python - 无法使用 Selenium 自动登录 Chase 站点

Question

当我尝试使用 Selenium (Python) 登录大通网站时，我收到以下错误消息:

但是，使用“人工”登录可以正常工作。似乎当 Selenium 找到一个元素时它会触发问题。

我错过了什么吗？我试图在 stackoverflow 上找到答案，但无济于事。

更新:

预期的结果是脚本将成功允许我以编程方式登录。

下面是示例代码:

import time
import os

from selenium import webdriver

CHASE_USER_ID = os.getenv('CHASE_USER_ID', None)
CHASE_PASSWORD = os.getenv('CHASE_PASSWORD', None)

assert CHASE_USER_ID is not None, 'Chase user id not set'
assert CHASE_PASSWORD is not None, ' Chase password not set'


def main():
    chrome_options = webdriver.ChromeOptions()
    driver = webdriver.Chrome(r'./chromedriver', chrome_options=chrome_options)

    try:
        driver.get('https://secure07c.chase.com/web/auth/#/logon/logon/chaseOnline?')

        time.sleep(2)

        user_element = driver.find_element_by_id('userId-input-field')  # Finding an element here seems to make the login process fail 
        user_element.send_keys(CHASE_USER_ID)

        password_element = driver.find_element_by_id('password-input-field')
        password_element.send_keys(CHASE_PASSWORD)

        time.sleep(2)

        password_element.submit()

        time.sleep(10)
    finally:
        driver.quit()


if __name__ == '__main__':
    main()

Answer 1

我采用了您的代码并简化了结构，并以最少的代码行运行了测试，如下所示:

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.support.ui import WebDriverWait


options = webdriver.ChromeOptions()
options.add_argument("start-maximized")
options.add_argument("--disable-extensions")
driver = webdriver.Chrome(chrome_options=options, executable_path=r'C:\Utility\BrowserDrivers\chromedriver.exe')
driver.get("https://secure07c.chase.com/web/auth/#/logon/logon/chaseOnline?")
WebDriverWait(driver, 20).until(EC.element_to_be_clickable((By.CSS_SELECTOR, "input.jpui.input.logon-xs-toggle.clientSideError"))).send_keys("jsmiao")
driver.find_element_by_css_selector("input.jpui.input.logon-xs-toggle#password-input-field").send_keys("hello")
driver.find_element_by_css_selector("button#signin-button>span.label").click()

同样，根据您的观察，我遇到了相同的错误错误:

似乎click()在带有文本的元素上，登录 确实发生了。虽然启动了用户名/密码 查找，但该过程被中断了。在检查 DOM Tree在 网页 中，您会发现一些 <script>标记是指 JavaScript 具有关键字 dist。例如:

• <script src="https://static.chasecdn.com/web/library/blue-boot/dist/2.20.3/blue-boot/js/main-ver.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue-vendor/main" src="https://static.chasecdn.com/web/library/blue-vendor/dist/2.11.1/blue-vendor/js/main.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue/main" src="https://static.chasecdn.com/web/library/blue-core/dist/2.16.3/blue/js/main.js"></script>
• <script type="text/javascript" charset="utf-8" async="" data-requirecontext="_" data-requiremodule="blue-app/main" src="https://static.chasecdn.com/web/library/blue-app/dist/2.15.1/blue-app/js/main.js"></script>

这清楚地表明该网站受到Bot Management 服务提供商的保护Distil Networks ChromeDriver 的导航会被检测到并随后被阻止。

---

提炼

根据文章There Really Is Something About Distil.it... :

Distil protects sites against automatic content scraping bots by observing site behavior and identifying patterns peculiar to scrapers. When Distil identifies a malicious bot on one site, it creates a blacklisted behavioral profile that is deployed to all its customers. Something like a bot firewall, Distil detects patterns and reacts.

更进一步，

"One pattern with Selenium was automating the theft of Web content", Distil CEO Rami Essaid said in an interview last week. "Even though they can create new bots, we figured out a way to identify Selenium the a tool they're using, so we're blocking Selenium no matter how many times they iterate on that bot. We're doing that now with Python and a lot of different technologies. Once we see a pattern emerge from one type of bot, then we work to reverse engineer the technology they use and identify it as malicious".

---

引用

您可以在以下位置找到一些详细的讨论:

• Is there a way to use Selenium WebDriver without informing the document that it is controlled by WebDriver?
• Selenium webdriver: Modifying navigator.webdriver flag to prevent selenium detection
• Akamai Bot Manager detects WebDriver driven Chrome Browsing Context
• Is there a version of selenium webdriver that is not detectable?