{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 淡お忘 的问题《How to login to Instagram website using IdHTTP in》','https://www.manongdao.com/q-423904.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to login to instagram website using idhttp in Delphi. I used google chrome developer tools to get the data and this is what I've tried so far..
procedure TForm1.Button1Click(Sender: TObject);
var
lHTTP: TIdHTTP;
S,M : TStrings;
IdSSL: TIdSSLIOHandlerSocketOpenSSL;
begin
S := TStringList.Create;
S.Add('username :' +Edit1.Text);
S.Add('password :'+ Edit2.Text);
lHTTP := TIdHTTP.Create(nil);
lHTTP.ReadTimeout := 30000;
lHTTP.HandleRedirects := True;
IdSSL := TIdSSLIOHandlerSocketOpenSSL.Create(lHTTP);
IdSSL.SSLOptions.Method := sslvTLSv1;
IdSSL.SSLOptions.Mode := sslmClient;
lHTTP.IOHandler := IdSSL;
lHTTP.Request.CustomHeaders.Add('x-csrftoken:'+ Edit3.Text);
lHTTP.Request.CustomHeaders.Add('x-instagram-ajax:1');
lHTTP.Request.CustomHeaders.Add(' x-requested-with:XMLHttpRequest');
lHTTP.Request.CustomHeaders.Add('referer:https://www.instagram.com/');
lHTTP.Request.ContentType := 'application/x-www-form-urlencoded';
lHTTP.Request.UserAgent := 'Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.76 Mobile Safari/537.36';
lHTTP.Post('https://www.instagram.com/accounts/login/ajax/', S);
Memo1.Lines.Add(lHTTP.Request.ToString);
end;
I get the access token manually for now, just to test the code. I get HTTP/1.1 403 Forbidden. !
UPDATE
This is the cookies information..
Response Headers
set-cookie:csrftoken=e3YbQ1FobxgMGcLHRAkj****ML97psae; expires=Tue, 20-Jun-2017 19:09:21 GMT; Max-Age=31449600; Path=/
set-cookie:s_network=; expires=Tue, 21-Jun-2016 20:09:21 GMT; Max-Age=3600; Path=/
set-cookie:sessionid=IGSC3074cea6684a55981cc30d3c5222ed9e4675db0aa4665d3f5b7ed4ae09be01b6%3AugN5uNRztrtVarx6LuheBkv5tNuaVHrL%3A%7B%22_token_ver%22%3A2%2C%22_auth_user_id%22%3A348733484%2C%22_token%22%3A%22348733484%3A6dXogo2jTCkOf29JEUxHavzxqp9iUOr4%3Aa4f855cabbd5c5d2999538a8ec9093c6a59af65e7306998a5647341bdd691158%22%2C%22asns%22%3A%7B%225.37.149.220%22%3A28885%2C%22time%22%3A1466536160%7D%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22last_refreshed%22%3A1466536160.338314%2C%22_platform%22%3A4%2C%22_auth_user_hash%22%3A%22%22%7D; expires=Mon, 19-Sep-2016 19:09:21 GMT; httponly; Max-Age=7776000; Path=/
set-cookie:ds_user_id=348733***; expires=Mon, 19-Sep-2016 19:09:21 GMT; Max-Age=
Request Headers
set-cookie:sessionid=IGSC3074cea6684a55981cc30d3c5222ed9e4675db0aa4665d3f5b7ed4ae09be01b6%3AugN5uNRztrtVarx6LuheBkv5tNuaVHrL%3A%7B%22_token_ver%22%3A2%2C%22_auth_user_id%22%3A348***484%2C%22_token%22%3A%22348733484%3A6dXogo2jTCkOf29JEUxHavzxqp9iUOr4%3Aa4f855cabbd5c5d2999538a8ec9093c6a59af65e7306998a5647341bdd691158%22%2C%22asns%22%3A%7B%225.37.149.220%22%3A28885%2C%22time%22%3A1466536160%7D%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22last_refreshed%22%3A1466536160.338314%2C%22_platform%22%3A4%2C%22_auth_user_hash%22%3A%22%22%7D; expires=Mon, 19-Sep-2016 19:09:21 GMT; httponly; Max-Age=7776000; Path=/
set-cookie:ds_user_id=348733***; expires=Mon, 19-Sep-2016 19:09:21 GMT; Max-Age=7776000; Path=/
You are not populating the
TStringListcorrectly. You need to use=instead of:as thename=valuedelimiter. Same withCustomHeaders.Add(). In the latter case, I would suggest usingCustomHeaders.Values[]instead.You also should be using the
Request.Refererproperty instead ofCustomHeaders.Add().It is not uncommon to need to first request the HTML page that contains the login form before submitting the actual login, so that any cookies associated with the HTML can be captured and submitted with the login form. Instagram is no different.
Also,
Request.ToString()is meaningless, you should not be using that at all.And lastly, you are leaking the objects that you create.
With that said, try this instead:
Here is the resulting HTTP dialog for the two requests 1:
1: I don't have an Instagram account, which is why the login is not authenticated in this example. But as you can see below, the code is still able to receive an HTTP 200 response with JSON data from the login POST.
HTTP/1.1 200 OK Strict-Transport-Security: max-age=86400 Content-Language: en Expires: Sat, 01 Jan 2000 00:00:00 GMT Vary: Cookie, Accept-Language Pragma: no-cache Cache-Control: private, no-cache, no-store, must-revalidate Date: Tue, 21 Jun 2016 20:06:57 GMT Content-Type: application/json Set-Cookie: csrftoken=<token>; expires=Tue, 20-Jun-2017 20:06:57 GMT; Max-Age=31449600; Path=/ Connection: close Content-Length: <json byte length> {"status": "ok", "authenticated": false, "user": "<user>"}