This forum uses cookies

Nikitkam · (This post was last modified: 19.01.2023, 06:21 by Nikitkam.)

HI!

I'm trying to make a script to log in via HTTP GET/POST requests, but on the second request I always have 403 Forbidden error.

Can you advice me what is wrong with code below

local http = require("socket.http")
local ltn12 = require 'ltn12'
local json = require('json')

local body = {}
local res, code, headers, status = http.request{
url = "https://passport.yandex.ru/am?app_platform=android",
sink = ltn12.sink.table(body)
}
local response = table.concat(body)
local set_cookie = headers["set-cookie"]
i,j = string.find(response, 'name="csrf_token" value="')
k,l = string.find(response, '"/><div class="')
local csrf_token=string.sub(response,j,k)
local payload = '{"csrf_token":'.. csrf_token .. ',"login":"marakhouski"}'
local response_body = { }
log(payload)
local res, code, response_headers, status = http.request
{
url ="https://passport.yandex.ru/registration-validations/auth/multi_step/start",
method = "POST",
headers =
{ cookie = set_cookie,
["Content-Type"] = "application/json",
["Content-Length"] = payload:len()
},
source = ltn12.source.string(payload),
sink = ltn12.sink.table(response_body)
}
response = table.concat(response_body)
log(status)

By The way this Code is LUA version of Python Script:

import requests

class YandexAPI:
quasar_url = "https://iot.quasar.yandex.ru/m/user"
music_url = "https://api.music.yandex.net"
session = requests.session()
csrf_token = None
music_uid = 0
login = ""
password = ""

def __init__(self, login, password):
self.login = login
self.password = password
self.session.headers.update({
'User-Agent': 'Chrome',
'Host': 'passport.yandex.ru'
})

resp = self.session.get("https://passport.yandex.ru/am?app_platform=android")
m = re.search(r'"csrf_token" value="([^"]+)"', resp.text)
auth_payload = {"csrf_token": m[1]}
self.csrf_token = m[1]

resp= self.session.post("https://passport.yandex.ru/registration-validations/auth/multi_step/start",
data={**auth_payload, "login": login}).json()

auth_payload["track_id"] = resp["track_id"]
#self.session

reesp=self.session.post("https://passport.yandex.ru/registration-validations/auth/multi_step/commit_password",
{**auth_payload, "password": password,
'retpath': "https://passport.yandex.ru/am/finish?status=ok&from=Login"})

Thanks for any upcoming advices!

Nikitkam · 19.01.2023, 07:04

I have looked trough the topics and Im understanding that I need to parse cookie parameters to next step of http reuqest.
My set-cookie headers for the firs request:

yandexuid=523593141674111623; Max-Age=315360000; Domain=.yandex.ru; Path=/; Expires=Sun, 16 Jan 2033 07:00:23 GMT; Secure, uniqueuid=283273561674111623; Max-Age=315360000; Path=/; Expires=Sun, 16 Jan 2033 07:00:23 GMT; HttpOnly; Secure; SameSite=Lax, lah=; Domain=.passport.yandex.ru; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; HttpOnly; Path=/

***admin*** · 19.01.2023, 08:46

Try this:

Code:
cookies = '...'

cookies = cookies:gsub('Expires=%w+, ', 'Expires=')

cookies = cookies:split(', ')

for i, cookie in ipairs(cookies) do

  cookies[i] = cookie:split(';')[1]

end

cookies = table.concat(cookies, '; ')

Using script that simulates user interaction with a login page is not a stable solution. The page format and parameters can change at any time and the script will stop working.

Nikitkam · 19.01.2023, 09:58

(19.01.2023, 08:46)admin Wrote: Try this:

Code:
cookies = '...' cookies = cookies:gsub('Expires=%w+, ', 'Expires=') cookies = cookies:split(', ') for i, cookie in ipairs(cookies) do cookies[i] = cookie:split(';')[1] end cookies = table.concat(cookies, '; ')

Using script that simulates user interaction with a login page is not a stable solution. The page format and parameters can change at any time and the script will stop working.

Hi thanks, i need to push this cookies in pos request as cookie property?

***admin*** · 19.01.2023, 10:03

Yes, you need to set the respective header:

Code:
headers =

  {

    Cookie = cookies,

    ...

There are some other issues with your script:
1. csrf token extraction does not skip the double quotes, it should be like this:

Code:
local csrf_token = string.sub(response,j+1,k-1)

2. request should be done using "application/x-www-form-urlencoded" content type. Data should be encoded using this format, not JSON. See encodepost function here: https://forum.logicmachine.net/showthrea...1#pid27711

Nikitkam · 19.01.2023, 21:04

(19.01.2023, 10:03)admin Wrote: Yes, you need to set the respective header:

Code:
headers = { Cookie = cookies, ...

There are some other issues with your script:
1. csrf token extraction does not skip the double quotes, it should be like this:

Code:
local csrf_token = string.sub(response,j+1,k-1)

2. request should be done using "application/x-www-form-urlencoded" content type. Data should be encoded using this format, not JSON. See encodepost function here: https://forum.logicmachine.net/showthrea...1#pid27711

Thanks for your help. I have succeed in the task.

Login
Username:
Password:	Lost Password?
	Remember me