I am trying to login to an application URL using python requests module. However, because my sign In button does not have a "name" tag, I am unable to log in.
Below is the HTML form:
<form id="login-submit-form" onsubmit="return beforesubmit()" action="/ui/login" method="post">
<input name="action" type="hidden" value="login">
<input name="useCACCertificate" type="hidden" value="false">
<input name="server" type="hidden" value="">
<input name="gwt.codesvr" type="hidden" value="">
<input name="urlhash" type="hidden" value="">
<input name="fromURI" type="hidden" value="/">
<input name="locale" type="hidden" value="">
<input name="username" tabindex="0" class="input-field" id="login-form-username" type="text" placeholder="Username" value=""> <br>
<input name="password" tabindex="0" class="input-field" id="login-form-login-password" type="password" placeholder="Password"> <br>
<div class="input-field" id="servers-input-field" style="border: currentColor; border-image: none; padding-left: 0px;">
<select tabindex="0" id="login-form-servers" style="width: 300px; display: none;">
<option value="Default Client">Default Client</option>
</select><span tabindex="0" class="ui-selectmenu-button ui-widget ui-state-default ui-corner-all" id="login-form-servers-button" role="combobox" aria-expanded="false" aria-haspopup="true" aria-owns="login-form-servers-menu" style="width: 298px;" aria-autocomplete="list"><span class="ui-icon ui-icon-triangle-1-s"></span><span class="ui-selectmenu-text">Default Client</span></span>
</div>
<div class="rememberMeContainer">
<input name="rememberMe" tabindex="0" class="rememberMeCheck" id="rememberme-checkbox"
type="checkbox">
<label for="rememberme-checkbox">Remember me</label>
</div>
<input tabindex="0" class="input-field login-button" id="login-form-login" type="submit"
value="Sign In">
</form>
What I have tried is a simple post on the URL:
from bs4 import BeautifulSoup
import requests
# Start the session
session = requests.Session()
# Create the payload
payload = {'username':'user1',
'password':'pwd1'
}
# Post the payload to the site to log in
s = session.post("https://xyz/ui", data=payload, verify = False)
s.text
I end up getting the login page html code in s.text which means I am unable to login.
Please help me understand what is being missed.
Your python code is only sending a POST request for the two parameters
usernameandpassword. However, it should include ALL parameters needed to fulfill the request. A long and obvious way of discovering these is checking for input tags inside of your form. The parameter name is the value of thenameattribute, and its associated value completed the key value pair.For example, you must also have:
useCACCertificate=false&server=&gwt.codesvr=&urlhash=&fromURI"=/&locale=It's not a certainty that you can omit the empty parameters (with no value), although it is likely that a request omitting such values would succeed. It entirely depends on the website you are interacting with and is utterly out of your control. You should also include the
<select>box as a key value pair, as well as the Remember Me checkbox.The quickest way of doing this is to intercept the raw request. Personally, I use Burp Suite, but you could even just use developer tools within the browser on the Networking tab to login and thus intercept the POST request. You'll find all the necessary key value pairs there to complete the request. You should also try to mimic the headers to ensure you're not getting blocked by a WAF or whatever; since the default PyRequests header tends to be often blocked.