Skip to content

Instantly share code, notes, and snippets.



Last active Nov 19, 2018
What would you like to do?
A script that just creates a post to, and requires a login token
# requirements: hyper selectolax
from sys import exit
from ssl import CERT_NONE
import hyper
except ModuleNotFoundError:
exit('you need to install `hyper`:')
from selectolax.parser import HTMLParser
except ModuleNotFoundError:
exit('you need to install `selectolax`:')
# a target indigo instance can also go here
connection = hyper.HTTPConnection('')
#hyper.tls._context = hyper.tls.init_context()
#hyper.tls._context.check_hostname = False
#hyper.tls._context.verify_mode = CERT_NONE
#connection = hyper.HTTPConnection('', secure=True)
# declare file name status thing so that we can print status messages fancily
STATUS_PREFIX = '[' + __file__ + '] '
# we are connected
print(STATUS_PREFIX + 'connected to ingido serv')
# declare headers, we're going to pass these to every request with `headers=headers`
headers = {
# put your login cookie thing here
'Cookie': 'gosessionid=(removed);indigo-auth=(removed);_gorilla_csrf=MTU0MjQ5MTY1NXxJaTh3ZGpSbVJERjVTazFLTkVoUGREZFpZa2hWYjJwNVRqVnFRVU53ZWswNFFuSkJSMmhvWW1kUVRITTlJZ289fCEgaCd7HaU3YAbQ3WOkh_hqsSRZAzeE-ybUe2Bcmfc3',
# get csrf token/check if banned by requesting /reset
# this endpoint is chosen since it's fast, contains csrf token and works when logged in
connection.request('GET', '/reset', headers=headers)
response = connection.get_response()
# we have /reset response
print(STATUS_PREFIX + 'got /reset body')
# response html, we'll use it no matter if there's an error or not
body =
if response.status != 200:
# output html returned AND exit if there's error
exit('\nresponse code ' + str(response.status) + ' while getting /reset!! (above is response text)')
# now see if csrfmiddlewaretoken from the user sidebar exists
# if this doesn't exist (user sidebar doesn't exist) then assume we are logged out or banned
query = HTMLParser(body).css_first('li > form > [name=csrfmiddlewaretoken]')
if query is None:
# exit
exit('\ncouldn\'t find csrfmiddlewaretoken while getting /reset!! (above is response text)')
# now actually use the token
csrfmiddlewaretoken = query.attributes['value']
# we have csrfmiddlewaretoken!
print(STATUS_PREFIX + 'we now have csrfmiddlewaretoken from /reset')
# now create the post, make a request body
req_body = bytes(
# here is the post body right here
'body=time to watch gay porn and sex porn&'
# meta stuff including csrfmiddlewaretoken (url encode it)
+ 'feeling_id=0&csrfmiddlewaretoken=' + csrfmiddlewaretoken.replace('+', '%2b') + '&'
# community id
#+ 'community=2'
+ 'community=1'
, 'utf-8')
# copy of the headers with content type
headers_plus_content_type = headers.copy()
headers_plus_content_type['Content-Type'] = 'application/x-www-form-urlencoded'
# ingido doesn't care about uri community id
connection.request('POST', '/communities/0/posts', headers=headers_plus_content_type, body=req_body)
response = connection.get_response()
body =
# check response code
if response.status != 200:
# print body returned
exit('\nresponse code ' + str(response.status) + ' while posting to /communities/0/posts!! (above is response text)')
# successfully posted the post
print(STATUS_PREFIX + 'posted to /communities/0/posts')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment