Search code examples
powershellinvoke-webrequest

Powershell Invoke-Webrequest for page login when no forms are present

I saw this post without a solution but my problem is similar. I'm trying to automate some information lookup on my own login page for a service I'm using. When I run the following command it doesn't give me anything for .Forms

$Webpage = Invoke-WebRequest -Uri "https://mypage.tokyu-ps.jp/member/"

$Webpage.Forms is empty. As almost every single suggestion on doing login forms with Invoke-WebRequest says that I need to use $Webpage.Forms[0] and then enter the values there, I'm thinking I could use the InputFields instead.

If I check $Webpage.InputFields there are two fields that look like they should be the login information with the Id of TAccountLoginid and TAccountPass, however only the latter has a property called "value" which I suspect is the property I would want to set. TAccountLoginid doesn't have a value property, even when inspecting the page with F12 in my browser. (EDIT: It wasn't necessary this time but for future reference, you can always add your own properties with ($Webpage.InputFields | Where-Object{$_.name -eq "ItemYouWantToEdit"}) | Add-Member -NotePropertyName "value" -NotePropertyValue "Your value here" to force it to have that for later use.)

There is one other field that looks like it could be used which is TokenDebug0123456789 that I guess is the session token, but it already has a value of random data with TAccount.loginid and TAccount.pass mixed in there, so I guess I still need to find the field that takes the account name, then set the account name and password in the above fields, then call Invoke-Webrequest again using that edited $Webpage variable. I just don't know how to proceed in this situation.

Solution

  • I found the problem while inspecting the traffic using developer tools in my browser. There were no forms present because they were sending the password in the request body. What I did was just copy the body and replace everything with the session information:

    $Username = "MyUser"
$Password = "MyPassword"
$Webpage = Invoke-WebRequest -Uri "https://mypage.tokyu-ps.jp/member/" -SessionVariable MySession

$Body = @{
    "data[_Token][key]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][key]"}).value
    "data[TAccount][loginid]" = $Username
    "data[TAccount][pass]" = $Password
    "login" = ""
    "nextUrl" = ""
    "data[_Token][fields]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][fields]"}).value
    "data[_Token][unlocked]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][unlocked]"}).value
    "data[_Token][debug]" = ($Webpage.InputFields | Where-Object{$_.name -eq "data[_Token][debug]"}).value
}

$Result = Invoke-WebRequest -Method Post -Uri "https://mypage.tokyu-ps.jp/member/" -Body $Body -WebSession $MySession -AllowUnencryptedAuthentication