How to Code – Instagram Login



Hi guys. Welcome back. Let’s do another session of How to Code. Have our 15 minutes timer here, and what I would like to look into today is Instagram. Let’s see. I think many of you are probably using that site. It’s one of the bigger sites and as you guys know, if you follow my content for a while, you know that I’m not actually a very big fan of automating large sites like Instagram or Facebook or Google or other big players, because they normally invest a lot of time fighting off automation. So they have a big team of developers and they use technology to detect bots, to detect automation. So I would highly recommend that you stay away from building account creators and stuff like that. All right?

I mean, a lot of people sell Instagram or YouTube account creators in the make money online internet marketing world, and to be honest, most of that stuff is just for spamming. They create hundreds of Instagram accounts to spam posts or spam like and all that bullshit. And in today’s world with all the technology, that’s not going to work in the long run. So concentrate on stuff that actually brings value and adds good things.

So I personally never develop a bot or a tool for Instagram. I looked at it a little bit in the past, but I did not build anything seriously. So I can’t tell you if they have bot detection mechanism or if you will run into problems at some point. So what I normally do is I try to use official APIs. So if you want to do some stuff with Instagram, for example, they have an API here. And so there are things that you can do via the API. All right? I’m not going into those details today, but if I want to build a reliable longterm business around Instagram, I 100% would only do that following official methods. With official methods, I mean doing things that are allowed and approved by Instagram. So creating 500 accounts of an account creator is probably and obviously not something they want. Right?

So I’m not sure, and I did not look at their terms of services, if they actually allow automation, I doubt so. Most big websites, they have a policy that it’s not allowed. So if you want to build something reliable, look at their API. This is normally limited. You can do a lot less with that. And it’s also more complicated because you have to really understand API communication, HTTP and all that kind of stuff. I talked about this a little bit in my HTTP tutorials that’s available in the YouTube channel as well. So if your career’s about that, please watch those videos. They’re already couple of years old, but the content is still valid even though it was about HTTP plugin from Amun, which is no longer updated or developed as far as I know. But the methods, how to troubleshoot, how to trace and how to investigate the HTTP communication, it’s still valid.

So that being said, let’s take a look what we can do. What I normally do when I work with a new site, I go to the page source code and also to the Element Inspector. And what I do here, I search for capture because even if there’s no capture shown on the page so far, if you find a reference in the source code about a capture, and as you can see here and you also have CSRF token stuff, which is an indicator that they have something integrated about a bot protecting their rep side. Look at this stuff here as well. This white-listed crawl bot, so some stuff that’s investigating the site and so on.

So that already gives me the info that there’s probably some stuff going on, on the site and that I have to be very careful and I have to be very aware of what I’m doing and don’t act as a too automated thing, randomize stuff. Maybe even try to hide my identity. Some websites they use even more advanced technologies to detect botting or automation engines like Selenium. Or if that’s the case, then you have to level your toolkit as well and then probably use something like multi login where you have a unique identity or you look for some unique plugins for your browser who are able to block certain things like WebRTC.

But this is very individual and I think I mentioned it a while ago in one of the other videos. Making XBrowser more unique and hide the identity will not really help you if a lot of people use it the same way because if XBrowser is doing certain things and then 300 people are using the tool for example, or the bot, then there is a pattern already again. Yeah, a lot of people asked me to add more features so that it can’t be detected that often or that it’s detected less. This is not so easy to do because the thing is it’s not really one thing you can do, because every website is using different methods and so on. I have a video about that if you’re curious. You can ask me or post in the group and I will point you to it. But yeah, there’s a lot more to that.

So let’s take a look. We have that actually during the last video, how to do that, the status message thing. Right? And what I always do, just a couple of tips here. When I finish a defined command and it works, I normally move that away into a different tab. So I have my main development screen here, my main tab that I’m working on and I just move all the defines that are working and I have checked and move them to a different tab so it’s out of my main code so it’s not messing around here. Another thing as well and I have that in my Tips PDF so if you don’t have that, sign up to the newsletter. It’s that sign up box on the bot-factory.com website where you can enter your details and then you will get an email with the download link to that PDF.

