A script that just creates a post to indigo.cafe, and requires a login token
#!/bin/python3 | |
# requirements: hyper selectolax | |
from sys import exit | |
from ssl import CERT_NONE | |
try: | |
import hyper | |
except ModuleNotFoundError: | |
exit('you need to install `hyper`: https://hyper.readthedocs.io/en/latest/quickstart.html#installing-hyper') | |
try: | |
from selectolax.parser import HTMLParser | |
except ModuleNotFoundError: | |
exit('you need to install `selectolax`: https://github.com/rushter/selectolax#Installation') | |
# a target indigo instance can also go here | |
connection = hyper.HTTPConnection('indigo.cafe:443') | |
#hyper.tls._context = hyper.tls.init_context() | |
#hyper.tls._context.check_hostname = False | |
#hyper.tls._context.verify_mode = CERT_NONE | |
#connection = hyper.HTTPConnection('192.168.1.127:92', secure=True) | |
# declare file name status thing so that we can print status messages fancily | |
STATUS_PREFIX = '[' + __file__ + '] ' | |
# we are connected | |
print(STATUS_PREFIX + 'connected to ingido serv') | |
# declare headers, we're going to pass these to every request with `headers=headers` | |
headers = { | |
# put your login cookie thing here | |
'Cookie': 'gosessionid=(removed);indigo-auth=(removed);_gorilla_csrf=MTU0MjQ5MTY1NXxJaTh3ZGpSbVJERjVTazFLTkVoUGREZFpZa2hWYjJwNVRqVnFRVU53ZWswNFFuSkJSMmhvWW1kUVRITTlJZ289fCEgaCd7HaU3YAbQ3WOkh_hqsSRZAzeE-ybUe2Bcmfc3', | |
} | |
# get csrf token/check if banned by requesting /reset | |
# this endpoint is chosen since it's fast, contains csrf token and works when logged in | |
connection.request('GET', '/reset', headers=headers) | |
response = connection.get_response() | |
# we have /reset response | |
print(STATUS_PREFIX + 'got /reset body') | |
# response html, we'll use it no matter if there's an error or not | |
body = response.read().decode() | |
if response.status != 200: | |
# output html returned AND exit if there's error | |
print(body) | |
exit('\nresponse code ' + str(response.status) + ' while getting /reset!! (above is response text)') | |
# now see if csrfmiddlewaretoken from the user sidebar exists | |
# if this doesn't exist (user sidebar doesn't exist) then assume we are logged out or banned | |
query = HTMLParser(body).css_first('li > form > [name=csrfmiddlewaretoken]') | |
if query is None: | |
# exit | |
print(body) | |
exit('\ncouldn\'t find csrfmiddlewaretoken while getting /reset!! (above is response text)') | |
# now actually use the token | |
csrfmiddlewaretoken = query.attributes['value'] | |
# we have csrfmiddlewaretoken! | |
print(STATUS_PREFIX + 'we now have csrfmiddlewaretoken from /reset') | |
# now create the post, make a request body | |
req_body = bytes( | |
# here is the post body right here | |
'body=time to watch gay porn and sex porn&' | |
# meta stuff including csrfmiddlewaretoken (url encode it) | |
+ 'feeling_id=0&csrfmiddlewaretoken=' + csrfmiddlewaretoken.replace('+', '%2b') + '&' | |
# community id | |
#+ 'community=2' | |
+ 'community=1' | |
, 'utf-8') | |
# copy of the headers with content type | |
headers_plus_content_type = headers.copy() | |
headers_plus_content_type['Content-Type'] = 'application/x-www-form-urlencoded' | |
# ingido doesn't care about uri community id | |
connection.request('POST', '/communities/0/posts', headers=headers_plus_content_type, body=req_body) | |
response = connection.get_response() | |
body = response.read().decode() | |
# check response code | |
if response.status != 200: | |
# print body returned | |
print(body) | |
exit('\nresponse code ' + str(response.status) + ' while posting to /communities/0/posts!! (above is response text)') | |
# successfully posted the post | |
print(STATUS_PREFIX + 'posted to /communities/0/posts') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment