I'm crawling a website using the python requests module. A form on this website requires to solve a ReCaptcha. I've managed to recreate this ReCaptcha on a local website with the same site-key. If I solve the ReCaptcha on my local website and get the 'g-captcha-response' key, would I be able to post this key to the original website? If so, would this work or is Google requiring other informations other than the response key?
# I get the response key from my local website
CaptchaKey = response-key
# I post the response key on the original website
request.post(SubmitURL, data={'g-captcha-response': CaptchaKey}
Would this work? If so, how do I check if the request has been successfully posted?
Google captcha key won't be enough. You should consider a method with selenium+requests.
first part:
from selenium import webdriver
driver = webdriver.Chrome("C:\chromedriver.exe")
driver.get('desiredurl')
#somesleep/waittill element/anything to wait till you solve the recaptcha
cookies = driver.get_cookies()
part 2
session = requests.Session()
for cookie in cookies:
session.cookies.set(cookie['name'], cookie['value'])
payload = { 'username' : '',
'password' : '',
'g-captcha-response': CaptchaKey}
login = session.post('DESIREDURL', data = payload)
This method should work
Related
I created a simple api using CodeIgniter 4 that currently has 2 routes :
$routes->get('/expenses','Home::getAllExpenses');
$routes->post('/expenses','Home::addRecord');
I display the data using Vue, so the first one returns some json data about expenses while the second one should store the data from a form.
What happens is when I hit submit I get a 403 Forbidden for the post route.
The call is made like this:
this.validationError = false;
this.request.sum = this.sum;
this.request.type = this.type;
this.request.name = this.name;
this.$http.post(base_api_url + 'expenses', this.request)
.then(function(response){
console.log(response);
});
The get request is ok and nothing on the CI forum helped me :(
Could you check to see if your POST requests also includes cookies (in developer tools > network tab)? It's a fairly common problem that fetch/xhr libraries (like this.$http) do not send credentials (cookies) by default. If the cookies are missing from your, you can enable sending credentials by:
Vue.http.options.credentials = true;
Assuming you are using Vue-resource (this.$http)
I'm trying to log out of my application that's using AWS Cognito by calling their logout endpoint. I'm not using the AWS SDK because as far as I can tell, it does not yet cover oauth app integrations and sign in using external federated identity providers (please correct me if I'm wrong about that). I log in from an AWS-hosted login screen that I'm redirected to when I call their authorization endpoint. They redirect me back to my page with a "code" which I post back to them using their token endpoint to get tokens. All of this is textbook oauth 2.0 stuff.
The problem is that when I call the logout endpoint using a JavaScript browser redirect (window.location.href = ....) it doesn't clear the cookies that are set when I logged in ("XSRF-TOKEN" and "cognito") and I can't manually clear them because they were set from the AWS domain which is different from the one where my site is hosted. The cookies do get cleared when I enter the logout link in the address bar. There's clearly a difference between using window.location.href in code and dropping a link in my address bar.
To clear out the sessoin you need to use clearCachecId() and then reset the Cognito Id credentials. This is my function using the AWS SDK:
import AWS from 'aws-sdk/global';
const getCurrentUser = () => {
const userPool = newCognitoUserPool({
UserPoolId: YOUR_USER_POOL_ID,
ClientId: YOUR_APP_CLIENT_ID
});
return userPool.getCurrentUser();
}
const signOutUser = () => {
const currentUser = getCurrentUser();
if (currentUser !== null) {
curentUser.signOut();
}
if (AWS.config.credentials) {
AWS.config.credentials.clearCachedId(); // this is the clear session
AWS.config.credentials = new AWS.CognitoIdentityCredentials({}); // this is the new instance after the clear
}
}
That should take care of that.
It's a timing issue involving the use of windows.location and cookies. It seems that I was causing the same cookie, XSRF-TOKEN, to be unset and then reset so fast that it was just not happening at all. Inserting a timeout between logging out and redirecting back to the log in screen fixes the problem. There are some guys on this thread who seem to know something about it: https://bytes.com/topic/javascript/answers/90960-window-location-cookies
I'm trying to use the Facebook Graph API to get the latest status from a public page, let's say http://www.facebook.com/microsoft
According to http://developers.facebook.com/tools/explorer/?method=GET&path=microsoft%2Fstatuses - I need an access token. As the Microsoft page is 'public', is this definitely the case? Is there no way for me to access these public status' without an access token?
If this is the case, how is the correct method of creating an access token for my website? I have an App ID, however all of the examples at http://developers.facebook.com/docs/authentication/ describe handling user login. I simply want to get the latest status update on the Microsoft page and display it on my site.
This is by design. Once it was possible to fetch the latest status from a public page without access token. That was changed in order to block unidentified anonymous access to the API. You can get an access token for the application (if you don't have a Facebook application set for your website - you should create it) with the following call using graph API:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&
grant_type=client_credentials
This is called App Access Token. Then you proceed with the actual API call using the app access token from above.
hope this helps
You can use AppID and Secret key to get the public posts/feed of any page. This way you don't need to get the access-token. Call it like below.
https://graph.facebook.com/PAGE-ID/feed?access_token=APP-ID|APP-SECRET
And to get posts.
https://graph.facebook.com/PAGE-ID/posts?access_token=APP-ID|APP-SECRET
It's no more possible to use Facebook Graph API without access token for reading public page statuses, what is called Page Public Content Access in Facebook API permissions. Access token even is not enough. You have to use appsecret_proof along with the access token in order to validate that you are the legitimate user. https://developers.facebook.com/blog/post/v2/2018/12/10/verification-for-individual-developers/.
If you are individual developer, you have access to three pages of the data (limited), unless you own a business app.
You can get the posts by simply requesting the site that your browser would request and then extracting the posts from the HTML.
In NodeJS you can do it like this:
// npm i request cheerio request-promise-native
const rp = require('request-promise-native'); // requires installation of `request`
const cheerio = require('cheerio');
function GetFbPosts(pageUrl) {
const requestOptions = {
url: pageUrl,
headers: {
'User-Agent': 'Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0'
}
};
return rp.get(requestOptions).then( postsHtml => {
const $ = cheerio.load(postsHtml);
const timeLinePostEls = $('.userContent').map((i,el)=>$(el)).get();
const posts = timeLinePostEls.map(post=>{
return {
message: post.html(),
created_at: post.parents('.userContentWrapper').find('.timestampContent').html()
}
});
return posts;
});
}
GetFbPosts('https://www.facebook.com/pg/officialstackoverflow/posts/').then(posts=>{
// Log all posts
for (const post of posts) {
console.log(post.created_at, post.message);
}
});
For more information and an example of how to retrieve more than 20 posts see: https://stackoverflow.com/a/54267937/2879085
I had a similar use case for some weeks and I used this API:
https://rapidapi.com/axesso/api/axesso-facebook-data-service/
I could fetch all posts and comments in some minutes, worked quite well for me.
How does one request, store, and use an access token from an API in the Meteor framework? I am currently trying to make requests from the (Instagram API)[https://instagram.com/developer/authentication/], but I first need to request an access token and store it for later use.
What is the general structure for doing this? I have my Client Id and Client Secret stored in the settings.json and have the services configuration package loaded. I think I need to create some sort of Method using http.get, but if someone could give a brief walkthrough that would be greatly appreciated ! Not much on this in the Meteor Docs.
You can use Bozhao Package for this.
Just install it.
meteor add bozhao:accounts-instagram
And this will work exactly like tha core accounts - facebook || google || twitter
and you can do something like this on the accountsOnCreateUser Methods
if (user.services.instagram) {
console.log("-- REGISTED USER WITH INSTAGRAM ");
instagramProfile = {
socialProfileUrl: user.services.instagram.profile_picture,
socialName: user.services.instagram.full_name,
service: "Instagram",
profileUrl: "https://instagram.com/"+ user.services.instagram.username
};
user.profile = instagramProfile;
}
Now knowing this, you can see that we have the user data inside the user.services.instagram object, there should be a accessToken and id field that you make POST / GET http request to the https://instagram.com/api/v1/.
I have never done a HTTP request to the Instagram API but it should be similar to facebook (if not sorry the below code dosnt help you to much).
Simple http call using the params.
