WEBVTT 00:01.180 --> 00:05.190 First, let's just make an empty folder for our project to be inside. 00:05.200 --> 00:06.340 So make dir. 00:06.610 --> 00:10.330 Let's call it cookie off scraper. 00:11.260 --> 00:16.330 Let's open it up in Visual Studio code and let's add some packages. 00:17.190 --> 00:23.400 So here we have a totally empty directory opened up in Visual Studio code and let's add. 00:25.200 --> 00:28.680 Request and request promise. 00:32.680 --> 00:35.470 Now let's create a index.js file. 00:35.860 --> 00:37.270 Index.js. 00:37.450 --> 00:39.760 And let's start making some requests. 00:40.030 --> 00:42.100 So const request. 00:43.020 --> 00:43.890 Require. 00:44.580 --> 00:46.080 Quest Promise. 00:47.600 --> 00:55.160 And let's make an async function, let's call it main and let's call Main down here in the bottom. 00:56.210 --> 01:05.570 So we can say const result request dot get and we need to get the first from page in order to get our 01:05.570 --> 01:09.980 cookies set inside of request so that we can do the login request. 01:09.980 --> 01:16.160 Because remember, if we don't have the cookies set, the logging is going to say 403 forbidden. 01:16.640 --> 01:20.330 So let's go and say the site was called. 01:21.560 --> 01:23.780 Intern Shalako. 01:26.660 --> 01:27.710 And. 01:28.580 --> 01:37.970 Let's go and say, Hey, wait here and let's go and also and get the login URL we found inside Chrome 01:37.970 --> 01:38.780 Tools. 01:38.870 --> 01:40.610 This post here. 01:41.730 --> 01:50.340 Let's do that after and we say log in result await request post. 01:50.550 --> 01:57.630 We have the URL here and we also need to pass in my username and password. 01:57.630 --> 02:01.440 So we have email and my password here. 02:01.830 --> 02:06.210 So we have a comma and then we can say form. 02:07.250 --> 02:10.650 Equals email. 02:11.930 --> 02:12.800 My email. 02:15.140 --> 02:16.250 Password. 02:17.420 --> 02:18.050 This one. 02:19.490 --> 02:21.410 Okay, let's see how that fares. 02:21.440 --> 02:22.790 Let's try Node. 02:22.820 --> 02:24.410 Node Index.js. 02:25.190 --> 02:26.480 And let's see what happens. 02:27.170 --> 02:31.400 So we get a status code for all three. 02:31.520 --> 02:33.510 Why do we get a full three? 02:33.530 --> 02:38.170 Well, because we're not saving the cookies at all inside of request. 02:38.180 --> 02:41.660 So let's try and say defaults. 02:43.030 --> 02:47.500 And then have a curly brace and say char equals to true. 02:47.920 --> 02:55.870 So now when we had set the char to true request is going to save the the cookies from request to request. 02:55.870 --> 02:59.440 So that means we go and visit this page first. 02:59.530 --> 03:04.510 Then request is going to set the cookies inside of its cookie jar. 03:04.540 --> 03:07.420 That's what they call where they store all the cookies. 03:07.840 --> 03:13.690 And then it's also going to have the same cookies set when we do the next request, in this case, the 03:13.690 --> 03:15.460 post login request. 03:16.860 --> 03:21.120 So we saved the cookies by using setting char to true. 03:22.020 --> 03:25.380 Now let's try and run node index.js again. 03:27.870 --> 03:32.850 And it looks like it's the same kind of response we're getting here. 03:35.340 --> 03:36.870 So why could that be? 03:36.900 --> 03:41.640 Well, I think it says something about CSR. 03:41.640 --> 03:44.550 If the action you have requested is not allowed. 03:44.790 --> 03:53.220 Now, if we take a look inside of our postman request, we can see there's also a CSR, a parameter 03:53.220 --> 03:56.130 that's being sent in the post request body. 03:56.280 --> 04:02.940 And if you don't have that set, well, it's going to return this response as well. 04:02.940 --> 04:05.670 If you only have the email and password set. 04:05.700 --> 04:09.720 It's going to return this response with four, four three forbidden. 04:10.530 --> 04:14.040 This is not always the case for websites, websites. 04:14.040 --> 04:19.500 In this case, they have some sort of csrf security. 04:19.500 --> 04:23.280 So they test for that when they do when you do the post request. 04:23.460 --> 04:24.840 It's not always the case. 04:24.840 --> 04:31.470 Sometimes you could already be done with your login for a site if you just do this and enable the cookie 04:31.470 --> 04:31.830 jar. 04:32.250 --> 04:38.470 But for this site, they do want to have the c, r, SF or the. 04:38.980 --> 04:40.060 The the. 04:40.210 --> 04:43.540 I can't remember csrf token set. 04:44.470 --> 04:51.430 Now, the next lecture, let's take a look at how we can pass in this csrf token to the post request.