When I code and I work on new stuff, I do a couple of things. I save the [UBot 00:08:31] file and on a regular basis, like every couple of minutes, every 10 minutes or so, I make a copy of that UBot file in my File Explorer. Because I had it happen in the past that for some strange reason that the file is broken or that some stuff is missing, right? Even it’s more risk when you work with that code view here and you type some stuff and you do something wrong and then you switch back to [inaudible 00:09:00]. I had it happen that half of the code was gone and then the bot saved. And if you don’t have a backup off that file, then yeah, you’re basically fucked because then all the stuff, all the work you’ve done before is gone.

So save the file on a regular basis and make copies of that file on a regular basis as well. When I work, I even copy the code and copy that over to Notepad++, maybe sometimes even different versions, just that I have a reference and the backup when something goes wrong. Because as you guys know, sometimes UBot is doing some special things and then it crashes and then the things are not saved. And yeah, you can save yourself a lot of headache if you do that and make regular copies of your UBot file when you work and don’t forget to save and don’t forget to copy. I had it in the past, I worked for an hour and then all the work was gone and I had to start over. That’s really kicking your backside when you have that experience. So just as a little tip.

So let’s take a look. What I normally do, I launch the browser, I use the portable browser. It’s way more easy, right? I don’t have to ensure that I have to right version installed on my PC then and so on. So that’s my preferred way of working with XBrowser [inaudible 00:10:29]. I have my XPath Builder PRO open here all the time so that I can create XPath expressions. So first thing I do, let’s say we want to fill out that box here, then I look at the source code in the Element Inspector, right? You see that here. What I can directly see if you see elements, with class IDs like this, 9GP1N, so random characters and random numbers, that’s always an indicator that that kind of stuff is dynamically created. Because normally if someone is coding the HTML page in a regular traditional way, they would give that stuff some, most of the time, not always, but most of the time would give that stuff some more meaningful names like login form or whatever.

If you see those things, that tells you that this is probably a very dynamic page that will probably change often and you should never, never, never use or build XPath expressions who target elements and use the class ID because that 9GP1N thing here probably changes the next time to page loads or the next day. So, that’s not really reliable. So you always have to find something that is more reliable and that is not always easy. That’s also a reason and Facebook, for example, is really a pain in the ass with that kind of stuff, right? So be careful with that, because if you build a bot and you use those kind of things, then well, you have to really update it quite a lot.

And it might be that when you start with a new project and investigate a site that you will figure out, you can’t really create good XPath expressions that are lasting. And by lasting I mean that you’re pretty sure that it will not change every two hours. Because building a bot or a tool that you sell for some service or website that’s highly dynamic, it’s really a lot of work. So your business case needs to justify that. I mean if you build a bot for a website that is relatively static and only changes two times a year, that’s a completely different business model then in terms of what you charge for your tool or your service. Because if you build a bot for Facebook and you have to constantly, every single day update that bot for three, four hours, that’s a lot of work and time that you either have to invest yourself and charge for it somehow or you have to outsource to your developers.

It can be done, of course, with enough manpower and enough time. You can do that and can create complicated bots for Facebook as well probably. But the question is always, is it working? Are people willing to pay you enough so that this is a longterm business model? I mean if you look to make money online and internet marketing world, a lot of people sell bots and it’s just a fire and forget thing, right? They build something, they make a fancy website and nice videos and it works today, it probably works for a couple of days. They charge a one time prize and, “Oh look, here, this is the cheapest Facebook account creator bot ever for 29 bucks.” And then yeah, two weeks later it’s not going to work and that guy’s gone already and yeah, made a couple of thousand dollars with affiliate marketing. Yeah, you know what I mean. I mean you all had that experience. That’s why I’m not a big fan of lifetime license and then stuff anymore, because if you want to have someone update the stuff on a regular basis, you need a reliable business model. So, think about that.

Okay, so what do we have here? We have an input field here. We have an input field here. Second one, area label password, area label phone number. So we can use that. So in the Element Inspector you can always right-click and copy and then go to Copy XPath expression. I normally always try that and see what it brings up. So this is not really a good one because it starts at random element with some idea that it’s react route and then it goes down into different sections here. So this is probably, yeah, high risk that this XPath expression will change very quickly because one expression will fail or whatever, or that div element is removed or not a div element is there. So the more complex the XPath expression is that you create, the higher the risk that it will fail or change very soon.

