+ 14
Website bot protection
How to allow requests only from the origin? You can easily search the post data fields from the source code. Iâve seen it and done it. Asp sites like sololearn uses hidden inputs with random tokens to avoid this.
2 Answers
+ 14
This is from existing site
<form action method=âpostâ>
<input name=âuserâ>
<input type=âpasswordâ name=âpassâ>
<input type=âsubmitâ name=âsubmitâ>
</form>
Its a login form.
With python we could make a session request to that address
import requests
data = {
âuserâ: âtoniâ,
âpassâ: â1234,
âsubmitâ: 1
}
session = requests.Session();
session.post(âwww.url.com/login.phpâ, data=data)
Now we are logged in. The session object stores the session cookies. Now you can send posts and comments with your account.
for num in range(0, 10000):
data = {
âmessageâ: âMsgâ + str(num)
}
session.post(âwww.url.com/post.php?id=1â, data=data)
You could also register new account. Just send a request to the register form.
If that were the case with sololearn. I could send a request and get all recent posts. I would parse the post url from the links. And automatically like every post or comment on them.
+ 5
if you extend your description it will be a nice reference in here ^^