How to become an IT princess

Every girl dreams of becoming a princess, to be the most beautiful, the most intelligent and be sure to meet the prince. Many marketers and PR sharks have enriched their companies by playing these simple girl dreams. The scope of IT, male and brutal, this phenomenon is also not spared. A well-known company launched a loud competition for the title of the title of IT-princess. All who heard and to whom it is interesting how it was, I invite under kat.

The competition was announced 3 stages. I will tell about the first.

1. Registration of participants and voting for the audience award

To take part in the competition it is enough to choose a pretty little photo and ... and that's it. Entry threshold for participation is zero. Audience Award in the form of a basket of cosmetics gets a lady who has collected the most likes. Attracting live traffic and clogging social networks with endless reposts is not the lot of princesses, so we launch Burp and see how it all works.

The voting page (/ itprincess / gallery /) reflects 6 participants and then scrolls with each ajax request and loads another six more. Voting is done by post-request with the ID of the required participant, but it is not fixed and generated for each new user session.
')
Examples of a request for voting pages:

GET /itprincess/gallery/ HTTP/1.1
Host: it.mail.ru
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: csrftoken=t4XRJ4J4EJYLqzVhL22pzHvPynzKkhMz; sessionid=jxtr3fljir54b9qn2liyl71tohr6n5ff;
Connection: keep-alive

, Cookie , , .

:

POST /itprincess/gallery/2 HTTP/1.1
Host: it.mail.ru
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://it.mail.ru/itprincess/gallery/
Content-Length: 52
Cookie: csrftoken=u7lS6UIww7Eppq9HVD66iS7i4ss6SO04; sessionid=sln1o1pivi5sl7mgezdqa8p6us59jhek
Connection: keep-alive

csrfmiddlewaretoken=u7lS6UIww7Eppq9HVD66iS7i4ss6SO04

, -. , — , html- ID. BeautifulSoup. , - User-Agent IP-. , , , .

def get_ua() user-agent ( 300 ) 1 . , , 2 : requesocks — request socks- stem — ( — ip-).

( 2 , , , ):

# -*- coding: UTF-8 -*-

import sys 
import urllib2
import requests
import requesocks as requests
import time
import random
from random import randint

#for tor sent signal
from stem import Signal
from stem.control import Controller

#for parsing html
from BeautifulSoup import BeautifulSoup

url = 'https://it.mail.ru/itprincess/gallery/'
proxy = {
         'http': 'socks5://127.0.0.1:9050',
         'https': 'socks5://127.0.0.1:9050',
        }

while 1:
    def get_ua():
        f = open('ualist.txt', 'rb')
        agents = f.readlines()
        return random.choice(agents).strip()

    ua=get_ua()

    headers_get = {
                 'User-agent': ua,
                 'Referer':'https://it.mail.ru/itprincess/gallery/'
                  }

    headers_post = {
                 'User-agent': ua,
                 'Referer':'https://it.mail.ru/itprincess/gallery/',
                 'X-Requested-With': 'XMLHttpRequest',
                 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
                  }

    r = requests.get(url, headers=headers_get, proxies=proxy, verify=False)

    # POST-   csrf-,    
    data = 'csrfmiddlewaretoken='+r.cookies['csrftoken']
    
    #     
    soup = BeautifulSoup(r.content)

    #  ,      -    ,      IT -      
    my_title = soup.find(title=u"  ")

    if my_title:
        #  id   
        id=my_title.parent.get('id')
        print id
        url_post = "https://it.mail.ru/itprincess/gallery/"+str(id)
        s = requests.post(url_post, headers=headers_post, cookies=r.cookies, data=data, proxies=proxy, verify=False)
        continue
    else :
        print 1

    #   ,   9051       
    # ,      root,     stem  exception 
    with Controller.from_port(port = 9051) as controller:
        controller.authenticate("16:872******************")
        controller.signal(Signal.NEWNYM)

    time.sleep(5)

ControlPort /etc/tor/torrc :

ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
HashedControlPassword 16:872*************

:

/etc/init.d/tor restart

1- - , . -, 2 .

, .

2.

- Python/Django, — , .. . , (/ , ) . multipart/form-data python .

, , , Guerilla Mail python-, API, .

? , . .