CSRF Token is missing when logging in

[asarra]

Traceback (most recent call last): self.csrf_token = cookie_jar['csrftoken'] KeyError: 'csrftoken'

response.cookies is empty and therefore the csrftoken cannot be extracted. I tried it with proxies, as well, but that still didn't solve it.

It seems like IG changed something on their end once again. I have tried other active instagram libraries from github as well. Always same result.

[b31ngd3v]

Still working for me, can you give me more details about the error (like the line number) ?

[asarra]

Sure. Traceback (most recent call last): File "c:\Users\name\Desktop\Youtube script\instagram3.py", line 11, in bot = ig("name", "pw", proxy=proxies) File "c:\languages\lib\site-packages\myigbot__init.py", line 61, in init__ self.csrf_token = cookie_jar['csrftoken'] KeyError: 'csrftoken'

[asarra]

Btw. I shortened MyIGBot to ig. "from myigbot import MyIGBot as ig"

[asarra]

I put a print(json_data) in the init() of MyIGBot and I am getting this:

{'message': '', 'two_factor_required': True, 'two_factor_info': {'username': 'Something', 'sms_two_factor_on': False, 'totp_two_factor_on': True, 'obfuscated_phone_number': '', 'two_factor_identifier': 'Something', 'show_messenger_code_option': False, 'show_new_login_screen': True, 'show_trusted_device_option': True, 'should_opt_in_trusted_device_option': True, 'pending_trusted_notification': False, 'sms_not_allowed_reason': None, 'phone_verification_settings': {'max_sms_count': 2, 'resend_sms_delay_sec': 60, 'robocall_count_down_time_sec': 30, 'robocall_after_max_sms': True}}, 'phone_verification_settings': {'max_sms_count': 2, 'resend_sms_delay_sec': 60, 'robocall_count_down_time_sec': 30, 'robocall_after_max_sms': True}, 'status': 'fail', 'error_type': 'two_factor_required'}

Seems like it wants me to use two factor auth., but in the init() it does that process later when it is already too late.

[b31ngd3v]

Sure. Traceback (most recent call last): File "c:\Users\name\Desktop\Youtube script\instagram3.py", line 11, in bot = ig("name", "pw", proxy=proxies) File "c:\languages\lib\site-packages\myigbotinit.py", line 61, in init self.csrf_token = cookie_jar['csrftoken'] KeyError: 'csrftoken'

I just updated the repo (not the package) can you clone this again and try?

[asarra]

Sure. Here's the traceback: File "c:\languages\lib\site-packages\myigbot__init.py", line 181, in init__ self.sessionid = login_response.headers['Set-Cookie'].split('sessionid=')[1].split(';')[0] IndexError: list index out of range

[asarra]

I printed login_response.headers['Set-Cookie'] and this was the ouput:

csrftoken=""; Domain=instagram.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/, csrftoken=""; Domain=.instagram.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/, csrftoken=""; Domain=i.instagram.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/, csrftoken=""; Domain=.i.instagram.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/, csrftoken=""; Domain=www.instagram.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/, csrftoken=""; Domain=.www.instagram.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/, csrftoken=""; expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/

There is no sessionid anywhere. Thus it cannot be splitted.

[asarra]

Ok, I have found more information now. It goes the two factor required way, BUT it stops and skips when it tries to assign the cookie_jar elements to the class attributes. Which means that the cookie_jar is still empty and we're back where we started :D

        try:
            if json_data["two_factor_required"]:

                self.ig_nrcb = cookie_jar['ig_nrcb']
                self.ig_did = cookie_jar['ig_did']
                self.mid = cookie_jar['mid']

[asarra]

This one is a bit off-topic, but might be related.

Inside MyIGBot we have: payload = { 'username': self.username, 'enc_password': f'#PWD_INSTAGRAM_BROWSER:0:{time_now}:{self.password}', 'queryParams': {}, 'optIntoOneTap': 'false' }

self.password is the password itself without going through an encryption process. I was analyzing the Instagram traffic with Fiddler and found that enc_password was encrypted with aes 256.

Here they're going more in-depth about it: https://stackoverflow.com/questions/62076725/instagram-enc-password-generation

[asarra]

Turns out, it was not off-topic, but important for it to work lol.

I modified your code and took the encrypted password and put into payload's enc_param as self.password.

Now I am getting: [✗] Login Failed! {"user": true, "authenticated": false, "status": "ok"}

At least some progress

[asarra]

I have some positive news again. I have been trying to shrink the request from the analyzing tool. The following code gives me a new csrftoken, id_did and mid!

import requests link = 'https://www.instagram.com/'

headers = { "User-Agent": "", "Cookie": 'ig_cb=2', }

response = requests.get(link, headers=headers) print(response.cookies)

[m2083902]

ho are you your ar e f rom github dont ever text me again

În lun., 28 dec. 2020 la 20:48, asarra notifications@github.com a scris:

I have some positive news again. I have been trying to shrink the request from the analyzing tool. The following code gives me a new csrftoken, id_did and mid!

import requests link = 'https://www.instagram.com/'

headers = { "User-Agent": "", "Cookie": 'ig_cb=2', }

response = requests.get(link, headers=headers) print(response.cookies)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/b31ngD3v/MyIGBot/issues/19#issuecomment-751826456, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASHTGIXN7GCMZTCMJDYHWQ3SXDHHTANCNFSM4VMFDFSQ .

[asarra]

Ok, I have solved it and optimised the code on the way. I will make a pull request once I am done integrating it to my main bot and look at the differences between mine and your version. Btw. "self.ig_nrcb = cookie_jar['ig_nrcb']" is not needed. Not sure why it is in there.