post.py

import cookielib
import socket
import urllib
import urllib2
 
url = 'http://www.mitfahrgelegenheit.de/mitfahrzentrale/Dresden/Potsdam.html/'
http_header = {
                "User-Agent" : "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.46 Safari/535.11",
                "Accept" : "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,text/png,*/*;q=0.5",
                "Accept-Language" : "en-us,en;q=0.5",
                "Accept-Charset" : "ISO-8859-1",
                "Content-type": "application/x-www-form-urlencoded",
                "Host" : "www.mitfahrgelegenheit.de",
                "Referer" : "http://www.mitfahrgelegenheit.de/mitfahrzentrale/Dresden/Potsdam.html/"
                }
 
params = {
  'city_from' : 169,
  'radius_from' : 0,
  'city_to' : 263,
  'radius_to' : 0,
  'date' : 'date',
  'day' : 5,
  'month' : 03,
  'year' : 2012,
  'tolerance' : 0
}
 
# setup socket connection timeout
timeout = 15
socket.setdefaulttimeout(timeout)
 
# setup cookie handler
cookie_jar = cookielib.LWPCookieJar()
cookie = urllib2.HTTPCookieProcessor(cookie_jar)
 
# setup proxy handler, in case some-day you need to use a proxy server
proxy = {} # example: {"http" : "www.blah.com:8080"}
 
# create an urllib2 opener()
#opener = urllib2.build_opener(proxy, cookie) # with proxy
opener = urllib2.build_opener(cookie) # we are not going to use proxy now
 
# create your HTTP request
req = urllib2.Request(url, urllib.urlencode(params), http_header)
 
# submit your request
res = opener.open(req)
html = res.read()
 
# save retrieved HTML to file
open("tmp.html", "w").write(html)
print html

post_csrf.py

import cookielib
import socket
import urllib
import urllib2
 
url = 'http://checkcosmetic.net/wp-admin/admin-ajax.php'
http_header = {
                # "Accept" : "*/*",
                # "Accept-Encoding": "gzip,deflate,sdch",
                # "Accept-Language": "zh-CN,zh;q=0.8",
                "Content-type": "application/x-www-form-urlencoded",
                # "Cookie": "__utma=84070347.318682465.1377011492.1377011492.1377021771.2; __utmb=84070347.1.10.1377021771; __utmc=84070347; __utmz=84070347.1377011492.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)",
                # "Host": "checkcosmetic.net",
                # "Origin": "http://checkcosmetic.net",
                # "Pragma": "no-cache",
                # "Connection": "keep-alive",
                "Referer" : "http://checkcosmetic.net",
                "User-Agent" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36",
                # "X-Requested-With": "XMLHttpRequest"
            }
 
params = {
  'action' : 'dc_checkAJAX',
  'code' : 6403,
  'brand' : 12839,
  'brandid' : '9058fa2bebb0c00b1ddbd3bcf7d74fb5'
}
 
# setup socket connection timeout
timeout = 15
socket.setdefaulttimeout(timeout)
 
# setup cookie handler
cookie_jar = cookielib.LWPCookieJar()
cookie = urllib2.HTTPCookieProcessor(cookie_jar)
 
# setup proxy handler, in case some-day you need to use a proxy server
proxy = {} # example: {"http" : "www.blah.com:8080"}
 
# create an urllib2 opener()
#opener = urllib2.build_opener(proxy, cookie) # with proxy
opener = urllib2.build_opener(cookie) # we are not going to use proxy now
 
# create your HTTP request
req = urllib2.Request(url, urllib.urlencode(params), http_header)

print req.header_items()
print req.get_full_url()
print req.get_origin_req_host()
print req.get_host()
print req.get_type()
print req.get_data()
print req.get_method()

# submit your request
res = opener.open(req)
html = res.read()
 
# save retrieved HTML to file
open("tmp.html", "w").write(html)
print html

http://checkcosmetic.net 这个网站防止CSRF攻击的方法

1. 侦测Origin字段
2. 表单加入一个动态变化的隐藏域brandid