为什么请求无法访问此网站上的安全页面?

时间:2018-09-30 19:51:44

标签: javascript python post get python-requests

我正尝试使用以下代码访问此网站的受保护部分:https://www.amundi-ee.com/psf/#login 

import requests,time,lxml

LOGIN = 'https://www.amundi-ee.com/psf/#login'
PROTECTED_PAGE = 'https://www.amundi-ee.com/psf/#avoirs'
payload = {
  'identifiant': '000000',
  'pwd': '111111',
}

headers = {'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36'}

with requests.session() as s:
    s.post(LOGIN, headers=headers, data=payload)
    time.sleep(2)
    f = s.get(PROTECTED_PAGE)

我都发了帖子,并得到了200状态代码,但是我可以看到我没有连接。因此,我猜想我的有效负载中缺少参数,但是无法确定哪个参数。

这是表单的代码(没有隐藏字段):

<form name="formulaire" role="form" class="form-horizontal form-margin" autocomplete="off">
   <div class="row clearfix">
      <div class="col-md-offset-4 col-md-3 col-sm-5 col-sm-offset-2 col-xs-11">
         <div class="form-group "><label for="identifiant" class="control-label"><i key="ui.page.login.identifier" class="i18n_resource">Identifiant</i> <span class="glyphicon glyphicon-question-sign aPopoverTrigger i18n_resource" data-toggle="popover" data-container="body" data-apopovercontent=".aPopoverContent_identifiant" data-original-title="Identifiant"></span> <span class="aPopoverContent_identifiant hidden"><i key="ui.page.login.identifier_description" class="i18n_resource">Votre identifiant correspondant à votre numéro de compte, indiqué sur vos relevés de compte d'Epargne Salariale &amp; Retraite ou votre certificat d'affiliation de votre contrat PER Entreprises.</i></span></label> <input id="identifiant" name="mail" class="form-control" type="text" value="" autocomplete="off" style="background-image: url(&quot;data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAkCAYAAADo6zjiAAAAAXNSR0IArs4c6QAAArlJREFUWAndV7+LGkEUfq6i4i/UVDF2ViKYawS7HIIIgohdejtLi6sELbTJf2ETUllYWsiJIDaCip3lkRwop4VgoaJ5b+MO7ri7t+rKQQZk5v2Y7/v27ezMaAJs1Wr1y263+4HDx8PhECCfUc1kMv1BrGeLxfJUKpV+87imI/kIiT/xQSNtFPKGIr7yIgR68nuT04MQx7HKsucS0HqUee5rnHEJRr9zLf1KXFSBD23/t4BwOAzFYhGoV2t3rUAkEgGPxwPUq7W7CsBvX+SVeiURdxWgRMj7ZAJsNhuEQiHw+Xx8HlwbOwPiHBbJ9nq9kM/nwe12w36/h2azCcPhUAxfG5OwtXpWgXg8LpJTsiAIkEgk2LxrYwxAY8AEaOTcNcQE9Pt9WK1WIhm9gna7zYivjTEAjYGpXC4fpDgttGAwCIvFApbLpeQWe62YLPEdAz/JV0zpHO8HLzIB78w1NIxCFijigb0CQ9F1gOHJ6Kf7wYcJOGr8xvYBHaJ1pTgcDigUCuByucT8Xq8HrVZLcS5W4bPhFchkMoxckZVzGiogGo1qHr0ct2gaJoCO3XQ6rcSh6RPwc6B7+80tm82C3W6HzWbDNjQ9oFSBZz2JWjmxWEw8RSmHFh2J0NsE2pGwCm96J/B5fr8fksmk6J7NZtDtdsFsNvNpqrZA/1ToHwuK+HnN68jlcmC1WkWCwWAAgUBAJoCOd9re1dq/O5NaVMF/enZQuFKpKGTJXdvtFmq1mtx5tAz7ChTRdThv3gkbjcYZTSqVAqfTKfqn0ymMRqOzHMlxs4DxeCxhsf70NjWfz2EymbAYP7hYAC7UV9rDeaBTm+4SeNKJrvV6fRqSjQnrYgGI0MHfdxkSZ9Trdc6janYuXoTHfWOhCqkzgE9PF5KniwXgvvGCEx8Q4BeVUCcfS6M5NJcwCOsveWDvbwOBJXUAAAAASUVORK5CYII=&quot;); background-repeat: no-repeat; background-attachment: scroll; background-size: 16px 18px; background-position: 98% 50%; cursor: auto;">  <span class="help-block"><small class="more pointer login_lost"><span class="glyphicon glyphicon-play"></span> <i key="ui.page.login.forgot_identifier" class="i18n_resource">J'ai oublié mon identifiant</i></small></span></div>
      </div>
   </div>
   <div class="row clearfix">
      <div class="col-md-offset-4 col-md-3 col-sm-5 col-sm-offset-2 col-xs-11">
         <div class="form-group ">
            <label for="pwd" class="control-label"><i key="ui.page.login.password" class="i18n_resource">Mot de passe</i> <span class="glyphicon glyphicon-question-sign aPopoverTrigger i18n_resource" data-toggle="popover" data-container="body" data-apopovercontent=".aPopoverContent_pwd" title="" data-original-title="Mot de passe"></span> <span class="aPopoverContent_pwd hidden"><i key="ui.page.login.password_description" class="i18n_resource">S'il s'agit de votre 1ère connexion, votre mot de passe provisoire vous a été adressé dans un pli sécurisé.</i></span></label> 
            <div class="input-group"><input name="password" id="pwd" class="form-control" required="" type="password" readonly="readonly" value="" style="background-image: url(&quot;data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR4nGP6zwAAAgcBApocMXEAAAAASUVORK5CYII=&quot;);"> <span class="input-group-addon"></span></div>
            <span class="help-block"><small class="more pointer password_lost"><span class="glyphicon glyphicon-play"></span> <i key="ui.page.login.forgot_password" class="i18n_resource"> J'ai oublié mon mot de passe</i></small></span> 
         </div>
      </div>
      <div class="col-md-3 col-sm-4 col-xs-12">
         <div id="num-pad"><button type="button" class="btn btn-xs">1</button> <button type="button" class="btn btn-xs">3</button> <button type="button" class="btn btn-xs">5</button> <button type="button" class="btn btn-xs">6</button> <button type="button" class="btn btn-xs">0</button> <br><button type="button" class="btn btn-xs">4</button> <button type="button" class="btn btn-xs">7</button> <button type="button" class="btn btn-xs">8</button> <button type="button" class="btn btn-xs">2</button> <button type="button" class="btn btn-xs">9</button> </div>
      </div>
   </div>
   <div class="text-center"><input type="submit" class="btn btn-primary i18n_resource" value="Valider" data-loading-text="Patientez..."> </div>
</form>

