No need to use Browser Enignes like Selenium, Puppeteer, etc. At least for such task like Twitter Login.
You can use packet analyzer (sniffer), xNet library, Microsoft.ClearScript, your hands and brains.
And my advices, for sure
All the instructions below are described for C#, but can be implemented with another languages as well.
1. At first you need to learn, how to use library for sending HTTP-requests like xNet.
Here is fork (Leaf.xNet), that is much stronger than old xNet. Also its up to date, currently.
Here is repo: https://github.com/csharp-leaf/Leaf.xNet
2. You need to sniff the requests of all the login process.
You can use browser debbuger (CTRL+SHIFT+I, tab "Network"), or you can use standalone sniffers.
Friendly and easy-to-use sniffers are:
- HttpDebugger Pro (there is 7 days trial for free, or you can google for cracked version); // this one is the easiest one to sniff and resumbit requests. But search-functions is poor. After installing you need to press at "SSL sertificates setup" and agree with all boxes that sniffer will show. It taks 1 minute, and its all the setup that you need to do.
- HttpAnalyzer (not for free, but you can google for cracked version); // this one similart to HttpDebugger, but its abit harder to use than HttpDebugger. It's not so beautiful as HttpDebugger, but its still useful. And search-function much better.
Not so easy, but still good sniffers are:
- Fiddler (it's free); // it's very good sniffer, but harder to work with; Also this one needs to setup it's proxy to catch all the needed requests perfectly. It shows much more details, and can be modified as you want. Recommended, but not for a first use.
- Charles (it's not free, but you can use it for free with 30-sec delay at start); // this one very good as well, but as welll as Fiddler it requires to setup it's proxy, and SSL settings. It can show you SSL side of request (such as TLS version, SSL Cipher Suites, etc).
- Wireshark; // this one for crazy guys, that want to sniff every network packet on your PC. Very-very strong tools, but, as first one, i would not recommend you to use it.
3. If you use standalone sniffer -- open and start it first.
4. Then go to browser and open incognito tab.
5. (if you want to use browser-debbuger) press CTRL+SHIFT+I.
6. Go to twitter.com
7. Login the account as you usually do manually in browser.
8. Save the logs that you have in sniffer (to let you work with this file later and compare with requests of your software).
9. Any token or hash you can try to find using sniffer in your logs. 90% of times you will find needed value and you will see which request contains it.
I will not describe all the process, because there will be alot of info.
But, shortly, about tokens:
- Header "Authorization" - most of times is static. But even if it changes sometime, you can find it in one of .js requests (GET-requests).
Currently the value of this token is "AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA"
- Header "x-csrf-token" you can parse as well from one of requests
- "Ui_metrics" - this god damn parameter you can not parse. This one is generated by js in browser.
But, if you know the JS, you can get needed functions from js, and, using Microsoft.ClearScript library (or Noesis.Javascript, or Jint, or another JS-engine) -- it can be done.
I will not show you how, because each one has to do it by himself.
10. And you will have the login function, that eats less resoureces, than browser engine. And can be used with 300-500 threads as well. And will be much faster, of course, than browser.
And a few more advices:
- Compare HTTP-Headers properly. All are have to be same as in browser. Don't forget about "Sec-Fetch"-headers, etc.
- Compare with different User-Agents. Twitter has different requests and tokens depending on your user-agent. Chrome and Firefox will show you different stuff.
- Always save the HTTP-logs, its much better, then recording each time the new one.
- Don't forget about "middle" requests. It have not to be only 2 requests: GET main page and POST login-pass data; There is alot of another requests, that you need to send as well
- Always check cookies. If the request is unworking for some reason, and you don't know why: look firstly at cookies that you send. Most of times there will be some missing values, comparing to original request.
If this note was useful for you - leave a like plese.
If you want some software for Twitter - you can order it from me, i have alot of expirience with this site.
Later on 2022 i was planning to create my own marketplace topic, and provide coding services for members of this forum.
Also, let me know, if you need some other C#\sniff notes from me.
Have a Happy New Year everyone
