This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

Http session script
#1
HI!

I'm trying to make a script to log in via HTTP GET/POST requests, but on the second request I always have 403 Forbidden error.

Can you advice me what is wrong with code below

local http = require("socket.http")
local ltn12 = require 'ltn12'
local json = require('json')

local body = {}
local res, code, headers, status = http.request{
  url = "https://passport.yandex.ru/am?app_platform=android",
  sink = ltn12.sink.table(body)
}
local response = table.concat(body)
local set_cookie = headers["set-cookie"]
i,j = string.find(response, 'name="csrf_token" value="')
k,l = string.find(response, '"/><div class="')
local csrf_token=string.sub(response,j,k)
local payload = '{"csrf_token":'.. csrf_token .. ',"login":"marakhouski"}'
local response_body = { }
log(payload)
local res, code, response_headers, status = http.request
    {
        url ="https://passport.yandex.ru/registration-validations/auth/multi_step/start",
        method = "POST",
        headers =
          { cookie = set_cookie,
            ["Content-Type"] = "application/json",
            ["Content-Length"] = payload:len()
            },
        source = ltn12.source.string(payload),
        sink = ltn12.sink.table(response_body)
    }
response = table.concat(response_body)
log(status)



By The way this Code is LUA version of Python Script:


import requests


class YandexAPI:
    quasar_url = "https://iot.quasar.yandex.ru/m/user"
    music_url = "https://api.music.yandex.net"
    session = requests.session()
    csrf_token = None
    music_uid = 0
    login = ""
    password = ""

    def __init__(self, login, password):
        self.login = login
        self.password = password
        self.session.headers.update({
            'User-Agent': 'Chrome',
            'Host': 'passport.yandex.ru'
        })


        resp = self.session.get("https://passport.yandex.ru/am?app_platform=android")
        m = re.search(r'"csrf_token" value="([^"]+)"', resp.text)
        auth_payload = {"csrf_token": m[1]}
        self.csrf_token = m[1]
       
        resp= self.session.post("https://passport.yandex.ru/registration-validations/auth/multi_step/start",
                                data={**auth_payload, "login": login}).json()
       
        auth_payload["track_id"] = resp["track_id"]
        #self.session

        reesp=self.session.post("https://passport.yandex.ru/registration-validations/auth/multi_step/commit_password",
                          {**auth_payload, "password": password,
                          'retpath': "https://passport.yandex.ru/am/finish?status=ok&from=Login"})


Thanks for any upcoming advices!
Reply


Messages In This Thread
Http session script - by Nikitkam - 18.01.2023, 21:53
RE: Http session script - by Nikitkam - 19.01.2023, 07:04
RE: Http session script - by admin - 19.01.2023, 08:46
RE: Http session script - by Nikitkam - 19.01.2023, 09:58
RE: Http session script - by admin - 19.01.2023, 10:03
RE: Http session script - by Nikitkam - 19.01.2023, 21:04

Forum Jump: