Post 登陆时验证 CSRFToken 返回 403 有空的朋友请帮忙看看

mbn130 · 发表于 2016-10-19 02:04:16

我自己的抓包

这个是我自己的软件抓包，，，，，

别人的软件抓包

这个是别人的软件抓包，，正常状态！

请兄弟们帮我看看，问题再哪里！

mbn130 · 发表于 2016-10-19 02:08:23

本帖最后由 mbn130 于 2016-10-19 02:13 编辑

[C#] 纯文本查看 复制代码

   Dim item As HttpItem = New HttpItem
        With item
            .URL = ""         '//URL     必需项    
            .Method = ""                             '//URL     可选项 默认为Get   

            .Postdata = ""
            .IsToLower = False                          '//得到的HTML代码是否转成小写     可选项默认转小写   

            .Timeout = 100000                           '//连接超时时间     可选项默认为100000    
            .ReadWriteTimeout = 30000                   '//写入Post数据超时时间     可选项默认为30000   
    
            .Cookie = RDate.CookiesStr  ‘//cookies 我有事先取过一次了，正常的
            .Allowautoredirect = True                   '//是否根据301跳转     可选项   
            .ContentType = "application/x-www-form-urlencoded"
            .Host = "www.pinterest.com"
            .UserAgent = "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2"
            .Referer = "https://www.pinterest.com"
            .Header.Add("Origin", "https://www.pinterest.com")
            .Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
            .Header.Add("Accept-Language", "en-US,en;q=0.8")
            .Header.Add("Accept-Encoding", "gzip, deflate, sdch")
            .Header.Add("Accept-CharSet", "utf-8;q=0.7,*;q=0.7")
            .Header.Add("Cache-Control", "max-age=0")
            .Header.Add("X-APP-VERSION", "8240f4d")
            .Header.Add("X-CSRFToken", New Regex("csrftoken=(.*?);", RegexOptions.IgnoreCase).Matches(RDate.CookiesStr).Item(0).Groups(1).Value)
            .Header.Add("X-NEW-APP", "1")
            .Header.Add("X-Requested-With", "XMLHttpRequest")
            .Header.Add("X-Pinterest-AppState", "active")

        End With
     Dim result As CsharpHttpHelper.HttpResult = WebHttp.GetHtml(item)
        RDate.Html = result.Html
       RDate.CookiesStr = Regex.Replace(HttpHelper.GetSmallCookie(result.Cookie), ";; Max-Age=\d+;", "")

这段是我Post的代码，带日期和路径的cookies 和精简的cookies ， CookieCollection 方式，都试过了，，，应该不是cookies的问题

我就是觉得应该是 CSRFToken 的关系，，，第一次碰到需要 CSRFToken 验证的，，也不知道需要注意什么，，，请各位大哥麻烦帮我看看，

客服~小小 · 发表于 2016-10-19 08:11:58

HTTP版本版本不对选择1.0试试

在线可以测试http://tool.sufeinet.com/HttpHelper.aspx

mbn130 · 发表于 2016-10-19 17:11:59

换成 1.0 了也还是不行，，不知道是啥问题，，，

mbn130 · 发表于 2016-10-19 17:16:47

item.Cookie 这个赋值，不管是精简版的cookies 还是带 Domain 跟日期的，都可以是吗？

_auth=0; Domain=.pinterest.com; expires=Sat, 14-Oct-2017 09:14:51 GMT; httponly; Max-Age=31103999; Path=/; secure
---------------------------------------------
_auth=0

赋值这两个同样的效果，还是有差别

小哲 · 发表于 2016-10-20 00:17:58

把源码打包上来啊

mbn130 · 发表于 2016-10-20 16:19:57

mbn130 发表于 2016-10-19 17:16
item.Cookie 这个赋值，不管是精简版的cookies 还是带 Domain 跟日期的，都可以是吗？

_auth=0; Domai ...

求問這個問題的答案！！！！！

mbn130 · 发表于 2016-10-22 12:38:31

小哲发表于 2016-10-20 00:17
把源码打包上来啊

test.zip (115.96 KB, 下载次数: 25)

mbn130 · 发表于 2016-10-22 12:39:37

请各位大牛们帮帮忙

mbn130 · 发表于 2016-10-22 13:08:31

如果正常登陆了，，

返回值是这样的。。

[HTML] 纯文本查看 复制代码

{"request_identifier":"615541546328","resource_data_cache":[],"resource":{"name":"UserSessionResource","options":{"shadow_request_data":{"override_access_token":"MTQzMTYwMTozMzg4MjU3MDkzNzM4OTgwNjA6OTIyMzM3MjAzNjg1NDc3NTgwNzoxfDE0NzcxMDc1Nzk6MC0tYzAxMzQ4MGYyZDM2ZmM1NGM2MjJmZWY2ODRmMTEzYjg="},"username_or_email":"kokmattias@gmail.com","shadow_request_path":"/v3/users/me/","bookmarks":["-end-"],"password":"1matgwen","shadow_post_request":true}},"client_context":{"origin":"https://www.pinterest.com","advertiser":null,"tastemaker_admin_whitelist":["jhpark","laurenemichaels","enid","0oyukao0","austinchang","adambarton","euv921","ladyd252","teeffany","starschica","baerlinbritta","annasterntaler","miss_glassy","convo_pieces","kateallchin","silviaoviedo","almondbutters","xixwng","brunatoni","pinterestbr","nlferreira","erikaedelson","heathermclean22","ElodieFagan","PinterestUK"],"user_agent_platform":"other","locale":"en-US","utm_campaign":null,"allow_image_prioritization":true,"is_retina":false,"browser_locale":"en-US","parent_request_identifier":null,"deep_link_action":null,"triggerable_experiments":{"pinnability_cpp_online_ff6":"prod","smartlock":"enabled","ads_lift_holdout_lowes_style_q4_2016":"control","web_usm_halloween_search_upsell_v2":"control","userstate_email_test_1":"control","ads_related_pins":"enabled","android_commerce_closeup_carousel":"enabled","enable_asterix_promoted_pins":"enabled","pin_react_basics_3":"enabled","cgu_test9":"cgu_test9_1","halloween_widget_email":"enabled"  。。。。。后面省略。。。,

		自动登录	找回密码
密码			马上注册

[求助] Post 登陆时 验证 CSRFToken 返回 403 有空的朋友请帮忙看看

[求助] Post 登陆时验证 CSRFToken 返回 403 有空的朋友请帮忙看看