0

I took it a challenge from myself to sign in github without using the API but with using requests module.I managed to get to this code and I get 200 status code but still there is a message which is "Incorrect username or password." even if the credentials is right!

any help appreciated. Thanks.

import requests
from bs4 import BeautifulSoup


def github_login():

s = requests.Session()
git = BeautifulSoup(s.get('https://github.com/login').text, 'html.parser')
auth_token = git.find("input", {"name": "authenticity_token"}).attrs['value']
commit = git.find("input", {"name": "commit"}).attrs['value']



data = {
    'username': 'username',
    'password': 'password',
    'commit' : commit,
    'authenticity_token' : auth_token
}

headers = {
    "Host": "www.github.com",
    "Origin": "https://www.github.com",
    "X-Requested-With": "XMLHttpRequest",
    "User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5",
}

login = s.post('https://github.com/session', data=data)

print (login.status_code)
print(login.text)


github_login()
Improve this question
3
  • why though? I don't really get it Commented May 16, 2017 at 18:26
  • why using this approach? Because I'm teaching myself web scrapping and building bots and So here it come the Idea Commented May 16, 2017 at 18:29
  • I played around with this a bit and the only thing I found is that it didn't seem requests was passing cookies around like I would expect using the session. The only other change I made was to include the utf8 field in the form. Commented May 17, 2017 at 15:47

2 Answers 2

Reset to default
1

A lot of forms like this have hidden input fields that prevent xss, replays, and other automated login attempts. You may need to submit all of the extra form data included in hidden fields.

<input type="hidden">

It appears github uses cookies. So what could be happening here is that you are getting a redirect reply that contains cookie info for you, but requests is following that redirect, but not setting the cookie.

Try turning off redirect following in your request

allow_redirects=False
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I think I could know what exactly is sent in the post request using HTTP proxy like charles or something right?
You probably don't need to use a proxy, just parse out all of the other input elements on the form and see if there is anything else you are missing. Also, this isn't going to work with users who have 2FA obviously.
0

I solved the problem and it was in the post request... "username" should be "login"

data = {
'login': 'username',
'password': 'password',
'commit' : commit,
'authenticity_token' : auth_token
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.