我有一些問題正確地插入{「X-CSRFTOKEN」:client.cookies ['ccsrftoken']}到我的HTTP請求。Python請求:似乎無法升級頭從csrftoken從cookie抓取
這個想法是在我的防火牆上使用X-CSRFTOKEN進行身份驗證。
這裏是我的代碼:
#!/usr/bin/env python
import requests
url = 'http://10.0.2.45/'
name = 'admin'
password = 'xyz'
#all cookies received will be stored in the session object
client = requests.session()
print 'client headers initially: ', client.headers, '\n'
#First connection used for authentication.
login = client.post(url + '/logincheck', data="username=" + name + "&secretkey=" + password, verify = False)
#csrftoken to be inserted in the headers for next put,post,delete requests.
This will be stored in csrftoken variable.
print 'client cookies after login: ', client.cookies, '\n \n'
print 'csrftoken value extracted from the cookie: ',
client.cookies['ccsrftoken'], '\n \n'
#we update the session headers with X-CSRFTOKEN
client.headers.update({"X-CSRFTOKEN": client.cookies['ccsrftoken']})
#Simple post command (empty, just to test authentication)
api_cmdb = 'api/v2/cmdb/'
c = client.post(url + api_cmdb + 'firewall/address?vdom=root', verify = False)
在我的防火牆,這將導致與三個錯誤:
[httpsd 160 - 1502297425錯誤] is_valid_csrf_token [3015] - CSRF令牌不匹配
[httpsd 160 - 1502297425錯誤] api_cmdb_execute_handler [1422] - 沒有找到有效的CSRF令牌
[httpsd 160 - 1502297425錯誤] api_return_http_resu [528] - API錯誤403被提出
使用Wireshark並與CURL命令進行比較(工作正常),我可以看到插入到「X-CSRFTOKEN」中的值有一個雙雙引號。例如client.headers.update的輸出({ 「X-CSRFTOKEN」:client.cookies [ 'ccsrftoken']}):
CaseInsensitiveDict({'X-CSRFTOKEN': '"6C369B52B8211679DF2AC9676945CC"', 'Accept-Encoding': 'gzip, deflate, compress', 'Accept': '*/*', 'User-Agent': 'python-requests/2.2.1 CPython/2.7.6 Linux/3.4.0+'})
鑑於此值應簡單地沒有第二「設置報價被插入」。
任何想法如何解決這個問題?
非常感謝
這裏是client.cookies從一個新的SESS輸出:
<<class 'requests.cookies.RequestsCookieJar'>
[<Cookie APSCOOKIE_9539865664988587055="Era%3D0%26Payload%3DGAytA5jioAyuHvus1rw3dfKdzWrJm3CyraiFVxenLzBRb6qHLqlcnIIUaZz5ZJma%0A7MyKPN+4hgCPi8+yGeMhLdTVAAlG0zHmtPw7y6v+nrJVc1g7NZisFowGZ4TZacfL%0AaiMjHE+0MuJLA7r6COt4G+ikwMWlh8YWO0RF5rvE0t6nYX%2FLvla1yFjKy5Odu7kA%0AeewY6sB0zbybh6eRSWQf5Q%3D%3D%0A%26AuthHash%3DLolbIaWtHofmkwMG1Fh6gWc6K%2FkA%0A"
for 10.0.2.45/>,
<Cookie ccsrftoken="2A28F281C83FF4B3235134C335D53B5" for 10.0.2.45//>,
<Cookie ccsrftoken_9539865664988587055="2A28F281C83FF4B3235134C335D53B5" for 10.0.2.45//>]>
登錄後打印'client.cookies'的行的輸出是什麼? –
你好@Lukas, 從一個新的編碼擴頻通信: <<類 'requests.cookies.RequestsCookieJar'> [<曲奇APSCOOKIE_9539865664988587055 =「時代%3D0%26Payload%3DGAytA5jioAyuHvus1rw3dfKdzWrJm3CyraiFVxenLzBRb6qHLqlcnIIUaZz5ZJma%0A7MyKPN + 4hgCPi8 + yGeMhLdTVAAlG0zHmtPw7y6v + nrJVc1g7NZisFowGZ4TZacfL%0AaiMjHE + 0MuJLA7r6COt4G + ikwMWlh8YWO0RF5rvE0t6nYX %2FLvla1yFjKy5Odu7kA%0AeewY6sB0zbybh6eRSWQf5Q%3D%3D%0A%26AuthHash%3DLolbIaWtHofmkwMG1Fh6gWc6K%2FkA%0A」爲10.0.2.45/>,<曲奇ccsrftoken = 「2A28F281C83FF4B3235134C335D53B5」 爲10.0.2.45 //>,<曲奇ccsrftoken_9539865664988587055 = 「2A28F281C83FF4B3235134C335D53B5」 10.0 .2.45 //>]> – mr4kino
目前還不清楚哪個輸出來自'client.cookies ['ccsrftoken']'。請相應地[編輯]你的問題。 – stovfl