Cross-site request forgery protections: Where do I put all these lines?
- by brilliant
Hello,
I was looking for a python code that would be able to log in from "Google App Engine" to some of my accounts on some websites (like yahoo or eBay) and was given this code:
import urllib, urllib2, cookielib
url = "https://login.yahoo.com/config/login?"
form_data = {'login' : 'my-login-here', 'passwd' : 'my-password-here'}
jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
form_data = urllib.urlencode(form_data)
# data returned from this pages contains redirection
resp = opener.open(url, form_data)
# yahoo redirects to http://my.yahoo.com, so lets go there instead
resp = opener.open('http://mail.yahoo.com')
print resp.read()
Unfortunately, this code didn't work, so I asked another question here and one supporter among other things said this:
"You send MD5 hash and not plain
password. Also you'd have to play
along with all kinds of CSRF
protections etc. that they're
implementing. Look:
<input type="hidden" name=".tries" value="1">
<input type="hidden" name=".src" value="ym">
<input type="hidden" name=".md5" value="">
<input type="hidden" name=".hash" value="">
<input type="hidden" name=".js" value="">
<input type="hidden" name=".last" value="">
<input type="hidden" name="promo" value="">
<input type="hidden" name=".intl" value="us">
<input type="hidden" name=".bypass" value="">
<input type="hidden" name=".partner" value="">
<input type="hidden" name=".u" value="bd5tdpd5rf2pg">
<input type="hidden" name=".v" value="0">
<input type="hidden" name=".challenge" value="5qUiIPGVFzRZ2BHhvtdGXoehfiOj">
<input type="hidden" name=".yplus" value="">
<input type="hidden" name=".emailCode" value="">
<input type="hidden" name="pkg" value="">
<input type="hidden" name="stepid" value="">
<input type="hidden" name=".ev" value="">
<input type="hidden" name="hasMsgr" value="0">
<input type="hidden" name=".chkP" value="Y">
<input type="hidden" name=".done" value="http://mail.yahoo.com">
<input type="hidden" name=".pd" value="ym_ver=0&c=&ivt=&sg=">
I am not quite sure where he got all these lines from and where in my code I am supposed to add them. Do You have any idea?
I know I was supposed to ask him this question first, and I did, but he never returned, so I decided to ask a separate question here.