.com. Tried it with both the
>>> last generated token and with out.
>>>
>>> On Mon, Sep 17, 2018 at 5:25 PM Marc Lytle <mlytle4218 at gmail.com> wrote:
>>>
>>>> I get a e
>>>>
>>>> On Mon, Sep 17, 2018 at 5:07 PM Michael Proctor-Smith via SGVLUG <
>>>> sgvlug at sgvlug.net> wrote:
>>>>
>>>>> Sounds like Cross-Site Request Forgery (CSRF) protection toke, if you
>>>>> make the request to login without it what gets returned? When I worked on
>>>>> that stuff when we got a request with out a token we would return a token
>>>>> and say repeat.
>>>>>
>>>>> On Mon, Sep 17, 2018 at 4:21 PM Marc Lytle via SGVLUG <
>>>>> sgvlug at sgvlug.net> wrote:
>>>>>
>>>>>> My name is Marc and I'm helping Chime Hart, from this last week's
>>>>>> sgvlug, with his systems. We are trying to log into a website with selenium
>>>>>> and having a bit of trouble. It was suggested I email this group with the
>>>>>> specifics of the problems we've been having.  Below is some code I have
>>>>>> used:
>>>>>>
>>>>>> #!/usr/bin/env python
>>>>>> from selenium import webdriver
>>>>>> from selenium.webdriver.firefox.options import Options
>>>>>> from selenium.webdriver.support.ui import WebDriverWait as wait
>>>>>> from selenium.webdriver.support import expected_conditions as EC
>>>>>>
>>>>>> options = Options()
>>>>>> # options.set_headless(headless=True)
>>>>>>
>>>>>> driver = webdriver.Firefox(firefox_options=options,
>>>>>> executable_path=r'/usr/local/bin/geckodriver')
>>>>>> def i24_login():
>>>>>>     driver.get ('https://video.i24news.tv/')
>>>>>>
>>>>>> driver.find_element_by_xpath('//*[@id="app"]/div/div/div[1]/div/nav[1]/div/div[3]/div[2]/button').click()
>>>>>>     # This line returns True when printed, but doesn't see accessable
>>>>>> in any meaningfull way
>>>>>>     # bob = wait(driver,
>>>>>> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_xpath('//iframe[contains(@src,
>>>>>> "auth/2/purchase")]')))
>>>>>>     # This line throws an unfound error even though the radio
>>>>>> button's id is authType-1.
>>>>>>     bob = wait(driver,
>>>>>> 20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_id('authType-1')
>>>>>> ))
>>>>>>
>>>>>>     print bob
>>>>>>
>>>>>>
>>>>>> i24_login()
>>>>>>
>>>>>> print ("Headless Firefox Initialized")
>>>>>>
>>>>>> It opens the site and clicks the login, but neither wait lines above
>>>>>> results in an object of which I can do anything. 'authType-1' is a radio
>>>>>> button necessary to login and not register as a new user. If anyone can
>>>>>> find a way to access that, then I could easily enter his information to the
>>>>>> login.
>>>>>>
>>>>>> As far as the actual login request goes, it works through a third
>>>>>> party (cleeng.com) and seems to be a simple API call. I've watched
>>>>>> the login process itself from an open browser inspecting the network
>>>>>> traffic, but the login in request seems to have an auto-generated key/token
>>>>>> that is created for each request. I was hoping that I could just script the
>>>>>> login and inject the token, but I haven't found a way to predict that key
>>>>>> yet.
>>>>>>
>>>>>> Any help or suggestions would be greatly appreciated.
>>>>>> --
>>>>>> Marc Lytle
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Marc Lytle
>>>>
>>>
>>>
>>> --
>>> Marc Lytle
>>>
>>
>
> --
> Marc Lytle
>

-- 
Marc Lytle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20180917/4d4bac70/attachment-0001.html>