Programming Forums - View Single Post - Automatically Registering A Gmail Account

Sane · Nov 3rd, 2007, 4:26 PM

Hey guys, I'm having trouble making a script of mine automatically register for an account on Gmail.

Don't worry, my intentions aren't evil.

The URL is here: https://www.google.com/accounts/CreateAccount

I just need someone to help me confirm that my header and post data is correct... I've poured over it for hours upon hours, and am unable to find out why it's not working.

Relative Pretext:
- One may successfully register for an account on Gmail with javascript disabled
- One may successfully register for an account on Gmail with cookies disabled
- urllib2 automatically handles HTTPS

What Happens:
- I get the registration form thrown back at me asking me to re-enter the captcha, because I entered it incorrectly.

Problem:
- The captcha entered was the correct captcha's value from the registration form's captcha <img> tag.

Here is the debug information provided by urllib2. This shows the URL that was accessed, the exact raw data that was sent over the socket, and the response headers.

(Toggle Plain Text)

Header Portion of Request
POST /accounts/CreateAccount?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&type=2 HTTP/1.1\r\nHost: www.google.com\r\nAccept-language: en-us\r\nAccept-encoding: *\r\nContent-length: 1400\r\nContent-type: application/x-www-form-urlencoded\r\nConnection: close\r\nAccept: */*\r\nUser-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)\r\n\r\n

Post Data Portion of Request
rmShown=1&IdentityAnswer=6731234&selection=What+was+your+first+phone+number&PersistentCookie=yes&FirstName=Tim&LastName=O%27veily&program_policy_url=http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html&newaccounturl=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DgmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&privacy_policy_url=http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html&SecondaryEmail=&checkavail=check+availability%21&Email=tim.oveily&served_tos_location=CA&service=mail&Passwd=blahblahblah&requested_tos_language=en&ownquestion=None&smhhk=1&dsh=6566250601099324917&edk=gmail.com&submitbutton=I+accept.+Create+my+account.&served_tos_language=en&type=2&PasswdAgain=blahblahblah&loc=CA&smhck=1&hl=en&newaccounttoken_audio=AftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&change_location=Change&nshk=1&newaccountcaptcha=wudec&default_submit=&p=&newaccounturl_audio=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DAftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&t=null&newaccounttoken=gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&UsernameSelector=None

Reply Header Showing Success
HTTP/1.1 200 OK\r\nheader: Set-Cookie: GoogleAccountsLocale_session=en\r\nheader: Content-Type: text/html; charset=UTF-8\r\nheader: Transfer-Encoding: chunked\r\nheader: Cache-control: private\r\nheader: Date: Sat, 03 Nov 2007 21:03:57 GMT\r\nheader: Server: GFE/1.3\r\nheader: Connection: Close\r\n\r\n

Header Portion of Request
POST /accounts/CreateAccount?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&type=2 HTTP/1.1\r\nHost: www.google.com\r\nAccept-language: en-us\r\nAccept-encoding: *\r\nContent-length: 1400\r\nContent-type: application/x-www-form-urlencoded\r\nConnection: close\r\nAccept: */*\r\nUser-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)\r\n\r\n

Post Data Portion of Request
rmShown=1&IdentityAnswer=6731234&selection=What+was+your+first+phone+number&PersistentCookie=yes&FirstName=Tim&LastName=O%27veily&program_policy_url=http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html&newaccounturl=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DgmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&privacy_policy_url=http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html&SecondaryEmail=&checkavail=check+availability%21&Email=tim.oveily&served_tos_location=CA&service=mail&Passwd=blahblahblah&requested_tos_language=en&ownquestion=None&smhhk=1&dsh=6566250601099324917&edk=gmail.com&submitbutton=I+accept.+Create+my+account.&served_tos_language=en&type=2&PasswdAgain=blahblahblah&loc=CA&smhck=1&hl=en&newaccounttoken_audio=AftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&change_location=Change&nshk=1&newaccountcaptcha=wudec&default_submit=&p=&newaccounturl_audio=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DAftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&t=null&newaccounttoken=gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&UsernameSelector=None

Reply Header Showing Success
HTTP/1.1 200 OK\r\nheader: Set-Cookie: GoogleAccountsLocale_session=en\r\nheader: Content-Type: text/html; charset=UTF-8\r\nheader: Transfer-Encoding: chunked\r\nheader: Cache-control: private\r\nheader: Date: Sat, 03 Nov 2007 21:03:57 GMT\r\nheader: Server: GFE/1.3\r\nheader: Connection: Close\r\n\r\n

The HTML of the reply:
- It is the registration form again
- It has all of the correct data (IE 'tim.oreily@gmail.com') entered into the fields already
- It is missing the fields for the password and captcha
- It says the captcha was incorrectly entered, and the password should be re-entered.

The contradiction:
- The "newaccounttoken" variable in the POST data is "gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw"
- This token represents the URL: https://www.google.com/accounts/Capt...Kp5gvXrBOucOuw
- At the time of registering, this was the URL used by the captcha's <img> tag
- This captcha, after visiting the registration form, was visited and confirmed by me to say "wudec"
- The value "wudec" is consistent with the POST variable "newaccountcaptcha" in my request

Furthermore:
- I know the "newaccountcaptcha" variable was sent intact, because the reply I got contained new HTML that was not there before:

(Toggle Plain Text)

<input type="hidden" name="newaccountcaptcha" value="wudec">

Could someone confirm that I'm sending this data correctly? Double check my logic? Maybe I don't know the HTTP as well as I should for this.

Thanks in advance for your time reading this long post.

