I am trying to obtain some info on a local webpage which requires a login to access.
I can run
$response = Invoke-WebRequest "http://web.com/admin/launch?script=rh&template=dashboard" -SessionVariable rb -UserAgent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36'
$response contains the correct information, including a single form called login_form which I need to use.
Then, I write:
$response.Forms[0].Fields.user_id = 'admin'
$response.Forms[0].Fields.password= 'pass'
$response.Forms[0].Fields
Key Value
--- -----
d_user_id user_id
t_user_id string
c_user_id string
e_user_id true
user_id admin
password pass
I would expect the following command to return the data of the page which I am redirected to after login.
Invoke-WebRequest $('http://web.com/admin/' + $response.Forms[0].Action) -WebSession $rb -Body $response.Forms[0].Fields -Method POST -contentType "application/x-www-form-urlencoded"
However, this simply re-returns the previous page, including the login_form object. It is identical to $response even though the request seems to be completely different.
I think this issue spawns from the same URL being used for every page, with different Query String Parameters (e.g. script=rh&template=login&action=login) returning different pages. However, I do include these strings in my -URI param, in the form of the string or the Action property. Thus I am not sure what other method I would use to return the correct page, if my POST request is even working at all.
I'm completely stuck here, with the absence of any error to work off. I do not think I have made any error with the Request as I have spent a long time tweaking parameters (different syntax for defining the fields, and etc), which has made no difference.
Chrome HAR File: Google Drive Download
I finally figured it out. There were additional fields that the form needed. There was JS running to re-name the fields in the form, and thus when I was getting the login object I was populating the "wrong" fields since Invoke-Webrequest does not run the JS when I post the form, of course. After playing with the request with Fiddler for a long time, I eventually noticed that a successful login was the result of these fields that were named ever-so-slightly differently. This is how it ended up looking:
$response = Invoke-WebRequest "http://web.com/admin/launch?script=rh&template=login" -SessionVariable x -UserAgent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36'
$response.Forms[0].Fields.Add('f_user_id','admin')
$response.Forms[0].Fields.Add('f_password','')
$null = Invoke-WebRequest $('http://web.com/admin/' + $response.Forms[0].Action) -WebSession $x -Body $response.Forms[0].Fields -Method POST -contentType "application/x-www-form-urlencoded"
Invoke-WebRequest 'http://web.com/admin/launch?script=rh&template=dashboard' -WebSession $x