0

I'm trying to access this email-verifier side using python post requests. But I got a Bad request error. Below one is the input form of the website

<form method="post" action="/" novalidate="novalidate">
<input type="hidden" id="dpf" name="DFP" value="W3sia2V5IjoidXNlckFnZW50IiwidmFsdWUiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2In0seyJrZXkiOiJ3ZWJkcml2ZXIiLCJ2YWx1ZSI6Im5vdCBhdmFpbGFibGUifSx7ImtleSI6Imxhbmd1YWdlIiwidmFsdWUiOiJlbi1DQSJ9LHsia2V5IjoiY29sb3JEZXB0aCIsInZhbHVlIjoyNH0seyJrZXkiOiJkZXZpY2VNZW1vcnkiLCJ2YWx1ZSI6OH0seyJrZXkiOiJwaXhlbFJhdGlvIiwidmFsdWUiOjEuMjV9LHsia2V5IjoiaGFyZHdhcmVDb25jdXJyZW5jeSIsInZhbHVlIjo0fSx7ImtleSI6InRpbWV6b25lT2Zmc2V0IiwidmFsdWUiOi0zMzB9LHsia2V5IjoidGltZXpvbmUiLCJ2YWx1ZSI6IkFzaWEvQ29sb21ibyJ9LHsia2V5Ijoic2Vzc2lvblN0b3JhZ2UiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJsb2NhbFN0b3JhZ2UiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJpbmRleGVkRGIiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJhZGRCZWhhdmlvciIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJvcGVuRGF0YWJhc2UiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJjcHVDbGFzcyIsInZhbHVlIjoibm90IGF2YWlsYWJsZSJ9LHsia2V5IjoicGxhdGZvcm0iLCJ2YWx1ZSI6IldpbjMyIn0seyJrZXkiOiJkb05vdFRyYWNrIiwidmFsdWUiOiJub3QgYXZhaWxhYmxlIn0seyJrZXkiOiJwbHVnaW5zIiwidmFsdWUiOltbIkNocm9tZSBQREYgUGx1Z2luIiwiUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0IixbWyJhcHBsaWNhdGlvbi94LWdvb2dsZS1jaHJvbWUtcGRmIiwicGRmIl1dXSxbIkNocm9tZSBQREYgVmlld2VyIiwiIixbWyJhcHBsaWNhdGlvbi9wZGYiLCJwZGYiXV1dLFsiTmF0aXZlIENsaWVudCIsIiIsW1siYXBwbGljYXRpb24veC1uYWNsIiwiIl0sWyJhcHBsaWNhdGlvbi94LXBuYWNsIiwiIl1dXV19LHsia2V5Ijoid2ViZ2xWZW5kb3JBbmRSZW5kZXJlciIsInZhbHVlIjoiR29vZ2xlIEluYy5+R29vZ2xlIFN3aWZ0U2hhZGVyIn0seyJrZXkiOiJhZEJsb2NrIiwidmFsdWUiOnRydWV9LHsia2V5IjoiaGFzTGllZExhbmd1YWdlcyIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJoYXNMaWVkUmVzb2x1dGlvbiIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJoYXNMaWVkT3MiLCJ2YWx1ZSI6ZmFsc2V9LHsia2V5IjoiaGFzTGllZEJyb3dzZXIiLCJ2YWx1ZSI6ZmFsc2V9LHsia2V5IjoidG91Y2hTdXBwb3J0IiwidmFsdWUiOlsxMCx0cnVlLGZhbHNlXX0seyJrZXkiOiJmb250cyIsInZhbHVlIjpbIkFyaWFsIiwiQXJpYWwgQmxhY2siLCJBcmlhbCBOYXJyb3ciLCJCb29rIEFudGlxdWEiLCJCb29rbWFuIE9sZCBTdHlsZSIsIkNhbGlicmkiLCJDYW1icmlhIiwiQ2FtYnJpYSBNYXRoIiwiQ2VudHVyeSIsIkNlbnR1cnkgR290aGljIiwiQ2VudHVyeSBTY2hvb2xib29rIiwiQ29taWMgU2FucyBNUyIsIkNvbnNvbGFzIiwiQ291cmllciIsIkNvdXJpZXIgTmV3IiwiR2VvcmdpYSIsIkhlbHZldGljYSIsIkltcGFjdCIsIkx1Y2lkYSBCcmlnaHQiLCJMdWNpZGEgQ2FsbGlncmFwaHkiLCJMdWNpZGEgQ29uc29sZSIsIkx1Y2lkYSBGYXgiLCJMdWNpZGEgSGFuZHdyaXRpbmciLCJMdWNpZGEgU2FucyIsIkx1Y2lkYSBTYW5zIFR5cGV3cml0ZXIiLCJMdWNpZGEgU2FucyBVbmljb2RlIiwiTWljcm9zb2Z0IFNhbnMgU2VyaWYiLCJNb25vdHlwZSBDb3JzaXZhIiwiTVMgR290aGljIiwiTVMgUEdvdGhpYyIsIk1TIFJlZmVyZW5jZSBTYW5zIFNlcmlmIiwiTVMgU2FucyBTZXJpZiIsIk1TIFNlcmlmIiwiUGFsYXRpbm8gTGlub3R5cGUiLCJTZWdvZSBQcmludCIsIlNlZ29lIFNjcmlwdCIsIlNlZ29lIFVJIiwiU2Vnb2UgVUkgTGlnaHQiLCJTZWdvZSBVSSBTZW1pYm9sZCIsIlNlZ29lIFVJIFN5bWJvbCIsIlRhaG9tYSIsIlRpbWVzIiwiVGltZXMgTmV3IFJvbWFuIiwiVHJlYnVjaGV0IE1TIiwiVmVyZGFuYSIsIldpbmdkaW5ncyIsIldpbmdkaW5ncyAyIiwiV2luZ2RpbmdzIDMiXX0seyJrZXkiOiJhdWRpbyIsInZhbHVlIjoiMTI0LjA0MzQ3NTI3NTE2MDc0In0seyJrZXkiOiJlbnVtZXJhdGVEZXZpY2VzIiwidmFsdWUiOlsiaWQ9O2dpZD02OGVjNGNmZTQ1MzJiZjExY2E0ZWI4OTM1NzYxZjI5OTRjZTAxODA0N2ZhYjFmYTEyNzc2MGQxNmUzZTAzODdjO2F1ZGlvaW5wdXQ7IiwiaWQ9O2dpZD00ZTM0YjFmNzQ1OTRlYzQyOTM3Mjg4OTI2MzFkOTY3NmU1MjBmOWE2ZGJjOGUyOGZlOGQ5YWQzOTc1NTZhZjhlO3ZpZGVvaW5wdXQ7IiwiaWQ9O2dpZD02OGVjNGNmZTQ1MzJiZjExY2E0ZWI4OTM1NzYxZjI5OTRjZTAxODA0N2ZhYjFmYTEyNzc2MGQxNmUzZTAzODdjO2F1ZGlvb3V0cHV0OyJdfV0=">
<input type="hidden" id="aba" data-val="true" data-val-required="The aba field is required." name="ABA" value="false">
<div class="card">
<div class="card-header">
<div>
<div class="float-left">
<h3 class="card-title"><i class="fal fa-bars"></i>&nbsp;Verify Email Address In Real-Time</h3>
</div>
<div class="clearfix"></div>
</div>
</div>
<div class="card-body">
<div class="input-group input-group-lg">
<div class="input-group-prepend">
<span class="input-group-text"><i class="far fa-envelope-open"></i></span>
</div>
<input id="input-email-address" class="form-control" autocomplete="off" placeholder="email to verify" type="email" data-val="true" data-val-email="The Email address field is not a valid e-mail address." data-val-maxlength="The field Email address must be a string or array type with a maximum length of '255'." data-val-maxlength-max="255" data-val-minlength="The field Email address must be a string or array type with a minimum length of '3'." data-val-minlength-min="3" data-val-required="The Email address field is required." maxlength="255" name="EmailAddress" value="[email protected]">
<div class="input-group-append">
<button class="btn btn-secondary" data-toggle="tooltip" data-placement="top" title="" formaction="/" data-original-title="Verify an email address now">go</button>
</div>
</div>
</div>
<div class="card-footer">
<div class="row">
<div class="col">
<i class="fa fa-stethoscope"></i>&nbsp;<span class="alert-danger field-validation-valid" data-valmsg-for="EmailAddress" data-valmsg-replace="true"></span><span class="alert-danger field-validation-valid" data-valmsg-for="ErrorMessage" data-valmsg-replace="true"></span>
</div>
</div>
</div>
</div>
<input name="__RequestVerificationToken" type="hidden" value="CfDJ8Dn81EZjq0pAmp3kd_YLe05aZfYqkFZuq0SbqZ5B_PZf7vH4ZDwPl4WEnu2kDiS4m2cWUaY7VoP_1V6WRUdw-sKN9rw6NiEaThdvg73srss-Ozbcl27aoi5TcNtL8lj6M-tLT_lkFtc1gLbHxsGuHVY"></form>

here is what I tried so far...

