Bypass the hash on the website during authorization in python?

Trying to set up automatic authorization on the site(the python module requests). Tried on different sites on the website in the POST method on the site in addition to go anchor:, username: and password: is the value logintoken: after drive password and try to log logintoken issues every time a new value (probably a hash) and don't know how to anticipate or razreshimosti, read many articles, but really no exact answer... please Tell me how to bypass or solve the problem with the code.

Proposed solution: Author: Dr. Bacon @bacon
A General view like this, but different sites may have their own nuances:
1. to start the session, if it requests, or other ways to save the cookies of the request
2. make a GET request, which will get logintoken, it can be in cookies in the html code
3. now to make a POST with those obtained logintoken and necessary data, most importantly in the framework of this session.

The program generates a login page...
import requests

url = ''
headers = {
 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
 'Accept-Encoding': 'gzip, deflate',
 'Accept-Language': 'EN-us,EN;q=0.9,en-US;q=0.8,en;q=0.7',
 'Cache-Control': 'max-age=0',
 'Content-Length': '113',
 'Content-Type': 'application/x-www-form-urlencoded',
 'Cookie': 'MoodleSession=14pa1tlcrcbipjdke9u4lh88fl',
 'Host': '',
 'Origin': '',
 'Proxy-Connection': 'keep-alive',
 'Referer': '',
 'Upgrade-Insecure-Requests': '1',
 'User-Agent': 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36'

s = requests.Session()
token = s.get(url).text.split()
index = token.index('name="logintoken"') 
logintoken = token[index + 1][7:-2]
datas = {
 'anchor': ",
 'logintoken': logintoken,
 'username': 'Amaliy2685',
 'password': 'Aml-2683'}

r =, data=datas, headers=headers)
April 19th 20 at 12:08
3 answers
April 19th 20 at 12:10
I need an answer sooner the better, but there is no answer... well, I thought again to throw the question - Emilia49 commented on April 19th 20 at 12:13
April 19th 20 at 12:12
bro th for where login what are you doing on
when all options lead to loina ?
where did you get the link ???????? - Emilia49 commented on April 19th 20 at 12:15
you can debug? F12 button you know? - Robyn.Bergstrom commented on April 19th 20 at 12:18
@Robyn.Bergstrom, debug shows everything is fine. OK let's say you know how to solve the problem, please share? - Emilia49 commented on April 19th 20 at 12:21
@Emilia49, Authorization requests post python get empty data? fired - Robyn.Bergstrom commented on April 19th 20 at 12:24
and that there normally shows if the URL you are confused about the testimony? - Robyn.Bergstrom commented on April 19th 20 at 12:27
@Robyn.Bergstromwhat I'm supposed to see there? I read the article and the question and answer in the Habr, but there's nothing new... I know the KKK runs
And in the article there is nothing just like it copies the url...
I opened and authoritively on other sites. Here, in contrast to the other there is a paragraph in the POST request as logintoken: it's always random.... I just need to know in advance the code and everything... I put it in the data during request and everything should go code the next page - Emilia49 commented on April 19th 20 at 12:30

well, in General, or systematic, or poked roam

question about URLs remained in the air

if Ho mom last time, so: why you are sending the username to the wrong URL? - Robyn.Bergstrom commented on April 19th 20 at 12:33
@Robyn.Bergstrom, as not on that? you can follow this link to log in, even UD has a window for a username and password. You can then check, I hammered the login password and clicked on login tab where you can view the page code(network file is called index.php) index.php the POST file it States this link and usually on the other site I sent the link specified in this file, if you scroll below there is form data there are derived the values:
Logintoken: sfjfksokdbfjfkdkdjf
Username: username
Password: password

I read the article and parsing, and there is always explain what the link you want is in the file is displayed where the username and password after starting the login... - Emilia49 commented on April 19th 20 at 12:36
@Emilia49, Yes, sorry, I made a mistake was the interception Ajax tupanul
in your case all is simple


write code for get query
then in text looking for the token

import re
token = re.compile('<input type = "hidden" name = "logintoken" value = "([^"]+)">')
res = token.findall(text)

cope's next? - Robyn.Bergstrom commented on April 19th 20 at 12:39
@Robyn.Bergstrom, Yes, nothing happens. See, now you've repeated all the same as I did in your code, but there is a difference! If you try to run my code, the logintoken which I get, it is the same with what is in the code for my get request but your token is not similar with that which gives token during a get request, try to run my code and your code - Emilia49 commented on April 19th 20 at 12:42
April 19th 20 at 12:14
Possible also check server-side: if it supports client caching, for example, pictures. Request is not supported. Can help silenium.
Can throw article where you can normally read and understand all? - Emilia49 commented on April 19th 20 at 12:17
@Emilia49, a couple stateek - Elnora_Rippin commented on April 19th 20 at 12:20
@Elnora_Rippin, thank you very much - Emilia49 commented on April 19th 20 at 12:23

Find more questions by tags HashingParsingPython