Python not sending HTTP POST request to correct URL

Question

I was lately making this ask.fm "spam" bot (no ask.fm doesn't have neither an IP limit nor a captcha to stop bots). So anyway, I made sure the url was correct, but every time I send the POST request to ask.fm/usernamehere it sends the request to ask.fm, I'm not sure why.

import urllib
import urllib2
print("What username do you want to spam?")
username = raw_input()
print("How many questions do you wanna spam?")
numQ = int(raw_input())
print("What is the question that you want to spam?")
Quest = raw_input()

url = "http://ask.fm/" + username
print(url)
for i in range(0, numQ):
    data = urllib.urlencode({'question[question_text]':Quest})
    headers = {
    'User-Agent' : 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 OPR/30.0.1835.59',
    'Host' : 'ask.fm',
    'Accept' : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Referer' : 'https://www.google.com.eg/',
    'Accept-Language' : 'en-GB,en-US;q=0.8,en;q=0.6'}
    req = urllib2.Request(url, data, headers)
    response = urllib2.urlopen(req)
    d = response.read()
    if(d.find("Your question has been sent") != -1):
        print("Successfully sent!")
    else:
        print("Failed to send!")
        print(d)

Basically there's no error, but the request is going to the wrong url, I've checked several times that the variable has the correct url, maybe it's redirecting? But how do I check redirects? And how would I make it act like as if the bot is a normal browser, I've already supplied the default headers for Opera.

Answer 1

I think with the help of this PHP library I know what the problem is. You're missing the authenticity token, so ask.fm believes your request is fake (because it is).

Assuming the PHP library works, this is what you need to do:

1. Scrape http://ask.fm to obtain the token you need to authenticate your request.

For example, if you open up the site in your browser, you'll find something like the following:

  var AUTH_TOKEN = "aNotgbm1V9WvBGr//it4N2vSfhSBSP6nGZkx7rrnNL0=";

The PHP lib does this by getting the whole page into a string and using the RegEx /(var AUTH_TOKEN = ")(.*)(";)/.

2. Include the token when you POST your question.

Change your code to something like

data = urllib.urlencode({
    'question[question_text]':Quest,
    'authenticity_token':authToken
})

Where authToken is of course a variable containing the string you scraped from the site (in this example, aNotgbm1V9WvBGr//it4N2vSfhSBSP6nGZkx7rrnNL0=).

The PHP also adds 'question[force_anonymous]':1. If the user sets $anon to true and they're logged in.

3. Change your POST URL to http://ask.fm/[username]/questions/create/

And that should be about it. I'd make sure you add all the HTTP headers the PHP lib uses as well:

CURLOPT_URL => "http://ask.fm/$nickname/questions/create/",  
CURLOPT_RETURNTRANSFER => 1,  
CURLOPT_CONNECTTIMEOUT => 10 ,  
CURLOPT_MAXREDIRS      => 10, 
CURLOPT_REFERER => "http://ask.fm/$nickname/",
CURLOPT_FOLLOWLOCATION => TRUE,  
CURLOPT_USERAGENT => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0',  
CURLOPT_HEADER => FALSE,  
CURLOPT_COOKIEJAR => "cookies.txt",  
CURLOPT_COOKIEFILE => "cookies.txt",  
CURLOPT_SSL_VERIFYPEER => FALSE,  
CURLOPT_SSL_VERIFYHOST => 2

BTW, this question shows a different usage of urllib2. Just in case it helps.