Programming Forums

Programming Forums (http://www.programmingforums.org/forumindex.php)
-   Python (http://www.programmingforums.org/forum43.html)
-   -   Automatically Registering A Gmail Account (http://www.programmingforums.org/showthread.php?t=14324)

Sane Nov 3rd, 2007 4:26 PM
Automatically Registering A Gmail Account
 
Hey guys, I'm having trouble making a script of mine automatically register for an account on Gmail.

Don't worry, my intentions aren't evil. :$

The URL is here: https://www.google.com/accounts/CreateAccount

I just need someone to help me confirm that my header and post data is correct... I've poured over it for hours upon hours, and am unable to find out why it's not working.

Relative Pretext:
- One may successfully register for an account on Gmail with javascript disabled
- One may successfully register for an account on Gmail with cookies disabled
- urllib2 automatically handles HTTPS

What Happens:
- I get the registration form thrown back at me asking me to re-enter the captcha, because I entered it incorrectly.

Problem:
- The captcha entered was the correct captcha's value from the registration form's captcha <img> tag.

Here is the debug information provided by urllib2. This shows the URL that was accessed, the exact raw data that was sent over the socket, and the response headers.

:
Header Portion of Request
POST /accounts/CreateAccount?service=mail&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&type=2 HTTP/1.1\r\nHost: www.google.com\r\nAccept-language: en-us\r\nAccept-encoding: *\r\nContent-length: 1400\r\nContent-type: application/x-www-form-urlencoded\r\nConnection: close\r\nAccept: */*\r\nUser-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)\r\n\r\n

Post Data Portion of Request
rmShown=1&IdentityAnswer=6731234&selection=What+was+your+first+phone+number&PersistentCookie=yes&FirstName=Tim&LastName=O%27veily&program_policy_url=http%3A%2F%2Fmail.google.com%2Fmail%2Fhelp%2Fprogram_policies.html&newaccounturl=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DgmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&privacy_policy_url=http%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fprivacy.html&SecondaryEmail=&checkavail=check+availability%21&Email=tim.oveily&served_tos_location=CA&service=mail&Passwd=blahblahblah&requested_tos_language=en&ownquestion=None&smhhk=1&dsh=6566250601099324917&edk=gmail.com&submitbutton=I+accept.+Create+my+account.&served_tos_language=en&type=2&PasswdAgain=blahblahblah&loc=CA&smhck=1&hl=en&newaccounttoken_audio=AftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&change_location=Change&nshk=1&newaccountcaptcha=wudec&default_submit=&p=&newaccounturl_audio=https%3A%2F%2Fwww.google.com%2Faccounts%2FCaptcha%3Fctoken%3DAftDX-SM_8UmkQi3lETC-aLodrazoX58d7uy8ReaQbgn6WfV8vQu5rOzt89gzpIk%3A6jqty9WxWkskjI1r57pPhA&continue=http%3A%2F%2Fmail.google.com%2Fmail%2Fe-11-109261412b2ba1b86fe6f7540c0a0915-87808d66b2f17471a9e7c89689534c17152e4c60&t=null&newaccounttoken=gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw&UsernameSelector=None

Reply Header Showing Success
HTTP/1.1 200 OK\r\nheader: Set-Cookie: GoogleAccountsLocale_session=en\r\nheader: Content-Type: text/html; charset=UTF-8\r\nheader: Transfer-Encoding: chunked\r\nheader: Cache-control: private\r\nheader: Date: Sat, 03 Nov 2007 21:03:57 GMT\r\nheader: Server: GFE/1.3\r\nheader: Connection: Close\r\n\r\n

The HTML of the reply:
- It is the registration form again
- It has all of the correct data (IE 'tim.oreily@gmail.com') entered into the fields already
- It is missing the fields for the password and captcha
- It says the captcha was incorrectly entered, and the password should be re-entered.

The contradiction:
- The "newaccounttoken" variable in the POST data is "gmaZxhjXZAoRl1UaJ3ofVf4e9JxsCYqvzfoOD6UCnRT0Yrby8vK0B0PbbN9VlTsV%3AYkbaUYhrKp5gvXrBOucOuw"
- This token represents the URL: https://www.google.com/accounts/Capt...Kp5gvXrBOucOuw
- At the time of registering, this was the URL used by the captcha's <img> tag
- This captcha, after visiting the registration form, was visited and confirmed by me to say "wudec"
- The value "wudec" is consistent with the POST variable "newaccountcaptcha" in my request

Furthermore:
- I know the "newaccountcaptcha" variable was sent intact, because the reply I got contained new HTML that was not there before:
:
<input type="hidden" name="newaccountcaptcha" value="wudec">

Could someone confirm that I'm sending this data correctly? Double check my logic? Maybe I don't know the HTTP as well as I should for this.

Thanks in advance for your time reading this long post. :S

Jessehk Nov 3rd, 2007 6:03 PM
Re: Automatically Registering A Gmail Account
 
A kitten dies every time somebody tries to automate a site registration. :( ;)

Sane Nov 3rd, 2007 6:13 PM
Re: Automatically Registering A Gmail Account
 
Well, gmail is making it very difficult to keep any-o'-those kittens alive then. :icon_wink:

grumpy Nov 3rd, 2007 10:06 PM
Re: Automatically Registering A Gmail Account
 
The reason your script isn't working is probably that your script is assuming the server has fixed behaviour but the server is keeping track of state and has some elements of dynamic behaviour, so it recognises that the data you are sending is spoofed or hacked (i.e. it is not actually being typed in by a user) regardless of how you modify your headers.

That is actually the purpose of schemes, such as the one you're trying to bypass. Automated registration is the one of the first goals of spammers.

Sane Nov 4th, 2007 7:38 AM
Re: Automatically Registering A Gmail Account
 
Grumpy, I was thinking that too originally. But figured out that's not the case.

When my script downloads the first registration form, I saved that to a file. I opened that file locally, entered all of the information in manually, clicked submit, and the account was created.

Also, all of the post data I'm sending is parsed dynamically from the registration form. So that aspect of dynamic behaviour has its solution.

The reason I can't just capture that network packet and compare it to my urllib debug information is because that's sent https. Maybe I should look into how to decode an https packet.

titaniumdecoy Nov 4th, 2007 2:09 PM
Re: Automatically Registering A Gmail Account
 
The engineers at Google have done everything possible to prevent automated Gmail registrations. The engineers at Google are very, very smart. It is therefore highly unlikely that you will find a way to successfully automate Gmail registrations.

DaWei Nov 4th, 2007 4:30 PM
Re: Automatically Registering A Gmail Account
 
I don't like this thread. It's very marginal when it comes up against the rules regarding discussions of "hacking". While it isn't concerned with actual hacking, it is an attempt to bypass protections put in place by the target.

I'm not going to issue an infraction, but I'm going to close this thread to further discussion. Feel free to appeal my unilateral decision.


All times are GMT -5. The time now is 12:45 AM.

Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC