1、场景
1)用户输入完网址后,浏览器直接弹出需要输入用户名/密码
PS:此时输入用户名密码即可登录,或者直接带着用户名密码访问网站。
假设url为http://xxx.yyy.zzz
用户名为admin
密码为123456
则访问的网址应该为http://admin:123456@xxx.yyy.zzz【http://username:password@url】
直接访问改网址即可
2)利用requests.get(url)返回状态码为401
#-*- encoding=utf-8 -*-
importrequestsif __name__ == '__main__':
url= 'http://xxxxx.yyyyyy'response= requests.get(url=url)
status_code=response.status_codeprintstatus_code
text=response.textprint text
运行
401
401 - Unauthorized: Access is denied due to invalid credentials.Server Error
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
2、HTTP基础验证
这是一种简单的身份认证,它是通过http的authorization请求头中,携带经过base64加密的用户名和密码而实现的一种认证
#-*- encoding=utf-8 -*-
importrequestsfrom requests.auth importHTTPBasicAuthif __name__ == '__main__':
url= 'http://xxx.yyy.zzz'user= 'admin'password= '123456'response= requests.get(url=url, auth=HTTPBasicAuth(user, password))#或者
#response = requests.get(url=url, auth=(user, password))
print response.status_code
3、摘要式身份认证
#-*- encoding=utf-8 -*-
importrequestsfrom requests.auth importHTTPDigestAuthif __name__ == '__main__':
url= 'http://xxx.yyy.zzz'user= 'admin'password= '123456'response= requests.get(url, auth=HTTPDigestAuth(user, password))print response.status_code
如果2和3都不行,还是返回401,此时可以试试第4种
使用2和3依旧返回401,此时可以print出response.headers看一下
#-*- encoding=utf-8 -*-
importrequestsfrom requests.auth importHTTPDigestAuthif __name__ == '__main__':
url= 'http://xxx.yyy.zzz'user= 'admin'password= '123456'response= requests.get(url, auth=HTTPDigestAuth(user, password))printresponse.status_codeprint response.headers
运行
401{'Content-Length': '', 'X-Powered-By': 'ASP.NET', 'Server': 'Microsoft-IIS/7.5', 'Date': 'Fri, 05 Jun 2020 05:36:23 GMT', 'Content-Type': 'text/html', 'WWW-Authenticate': 'Negotiate, NTLM'}
打印后可看到headers中带有字样'WWW-Authenticate': 'Negotiate, NTLM',表示需要ntlm验证,此时尝试使用第4种
4、ntlm验证
#-*- encoding=utf-8 -*-
importrequestsfrom requests_ntlm importHttpNtlmAuthif __name__ == '__main__':
url= 'http://xxx.yyy.zzz'user= 'admin'password= '123456'response= requests.get(url, auth=HttpNtlmAuth(user, password))printresponse.status_codeprint response.headers