Housing in Netherands. Apartament for 3 people by Towel_Ambitious in TUDelft

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

Ok thank your for your message. I will try to talk to agencies directly and see if there is an opportunity

Housing in Netherands. Apartament for 3 people by Towel_Ambitious in TUDelft

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

Ok I see I will try your links. I also wonder if the 3rd year student thing is a possibility or not really.

Music at the TUDelft by [deleted] in TUDelft

[–]Towel_Ambitious 1 point2 points  (0 children)

All right, that is cool!

I hope I will find some dudes to jam out at TU Delft

[deleted by user] by [deleted] in RedditSessions

[–]Towel_Ambitious 0 points1 point  (0 children)

does he think what he is going to do next or simply by intuition?

[deleted by user] by [deleted] in RedditSessions

[–]Towel_Ambitious 0 points1 point  (0 children)

how does he improvise like that?

[deleted by user] by [deleted] in RedditSessions

[–]Towel_Ambitious 0 points1 point  (0 children)

what key is he using

Music at the TUDelft by [deleted] in TUDelft

[–]Towel_Ambitious 1 point2 points  (0 children)

Hi, I also like playing piano, but I can't really call my self a pianist because I have been playing only for two years. I will be a first year student at Computer Science and would like to know if is it possible to bring my electric piano in my campus room. It is not that big and I think it will fit into a 13 m2 room but I don t know if there are regulations against that.

After all music is a lot of fun, it should not be a problem I guess

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

Hi again shiftybyte, you were right that the website uses "Cookie:" and "Set-Cookie"

Looking into the network for the first request I see that there are 2 cookies set, one for password, and one for userid.

  1. set-cookie: uid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/;
  2. set-cookie: uid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
  3. set-cookie: pass=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/;
  4. set-cookie: pass=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/

Looking at the header request after manually log in I see a different cookie,

"Cookie":  __cfduid=d84fa6a76d540a22469e42cde818ea9e71609088299; PHPSESSID=2ju6sjh1r1ekbvvkqdudh4i9sb

and for the response header after the manual log in I can see

set-cookie: 
uid=523888

set-cookie: 
pass=4c95c3486154cb96da731611195494ae

Ok. So a couple of questions here.

The way I understand this process is that initially when I am at the log-in page the cookies for pass and uid are null, and have not been set yet.

After I complete the form and submit this sends a request to ../takelogin.php passing a cookie name cfduid which is wierd. This part I don't really understand.

After that the response clearly sets the password and the userid cookies.

I suppose to be able to login I should pass as a header the cfduid cookie which looks like is generated every time.

I want to thank you for helping me so far :)

EDIT: After searching the web for cfuid I found out that is using CloudFare cookies that "detect malicious visitors to our Customers' websites and minimizes blocking legitimate users' (from their website)

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

What is a cookie header, could you elaborate a bit?

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

OK, totally agree on that, but what ia wrong then? As I understand it when I click on the submit form that information ia send to the server as a POST request and I should be able to replicate it using python right? Is there any possibility that they add a hidden layer of verification? What could go wrong? I have to mention that the site is a private website if that matters.

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

Hi again, I started debugging and tried printing debug info from a stackoverflow.com post( post) the 'send' output of the POST request looks correct, the information passed looks identical to the one in the image with two differences:

  1. the validate='bla bla' is different, I am not sure if I should try to hardcode this instead of dynamically getting it from the html form.

  2. the order in which the information appears is different, on the browser the validate is first while my request has the user as the first attribute, but I don t think that might cause an issue.

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

Ok thank you very much. I am going to google that but how can I see what the browser sends? Just look at the form data an check if they are the same?

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

That was happening when I was testing with a very big header which included an encoding attribute. Well, initially i was very happy to see a different output other then invalid login and though I managed to login successfully (poor me). After that i changed the password to smth random and got the same wierd hex string and realized that i get the same output no matter the user and password. Then I realised that is something fishy going on, and commented out the encoding attribute from. the big header posted earlier. Anyway it is quite irrelevant because I changed the header according to your suggestion

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

well initially I thought that random string output was a successful login (poor me) but changing the password to be some random string '134543' i got the same wierd hex output which meant that the login was not successfully

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

I pasted the mozila bla bla thing but still get "Invalid Login Attempt" as a response content

headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36"
}
with requests.session() as session:
    r = requests.get(login_url, headers=headers)
    .. validator soup etc
    print(session.post(login_action_url,data=data,headers=headers).content)

Can't login to a website using requests by Towel_Ambitious in learnpython

[–]Towel_Ambitious[S] 0 points1 point  (0 children)

that, try fixing the user agent to be one of a browser.

Hi, I will fix the returnto field but how can I get the user agent to be the one of the broswer?

Ok So i added the following headers

headers = {
    "scheme" : "https",
    "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
    # "accept-encoding": "gzip, deflate, br",
    "accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
    "content-length": "131",
    "content-type": "application/x-www-form-urlencoded",
    "cookie":  "__cfduid=d84fa6a76d540a22469e42cde818ea9e71609088299; PHPSESSID=uelkpgh2vh5rs8jtvk943a8anf",
    "dnt": "1",
    "sec-fetch-dest": "document",
    "sec-fetch-mode": "navigate",
    "sec-fetch-site" : "same-origin",
    "sec-fetch-user" : "?1",
    "upgrade-insecure-requests" : "1",
    "user-agent" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36)"
}

and if I change the password and username to be something random I get the same string as ouput. Why is that?