1. 通过Firefox配合插件Tamper Date获取登录时客户端向服务器端提交的数据, 并且发现authenticity_token这个字段每次登录时都不一样.
POSTDATA=commit=Sign+in&utf8=%E2%9C%93&authenticity_token=04AyEXaH%2Fec6cGB6FZm4WZotA6KyjeSqWbE%2F7DIYV4I2stthLv69ja1h4%2F7M3fTn%2Fb7S0PzdMA9UPKtG6bM74g%3D%3D&login=your_id&password=your_pwd
2. 查看https://github.com/网页源代码, 可以发现被隐藏的authenticity_token字段.
3. 要注意的地方: 通过https://github.com/login点击Sign In之后, 页面会被重定向到https://github.com/session (这点可以通过status_code=302证明), 所以之后POST动作的对象不是login页面了.
附上代码:
import re import requests url = 'https://github.com/login' head = { "user-agent":"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36", } s = requests.session() r = s.get(url,headers=head) token = re.findall('<input name="authenticity_token" type="hidden" value="(.*?)" />', r.content, re.S) payload = { 'commit':'Sign in', 'utf8':'%E2%9C%93', 'authenticity_token':token[0], 'login':"your_id", 'password':"your_pwd" } r2 = s.post('https://github.com/session',headers=head,data=payload) print r2.content