tags:

views:

231

answers:

1
Q: 

Using CookieJar in Python to log in to a website from "Google App Engine". What's wrong here?

Hello everybody,

I've been trying to find a python code that would log in to my mail box on yahoo.com from "Google App Engine" . Here (click here to see that page) I was given this code:

import urllib, urllib2, cookielib

url = "https://login.yahoo.com/config/login?"
form_data = {'login' : 'my-login-here', 'passwd' : 'my-password-here'}

jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
form_data = urllib.urlencode(form_data)
# data returned from this pages contains redirection
resp = opener.open(url, form_data)
# yahoo redirects to http://my.yahoo.com, so lets go there instead
resp = opener.open('http://mail.yahoo.com')
print resp.read()

The author of this script looked into HTML script of yahoo log-in form and came up with this script.

That log-in form contains two fields, one for users' Yahoo! ID and another one is for users' password. Here is how HTML code of that page for both of those fields looks like:

User ID field:

<input type="text" maxlength="96" class="yreg_ipt" size="17" value="" id="username" name="login">

Password field:

<input type="password" maxlength="64" class="yreg_ipt" size="17" value="" id="passwd" name="passwd">

However, when I uploaded this code to Google App Engine I discovered that this log-in form keeps coming back to me, which, I assume, means that logging-in process didn't succeed. Why is it so?

+3  A: 

You send MD5 hash and not plain password. Also you'd have to play along with all kinds of CSRF protections etc. that they're implementing. Look:

            <input type="hidden" name=".tries" value="1"> 
            <input type="hidden" name=".src" value="ym"> 
            <input type="hidden" name=".md5" value=""> 
            <input type="hidden" name=".hash" value=""> 
            <input type="hidden" name=".js" value=""> 
            <input type="hidden" name=".last" value=""> 
            <input type="hidden" name="promo" value=""> 
            <input type="hidden" name=".intl" value="us"> 
            <input type="hidden" name=".bypass" value=""> 
            <input type="hidden" name=".partner" value=""> 
            <input type="hidden" name=".u" value="bd5tdpd5rf2pg"> 
            <input type="hidden" name=".v" value="0"> 
            <input type="hidden" name=".challenge" value="5qUiIPGVFzRZ2BHhvtdGXoehfiOj"> 
            <input type="hidden" name=".yplus" value=""> 
            <input type="hidden" name=".emailCode" value=""> 
            <input type="hidden" name="pkg" value=""> 
            <input type="hidden" name="stepid" value=""> 
            <input type="hidden" name=".ev" value=""> 
            <input type="hidden" name="hasMsgr" value="0"> 
            <input type="hidden" name=".chkP" value="Y"> 
            <input type="hidden" name=".done" value="http://mail.yahoo.com"&gt; 
            <input type="hidden" name=".pd" value="ym_ver=0&c=&ivt=&sg=">

Launch Wireshark and play with it. Good luck :)

However if you intend to use it w/ App Engine keep in my mind that using Google IP will almost surely result w/ Captcha challenge. Also Yahoo might block your User-Agent that is being set permanently by Google.

deno  2010-04-03 18:43:34
Thank You, deno, for this input. Honestly speaking, I am quite overwhelmed by Your answer - I didn't really know that so many things would be involved, many of which I have never heard before. I have already downloaded the Wireshark and am now trying to study it. Can You, please, teach me (or give me a resource that would teach me) how to transform my plain password into MD5 hash? Also, these lines of code that You have provided here, can I just insert them into my code? If yes, where in my code do I insert them? Thank You once again.
brilliant  2010-04-04 01:20:20
deno  2010-04-05 08:33:06
I see!!! Thank You, deno, thank You very much!
brilliant  2010-04-05 23:31:47
@ deno: Hello, deno!!! Thank You very much for that link on hashlib, it was very helpful. Deno, please tell me what You mean by "simulating normal login". Do You mean that I just have to log in to that page (by filling out ID and Password fields in that form) and then save the HTML code of the page that I get to after clicking "Enter"?
brilliant  2010-04-08 04:00:48
Yes, precisely. Do just that while Wireshark's running.
deno  2010-04-09 07:43:45
@ deno: I see, thank You!!!
brilliant  2010-04-15 20:45:41

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python