Meteor.http.get("https://instagram.com/api/v1/", {
headers: {
"User-Agent": "Meteor/1.0"
},
params: {
access_token: user.services.accessToken
}
},function(error,result){
if(!error){
console.log(result);
}
});
I'm trying to create a signup functionality with Facebook JS SDK, But i got different type of records, than i search a lot and come to know that Facebook update his app policy's, they release v2.0 for apps.
Now it sending different response on login
Object {authResponse: Object, status: "connected"}
authResponse: Object
accessToken: "CAATZCeMqNYsABADVG3lHL1WYJiwnZASJIBzUtkfB4MFyFUC21g6myDeAP6WDSKkd8ZAnggffW5sIJzSDqmqxxvRgdeT7MKRXJ0L8Logg57PYwawEBSbgqz9I5qGU9Oo7uvaRN5MupjCfvo5w4bfCDZA5uvMkg7AK8DbwhXW4WoGHZBgG6EsmDDWZCnbVpUxWUZD"
expiresIn: 4562
signedRequest: "GXGqWXN9C5IzSy6jf2NOOQK7-ZK9JisKBCLEBHbaoIc.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUE5c21GSWZ1dXoxMnpvNVV0MGdYYXNXclI1blJXZXh1NElGWHFFMHhnUDM3T0pScUJyaDhZeEo2YWt5aHlJYXUzc3UyU2hhZVczUzh1aHRheWJGX3N3aWtfSmVfUDRwallOeV9IX1JpTEs2ZWZKNlpETDQ5MC1OVUxKSzN4SWw2QmtfVXJER2ZrVE1uV1haZFY3LU02Y19xMjRwWjJUOEo2anB6djNGQ0Z0YUs5bW5fMVVobThycjRlVmlQOVVtVVNMZXA5NTg1X1ZhSHg2YkUyTEFBMUl3OUdfQXJnb2JRSldQaERXczlTSDdONzNzS1dlakQ3MDNsTmhpblhjbUt0RXU1NmpvTnVMODhvME9ZUXVtVEFfbzF4SEJ5YndSbDU4ekVrWEpMdVUtVFZfejY5UW9KekFMeFRCekNBUHBXcEQtVzUyVHlKd0tJNjBMTU5Qbjg0bCIsImlzc3VlZF9hdCI6MTM5OTI3NTgzOCwidXNlcl9pZCI6IjEwMDAwMDAxNTU5MzEwNyJ9"
userID: "100000015593107"
__proto__: Object
status: "connected"
__proto__: Object
}
as in last SDK we get email using
response.email
but in new one we got only userID which is also app specific and
response.authResponse.signedRequest
So i search how we can extract the "signedRequest" because i think the rest value surely encrypted in this code ..
So i used
$signed_request= $_POST['maindata'];
if (isset($signed_request))
{
$data_signed_request = explode('.', $signed_request); // Get the part of the signed_request we need.
$jsonData = base64_decode($data_signed_request['1']); // Base64 Decode signed_request making it JSON.
$objData = json_decode($jsonData, true); // Split the JSON into arrays.
}
print_r($objData);
but its again send me
Array
(
[algorithm] => HMAC-SHA256
[code] => AQA9smFIfuuz12zo5Ut0gXasWrR5nRWexu4IFXqE0xgP37OJRqBrh8YxJ6akyhyIau3su2ShaeW3S8uhtaybF_swik_Je_P4pjYNy_H_RiLK6efJ6ZDL490-NULJK3xIl6Bk_UrDGfkTMnWXZdV7-M6c_q24pZ2T8J6jpzv3FCFtaK9mn_1Uhm8rr4eViP9UmUSLep9585_VaHx6bE2LAA1Iw9G_ArgobQJWPhDWs9SH7N73sKWejD703lNhinXcmKtEu56joNuL88o0OYQumTA_o1xHBybwRl58zEkXJLuU-TV_z69QoJzALxTBzCAPpWpD-W52TyJwKI60LMNPn84l
[issued_at] => 1399275838
[user_id] => 100000015593107
)
I'm wondering how we can get the email address , Please if you have some idea please let me know
You can use the acquired access_token and use the Facebook API endpoint GET /me and pass the access_token the response of the said endpoint will allow you to obtain the email address given that the email address being associated to the Facebook is account is still valid.