import requests

url = 'https://tools.verifyemailaddress.io/'
data = {'DFP' : 'W3sia2V5IjoidXNlckFnZW50IiwidmFsdWUiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvODguMC40MzI0LjE5MCBTYWZhcmkvNTM3LjM2In0seyJrZXkiOiJ3ZWJkcml2ZXIiLCJ2YWx1ZSI6Im5vdCBhdmFpbGFibGUifSx7ImtleSI6Imxhbmd1YWdlIiwidmFsdWUiOiJlbi1DQSJ9LHsia2V5IjoiY29sb3JEZXB0aCIsInZhbHVlIjoyNH0seyJrZXkiOiJkZXZpY2VNZW1vcnkiLCJ2YWx1ZSI6OH0seyJrZXkiOiJwaXhlbFJhdGlvIiwidmFsdWUiOjEuMjV9LHsia2V5IjoiaGFyZHdhcmVDb25jdXJyZW5jeSIsInZhbHVlIjo0fSx7ImtleSI6InRpbWV6b25lT2Zmc2V0IiwidmFsdWUiOi0zMzB9LHsia2V5IjoidGltZXpvbmUiLCJ2YWx1ZSI6IkFzaWEvQ29sb21ibyJ9LHsia2V5Ijoic2Vzc2lvblN0b3JhZ2UiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJsb2NhbFN0b3JhZ2UiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJpbmRleGVkRGIiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJhZGRCZWhhdmlvciIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJvcGVuRGF0YWJhc2UiLCJ2YWx1ZSI6dHJ1ZX0seyJrZXkiOiJjcHVDbGFzcyIsInZhbHVlIjoibm90IGF2YWlsYWJsZSJ9LHsia2V5IjoicGxhdGZvcm0iLCJ2YWx1ZSI6IldpbjMyIn0seyJrZXkiOiJkb05vdFRyYWNrIiwidmFsdWUiOiJub3QgYXZhaWxhYmxlIn0seyJrZXkiOiJwbHVnaW5zIiwidmFsdWUiOltbIkNocm9tZSBQREYgUGx1Z2luIiwiUG9ydGFibGUgRG9jdW1lbnQgRm9ybWF0IixbWyJhcHBsaWNhdGlvbi94LWdvb2dsZS1jaHJvbWUtcGRmIiwicGRmIl1dXSxbIkNocm9tZSBQREYgVmlld2VyIiwiIixbWyJhcHBsaWNhdGlvbi9wZGYiLCJwZGYiXV1dLFsiTmF0aXZlIENsaWVudCIsIiIsW1siYXBwbGljYXRpb24veC1uYWNsIiwiIl0sWyJhcHBsaWNhdGlvbi94LXBuYWNsIiwiIl1dXV19LHsia2V5Ijoid2ViZ2xWZW5kb3JBbmRSZW5kZXJlciIsInZhbHVlIjoiR29vZ2xlIEluYy5+R29vZ2xlIFN3aWZ0U2hhZGVyIn0seyJrZXkiOiJhZEJsb2NrIiwidmFsdWUiOnRydWV9LHsia2V5IjoiaGFzTGllZExhbmd1YWdlcyIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJoYXNMaWVkUmVzb2x1dGlvbiIsInZhbHVlIjpmYWxzZX0seyJrZXkiOiJoYXNMaWVkT3MiLCJ2YWx1ZSI6ZmFsc2V9LHsia2V5IjoiaGFzTGllZEJyb3dzZXIiLCJ2YWx1ZSI6ZmFsc2V9LHsia2V5IjoidG91Y2hTdXBwb3J0IiwidmFsdWUiOlsxMCx0cnVlLGZhbHNlXX0seyJrZXkiOiJmb250cyIsInZhbHVlIjpbIkFyaWFsIiwiQXJpYWwgQmxhY2siLCJBcmlhbCBOYXJyb3ciLCJCb29rIEFudGlxdWEiLCJCb29rbWFuIE9sZCBTdHlsZSIsIkNhbGlicmkiLCJDYW1icmlhIiwiQ2FtYnJpYSBNYXRoIiwiQ2VudHVyeSIsIkNlbnR1cnkgR290aGljIiwiQ2VudHVyeSBTY2hvb2xib29rIiwiQ29taWMgU2FucyBNUyIsIkNvbnNvbGFzIiwiQ291cmllciIsIkNvdXJpZXIgTmV3IiwiR2VvcmdpYSIsIkhlbHZldGljYSIsIkltcGFjdCIsIkx1Y2lkYSBCcmlnaHQiLCJMdWNpZGEgQ2FsbGlncmFwaHkiLCJMdWNpZGEgQ29uc29sZSIsIkx1Y2lkYSBGYXgiLCJMdWNpZGEgSGFuZHdyaXRpbmciLCJMdWNpZGEgU2FucyIsIkx1Y2lkYSBTYW5zIFR5cGV3cml0ZXIiLCJMdWNpZGEgU2FucyBVbmljb2RlIiwiTWljcm9zb2Z0IFNhbnMgU2VyaWYiLCJNb25vdHlwZSBDb3JzaXZhIiwiTVMgR290aGljIiwiTVMgUEdvdGhpYyIsIk1TIFJlZmVyZW5jZSBTYW5zIFNlcmlmIiwiTVMgU2FucyBTZXJpZiIsIk1TIFNlcmlmIiwiUGFsYXRpbm8gTGlub3R5cGUiLCJTZWdvZSBQcmludCIsIlNlZ29lIFNjcmlwdCIsIlNlZ29lIFVJIiwiU2Vnb2UgVUkgTGlnaHQiLCJTZWdvZSBVSSBTZW1pYm9sZCIsIlNlZ29lIFVJIFN5bWJvbCIsIlRhaG9tYSIsIlRpbWVzIiwiVGltZXMgTmV3IFJvbWFuIiwiVHJlYnVjaGV0IE1TIiwiVmVyZGFuYSIsIldpbmdkaW5ncyIsIldpbmdkaW5ncyAyIiwiV2luZ2RpbmdzIDMiXX0seyJrZXkiOiJhdWRpbyIsInZhbHVlIjoiMTI0LjA0MzQ3NTI3NTE2MDc0In0seyJrZXkiOiJlbnVtZXJhdGVEZXZpY2VzIiwidmFsdWUiOlsiaWQ9O2dpZD0xZGQ2ZjE3NWVjZjYzNWNjZjZjNjgzNTk1MjUxZTIwNzMwNGEwYTlhMDEzNTE1ODU4OTM1YWIzODgxZjY3YWU1O2F1ZGlvaW5wdXQ7IiwiaWQ9O2dpZD0yZGIwMjViZDY0NzY4ZTM0YjZlMWEyM2UwMjgyYjhjMGEwYjY3YTVmYWE1NmEyYTU0Nzg2MDEwNDYxZTExMjdkO3ZpZGVvaW5wdXQ7IiwiaWQ9O2dpZD0xZGQ2ZjE3NWVjZjYzNWNjZjZjNjgzNTk1MjUxZTIwNzMwNGEwYTlhMDEzNTE1ODU4OTM1YWIzODgxZjY3YWU1O2F1ZGlvb3V0cHV0OyJdfV0=',
        'ABA': 'false',
        'EmailAddress':'HERE I GAVE THE EMAIL ADDRESS TO VERIFY',
        '__RequestVerificationToken': 'CfDJ8Dn81EZjq0pAmp3kd_YLe049yQv3aB1-CkQbIlD_4vXIesj6Uz9Jmbjqi1b8U99T9oSnyZZhnd37VzRlNXs7TCLIQ7qQCiFVWgaENNPcL8faDvd32TMC7y-kp92NNj8I-Z_EV0PcB5oUbIgwmhdrSdw'


