python-12 跳过登录 post表单

跳过登录 post表单

import requests

def csrf_post():
    # 绕过CSRF，先进行一次GET 请求，目的是保存csrftoken,然后带上这个token进行post请求
    LOGIN_URL = 'http://127.0.0.1:8000/mytest/users/add'
    headers = {
        'accept': 'text/html,application/xhtml+xml,application/xml',
        'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36'
    }

    response = requests.get(LOGIN_URL, headers=headers, verify=False)
    headers['cookie'] = '; '.join([x.name + '=' + x.value for x in response.cookies])
    csrflist = headers['cookie'].split('=')
    csrftoken = csrflist[1]  # get请求就是为了获取这个token

    data = {
        'csrfmiddlewaretoken': csrftoken,
        'name': '王炸',
        'age': '35',
        'phone': '11111111135'
    }
    url = 'http://127.0.0.1:8000/mytest/users/insert'
    response = requests.post(url, data=data, headers=headers, verify=False)
    print(response.status_code)
    # with open('post.html', 'w') as file:
    #     file.write(response.text)

if __name__ == '__main__':
    csrf_post()

'''
import requests
LOGIN_URL = 'https://examplenotarealpage.com'
headers = {
    'accept': 'text/html,application/xhtml+xml,application/xml',
    'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36'
}

response = requests.get(LOGIN_URL, headers=headers, verify=False)

headers['cookie'] = '; '.join([x.name + '=' + x.value for x in response.cookies])
headers['content-type'] = 'application/x-www-form-urlencoded'
payload = {
    'username': 'user_name',
    'password': 'randompass123'
}

response = requests.post(LOGIN_URL, data=payload, headers=headers, verify=False)
'''