2
import requests

target_url = "http://127.0.0.1/dvwa/login.php"
data_dict = {"csrfmiddlewaretoken": "bbbfeed6e1aea50f14a51a331054022c", "username": "admin", "password": "password", "Login": "Submit"}
response = requests.post(target_url, data=data_dict)
print(response.content.decode(errors="ignore"))

I am using the code above to log in into here: http://127.0.0.1/dvwa/login.php After doing some reading, I saw it was because it failed at the CSRF check, so I implemented it to my data_dict.

Here's the problem: now, even with the CSRF check added it's giving me the same

invalid CRSF token

problem as before.

Whats happening? Thanks in advanced.

game0ver
  • 585
  • 4
  • 12
Erik Dz
  • 35
  • 5

1 Answers1

1

In order to login you need to also submit a hidden field called user_token which looks like this:

<input type='hidden' name='user_token' value='random_value_here' />

The value changes every time you refresh the page, so you need a little web-scraping to do what you are looking for. The following code uses bs4 to scrape the page and get the correct user_token value and then logs in successfully to the application:

import requests
from bs4 import BeautifulSoup

url = "http://127.0.0.1/dvwa/login.php"

def get_token(source):
    soup = BeautifulSoup(source, "html.parser")
    return soup.find('input', { "type" : "hidden" })['value']

with requests.Session() as s:
    src = s.get(url).text
    creds = {
        "username"   : "admin",
        "password"   : "password",
        "Login"      : "Submit",
        "user_token" : get_token(src)
    }
    r = s.post(url, data = creds)
    print r.text
game0ver
  • 585
  • 4
  • 12