login with python script

Started by kobtest, February 20, 2019, 03:34:17 PM

Previous topic - Next topic

kobtest

hey , im trying to write a script which login to SM based forum and analyze the forum content.
this is the part  when i try to login :
(using Python "Request " library)

header = {
    'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0'
}

login_data = {
    'user': 'username',
    'passwrd':'password',
    'cookielength': 'cookielength',
    'hash_passwrd': 'passwordhash'
}

with requests.session() as s:
    url = "https://www.simplemachines.org/community/index.php?action=login2"
    r = s.get(url, headers=header)
    r = s.post(url,data = login_data,headers=header)
    file = open("test.html", "w")
    file.write(r.text)


about the "hash_passwrd", im getting this value by normally login and intercept the POST request from my web browser.

im pretty sure this is all the information required in the login field but it does not work.
any ideas ?

thanks!

Arantor

You don't need the hash_passwrd, you can leave it out. You do, however, need to pass in the session which you're currently missing (the key/value change every session as a CSRF-counter measure)

However... if you'ore trying to analyse the forum content, presumably it's one you run in which case, why not just use the database directly? If it's not one you run, I'd question the ethics of trying to log into it.

drewactual

i'd be curious to see if this guy's IP show's up in any of our logs..... looking to crash the party with spam?  Spam is no good- I don't care if it's pan fried and on toast or dripping out of the can.  Spam = bad.

Advertisement: