Fix cookie login

[cerg2010cerg2010]

Woke up this morning and tried to log in.

Everything worked fine at the beginning, however it was constanly asking me for two-factor code. Well, I didn't care, but after a while the status variable started to receive code 2, which indicated that I had to type in captcha code, I was getting the Recaptcha exception, so I had to fix this somehow. Someone suggested that using token-only auth should fix the issue, but later I needed to use an API that is only present in web version, so I needed a cookie login to get working.

Using this wonderful repo I figured out what the fields in the response mean, added a captcha call in the code, and it started to pass after that.

However it wasn't enough. Although the remixsid was valid, I wasn't able to get the access_token in the _api_login function. I was getting a weird redirect to a webpage that had "grant" button. So with the help of Firefox's network logger I was able to reconstruct the algorithm, but it was painful to implement it in Python because connect_internal method was giving me a wrong_host error. After hours of checking for mistakes in the traffic I figured out that it looks at Origin: header value - setting it explicitly to id.vk.com fixed the issue and I was finally able to log in!

The only issue left is check_sid function. It turns out that feed2.php is completely broken now - it always gives you ID of -1 even though you logged in in the browser. feed.php works fine though - it redirects you to login page if you have incorrect credentials.

[python273]

And security check:

 0.14 GET https://vk.com/settings ... None 307 [] 
 0.15 GET https://login.vk.com/?act=migrate_cookies&from= ... None 302 [] 
 0.47 GET https://login.vk.ru/?act=restore_cookies&c_hash= ... None 302 [] 
 0.45 GET https://vk.com/settings ... None 200 [] 

It would be good to look into making it more reliable and check if possible to avoid all the redirects