So now what could we use here? Of course, we could use the user name. That’s pretty easy, right? So you can always double-click that, so then you can copy it and then press Control F, then you can search, right? And as you can see, it’s not coming up in the source code. So let’s just search for username and we have it two times, which is good. All right? So, that means two elements contain that thing. Remember you always have to write unique XPath expressions so that way you can check that. So we could use this. So I copied the element over, copy it into XPath Builder PRO and I select name, right-click it, use that attribute called string. [FX Browser 00:00:16:33] will select it so we can copy that one out. You go here, you use a type text. If human delay, the element I want to type into, Hello World, 10:30 delay. So, that’s what I want to try. Move that over and see what we got here.

I always click somewhere in the element, just another thing that you’re not… And you always should test that because maybe when you work on it, you may be already clicked into that element, right? And then it’s selected and then you then execute your command, it might work, but the next time you load a page it might not work because that manual interaction of you clicking into the element did not happen. So be careful and always test that. So you should, when you create commands and functions and you work with the site and you click around manually and then you execute your command and it works, always verify that it still works when you reload the page with a not-interacting with the page. So test it, right? Let’s see. Okay, it’s working. Now I have to double-check that this still works when this is completely launched fresh, right? That’s a new process.

So launched it again, not clicking into it, I directly navigate to Instagram. And now I execute a command. Okay, and it’s still works. So that’s important that you do this because very often I see people, they develop, they development and they don’t retest. They expect that when it works in their UI and in UBot Studio while they develop the stuff that it still works when they execute it live. And if you don’t check that on a regular basis and you work on a big bot, you have that login, then you do five million other things, at some point it might fail. And then you don’t know where and why. And that might be just that you clicked into an element and activated it by clicking into it, but you did not code that action into your bot. So the clicking and activating part is missing in your code. You only have the typed text maybe. In this case here, in this example, it doesn’t matter. It works, right? We tested it. But just it’s very critical that you do this because that’s something people miss very often and then that shit doesn’t work.

And also of course, remember if you did not watch my Build State Aware Bots video from last week, it’s very critical that you re-watch that video or watch it if you did not so yet. Because there I explain how to write checks into your bot. So this way I coded this here is not a good way. Right? Just having typed text, it works, but there’s no validation. Right? I don’t know if the element is there or not. I just expect it to be there. I have no validation if it actually typed into it. I have no arrow logging, I have no lock file. I don’t write a status message into the lock file when it did not work and so on. So that’s important. So if you build a bot that you want to be around for a long time, you should build that login capabilities into it.

Please watch that video. I explain it there, but very often it’s helpful that you do that right from the start, because if you build a big bot and it works, and then changing that afterwards, making it state aware and do all that crazy login stuff, yes, can be a pain in the butt. So maybe try and learn how to do this, how to write a state aware bot and then implement it right from the beginning in all your important projects. If you do just like a small thing because you want to enter phone numbers into Salesforce and you’re lazy to type 500 manually, then obviously you don’t need that, right? It’s just a fire and forget thing and you’re not selling it just for you and maybe you use it two or three times. Fine. There, of course, obviously you don’t need that stuff. But for all bots that you want to use for longer time or if you want to sell them or give them to your colleagues, then take the time to build them in a more reliable way up from the start.

So the next thing… I think our 15 minutes time is already over. Just look at that stuff and we will work on other Instagram things in the next How to Code video. So pretty simple. Here we have that password thing. Also, here, we copied the element, copied over to XPath Builder PRO. I use the name tag here. We copied that. Oops, sorry. We copied that over. So here we go and I just see if we have that types in as well so that it’s fine. Then we have that login button, right? Here we have submit. You could use this element here or we could target the div class here and go for that login thing. Copy that. I select login here, contains pattern. And we have a click command.

Just remember that you know what the difference is between these qualifiers here with X and Z and so on. I have that in the normal version two tutorials as well. Run that, okay. So yeah, obviously Hello World’s not a user account. We know that. But that’s it. So filling out, I mean, this was really basic stuff, right? Straightforward. But we covered some other important things here and we will look into more internal Instagram post following, extracting data kind of stuff in the next How to Code series. Thanks a lot. Have a nice day.