Python requests - org.apache.struts.taglib.html.TOKEN issue

Question

first time posting on here so apologies in advance if I get any of the etiquette wrong.

I'm writing some code in python 3 using requests, to log in to a website and it should return me another page after logging in.

I've used Google Chromes developer tools to see what Form Data needs to be included in the payload, and what I believe is causing the problem is the org.apache.struts.taglib.html.TOKEN, which is unique on each form submission.

Does anyone know how to get around this? Or is it another issue? Currently its returning me a page telling me "Details Incorrect". I have logged onto the site manually with these details though, to record the data sent during the login.

My code is below.

import requests

with requests.Session() as s:

payload = {"org.apache.struts.taglib.html.TOKEN": this is unique on each form submission,
           "loginRegNo": xxxxxxx, "loginPin": xxxxxx}
headers = {"Accept": "text/html",
           "Accept-Encoding": "gzip, deflate, br",
           "Accept-Language": "en-GB,en-US;q=0.9,en;q=0.8",
           "Cache-Control": "no-cache",
           "Connection": "keep-alive",
           "Content-Length": "105",
           "2Content-Type": "application/x-www-form-urlencoded",
           "Cookie": "JSESSIONID=xxxxxx,
           "Host": "www.website.ie",
           "Origin": "https://www.website.ie",
           "Pragma": "no-cache",
           "Referer": "https://www.website.ie/OMT/omt.do",
           "Upgrade-Insecure-Requests": "1",
           "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) "
                         "AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36}"
           }

p = s.post("https://www.website.ie/OMT/omt.do", data=payload, headers=headers, cookies=s.cookies)
# print the status code to see if it's successful
print(p.status_code)

r = s.get("https://www.website.ie/OMT/login.do", cookies=s.cookies)
print(r.text)
print(r.url)

print(r.status_code)

Answer 1

I think you should

 - p = s.get("https://www.website.ie/OMT/omt.do")
 - extract the token generated for that session from the org.apache.struts.taglib.html.TOKEN input element of p
 - add the extracted token to the payload, beside loginRegNo and loginPin
 - (you might not need to add Cookie and Content-Length headers)
 - s.post("https://www.website.ie/OMT/login.do", data=payload, headers=headers, cookies=s.cookies)

Note that I GET https://www.website.ie/OMT/omt.do and POST against https://www.website.ie/OMT/login.do .

Good luck!