Clever Geek Handbook

Instagram automation

Content

  • 1. Authorization





    • 1.1. Analysis





    • 1.2. Problem





    • 1.3. First security hole





    • 1.4. The solution to the problem and the second security hole





  • 2. Data collection





    • 2.1. Data without pagination





    • 2.2. Paginated data





  • 3. Outcome





At work, I came across an interesting  task of automating Instagram , namely, it was just necessary to hold a drawing. There are enough services for organizing this venture, there are even free ones. But there were additional (read premium) conditions, besides, I really wanted to see for myself what was inside this popular instagram and maybe gain experience in building an API.





First of all, I went to see what the Internet was saying. Reading the official docks on the instagram API made it clear that the owners do not want to give access to unlimited automation, you can automate work with your account in the basic version, but this did not fit my task, and the "business" version of the API required company verification, which is natural it does not suit me. (Maybe something has already changed ...)





Then I went to see what the Internet was saying about working with the API on the Instagram website. Everything was rosy and did not bode well for problems. There were even php projects on github that provided APIs for automation up to posting. Articles on Habré talked about the ease of automation. Many of the springs were of normal freshness (a couple of months, or even weeks). However …





Authorization

(fiddler + waterfox) instagram . . .





, .





Request in Firefox console why there is a problem with Access-Control-Allow-Origin I don't know
Firefox, Access-Control-Allow-Origin

- POST https://www.instagram.com/accounts/login/ajax/ .  enc_password -  ,  : ( , ) :





  •  (PWDINSTAGRAMBROWSER)





  •  (10)





  •  (unixtime 1591030811)









 unixtime , .





, , . github nodejs. , .





    . , instagram .  ( )    , . .





,   ,     js.   js ( )  …  ( ),   ,   .





  instagram php,     js.  ( xhr , fiddler)  php . -     .





… . 7 - ,   - ( , ip),   ).





nodejs  puppeteer  . :)





,   ,  ( )   . ,   ( )  . -   . , ,    , :)





,  ( ):





php node.js , node.js , , , .









.   . html :





Viewing the html response through a browser is not very convenient, you can just copy and paste it into a familiar editor and consider what you need there
html ,





:)





 . . Instagram API graphql (- rust-full ). .





:





  • query_hash - :





    •  - d5d763b1e2acf209d62d22d184488e57





    •  - bc3296d1ce80a24b1b6e40b1e72903f5





    •  - c76146de99bb02f6415203be841dd25a





    •  - ff260833edf142911047af6024eb634a





  • variables - json (urlencode ), , , ,    :





    • first -  ( 50 50)





    • after -  ffirst. fafter  , ,  ( null)





:





Yes, usleep is required, otherwise access by this request with frequent access will be limited (even if you try to use it as a regular user via the web version). This is especially true for large amounts of data. For example, for assembling ~ 300 likes and ~ 1000 comments, such a pause is quite normal, but during the assembly of ~ 5000 comments, my fake account got banned more than once, which is why I had to increase the pause between requests to 3-5 seconds. And then in some cases (apparently everything depended on the stars), Instagram issued a ban for this request.
, usleep , ( ). . ~300 ~1000 , , ~5000 , - 3-5 . ( ), .

  API  20 .





 I am disappointed with the quality of the  instagram API in the web version of the site, I did not think it would be so mediocre, it seems that everything is twisted to the maximum on generating data for authorization  , but then everything is lowered and a big security hole is formed - I  stole cookies with headers and gained access .





Instagram made me sweat and experience various emotions from using the API, but the goal was achieved in full. Author: Vitaly Buturlin







More articles:


All Articles