Chrome网络开发人员的工具: 屏幕截图在这里:
Screenshot here

我看到有一个向https://www.amundi-ee.com/psf/authenticate发布的验证步骤,并且所请求的有效负载是我的确切有效负载(用户名/密码)。我想念什么? Cookie方面有问题(不是由会话对象处理吗?)还是页面之一正在加载一些JavaScript?

2 个答案:

答案 0 :(得分:0)

我建议尝试使标题匹配:

(根据控制台日志中的request headers的期望值)

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 38
Content-Type: application/json;charset=UTF-8
Cookie: EXCV-20480=OHCBPNAKFAAA; TCPID=11890166566815122122; xtvrn=$566107$; xtan=-; xtant=1; TC_OPTOUT_categories=1; TC_OPTOUT=0@@@008@@@ALL; TCID=201890168471812763405; TCSESSION=201890168479863869083
Host: www.amundi-ee.com
Origin: https://www.amundi-ee.com
Referer: https://www.amundi-ee.com/psf/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36

这似乎是预期的。

另外,对我来说,有效载荷是这样:

payload = {
    'username': '000000',
    'password': '111111',
}

不是

payload = {
  'identifiant': '000000',
  'pwd': '111111',
}

我意识到这可能是翻译问题,但我仍然会仔细检查以确保您的有效载荷类型正确。要找出答案,您可以查看控制台日志中的request payload

一旦进行了这些更正/验证,就可以为您锻炼!请告诉我们。

答案 1 :(得分:0)

首先必须在浏览器上检查正确的http请求

POST https://www.amundi-ee.com/psf/authenticate HTTP/1.1
Host: www.amundi-ee.com
Connection: keep-alive
Content-Length: 35
Accept: application/json, text/plain, */*
Origin: https://www.amundi-ee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36
DNT: 1
Content-Type: application/json;charset=UTF-8
Referer: https://www.amundi-ee.com/psf/
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
Cookie: EXCV-20480=ODCBPNAKFAAA; TCPID=1181011512189835414503; xtvrn=$566107$; xtan=-; xtant=1

{"username":"313","password":"730"}

第二,建立请求与此相同。

更改:测试后,服务器响应状态代码为400,并表示json数据错误。然后我更改代码,将数据作为json发送。当该时间状态代码为403时,与我在浏览器中登录失败相同。

import requests,time,lxml
import json
url = "https://www.amundi-ee.com/psf/"
LOGIN = "https://www.amundi-ee.com/psf/authenticate"
PROTECTED_PAGE = "https://www.amundi-ee.com/psf/#avoirs"
payload = {"username":"000000","password":"111111",}

headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36",
            "Referer":"https://www.amundi-ee.com/psf/",
            "Accept-Encoding": "gzip, deflate, br",
            "Content-Type": "application/json;charset=UTF-8",
            "DNT": "1",
            "Accept": "application/json, text/plain, */*",
            "Origin": "https://www.amundi-ee.com"}

with requests.session() as s:
    req = s.post(LOGIN, headers=headers, json=json.loads(json.dumps(payload)) )
    time.sleep(2)
    f = s.get(PROTECTED_PAGE,cookies = req.cookies , headers = headers)

请求:

POST https://www.amundi-ee.com/psf/authenticate HTTP/1.1
Host: www.amundi-ee.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Referer: https://www.amundi-ee.com/psf/
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7
Origin: https://www.amundi-ee.com
DNT: 1
Content-Type: application/json;charset=UTF-8
Content-Length: 44

{"username": "000000", "password": "111111"}
相关问题
最新问题