I have a DLink DWR-921 router that works with mobile internet. It has an admin page http://ipaddress/sys_smsmsg.htm that allows to send sms via the SIM card that feeds the router. I am trying to bypass the GUI and send sms programmatically.

Request to send an sms looks like this:

from requests import session

with session() as c:
       c.get('http://'
            + ipaddress
            + '/sys_smsmsg.htm?csrftok='
            + token
            + '&Nsend=1&Nmsgindex=0&S801E2701='
            + number
            + '&S801E2801='
            + message)

where token is a value in a hidden input field on /sys_smsmsg.htm:

<input type="hidden" name="csrftok" value="468153">

This value is loaded by JavaScript from an XML file that the browser downloads along with the HTML.

function get_token(){
xmlDoc=loadXMLDocs("/csrf.xml");
if(xmlDoc.getElementsByTagName("token")[0].childNodes[0]!=null){
rv=xmlDoc.getElementsByTagName("token")[0].childNodes[0].nodeValue;
return rv;
}
}

The XML itself looks trivial:

<?xml version="1.0"?><csrf><token>667153</token></csrf>

But since requests library does not trigger JavaScript, all I see on the requested page is:

dw("<input type='hidden' name='csrftok' value='"+get_token()+"'>")

Is there any way to bypass JS and retrieve the XML file in a requests session? I know I can use Selenium with a headless browser, just want to make sure I'm not over-complicating it.