Skip to content

Instantly share code, notes, and snippets.

@ariankordi

ariankordi/arman.py

Last active November 19, 2018 23:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ariankordi/9d8cb4d91a270405fd8bee0b7f4f5684 to your computer and use it in GitHub Desktop.
Save ariankordi/9d8cb4d91a270405fd8bee0b7f4f5684 to your computer and use it in GitHub Desktop.
Download ZIP
A script that just creates a post to indigo.cafe, and requires a login token
Raw
arman.py
#!/bin/python3
# requirements: hyper selectolax
from sys import exit
from ssl import CERT_NONE
try:
import hyper
except ModuleNotFoundError:
exit('you need to install `hyper`: https://hyper.readthedocs.io/en/latest/quickstart.html#installing-hyper')
try:
from selectolax.parser import HTMLParser
except ModuleNotFoundError:
exit('you need to install `selectolax`: https://github.com/rushter/selectolax#Installation')
# a target indigo instance can also go here
connection = hyper.HTTPConnection('indigo.cafe:443')
#hyper.tls._context = hyper.tls.init_context()
#hyper.tls._context.check_hostname = False
#hyper.tls._context.verify_mode = CERT_NONE
#connection = hyper.HTTPConnection('192.168.1.127:92', secure=True)
# declare file name status thing so that we can print status messages fancily
STATUS_PREFIX = '[' + __file__ + '] '
# we are connected
print(STATUS_PREFIX + 'connected to ingido serv')
# declare headers, we're going to pass these to every request with `headers=headers`
headers = {
# put your login cookie thing here
'Cookie': 'gosessionid=(removed);indigo-auth=(removed);_gorilla_csrf=MTU0MjQ5MTY1NXxJaTh3ZGpSbVJERjVTazFLTkVoUGREZFpZa2hWYjJwNVRqVnFRVU53ZWswNFFuSkJSMmhvWW1kUVRITTlJZ289fCEgaCd7HaU3YAbQ3WOkh_hqsSRZAzeE-ybUe2Bcmfc3',
}
# get csrf token/check if banned by requesting /reset
# this endpoint is chosen since it's fast, contains csrf token and works when logged in
connection.request('GET', '/reset', headers=headers)
response = connection.get_response()
# we have /reset response
print(STATUS_PREFIX + 'got /reset body')
# response html, we'll use it no matter if there's an error or not
body = response.read().decode()
if response.status != 200:
# output html returned AND exit if there's error
print(body)
exit('\nresponse code ' + str(response.status) + ' while getting /reset!! (above is response text)')
# now see if csrfmiddlewaretoken from the user sidebar exists
# if this doesn't exist (user sidebar doesn't exist) then assume we are logged out or banned
query = HTMLParser(body).css_first('li > form > [name=csrfmiddlewaretoken]')
if query is None:
# exit
print(body)
exit('\ncouldn\'t find csrfmiddlewaretoken while getting /reset!! (above is response text)')
# now actually use the token
csrfmiddlewaretoken = query.attributes['value']
# we have csrfmiddlewaretoken!
print(STATUS_PREFIX + 'we now have csrfmiddlewaretoken from /reset')
# now create the post, make a request body
req_body = bytes(
# here is the post body right here
'body=time to watch gay porn and sex porn&'
# meta stuff including csrfmiddlewaretoken (url encode it)
+ 'feeling_id=0&csrfmiddlewaretoken=' + csrfmiddlewaretoken.replace('+', '%2b') + '&'
# community id
#+ 'community=2'
+ 'community=1'
, 'utf-8')
# copy of the headers with content type
headers_plus_content_type = headers.copy()
headers_plus_content_type['Content-Type'] = 'application/x-www-form-urlencoded'
# ingido doesn't care about uri community id
connection.request('POST', '/communities/0/posts', headers=headers_plus_content_type, body=req_body)
response = connection.get_response()
body = response.read().decode()
# check response code
if response.status != 200:
# print body returned
print(body)
exit('\nresponse code ' + str(response.status) + ' while posting to /communities/0/posts!! (above is response text)')
# successfully posted the post
print(STATUS_PREFIX + 'posted to /communities/0/posts')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment