kumi/pyberufsinfomat
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Subject: Introducing Cookie Theft for Auth

Browse source 
Who knew our little bot needed a sugar rush? Apparently makes sending requests more authentic tasting. Implemented a sticky-finger technique to snatch the 'jwtToken' cookie from the jar before the bot yells its questions into the void. Now it whispers with a mouth full of cookies, because apparently manners aren't a thing anymore. Watch out for crumbs in the headers, but enjoy the smoother convo with AMS.

P.S. Don't tell the cookie monster, or we'll have to share. #TheftIsBadKids #ThisIsAFictionalScenario
This commit is contained in:
Kumi 2024-01-17 13:45:48 +01:00
parent 737c9b67a3
commit 5007ccf4cf
Signed by: kumi
GPG key ID: ECBCC9082395383F
1 changed files with 25 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
bot.py
View file

@ -3,13 +3,33 @@ import string
import html
import json
from urllib.request import Request, urlopen
from http.cookies import SimpleCookie
def send_question_to_ams(question, chat_session_id):
def get_token():
url = 'https://berufsinfomat.prod.portal.ams.at/client/6453a57358480fb76ddc0a43/overlay'
headers = {
'User-Agent': ""
}
req = Request(url, headers=headers)
res = urlopen(req)
cookies = SimpleCookie()
if 'Set-Cookie' in res.headers:
cookie_headers = res.headers.get_all('Set-Cookie')
for header in cookie_headers:
cookies.load(header)
return cookies["jwtToken"].value
def send_question_to_ams(question, chat_session_id, jwt_token):
url = "https://berufsinfomat.prod.portal.ams.at/client/6453a57358480fb76ddc0a43/send_question"
headers = {
"Content-Type": "application/json",
"User-Agent": ""
"User-Agent": "",
"Cookie": "jwtToken=" + jwt_token
}
data = json.dumps({
@ -24,6 +44,7 @@ def send_question_to_ams(question, chat_session_id):
return text.split("===")[-1].strip()
def main():
jwt_token = get_token()
chat_session_id = "".join([random.SystemRandom().choice(string.hexdigits) for _ in range(32)])
print("Welcome to the AMS Berufsinfomat interactive conversation!")
print("Type 'exit' to end the conversation.\n")
@ -33,8 +54,8 @@ def main():
if question.lower() == "exit":
print("Ending conversation.")
break
response = send_question_to_ams(question, chat_session_id)
response = send_question_to_ams(question, chat_session_id, jwt_token)
print(response + "\n")
if __name__ == "__main__":
main()
main()