        }
r = requests.post(url,data)
r.status_code # this is returning 400

what I'm doing wrong?

Improve this question
2
  • 1
    I think the problem is with __RequestVerificationToken. The server generates a new token for the client each time, and you can not use a fixed token or a token generated for another client. Commented Mar 9, 2021 at 5:33
  • 1
    This usually applies to all the "hidden" input elements. Request the original page, parse it with BeautifulSoup4 or lxml, find the values of hidden tags instead of fixed ones as @HassanMohammadi mentioned. Commented Mar 9, 2021 at 7:26

1 Answer 1

Reset to default
1

You can use this method :

from bs4 import BeautifulSoup
import requests


url = "https://localhost:5001/Account/Login"

session=requests.session()

bfs= BeautifulSoup(session.get(url).content,'html.parser')
csrftoken = bfs.find('input', dict(name='__RequestVerificationToken'))['value']
dfp= bfs.find('input',dict(name="DFP"))["value"]
parameters={
    "__RequestVerificationToken":csrftoken,
    "DFP": dfp,
    "Username":"user",
    "Password":"pass",
}
respons=session.post(url=url,data=parameters)
print(respons.text)

So what did we do?

You see, we have to create a session first And using BeautifulSoup I can load the page once and pull out the (__RequestVerificationToken,DFP,..) And send our request with the same session that we opened.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.