I have a DLink DWR-921 router that works with mobile internet. It has an admin page http://ipaddress/sys_smsmsg.htm that allows to send sms via the SIM card that feeds the router. I am trying to bypass the GUI and send sms programmatically.
Request to send an sms looks like this:
from requests import session
with session() as c:
c.get('http://'
+ ipaddress
+ '/sys_smsmsg.htm?csrftok='
+ token
+ '&Nsend=1&Nmsgindex=0&S801E2701='
+ number
+ '&S801E2801='
+ message)
where token is a value in a hidden input field on /sys_smsmsg.htm:
<input type="hidden" name="csrftok" value="468153">
This value is loaded by JavaScript from an XML file that the browser downloads along with the HTML.
function get_token(){
xmlDoc=loadXMLDocs("/csrf.xml");
if(xmlDoc.getElementsByTagName("token")[0].childNodes[0]!=null){
rv=xmlDoc.getElementsByTagName("token")[0].childNodes[0].nodeValue;
return rv;
}
}
The XML itself looks trivial:
<?xml version="1.0"?><csrf><token>667153</token></csrf>
But since requests library does not trigger JavaScript, all I see on the requested page is:
dw("<input type='hidden' name='csrftok' value='"+get_token()+"'>")
Is there any way to bypass JS and retrieve the XML file in a requests session? I know I can use Selenium with a headless browser, just want to make sure I'm not over-complicating it.
http://ipaddress/csrf.xmlso it can be downloaded and parsed with lxml