I am trying to login to the site : https://cube.tradejini.com/#/ and retrieve the cookie information.
below is my html code.. but its failing at validating the credentials, anyone please guide.. as I am novice to VBA.
Also note that the webpage takes 3 fields for the validation. username, password and a question.
url = "https://cube.tradejini.com/#/"
With CreateObject("WinHttp.WinHttpRequest.5.1")
.Open "POST", url, False
.setRequestHeader "REFERER", url
.setRequestHeader "User-Agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
.setRequestHeader "content-type", "application/json"
.setRequestHeader "Accept", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"
.setRequestHeader "Accept-Language", "en-us,en;q=0.5"
.setRequestHeader "Accept-Charset", "ISO-8859-1,utf-8;q=0.7,*;q=0.7"
.SetCredentials "TSUser1", "Password", "1989"
.send
strCookie = .GetAllResponseHeaders
End With
You won't be able to use SetCredentials() with that website as the login uses the form body of the POST to submit your login credentials in this format:
"jData=
{
"uid":"TESTUSER1",
"pwd":"580c16cbb8092433538a5155ad8852974a1f44fe38bf9cc975cbe86a35639d18",
"factor2":"1985",
"apkversion":"20220318",
"imei":"da30a574e60f7a54e4beecfb9ea701d9",
"vc":"NOREN_WEB",
"appkey":"87b39b109b81a7b3a0173370043304a9ebfc8af19593d9acc9b5fdef7669bdc9",
"source":"WEB",
"addldivinf":"Chromium Edge-105.0.1343.33"
}"
Where uid = the username, pwd = password factor2 = date of birth. Notice that the password is hashed when submitted, but it is not salted so the same password == same hash. Press F12 in a browser -> fill in your login information -> in the dev tools > network tab click on QuickAuth and select the payload tab to see the hash of your password. Here is a post that goes over sending a JSON object in a POST form body using VBA that you can follow to format your code. Also, side note - that third parameter in SetCredentials() is for a flag denoting whether the request is going to a proxy or directly to a server. You wouldn't be able to use it for your date of birth.