[SGVLUG] Blind access through selenium

Marc Lytle via SGVLUG sgvlug at sgvlug.net
Mon Sep 17 16:19:59 PDT 2018


My name is Marc and I'm helping Chime Hart, from this last week's sgvlug,
with his systems. We are trying to log into a website with selenium and
having a bit of trouble. It was suggested I email this group with the
specifics of the problems we've been having.  Below is some code I have
used:

#!/usr/bin/env python
from selenium import webdriver
from selenium.webdriver.firefox.options import Options
from selenium.webdriver.support.ui import WebDriverWait as wait
from selenium.webdriver.support import expected_conditions as EC

options = Options()
# options.set_headless(headless=True)

driver = webdriver.Firefox(firefox_options=options,
executable_path=r'/usr/local/bin/geckodriver')
def i24_login():
    driver.get ('https://video.i24news.tv/')

driver.find_element_by_xpath('//*[@id="app"]/div/div/div[1]/div/nav[1]/div/div[3]/div[2]/button').click()
    # This line returns True when printed, but doesn't see accessable in
any meaningfull way
    # bob = wait(driver,
20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_xpath('//iframe[contains(@src,
"auth/2/purchase")]')))
    # This line throws an unfound error even though the radio button's id
is authType-1.
    bob = wait(driver,
20).until(EC.frame_to_be_available_and_switch_to_it(driver.find_element_by_id('authType-1')
))

    print bob


i24_login()

print ("Headless Firefox Initialized")

It opens the site and clicks the login, but neither wait lines above
results in an object of which I can do anything. 'authType-1' is a radio
button necessary to login and not register as a new user. If anyone can
find a way to access that, then I could easily enter his information to the
login.

As far as the actual login request goes, it works through a third party (
cleeng.com) and seems to be a simple API call. I've watched the login
process itself from an open browser inspecting the network traffic, but the
login in request seems to have an auto-generated key/token that is created
for each request. I was hoping that I could just script the login and
inject the token, but I haven't found a way to predict that key yet.

Any help or suggestions would be greatly appreciated.
-- 
Marc Lytle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20180917/4a88224f/attachment.html>


More information about the SGVLUG mailing list