Nov 3rd, 2007, 4:26 PM	#1
Sane Programming Guru Join Date: Apr 2005 Location: Waterloo, Ontario Posts: 1,835 Rep Power: 5	Automatically Registering A Gmail Account Hey guys, I'm having trouble making a script of mine automatically register for an account on Gmail. Don't worry, my intentions aren't evil. The URL is here: https://www.google.com/accounts/CreateAccount I just need someone to help me confirm that my header and post data is correct... I've poured over it for hours upon hours, and am unable to find out why it's not working. Relative Pretext: - One may successfully register for an account on Gmail with javascript disabled - One may successfully register for an account on Gmail with cookies disabled - urllib2 automatically handles HTTPS What Happens: - I get the registration form thrown back at me asking me to re-enter the captcha, because I entered it incorrectly. Problem: - The captcha entered was the correct captcha's value from the registration form's captcha <img> tag. Here is the debug information provided by urllib2. This shows the URL that was accessed, the exact raw data that was sent over the socket, and the response headers. (Toggle Plain Text) Header Portion of Request POST /accounts/CreateAccount?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&type=2 HTTP/1.1\r\nHost: www.google.com\r\nAccept-language: en-us\r\nAccept-encoding: \r\nContent-length: 1400\r\nContent-type: application/x-www-form-urlencoded\r\nConnection: close\r\nAccept: /\r\nUser-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)\r\n\r\n Post Data Portion of Request* rmShown=1&IdentityAnswer=6731234&selection=What+was+your+first+phone+number&PersistentCookie=yes&FirstName=Tim&LastName=O%27veily&program_policy_url=http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html&newaccounturl=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DgmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&privacy_policy_url=http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html&SecondaryEmail=&checkavail=check+availability%21&Email=tim.oveily&served_tos_location=CA&service=mail&Passwd=blahblahblah&requested_tos_language=en&ownquestion=None&smhhk=1&dsh=6566250601099324917&edk=gmail.com&submitbutton=I+accept.+Create+my+account.&served_tos_language=en&type=2&PasswdAgain=blahblahblah&loc=CA&smhck=1&hl=en&newaccounttoken_audio=AftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&change_location=Change&nshk=1&newaccountcaptcha=wudec&default_submit=&p=&newaccounturl_audio=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DAftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&t=null&newaccounttoken=gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&UsernameSelector=None Reply Header Showing Success HTTP/1.1 200 OK\r\nheader: Set-Cookie: GoogleAccountsLocale_session=en\r\nheader: Content-Type: text/html; charset=UTF-8\r\nheader: Transfer-Encoding: chunked\r\nheader: Cache-control: private\r\nheader: Date: Sat, 03 Nov 2007 21:03:57 GMT\r\nheader: Server: GFE/1.3\r\nheader: Connection: Close\r\n\r\n Header Portion of Request POST /accounts/CreateAccount?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&type=2 HTTP/1.1\r\nHost: www.google.com\r\nAccept-language: en-us\r\nAccept-encoding: \r\nContent-length: 1400\r\nContent-type: application/x-www-form-urlencoded\r\nConnection: close\r\nAccept: /\r\nUser-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)\r\n\r\n Post Data Portion of Request rmShown=1&IdentityAnswer=6731234&selection=What+was+your+first+phone+number&PersistentCookie=yes&FirstName=Tim&LastName=O%27veily&program_policy_url=http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html&newaccounturl=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DgmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&privacy_policy_url=http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html&SecondaryEmail=&checkavail=check+availability%21&Email=tim.oveily&served_tos_location=CA&service=mail&Passwd=blahblahblah&requested_tos_language=en&ownquestion=None&smhhk=1&dsh=6566250601099324917&edk=gmail.com&submitbutton=I+accept.+Create+my+account.&served_tos_language=en&type=2&PasswdAgain=blahblahblah&loc=CA&smhck=1&hl=en&newaccounttoken_audio=AftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&change_location=Change&nshk=1&newaccountcaptcha=wudec&default_submit=&p=&newaccounturl_audio=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DAftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&t=null&newaccounttoken=gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&UsernameSelector=None Reply Header Showing Success HTTP/1.1 200 OK\r\nheader: Set-Cookie: GoogleAccountsLocale_session=en\r\nheader: Content-Type: text/html; charset=UTF-8\r\nheader: Transfer-Encoding: chunked\r\nheader: Cache-control: private\r\nheader: Date: Sat, 03 Nov 2007 21:03:57 GMT\r\nheader: Server: GFE/1.3\r\nheader: Connection: Close\r\n\r\n The HTML of the reply: - It is the registration form again - It has all of the correct data (IE 'tim.oreily@gmail.com') entered into the fields already - It is missing the fields for the password and captcha - It says the captcha was incorrectly entered, and the password should be re-entered. The contradiction: - The "newaccounttoken" variable in the POST data is "gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw" - This token represents the URL: https://www.google.com/accounts/Capt...Kp5gvXrBOucOuw - At the time of registering, this was the URL used by the captcha's <img> tag - This captcha, after visiting the registration form, was visited and confirmed by me to say "wudec" - The value "wudec" is consistent with the POST variable "newaccountcaptcha" in my request Furthermore: - I know the "newaccountcaptcha" variable was sent intact, because the reply I got contained new HTML that was not there before: (Toggle Plain Text) <input type="hidden" name="newaccountcaptcha" value="wudec"> <input type="hidden" name="newaccountcaptcha" value="wudec"> Could someone confirm that I'm sending this data correctly? Double check my logic? Maybe I don't know the HTTP as well as I should for this. Thanks in advance for your time reading this long post. Last edited by Sane; Nov 3rd, 2007 at 4:38 PM.*