9

I have been having a lot of success using invoke-webrequest to log in to websites but I'm stumped. I am trying to log into https:// ctslink.com or https:// direct.ctslink.com. The login form has a hidden token field which changes every time I try to login, I believe is what is causing the problem. Another thing I noticed was the session variable $fb is null after the first call to invoke-webrequest. 

$r=Invoke-WebRequest www.ctslink.com -SessionVariable $fb

$form = $r.Forms[0]


$form.Fields["userId"] = "MyUsername"
$form.Fields["passwd"] = "MyPassword"

$r=Invoke-WebRequest 'https://ctslink.com/login.do' -WebSession $fb  -Body $form.Fields

Any help would be greatly appreciated, Mike

Improve this question

1 Answer 1

Reset to default
10

Don't put a $ for the session variable argument. Try this -

$c = $host.UI.PromptForCredential('Your Credentials', 'Enter Credentials', '', '')
$r = Invoke-WebRequest 'http://1.2.3.4/' -SessionVariable my_session
$form = $r.Forms[0]
$form.fields['username'] = $c.UserName
$form.fields['password'] = $c.GetNetworkCredential().Password
$r = Invoke-WebRequest -Uri ('http://1.2.3.4' + $form.Action) -WebSession $my_session -Method POST -Body $form.Fields
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Nice catch with the extra $ in the SessionVariable but the login still doesn't seem to go through. It seems like it just reloads the page when I attempt to login with the second Invoke-WebRequest. All of the inputs look good and the $form.Action has the action and the jsessionID so I'm running out of ideas. The only other thing that I think may be tripping it up is the hidden token in the form, pasted below, the token changes with every invoke even though I am passing $fb. <input type="hidden" name="org.apache.struts.taglib.html.TOKEN" value="b0334c048ba4451b8fd2c7ed65b40433">
@Mike use Chrome's developer tools and analyze what's happening with your cookies and session.
Thanks, don't have too much experience using those tools but have been giving it a shot. The only thing that seems to change in the cookies is the TLTHID, not entirely sure what that is but it does change and has a response one. Here is what I see. Would I need to feed the response cookie to the site? . Request Cookies 168 JSESSIONID S9r4T2QphZRqgynGvTwJff2v7NB0C8TXTxpJ3YKwLPB1XLr4Dbp4!-1983783621!1872934036 88 TLTHID A300E618298A102982CEAC7E32202CE6 39 TLTSID 514C4E862988102918F1E900AE7B46D5 41 Response Cookies 47 TLTHID AC6DDFDA298A10297CC097D28AEFE7FE / Session 47 Thanks again, Mike
Put $form on a line by itself to see a list of fields the form expects
If there are multiple forms on the page then increment the Form pointed. $form = $r.Forms[1] etc
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.