This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

Http session script
#1
HI!

I'm trying to make a script to log in via HTTP GET/POST requests, but on the second request I always have 403 Forbidden error.

Can you advice me what is wrong with code below

local http = require("socket.http")
local ltn12 = require 'ltn12'
local json = require('json')

local body = {}
local res, code, headers, status = http.request{
  url = "https://passport.yandex.ru/am?app_platform=android",
  sink = ltn12.sink.table(body)
}
local response = table.concat(body)
local set_cookie = headers["set-cookie"]
i,j = string.find(response, 'name="csrf_token" value="')
k,l = string.find(response, '"/><div class="')
local csrf_token=string.sub(response,j,k)
local payload = '{"csrf_token":'.. csrf_token .. ',"login":"marakhouski"}'
local response_body = { }
log(payload)
local res, code, response_headers, status = http.request
    {
        url ="https://passport.yandex.ru/registration-validations/auth/multi_step/start",
        method = "POST",
        headers =
          { cookie = set_cookie,
            ["Content-Type"] = "application/json",
            ["Content-Length"] = payload:len()
            },
        source = ltn12.source.string(payload),
        sink = ltn12.sink.table(response_body)
    }
response = table.concat(response_body)
log(status)



By The way this Code is LUA version of Python Script:


import requests


class YandexAPI:
    quasar_url = "https://iot.quasar.yandex.ru/m/user"
    music_url = "https://api.music.yandex.net"
    session = requests.session()
    csrf_token = None
    music_uid = 0
    login = ""
    password = ""

    def __init__(self, login, password):
        self.login = login
        self.password = password
        self.session.headers.update({
            'User-Agent': 'Chrome',
            'Host': 'passport.yandex.ru'
        })


        resp = self.session.get("https://passport.yandex.ru/am?app_platform=android")
        m = re.search(r'"csrf_token" value="([^"]+)"', resp.text)
        auth_payload = {"csrf_token": m[1]}
        self.csrf_token = m[1]
       
        resp= self.session.post("https://passport.yandex.ru/registration-validations/auth/multi_step/start",
                                data={**auth_payload, "login": login}).json()
       
        auth_payload["track_id"] = resp["track_id"]
        #self.session

        reesp=self.session.post("https://passport.yandex.ru/registration-validations/auth/multi_step/commit_password",
                          {**auth_payload, "password": password,
                          'retpath': "https://passport.yandex.ru/am/finish?status=ok&from=Login"})


Thanks for any upcoming advices!
Reply
#2
I have looked trough the topics and Im understanding that I need to parse cookie parameters to next step of http reuqest.
My set-cookie headers for the firs request:

yandexuid=523593141674111623; Max-Age=315360000; Domain=.yandex.ru; Path=/; Expires=Sun, 16 Jan 2033 07:00:23 GMT; Secure, uniqueuid=283273561674111623; Max-Age=315360000; Path=/; Expires=Sun, 16 Jan 2033 07:00:23 GMT; HttpOnly; Secure; SameSite=Lax, lah=; Domain=.passport.yandex.ru; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Secure; HttpOnly; Path=/
Reply
#3
Try this:
Code:
cookies = '...'
cookies = cookies:gsub('Expires=%w+, ', 'Expires=')
cookies = cookies:split(', ')

for i, cookie in ipairs(cookies) do
  cookies[i] = cookie:split(';')[1]
end

cookies = table.concat(cookies, '; ')

Using script that simulates user interaction with a login page is not a stable solution. The page format and parameters can change at any time and the script will stop working.
Reply
#4
(19.01.2023, 08:46)admin Wrote: Try this:
Code:
cookies = '...'
cookies = cookies:gsub('Expires=%w+, ', 'Expires=')
cookies = cookies:split(', ')

for i, cookie in ipairs(cookies) do
  cookies[i] = cookie:split(';')[1]
end

cookies = table.concat(cookies, '; ')

Using script that simulates user interaction with a login page is not a stable solution. The page format and parameters can change at any time and the script will stop working.

Hi thanks, i need to push this cookies in pos request as cookie property?
Reply
#5
Yes, you need to set the respective header:
Code:
headers =
  {
    Cookie = cookies,
    ...

There are some other issues with your script:
1. csrf token extraction does not skip the double quotes, it should be like this:
Code:
local csrf_token = string.sub(response,j+1,k-1)

2. request should be done using "application/x-www-form-urlencoded" content type. Data should be encoded using this format, not JSON. See encodepost function here: https://forum.logicmachine.net/showthrea...1#pid27711
Reply
#6
(19.01.2023, 10:03)admin Wrote: Yes, you need to set the respective header:
Code:
headers =
  {
    Cookie = cookies,
    ...

There are some other issues with your script:
1. csrf token extraction does not skip the double quotes, it should be like this:
Code:
local csrf_token = string.sub(response,j+1,k-1)

2. request should be done using "application/x-www-form-urlencoded" content type. Data should be encoded using this format, not JSON. See encodepost function here: https://forum.logicmachine.net/showthrea...1#pid27711

Thanks for your help. I have succeed in the task.
Reply


Forum Jump: